BIBLIOTHECA CLOUD LIBRARY APPLICATION SERVICES
PRIVACY POLICY
(Revised 10/22/2019)
bibliotheca Group GmbH ("bibliotheca", "we", "us" or "our") is committed to protecting the privacy of our clients and users of our bibliotheca Cloud Library (“cloudLibrary”) app ("App"). When you use your bibliotheca cloudLibrary App to discover, borrow, read, or listen to books or other digital content, certain information is shared with bibliotheca and others to make this a useful tool for you. This Policy is intended to help you understand the ways that your information may be collected and used when you use the bibliotheca cloudLibrary application services ("Services"). By indicating that you have “Read” the Privacy Policy or that you “Agree” to the terms of the Privacy Policy you are giving consent to the collection, use and disclosure of your information as described in this policy.
Bibliotheca LLC as part of bibliotheca Group GMBH, complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom and Switzerland to the United States in reliance on Privacy Shield. Bibliotheca LLC has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
We want to provide a safe and secure user experience. We will ensure that the information you submit to us, or which we collect is only used for the purposes set out in this policy.
Through this Privacy Policy we aim to inform you about the types of personal
data we collect from users, the purposes for which we use the data and the ways
in which the data is handled. We also aim to satisfy the obligation of
transparency under the EU General Data Protection Regulation 2016/679 ("GDPR")
and national laws implementing GDPR.
For the purpose of this Privacy Policy the Joint Data Controller of personal
data is bibliotheca and our contact details are set out in the Contact Us section
at the end of this Privacy Policy. References in this Privacy Policy to our Group
of companies is to the parent company of bibliotheca, bibliotheca Group GmbH
and to other trading subsidiaries of the bibliotheca Group.
1. Changes to this Policy
Bibliotheca reserves the right to update or modify this Policy, at any time by posting the revised version of this Policy at this site and/or in an updated version of the App. We may notify you of changes or amendments made to the Policy via a notification in the App or website at any time. Your ability to continue using the App or our services may require agreement to updated terms at any time.
2. How we use your Personal Information
The information you provide will be kept confidential. We will hold, use and disclose your personal information for our legitimate business purposes including:
A. to identify you and authenticate your use when you use our Services;
B. to provide our Services to you as a user, including enhancing your user experience;
C. to notify you about changes to our Services or App;
D. to fulfil contractual obligations with our clients;
E. to provide further Services to you by sharing your personal information with other companies within our Group of companies as well as trusted third parties. Further details about this are set out in the separate section below on Sharing your Personal Information; and
F. to release personal information to regulatory or law enforcement agencies, if we are required or permitted to do so.
3. What information is collected and how is it used?
Login Information. We use the identification information you have received from your library or company when you log in to the Services to create your bibliotheca cloudLibrary account, bibliotheca transmits this identification information to your library or company to validate your account. We may also use this information to contact you, your library or company regarding your account. We may also use this information to troubleshoot any issues you are experiencing with your account.
Email Address. When you opt-in to notifications via email, we use this email address to send you information regarding holds you have placed on items in our service. The email address and the hold notification are sent to our Privacy Shield certified emailing service, SendGrid. To ensure reliable transmission of emails we store a copy of the email for up to 7 days in the event that it needs to be re-sent. We may use this email address to contact you regarding your use of our service, rectify an issue with your account or to provide you notices we deem necessary for your continued use of our services.
Transaction History and Reading Progress. When you use our Services, we store information about transactions (For example, borrowed, held, suggested, renewed, book rating and returned books) within our Services or other bibliotheca Services. When you read or listen to books we retain your reading progress. We store this information on our servers so that you can access this information from other devices.
Bookmarks and Notes. When you create Bookmarks or Notes using the App, they are stored on our servers so that you can access them from other devices. Bibliotheca does not share this information with 3rd parties. Bibliotheca will access the content of your Bookmarks only as necessary to verify compliance with the Terms of Service and as required by applicable law.
Location Information. By default, our Services do not collect, use or store the location of your mobile device. If you opt-in or enable an App feature or setting requiring geolocation information, your location will be transmitted to provide the features that require the location information. Your location information for these purposes is solely used to provide the specific features requiring the information. You may opt-out of these application features at any time.
Usage Data. Our Android and iOS mobile apps collect anonymous information relating to the performance of the App, such as application crashes. Bibliotheca uses diagnostic services like Crashlytics, a business division of Google Inc., and New Relic to provide our mobile application developers with information about the functioning of publicly released and beta versions of our mobile applications. This information includes, but is not limited to, device state information, unique device identifiers, device hardware and OS information, information relating to how an application functions, and the physical location of a device at the time of a crash or error event. If you do not wish to share this information you may opt-out of it in the Settings of the App.
