Nearly half of all colleges, thousands of publishers, and countless businesses have entrusted RedShelf to safely and securely power their digital publishing initiatives. We take that responsibility seriously, employing multi-faceted, rigorous strategies to help protect their information.
Our Commitment to Privacy & Security
We respect and protect our users’ data by employing a range of strategies, including:
-
Retaining an in-house privacy and security team dedicated to protecting our users’ privacy and securing our platform.
-
Implementing privacy and security measurements throughout the software development lifecycle.
-
Collecting the minimum amount of personal information required to deliver our services to users and our business partners.
-
Implementing a multi-layered defense to assist with platform protection and security.
-
Conducting third-party testing and vulnerability scans to identify potential security risks.
If you have any questions or concerns regarding how RedShelf collects and protects user privacy or implements platform security, please reach out to us at privacy@redshelf.com.
We are committed to achieving and implementing the following benchmarks and industry standards:
-
We are committed to compliance with the Family Educational Rights and Privacy Act (FERPA) when institutions provide Personally Identifiable Information (PII) to us for legitimate and necessary educational purposes.
-
We are committed to compliance with applicable privacy laws such as the California Consumer Privacy Act (CCPA).
-
We utilize the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) as a guiding principle.
-
We require our third-party processing partner to adhere to the Payment Card Industry Data Security Standards (PCI-DSS) to ensure we do not receive or store payment information.
-
We regularly update our Higher Education Community Vendor Assessment Tool (HECVAT) to mature cybersecurity standards within the higher education industry.
-
We partner with third-party organizations such as Qualys Scan, and White Hat Hackers to conduct third-party penetration testing and vulnerability scans of our environment.
-
We reside in Amazon Web Services (AWS) and Google Cloud Platform (GCP), both of which are SOC 2 Type 2 certified, meaning they promise to securely manage our data to protect the interest of RedShelf and the privacy of our users.
RedShelf Privacy Notice
Effective Date: January 1, 2023
In this Privacy Policy, we describe how RedShelf, Inc. (“RedShelf,” “we,” “us,” or “our”) collects, uses, and discloses your information. It also describes the rights and choices you have regarding our use of your information.
This Privacy Policy applies to the information that we collect and process about individual users (“End Users”) of (i) the RedShelf platform and services, including the RedShelf eReader (including mobile applications) and RedShelf Classroom (collectively, the “Platform” or ”RedShelf Platform”), (ii) all digital content accessible through the RedShelf Platform (“Digital Content”) and (iii) visitors (“Site Visitors”) to RedShelf.com (“RedShelf.com”) and all associated websites, including all websites that RedShelf hosts and manages for certain of its customers (the “White Label Sites”) to the extent such sites link to this Privacy Policy (collectively, “Sites”), as well as information provided when you interact with RedShelf, such as by emailing us or chatting with us (the Platform, Digital Content, and Sites are collectively, the “Services”). Your use of the Services is also subject to our Terms of Use. This Privacy Policy does not apply to electronic readers or other platforms or websites that do not link to this Policy. For example, this Policy does not apply to End Users who purchased their digital content specifically from Follett or a Follett-affiliated bookstore or institution. Follett is the data controller in that instance, and as such, users are covered under Follett’s privacy policy and associated terms of use in the first instance and should direct all privacy related questions to Follett.
RedShelf acts as a data controller for the information we process, with the exception of information processed solely pursuant to the instruction of your institution (“Institution”), business organization, or another controller, in which case we act as a data processor. RedShelf is headquartered in the United States. Our contact information is listed below in the “Contact Information” section.
PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR INFORMATION. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES.
This Privacy Policy contains the following sections:
-
INFORMATION WE COLLECT
We obtain a variety of information from and about you as you use the Services. Please note that if you choose not to provide us with certain information, or ask us to delete it, you may no longer be able to access or use the Services, including but not limited to the RedShelf eReader and RedShelf Classroom.
