Privacy and Request forms (GDPR and PII)

RefTracker takes the privacy of the information that it handles, very seriously. Information on the RefTracker servers is stored securely and can only be accessed by Altarama staff bound by confidentiality agreements.

Of course your library staff who work with RefTracker every day are also trained professionals who know the importance of confidentiality of the information they are handling.

So, how do you convey this to the end users so they feel comfortable submitting their request and contact details through your RefTracker forms?

  • Every RefTracker client interface page provides a link to a Privacy statement in its footer (see the example in the screen print below).  Parameters 4.14 and 4.15 control whether this link appears, and whether it goes to a page that you maintain in RefTracker or directly to your corporate web page about privacy.
    If you replace the standard RefTracker footer, make sure that you provide access to a privacy statement in another way.
  • You can also include information about your privacy policy as a text display field in the layout of your request form.  An example of this is shown in the screen print below.

Options to insert a Privacy or Usage terms acceptance tick box

You can easily insert a tick box for end users to indicate their acceptance of your terms of use or privacy conditions. Just add the “Privacy acceptance” field to the layout of your Request form.

It looks like this in the request form

The label you define in the request form appears to the right of the tick box and the Note appears below it, so it is easy to change the label to something more suitable to your needs, like “I agree to the conditions of use”.
When this field is included in a form and the user ticks it, the agreement is recorded in their request as the “Privacy acceptance” field set to “Agree”.
We recommend that you make this field mandatory so that your end users have to tick this box in order to be able to submit their request.  If the user does not tick the box, the request will have “Disagree” recorded in the “Privacy acceptance” field.
This field is a General code, not a code table, and so is not available for reporting in Statistical reports.  It is about recording a user’s general agreement to your policies, and is not related to agreement to use their Personally Identifiable Information (PII).  See points the next topic in this page for information about how to address PII requirements.
Just like any other field, this field is recorded in the request record and can be viewed in the Details tab of the Summary screen for that request (and the default Data extract):

  • If you need a more sophisticated Privacy agreement function inserted in your form, use a User defined code table to create something like this:

Options for end users to control removal of their client contact details

The RefTracker client interface provides an option for clients to remove their contact information after their request is closed. 

There is also an option to include the “Remove contact details after close” field in your request form that gives end users a specific option to have their Contact details retained for further use, or removed after the question is closed (according to your Contact data retention and deletion policies).

You can insert this field anywhere in any request form (to control the position it appears in your Request forms, or to add a note). 
However, if parameter 6.12 is set to “Requester specified” and you have not inserted the “Remove contact details after close” field in the form being used, the field will be automatically added at display time (in order to meet the requirement for mandatory collection of this information when parameter 6.12 is set to “Requester specified”).


When you insert this field in your form we recommend that you add information about what the impact of the clients selection in this field means, for example:

Data collected in the “Remove contact details after close” field will be displayed in the Requester data section of the Details tab.  It is recorded and displayed in the Details tab, for ALL requests, whether the “Remove contact details after close” field has been included in the form, or not, as this information is needed for the “Erased client data” background process.
Possible values for this “Remove contact details after close” field are:
Yes, No (remove is yeas and according to parameter 6.13).

The “Remove contact details after close” field works in conjunction with the “Erase client data” background task to ensure that Contact details are removed according to your Contact details policies and your end user’s requests as required by GDPR and other PII privacy regulations.

What if a client contacts you to have all their PII information removed

Sometimes a client will contact you via phone or email to ask for all their PII information to be removed, without specifying any particular request number. In that case you should Search for their email address to find the request/s that refer to it. If there are any, you need to tick the “Remove contact details after close” field, for each of those requests. You can do that using the Change or QA review screens. If the field is not showing in the Request form itself, you will find it in the Requester fields section of the “Other fields” division in those screens.

For more information about the “Remove contact details after close” field for recording client Contact details wishes, the “Erase client data” background process for deleting Contact data, and parameter 6.12 and 6.13 that allow you to specify your Contact details retention and deletion policies (see parameter 6.12 and 13 and the Contact data retention and deletion policies help page).