Adobe Digital Rights Management. (DRM) Adobe DRM may be used for the protection of publisher content. For content protected by Adobe DRM, Adobe will collect End User Data for DRM functionality and that data will be transmitted to Adobe directly. The specific End User Data which will be collected and transmitted to Adobe directly, and how the data will be used, is described in detail in the Adobe RMSDK Privacy Policy http://www.adobe.com/privacy/policies-business/adobe-rmsdk.html. Bibliotheca disclaims any liability for the collection and use of End User Data by Adobe.
IP Address. An Internet Protocol (IP) address (a number that is automatically assigned to your computer or device when you use the Internet, and which may vary from session to session) is transmitted to our Servers when you use our services. We may store this information on our servers for up to 1 year. We may use this information for business purposes, such as customer service, fraud prevention, ensuring the security of our services, market research, improving our products and services, and for historical, statistical or scientific purposes.
Cookies and Similar Technologies. “Cookies” are small pieces of information that are stored on your hard drive or in device memory. We link the information we store in Cookies to the login information you submit while on our site. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our website.
You may also set your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being set by us. However, it’s important to remember that many of our services may not function properly if your cookies are disabled. For example, we may not remember your language preferences.
How we use Cookies and Similar Technologies:
We use information collected from cookies and similar technologies to improve your user experience and the overall quality of our services. One of the similar technologies we use to do this in our services is Google Analytics.
As an example, by saving your language preferences in a Cookie, we’ll be able to have our services appear in the language you prefer for your session or subsequent sessions.
Google Analytics is Google’s analytics tool that helps website and app owners to understand how their visitors engage with their sites and services. It may use a set of cookies to collect information and report website usage statistics without personally identifying individual visitors to Google.
Read the Google Analytics privacy document for more details about the data collected by Google Analytics.
Service and Support. In addition to the above, bibliotheca and its service providers may access your book lending history and the details of the transactions made with our services in the course of servicing and maintaining the Services.
Patron Registration. Patron registration with your library may be available in the cloudLibrary Application. In the event you register with your library using a cloudLibrary Application you may be providing personally identifiable information (name, address, date of birth, email etc.) that will be transmitted from bibliotheca’s servers to your library. If an email address is provided, bibliotheca may use this email address to complete the registration process. Bibliotheca does not store any patron registration data transmitted to your library. Bibliotheca disclaims any liability for the collection and use of this data by your Library service, its partners or affiliates.
4.
The
Legal Basis for Processing your Personal Information
The main
grounds that we rely upon in order to process personal information of our users
are the following:
(a) Necessary for entering into, or performing, a contract –
in order to
perform obligations that we undertake in providing a service to you, or in
order to take steps at your request to enter into a contract with us, it will
be necessary for us to process your personal data;
(b) Necessary for compliance with a legal obligation – we are subject to
certain legal requirements which may require us to process your personal data.
We may also be obliged by law to disclose your personal data to a regulatory
body or law enforcement agency;
(c) Necessary for the purposes of legitimate interests – either we, or a
third party, will need to process your personal data for the purposes of our
(or a third party's) legitimate interests, provided we have established that
those interests are not overridden by your rights and freedoms, including your
right to have your personal data protected. Our legitimate interests include
responding to requests and enquiries from you or a third party, optimising our
website and customer experience, informing you about our products and services
and ensuring that our operations are conducted in an appropriate and efficient
manner;
(d) Consent – in some circumstances, we may ask for your consent to process your personal data in a particular way.
5. How we share your Personal Information
In certain circumstances we will share your personal information with other parties.
We may share your login information (patron identifier), email address (for hold notifications) and book transaction history with the library that you are a member of upon their request or via our services that they have entered into contract with us to use. Your member library uses this information to keep their systems up to date and accurate.
We may share your patron identifier and book transaction history with 3rd parties at the request of your local library system. The purpose of sharing this data is for catalog integration, library app integration and other systems the library may need access to, so as to service your account. “
Your library may be subscribed to book recommendation services. We may share your book transaction history with our services with these book recommendation services. Book recommendations are enabled by your member library and your book transaction history is sent without your patron identifier to the book recommendation service.
If you would like to request a listing of all 3rd parties that we share your personal information with, you can contact us via the information provided at the end of this policy.
6. Transfer of Information outside the EEA
Under the General Data Protection Regulation, we are required to tell you if we transfer or intend to transfer information which we hold on you to countries outside the European Economic Area ("EEA"). We currently transfer such information outside the EEA in the following circumstances:
(a) where you have registered or subscribed to the Services, to members of our Group of companies operating in countries outside the EEA to enable them to inform you of changes or enhancements to the Site or the products or services which we offer; and
(b) to servers which are currently located in the USA, but which may in the future be located in another country outside the EEA.