The type of information we collect and how we use and share it depends on how you use the Services.
-
RedShelf Site Visitors browse the Sites (including RedShelf.com) and may contact us via email or otherwise.
-
End Users use the RedShelf Platform and/or make purchases through the Sites. There are three categories of End Users of the Services—Individual End Users, Institutional End Users and Enterprise End Users:
-
“Individual End Users” are End Users who acquire access to the Services and /or the Digital Content directly from RedShelf, either (i) on the RedShelf Site; (ii) through an Institution’s bookstore (including their websites); or (iii) through a White Label Site customized for their Institution. Individual End Users also include (iv) organizational staff such as bookstore managers, course administrators, publisher representatives who access the Services and (v) customers who purchase physical items from or via RedShelf.
-
“Institutional End Users” are End Users who acquire access to Digital Content and/or Services through their educational institution ("Institution") and its Inclusive Access (IA) program. Institutional End Users may be students (“IA-Students”) as well as teachers, faculty and professors, instructors, staff, assistants, and lecturers (“Faculty”) within the Institution. “Inclusive Access” or “IA” is a program offered by an Institution, whereby students receive their required course materials digitally on or before the first day of class for their course (“IA Courses”), with the cost of such course materials being charged by the Institution to the IA-Student via a course fee or as part of their tuition.
-
“Enterprise End Users” are End Users who acquire access to Digital Content on the Services through their employer or another corporate business partner (“Enterprise”) who is partnering with RedShelf to offer certain RedShelf Services to its customers, employees or members.
If you are an Institutional End User or an Enterprise End User, your Institution or Enterprise, as applicable, is the data controller of the information collected through the Services about you. In such case, that entity may provide or remove access to the Services, manage permissions and settings, determine data retention periods, and export certain data. You should contact your Institution or Enterprise, as applicable, with questions about settings or its privacy practices. Inclusive Access Students will continue to have access to their Digital Content for the duration of their purchase. If you graduate or are no longer enrolled in the Institution through which you received Institutional access or your Institution terminates its agreement with us, you will have continued access on the RedShelf website (www.redshelf.com) using your previous institutional email address and you will continue as an Individual End User.
RedShelf is the data controller of Individual End User information, information collected through the Sites about Site visitors, and information about its customers.
Information Provided Directly by or About End Users
We collect information by and about End Users when End Users:
-
Register for an account or have an account created for them;
-
Use any of the Services;
-
Communicate with us (including through forms on our Sites and by mail, email or chat);
-
Participate in surveys; and
-
Request customer support or technical assistance from us.
This information generally includes the following:
-
End User Information:
-
Registration Information:
-
To register and be verified, End Users must provide their name, an email address, and a RedShelf ID number will be automatically generated.
-
Institutions may provide registration information about Institutional End Users including name, email address, and “Student-Course Information” (information about the Institution and course(s) in which a student is participating in the Inclusive Access Program).
-
Enterprises may provide registration information about Enterprise End Users including name and email address.
-
-
Additional Profile Information:
-
All End Users can choose to complete their RedShelf profile with additional optional information, including a second email address, phone number, mailing address, billing address, profile picture or avatar. Institutions may also choose to provide certain additional information about Institutional End Users including student ID, secondary email address, phone number, and mailing address, billing address, and financial aid information.
Note: For IA-Students, End User Information may include, but is not limited to “Personally Identifiable Information” as defined by FERPA.
-
-
Information from Publisher Partners: RedShelf partners with numerous third-party publishers (“Publisher Partners”) to distribute their Digital Content to End Users and Institutions (and we may get the following type of information from these publishing partners: transactional information, student name, email, and certain school records (e.g., student ID, course selections).
-
Transactional information: information about the Digital Content purchased by you or on your behalf. Please note our third-party payment processor collects and processes billing and payment information you provide us. RedShelf does not directly collect or store any payment card information you may provide at the time of purchase through any of the Sites.
