ProQuest Workflow Services GDPR Data Processing Addendum User Manual
- October 27, 2023
- ProQuest
Table of Contents
Workflow Services GDPR Data Processing Addendum
User Manual
Completing the ProQuest Workflow Services GDPR Data Processing Addendum
Introduction
Every customer that processes, or intends to process, personal data that is
subject to the EU General Data Protection Regulation (GDPR) through ProQuest®
Workflow Services must have a data processing agreement with us to allow both
the customer and ProQuest to comply with the requirements of the GDPR.
If your institution has not yet signed the Data Processing Agreement published
by ProQuest with respect to the ProQuest Workflow Services (“DPA”) and your
institution’s current ProQuest license agreement does not reference the DPA,
your institution should complete, sign, and return the DPA in the manner
described below.
Additionally, following the decision of the Court of Justice of the European
Union in July 2020 invalidating the EU-U.S. Privacy Shield framework (also
known as the Schrems
II
decision), DPAs for customers that purchased ProQuest Workflow Services from
ProQuest LLC must include the
European Commission’s Standard Contractual Clauses to safeguard the transfer
of personal data to the United States and other countries outside of the EU
that are not recognized by the European Commission as providing adequate
privacy protection.
The DPA published by ProQuest in December 2021 includes the Standard Contractual Clauses approved by European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 and is available ProQuest Workflow Solutions DPA – Ex Libris Knowledge Center (exlibrisgroup.com).
Frequently Asked Questions:
Which ProQuest Workflow Services customers are required to sign a DPA with ProQuest?****
– Customers in the European Economic Area (“EEA”) and any customers that are processing, or intend to process, personal data that is subject to the GDPR through ProQuest Workflow Services. A full list of the relevant ProQuest Workflow Services is set out at the end of these instructions.
What action must I take?****
– For customers that have never signed a ProQuest Workflow Services DPA:
– You should promptly arrange for the 1
(mtstatic.com) to be signed and returned to ProQuest
by one of the methods described further below.
– For customers that have signed an earlier version (prior to September 2020)
of the DPA:
– In order to execute a DPA incorporating Standard Contractual Clauses, you
should promptly arrange for the 1
(mtstatic.com) to be signed and returned to ProQuest
by one of the methods described further below.
– If you are not sure whether your institution has previously signed a DPA
with respect to the ProQuest Workflow Services, please check with us by
sending an email to
[email protected].
Where can I access the DPA?****
– You can access the ProQuest Workflow Services DPA from this webpage.
How do I complete and sign the DPA?****
– We have provided customers with 2 options for completing, signing and
returning the required document – electronic signature via DocuSign or manual
signature. Complete instructions are included in the 1
(mtstatic.com). Relevant customers may also receive a
direct email with a request to review, complete and execute the DPA.
– A customer that wishes to sign electronically should send a request to
[email protected] with the full name
of the Customer institution.
If an institution uses more than one of the ProQuest Workflow Services, will a single ProQuest Workflow Services DPA cover all of them?****
– Each institution is required to sign only one DPA for all of the ProQuest Workflow Services used by that institution. For completeness, we note that a different DPA may be required in connection with the use of other solutions offered by ProQuest and its affiliated companies.
Why did you prepare the DPA?****
– Article 28 of the GDPR requires execution of a data processing agreement
that includes, among other items, the subject-matter, nature and purpose of
the processing, the type of personal data and data subjects and the technical
and organizational measures used by the processor. The ProQuest
– Workflow Services DPA incorporates Standard Contractual Clauses and is
tailored specifically to the ProQuest Workflow Services, the technical
measures employed and the types of processing activity that take place on
these cloud services.
What happens if my institution does not sign the DPA?****
– If your institution’s personal data is subject to the GDPR, without this DPA and Standard Contractual Clauses in place, your institution is likely to be out of compliance with the GDPR from the date it begins processing personal data on any of the ProQuest Workflow Services. Accordingly, we urge you to take appropriate action in accordance with these instructions. In any event, ProQuest intends to comply with the terms of the GDPR and the published ProQuest Workflow Services DPA with respect to all EEA customers of the ProQuest Workflow Services.
NOTE: If your institution uses ProQuest products that are not listed below, please check the ProQuest website for information regarding those products and GDPR.
ProQuest Workflow Services 360 Core | Intota™ Assessment |
---|---|
360 LINK | Pivot/Pivot-RP |
360 MARC Updates | RefWorks |
360 Resource Manager | Summon |
360 Search | Ulrichsweb |
AquaBrowser® (DPA not required) | Ulrich’s™ Serials Analysis System |
Intota™ | Ulrich’s™ XML Data Service (DPA not required) |