We apply equal rigor to the security of data held and processed by us or on our behalf outside of the EEA. We have taken steps to ensure that our subsidiaries and affiliates and those who process data on our behalf enter into the standard contractual clauses approved by the European Commission, to safeguard the personal information which is transferred to and from the European Economic Area and beyond.
As some of our servers are located in the USA, transfer of all our data outside the EEA is necessary to enable us to operate the Site. To the extent that any personal information is provided to third parties outside the EEA, or who will access the information from outside the EEA, we take steps to ensure that approved safeguards are in place, such as the approved standard contractual clauses or the EU/US Privacy Shield.
7.
Trusted
Third Parties
We will only share
your personal information with trusted third parties where we have retained
them to provide services that you have requested or for our legitimate business
purposes, such as IT or professional support services.
8. Regulatory and Law Enforcement Agencies
As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies.
9. New Business Owners
If we or our business merges with or is acquired by another business or company, we will share your personal information with the new owners of the business or company and their advisors.
10. How Long We Will Hold Your Information
We will retain your personal information for the time necessary to provide the Services we perform for you or stated by the purposes outlined in this Privacy Policy.
Unless stated otherwise in this policy to be a shorter period, we will retain your information for the duration of your library’s or company’s contract with us. In the event of your library or company leaving and then returning to our service and entering into an agreement that requests user data be restored to its previous state we may retain this data in its original form, or in secure archives (backups) for up to an additional 7 years. At this time or prior we will either anonymize or delete it.
If you wish your data to be anonymized prior to the expiration of this period, we will anonymize your data upon request or upon the request of your library or company. You can use the Contact information at the end of this policy to make your request. Anonymizing data will remove your email address and anonymize the login information you used to access the system.
11. Security
We respect your information and have put in place measures to ensure the security of the information we collect and store about you. We are committed to protecting your personal data from unauthorised disclosure and/or access including through the use of network and database security measures (though these cannot always guarantee the security of any data which is collected and stored).
12. Children and Parents
The Services are not intended or permitted for use by persons under 13 years of age without the explicit consent of a parent or guardian. Bibliotheca does not knowingly solicit or collect personal information from or about children through the Services except as permitted under applicable law. If your child has submitted personal information and you would like to request that such information be deleted from our records, you may do so contacting Bibliotheca's Cloud Library Business at the address below.
13. Internet based transfers
Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site via third party networks; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
14. For Citizens and Residents in the EEA - Your rights on the information we hold about you
You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
i. Right of Access
You have the right at any time to ask us for a copy of the personal information about you that we hold. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
ii. Right of Correction or Completion
If personal information we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed. You can let us know by contacting us by using any of the methods in the Contact Us section below.
iii. Right of Erasure
In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed, or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.
iv. Right to object to or restrict processing
In certain circumstances, you have the right to object to our processing of your personal information by contacting us. For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your personal information for direct marketing purposes.
v. You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.
vi. Right of Data Portability
In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.
You can ask us to transmit that information to you or directly to a third-party organisation.
The above right exists only in respect of personal information that: you have provided to us previously; and is processed by us using automated means.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third-party organisation's systems. We are also unable to comply with requests that relate to personal information of others without their consent.
You can exercise any of the above rights by contacting us using any of the methods in the Contact Us section below.
Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
vii. Consent
To the extent that we are processing your personal information based on your consent, you have the right to withdraw your consent at any time. You can do this by using the details in the Contact Us section below.
15. Complaints
If you are unhappy about our use of your personal information, you can contact us using the details below:
Email Address: compliance@bibliotheca.com
You have the right to lodge a complaint with a Supervisory Authority in your country or Member State. These can be found here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
16. Contact Us - Further Information on Data Protection and Personal Privacy
If you have any enquiries or if you would like to contact us about our processing of your personal information, including to exercise your rights as outlined above, please contact us by any of the methods below.
When you contact us, you will be required to verify your identity.
For citizens or residents of the EEA you can email us at: compliance@bibliotheca.com with a required Subject of: Cloud Library Privacy Policy or write to us at: Attn: Data Protection Officer,Bibliotheca Cloud Library, Landmark House, Station Road, Cheadle Hulme, Stockport, SK8 6BQ
For other locations you can email us at:cloudsupport@bibliotheca.com with a required Subject of: Cloud Library Privacy Policy or write to us at: Bibliotheca Cloud Library, Attn: Cloud Library Privacy Policy, 403 Hayward Ave North, Oakdale, MN 55128