-
Access Rights Information: information about the Digital Content each End User has a right to access, as well as the duration of such right to access.
-
For Institutional End Users, either the IA-Student or the Institution may provide RedShelf with opt-out information from an IA Course, which will determine access rights to certain Digital Content for IA Students in their relevant Institution IA program.
-
-
User Content: End User activity (including activity of Faculty) on the Platform, including through Classroom, or the RedShelf eReader, such as highlights, notes, flashcards, study guides, comments, bookmarks, questions, assigned and submitted assignments, assigned and submitted assessments, Faculty feedback and any assignment, assessment and reading scores.
-
Survey information: information you provide if you participate in a survey with us.
-
Inquiries and feedback: comments, feedback, suggestions and questions you submit through customer service or other interactions with us, including via the RedShelf Platform.
Information Provided Directly by All Other Visitors or Users
We collect information from you when you use visit the Sites or communicate with us. This information generally includes the following types:
-
Contact Information When You Communicate with Us: such as name, email and/or phone number.
-
Survey information: information you provide if you participate in a survey with us.
-
Inquiries and feedback: comments, feedback, suggestions and questions you submit through customer service or other interactions with us.
Automatically Collected Information:
When Site Visitors, End Users, or others use our Services, we collect certain information automatically. We and our service providers (which are companies that work on our behalf) may use a variety of technologies, including cookies and similar tools, to assist in collecting this information. You can learn more about our use of cookies and similar tools in the “Cookies and Similar Technologies” section below.
Automatically collected information may include:
-
Device information and related identifiers: When you use our Services, we and our service providers collect and analyze information such as your IP address, browser characteristics, number of devices, device IDs, usage characteristics, systems, mobile device’s service provider, platform type, advertising identifiers, operating system, and the state and/or country from which you accessed the Services.
-
Usage information: When you use our Services, we and our service providers collect and analyze information about your usage activity such as referring and exit pages and URLs, Digital Content viewed, navigation data (usage of features, opening / closing of menus), user actions (e.g., searches, dictionary lookups, creation of notes, flashcards, bookmarks, comments, printing, pasting and usage of offline mode), the number of clicks, pages viewed and the order of those pages, time in reader, the amount of time spent on particular pages, the date and time you use the Services and upload or post content, error logs, language preferences, and other similar information.
-
Location Information: When you use the Services, we and our service providers collect general location information (i.e., city and state) from your computer or mobile device based on its IP address.
Information from Other Sources
As described above, we may receive certain End User information from Institutions, Enterprises, publishing partners, and our service providers.
2. HOW WE USE YOUR INFORMATION
We and our service providers use the information described above to accomplish the following business and operational purposes:
-
Administer user accounts, including to process account registration, authenticate users, and verify and provide access to Digital Content and use of our various Services;
-
Provide and personalize the Services;
-
Improve the Services we offer our customers and develop new features, functionality and services for our customers;
-
Assess usage of products and features and build new ones and improve user experiences;
-
Engage in transactions with you, including contacting you about your account, billing you for the Services, and processing payments;
-
Provide you with updates and information about your use of the Services and provide information to End Users, customers or Site Visitors about products or services, discounts, deals or events that may be of interest to you;
-
Respond to requests for information and provide support and customer service;
-
Learn and report on End User study behaviors and activities, improve End User experience and educational outcomes and allow Institutions and Faculty to view, use and/or analyze student reading and study habits and behaviors and student performance;
-
Comply with laws, regulations, and other legal process (such as a subpoena or warrant), including complying with the Digital Millennium Copyright Act (DMCA);
-
Establish, exercise, or defend our legal rights; and
-
Detect, prevent, or otherwise address fraud, security or technical issues, as well as to enforce this Privacy Policy and/or the RedShelf Terms of Use, including investigation of potential violations thereof and to take steps reasonably believed to be necessary to protect the safety, security, property and rights of RedShelf, its employees, publishing partners, service providers, and others.
We may also aggregate, de-identify, and/or anonymize any information collected through the Services in such a way that we cannot reasonably link information to you or your device. We may use such aggregated, de-identified, or anonymous information for any purpose, including without limitation for research and marketing purposes or to deliver insights to our customer and relevant faculty at Institutions using our Services. We will not attempt to re-identify such information.
3. HOW WE DISCLOSE YOUR INFORMATION
We and our service providers will disclose the information collected from and about you for the following business and operational purposes:
-
To Provide the Services: In certain cases, RedShelf must disclose User Information with others such as Digital Content providers, Institutions and their Faculty in order to provide the Services, including:
-
Digital Content Publishing Partners & Service Partners – RedShelf discloses certain User Information, Access Rights Information and Usage Data with Digital Content Publishing Partners and in certain circumstances, service providers, to enable delivery of Digital Content, manage refunds, fraud detection, enable access to Digital Content through IA programs and other sales channels, enable removal of access rights to Digital Content for IA-Students who opt-out of IA Courses and reporting regarding the Digital Content and services provided to such End Users. For Institutional End Users, RedShelf understands such Digital Content holders and other educational service providers are “school officials” under FERPA.
-
Your Institution & Related School Officials & Faculty – RedShelf discloses certain User Information, Course Information, Usage Data and User Content about End Users, such as Digital Content usage and answers to assessments, with relevant administrative and/or academic staff and Faculty within the Institution, as well as the Institution’s bookstore and staff, which RedShelf understands are school officials under FERPA. We may also disclose information with your Institution’s selected learning management service provider to enable access to Digital Content. For RedShelf Classroom, this includes the disclosure of your Usage Data and performance data within Classroom and the eReader with your Faculty using Classroom.
-
-
Service Providers: We may provide access to or disclose your information with select service providers who perform services on our behalf, such as payment processing, identity verification, product content and features, analytics, customer service, data storage, security, fraud prevention, and legal services.
-
Protection of RedShelf and Others & Legal Compliance: We may disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such disclosure is reasonably necessary to: (i) comply with law or legal process (e.g., a subpoena or court order); (ii) enforce our Terms of Use, this Privacy Policy, or other contracts with you, including the investigation of potential violations thereof and to take precautions against liability or investigate or defend ourselves against third-party claims or allegations; (iii) respond to your requests for customer service; and/or (iv) protect the rights, property, intellectual property, security, or personal safety of RedShelf, its agents, its partners (including our publishing partners), its users, and/or the public. This includes exchanging information with other companies and organizations for fraud protection, spam/malware prevention, and similar purposes.
-
Business Transfers: We may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions), user information may be among the transferred assets. If a portion or all of our assets are ever sold or transferred, user information would likely be one of the transferred business assets.
-
Your Consent: If you have consented to our disclosing of your information for other purposes not listed above, we will also disclose your information consistent with your consent.
-
At the Direction of Your Institution or Business Organization: For Institutional End Users or Business End Users, we disclose information as directed by any applicable Institution or business organization with whom we partner or provide Services to.
We may disclose anonymized or de-identified information with others for any purpose. We do not sell or share personal information for cross-context behavioral advertising.
4. COOKIES AND SIMILAR TECHNOLOGIES
To collect the information in the “Automatically Collected Information” section above, we and our service providers use web server logs, cookies, tags, tracking pixels, and other similar tracking technologies (“Cookies”).
-
A web server log is a file where website activity is stored.
-
A cookie is a small text file that is placed on your computer or mobile device when you visit a website, and it enables us to: (i) recognize your computer; (ii) store your preferences and settings; (iii) understand the web pages of the Services you have visited; (iv) enhance your user experience by delivering and measuring the effectiveness of content tailored to your interests; (v) perform searches and analytics; and (vi) assist with security and administrative functions.
-
Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads, and/or email that are designed to: (i) collect usage information like ad impressions or clicks and email open rates; (ii) measure popularity of the Services and associated advertising; and (iii) access user cookies.
Cookies are typically classified as either “session cookies,” which do not stay on your device after you close your browser or “persistent cookies,” which will usually remain on your device until you delete them or they expire. Sometimes cookies are placed by us (“First-Party Cookies”) and sometimes they are placed by others (“Third-Party Cookies”). Different cookies are used to perform different functions on our Services:
-
Essential Cookies: Some cookies are essential to the Services and enable you to use the features of the Services and access secure areas of the Services. Without these cookies, we cannot enable appropriate content based on the type of device you are using (for example, essential cookies store user log-in information so that you don’t have to re-enter it for each page you visit on our website).
-
Functional Cookies: These cookies allow us to remember choices you make on our Services (such as your preferred language or the region you are in).
-
Personalization Cookies: We also use cookies to change the way our Services behave or look in order to personalize your experience from information we infer from your behavior on our Services or information we may already know about you because, for example, you are a registered user. These cookies may be used to tailor the Services or the content, look, and feel delivered to you on subsequent sessions to our Services. For example, if you personalize webpages, or use specific parts of the Services, a cookie helps our webpage server recall your specific information.
-
Analytics Cookies: We use our own cookies and/or others’ cookies to see how you use our Services in order to enhance their performance and develop them according to the preferences of our customers and visitors. For example, cookies may be used to: maintain a consistent look and feel across our Services, track and provide trend analysis on how our users interact with our Services, track errors, and measure the effectiveness of our content.
There are a number of ways you can manage what cookies are set on your devices. If you do not allow certain cookies to be installed, the Services may not be accessible to you and/or the performance or features of the Services may be compromised. See “Online Analytics ” below for more information.
5. ONLINE ANALYTICS
Analytics
We may use web analytics services (such as those of Google Analytics) on our Services to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.
Usage information of our Services is collected to compile statistical data in order to develop new and improved Services and marketing, identify popular features, and to provide you content that is of interest to you.
Notice Concerning Do Not Track.
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website for third-party purposes, which is why we describe a variety of opt-out mechanisms above. However, we do not currently recognize or respond to browser-initiated DNT signals. Learn more about Do Not Track.
6. THIRD-PARTY LINKS AND FEATURES
The Services may contain links to other websites and plug-ins (e.g., Facebook, Instagram, and Twitter). If you choose to use these websites, plug-ins, or services, you may disclose your information not just to those third parties, but also to their users and the public more generally depending on how their services function. If you choose to use these services, we are not responsible for the content or practices of such websites, plug-ins, or services, and their collection, use, and disclosure of your information will be subject to their privacy policies, and not this Privacy Policy. We urge you to read the privacy and security policies of these third parties.
7. RIGHTS & CHOICES REGARDING YOUR INFORMATION
Marketing Communications
If you are a Site Visitor, customer or End User we may send you marketing communications in your jurisdiction (based on our relationship with you, your consent, your Institution, or applicable law). You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions and special events that might appeal to your interests by contacting us using the information below.
You can opt-out of commercial messages by following the instructions located at the bottom of commercial email messages. Removing your name from the email list may take a reasonable amount of time. Please note that, regardless of your request, we may still use and share certain information as permitted by this Privacy Policy or as required by applicable law. For example, you may not opt-out of certain operational emails, such as those reflecting our relationship or transactions with you.
Privacy Rights
Residents of certain jurisdictions (such as the European Union, Canada, California, Colorado and Connecticut or Virginia) may permit you to exercise certain rights with respect to the information we collect from and about you.
Specifically, depending on your residency, you may request that we:
-
Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we share/disclose personal information. This information is also set forth in this Privacy Policy.
-
Provide access to and/or a copy of certain personal information that we hold about you.
-
Delete certain personal information that we hold about you.
-
Prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling) and uses of information for secondary purposes.
-
Restrict the way that we process certain of your information.
-
Transfer your information to a third-party provider of services in some instances.
-
Revoke your consent for the processing of your information, where applicable.
In addition, California residents have the right to request that we provide you with information about the financial incentives that we offer to you, if any exists, and the CCPA further provides California residents with the right not to be discriminated against (as provided in applicable law) for exercising your rights.
Certain information may be exempt from such requests under law. For example, we may retain certain information for legal compliance and to secure our Services and to maintain opt-outs for Inclusive Access programs. We may need certain information in order to provide the Services to you; if you ask us to delete it, you may no longer be able to use the Services or access any of the Digital Content you had previously acquired or had access to through our Services.
We will take reasonable steps to verify your identity and for deletion, confirm your request, before responding to a request. In doing so, we may request information from you so that we can match the data you provide to us with the data we maintain to confirm your identity.
If you would like further information regarding your legal rights under law or would like to exercise any of these rights, or if you are an authorized agent making a request on a user’s behalf for residents of California, please contact us at Privacy@RedShelf.com and include “Consumer Data Rights Request” in the subject, or submit your request here. Please provide sufficient information to allow us to reasonably verify you are the person about whom we collected personal information or an authorized representative and please describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Residents of certain states may appeal the denial of a request here: Privacy@RedShelf.com. We will respond within the legally required time period, including a written explanation of the results of your appeal.
Please note: If you are an Enterprise End User or a Follett End User, you should contact your administrator(s) from your Enterprise or Follett to exercise any data subject rights you have under applicable local laws. RedShelf will work with Follett or the administrator for your Enterprise for requests it conveys to us.
Account Deletion
Individual and Institutional End Users can request that RedShelf delete their account and anonymize certain User Information, Access Rights Information and User Content by submitting this form.
End Users:
-
Following a verified and confirmed request (through the email we have on file for you), RedShelf will delete or de-identify as much personal information as possible, except as provided below.
-
If you choose to delete your RedShelf account, we will be unable to retrieve/re-identify any User Information, any Access Rights Information or any Usage Data or any other information linked to the End User. You will lose access to any and all Digital Content for which you have active access rights associated with your account. In addition, for Inclusive Access students your information may be pulled back in to RedShelf in the future if your Institution resubmits your information for other courses.
-
RedShelf will not delete or de-identify certain transactional data that may contain User Information that RedShelf must maintain for tax, audit, liability or other legally required purposes.
-
Even if you request that we delete your account, your Institution and Faculty may still have their own copy of certain of your User Content, such as assessments, scores or Usage Information, such as time spent reading assigned text.
Enterprise End Users:
-
Your Enterprise controls your account and must make any deletion requests.
-
Contact your Enterprise to request deletion and RedShelf will work with the administrator for the Enterprise with respect to any such request the Enterprise conveys to us.
-
As described above, End Users with deleted accounts will lose access to any and all Digital Content for which you have active access rights associated with your account.
-
RedShelf will not delete or de-identify certain transactional data that may contain User Information that RedShelf must maintain for tax, audit, liability or other legally required purposes.
-
Even if we delete your account, your Enterprise may still have their own copy of certain of your User Content, such as assessments, or Usage Information, such as time spent reading assigned text.
8. Additional Information for Residents of Certain Jurisdictions
Your local laws may entitle you to additional information or permit you to exercise certain rights with respect to the information we collect from and about you.
California Residents
Additional Information
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and disclose your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).
Throughout our Privacy Policy, we discuss in detail the personal information we collect, the categories of sources from which we collect such information, our business or commercial purposes for collecting such information, the categories of information we disclose to others, and the categories of third parties to whom we disclose such information. See “Information We Collect” for more details.
The following are the “categories” of personal information under the CCPA that we collect from you, an applicable Institution or business organization, a publishing partner from which you buy Digital Content, or from your activity on the RedShelf Platform or your usage of any of the Services, and that we may, as discussed throughout this Policy, use and disclose for our business purposes:
-
Identifiers (such as name, address, email address, RedShelf ID numbers);
-
Commercial information (such as transaction data regarding your purchases);
-
Device identifiers (such as IP address and unique device identifiers);
-
Education information from and about Institutional End Users (such as school attended, courses, course materials, certain quiz/question results and usage activity in the Services);
-
Education Records (such as class lists, schedules, student ID numbers, and financial aid information);
-
Internet or other network or device activity (such as browsing history or Platform usage (such as your notes and highlights in the Services));
-
Any user-generated content or feedback provided by visitors or End Users;
-
Physical characteristics or description (e.g., if you voluntarily submit a profile photo); and other information that identifies or can be reasonably associated with an End User.
To the extent we process sensitive personal information, we do so in accordance with applicable legal requirements.
How we use and disclose these categories of personal information
We use the categories of personal information we collect from and about Users consistent with the various business purposes we discuss throughout this Policy. See “How we Use Your Information” for more details. These purposes include to: Administer user accounts, including to process account registration, authenticate users, and verify and provide access to Digital Content and use of our various Services.
-
Provide and personalize the Services;
-
Improve the Services we offer our customers and develop new features, functionality and services for our customers;
-
Assess usage of products and features and build new ones and improve user experiences;
-
Engage in transactions with you, including contacting you about your account, billing you for the Services, and processing payments;
-
Provide you with updates and information about your use of the Services and provide information to End Users, customers or Site Visitors about products or services, discounts, deals or events that may be of interest to you;
-
Respond to requests for information and provide support and customer service;
-
Learn and report on study behavior about Inclusive Access Students to research and allow Institutions and Faculty to view, use and analyze student reading and study habits, and student performance;
-
Advertise RedShelf on other websites or services based on Site Visitor information;
-
Comply with laws, regulations, and other legal process (such as a subpoena or warrant), including complying with the Digital Millennium Copyright Act (DMCA);
-
Establish, exercise, or defend our legal rights; and
-
Detect, prevent, or otherwise address fraud, security or technical issues, as well as to enforce this Privacy Policy and/or the RedShelf Terms of Use, including investigation of potential violations thereof and to take steps reasonably believed to be necessary to protect the safety, security, and rights of RedShelf, its employees, service providers, and others.
We do not sell or share personal information for cross-context behavioral advertising.
We keep your information for the time necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.
In determining how long to retain information, we take into account the nature and sensitivity of the information, our purposes for processing the information, applicable legal requirements, and our legitimate interests. The purposes for which we process information (as well as the other factors listed above) may dictate different retention periods for the same types of information. For example, if you opt out of email marketing, we maintain your email on our suppression list for an extended time to comply with your request.
We may delete or de-identify your information sooner if we receive a verifiable deletion request, subject to exemptions under applicable law.
California’s “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties, as defined under applicable law, for their direct marketing purposes. We do not share your personal information with third-parties for their own direct marketing purposes.
European Union Economic Area, Canadian & Brazilian Residents
Legal Bases for Use of Your Information
Some countries require that companies only process your “Personal Data” (as that term is defined in the applicable law like the EU General Data Protection Regulation) if they have a “legal basis” (or justifiable need) for processing your Personal Data. To the extent those laws apply, our legal bases for processing Personal Data are as follows:
-
To perform our obligations pursuant to a contract (or pending contract) with you, an Institution or a business organization. For example, we will process your Personal Data to comply with our Terms of Use, and to honor our commitments in any contracts that we have with you, your Institution or your business organization.
-
For our legitimate interests or the legitimate interests of others. For example, we will process your Personal Data to: operate our business and our Services; identify and fix any issues with our Services; secure the Services; learn more about how our customers use the Services; perform internal analytics; improve the Services and users’ experiences; provide you with certain information about new products, special offers or other information that we think you may find interesting in accordance with applicable law; make and receive payments; comply with legal requirements and defend our legal rights; prevent fraud; engage in a business change (e.g., sale, merger); and to know the customer to whom we are providing Services.
-
To comply with our legal obligations.
-
With your consent.
Privacy Rights
If you are a citizen of the European Economic Area (“EEA”), the United Kingdom, Switzerland, Canada or Brazil, you may make requests as outlined in Privacy Rights above.
If applicable, you may make a complaint to the data protection supervisory authority in the country where you are based. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.
Data Transfers
RedShelf currently stores or may transfer personal data to countries other than your country of residence, including the United States, and may subcontract the processing of your data to, or otherwise disclose your data with trusted service providers, and trusted business partners in countries other than your country of residence, including the United States, in accordance with applicable law. By providing us with your information, you acknowledge any such transfer, storage, or use and further that the protection of such information may be different then the laws in the jurisdiction in which you live which may include access rights by law enforcement and governmental authorities.
If you live in the EEA, the United Kingdom or Canada, please note that, if we provide any information about you to third-party information processors, we will take appropriate measures to ensure that such companies protect your information adequately in accordance with this Privacy Policy. These measures may include signing Standard Contractual Clauses in accordance with EU and other data protection laws to govern the transfers of such data. For more information about these transfer mechanisms, please contact us as detailed in the “Contact Information” section below.
Retention of Information
We keep your information for the time necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.
In determining how long to retain information, we take into account the nature and sensitivity of the information, our purposes for processing the information, applicable legal requirements, and our legitimate interests. The purposes for which we process information (as well as the other factors listed above) may dictate different retention periods for the same types of information. For example, we may retain your email address as an authentication credential (where applicable) as long as you have an active account with us and an additional period of time after that for our legitimate interests and for our fraud and legal compliance purposes.
We may delete or de-identify your information sooner if we receive a verifiable deletion request, subject to exemptions under applicable law, or when it is no longer needed to fulfill these purposes unless a longer retention period is required to comply with applicable laws.
9. CHILDREN’S PRIVACY
The Services are not for children under the age of 13. We do not knowingly collect, maintain, or use personal information (as defined by the United States Children’s Online Privacy Protection Act) from such persons. If you believe that we might have any such information from a child, please contact us as described at the end of this Privacy Policy. If we discover that personally identifiable information of a child has been submitted without legally valid parental consent, we will take reasonable steps to delete it as soon as possible.
10. HOW WE PROTECT YOUR INFORMATION
We take measures, including the implementation of physical, technical, and managerial safeguards, to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access. However, no method of transmission over the internet, and no means of electronic or physical storage, is absolutely secure. By using our Services, you acknowledge and accept that we cannot guarantee the security of your information transmitted to, through, or on our Services and that any such transmission is at your own risk. You are responsible for keeping your account information—and especially your login information—confidential. We ask you not to share your login credentials with anyone and recommend you use a complex and unique password. We also ask you to consider using two-factor authentication, which we offer many of our End Users as a more secure way to authenticate and protect your user credentials.
11. CHANGES TO OUR PRIVACY POLICY
We reserve the right to amend this Privacy Policy at any time. We will make the revised Privacy Policy accessible through the Services, so you should review the Privacy Policy periodically. You can know if the Privacy Policy has changed since the last time you reviewed it by checking the “Effective Date” at the beginning of this Privacy Policy. If we make a material change to this Privacy Policy, we will provide you with notice in accordance with legal requirements. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Privacy Policy.
12. HOW TO CONTACT US
For all questions, inquiries or complaints regarding this Privacy Policy or RedShelf’s privacy practices, please first contact RedShelf at: RedShelf, Inc., 500 N Dearborn St. Suite 1200, Chicago, IL 60654, or email us at privacy@redshelf.com.