Privacy Notice Overview

RedShelf highly values and respects your privacy and places significant importance on maintaining the privacy of all users. This Privacy Notice explains what types of data we collect, how we use and share it and what your choices are with respect to that data.

By signing up or using RedShelf’s services, website and software applications, or by accessing any digital content or materials made available through RedShelf, you must agree to RedShelf’s Terms of Use and Privacy Notice. Together, these two agreements form RedShelf’s End User License Agreement (EULA). The following outline is not a legal document and the full RedShelf Privacy Notice should be referenced for additional details.

What information does RedShelf collect?

(Read More in Section 2) 

We collect personal information and other non-public data you provide us when creating an account, making a purchase, using the eReader and visiting the website, among others. We may collect user information such as your user name, email address, date of birth, phone number, mailing address or billing address, among others. We may collect access rights information and user content such as notes, highlights and other digital annotations, among others. We may collect metadata such as browser type, device type, internet protocol address (IP address) and navigation data, among others.

FERPA

For students who receive access to their course materials through their institution, information may include but is not limited to Personally Identifiable Information (PII) as mentioned in the federal Family Educational Rights and Privacy Act (FERPA). This information is oftentimes provided by your institution and will remain confidential and protected.

How will RedShelf use all this information? 

(Read More in Section 3) 

We use the collected information to provide the services you’ve requested, improve our products and services, market our products and take note of your preferences to provide the best user experience possible. Usage cases may include:

  • Authenticating you as an end user and verifying your access rights
  • Preventing and addressing fraud, security, copyright or technical issues
  • Communicating about customer experience issues, account activity or general updates
  • Improving RedShelf products and services  
  • Retargeting redshelf.com visitors with ads based on site behaviors

We will not use any personal information to serve third-party advertisements or marketing on our own website or Platform. We will not sell your personal information to any third-parties.

Will RedShelf share any of your personal information?

(Read More in Section 4) 

We will not sell, disclose or share any personal information with any third-party unless permitted by the terms of the Privacy Notice. Permitted disclosures may include:

  • Requirement by law
  • Exchanges with educational and content service partners when required for integration, accounting or reporting purposes
  • In the event of a merger/sale
  • Sharing de-identified information

How can you retract your consent to this Privacy Notice?

(Read More in Section 1.4 and Section 5)

You can revoke your consent to this Privacy Policy and unsubscribe from the RedShelf Platform at any time by submitting a request form. Once you remove consent, RedShelf will no longer collect your personal data and you’ll no longer have access to RedShelf’s services or content through the RedShelf Platform. Under certain circumstances you can request to have your account anonymized and personal information de-identified by submitting a request form. Anonymization of accounts is permanent and non-reversible.  

What data security does RedShelf have in place? 

(Read More in Section 6) 

We use a combination of physical, managerial and technical safeguards to protect our security and your personal information. However, it’s up to you to maintain the secrecy of your login information and make sure this information is up-to-date at all times. 

What rights do you have as an international user? 

(Read More in Section 8) 

All RedShelf users are subject to this Privacy Notice and all data will be transferred to the United States regardless of your location when accessing our Platform.  

 

RedShelf Privacy Notice 


Last revised: August 30th, 2018

1. What's This?

1.1.  RedShelf’s Privacy Notice - RedShelf highly values and respects its End Users’ privacy and places significant importance in maintaining the privacy of all its End users. This Privacy Policy explains what types of data RedShelf collects and how it is collected, used and shared. By agreeing to RedShelf’s EULA and using the RedShelf Platform, End User expressly agrees to the Privacy Notice, and accepts the privacy policies set forth herein.

REDSHELF INVITES EVERY END USER TO CAREFULLY READ THE FOLLOWING PRIVACY POLICY 

1.2.  Privacy Notice + Terms of Use = EULA - This Privacy Notice is part of RedShelf’s End User License Agreement (EULA), which also encompasses RedShelf’s Terms of Use (available here). This EULA constitutes a legal agreement between End User and RedShelf regarding the use of the RedShelf Platform, including the RedShelf eReader and the digital content (“Content”) that can be accessed through the RedShelf Platform. This Privacy Notice is subject to RedShelf’s Terms of Use. At all times, End User’s use of RedShelf and any personal information provided to or through RedShelf are subject to this Privacy Notice and said Terms of Use

1.3.  Special provisions for Institutional End UsersPersonal information of “Institutional End Users”, including Inclusive Access Students is additionally protected by the Family Education Rights and Privacy Act (“FERPA”). In order to safeguard confidentiality of such personal information, different / additional rules may apply to such Institutional End Users, which will be explicitly addressed where relevant in this Privacy Notice. 

1.4.  Privacy opt-out - At any point in time, End User can decide to revoke his/her consent to this Privacy Notice, by submitting a request form and unsubscribing from the RedShelf Platform. As a result, RedShelf will cease to collect any personal data on said End User. End Users will be warned that they will not be able to enjoy RedShelf’s services or access Content through the RedShelf Platform until they accept RedShelf’s Privacy Notice (as well as RedShelf’s Terms of Use).

2. What information does RedShelf collect?

2.1.  Types of Data - In order to provide End Users with the requested services, RedShelf collects different types of data, including personal information, as well as other non-public data (a). RedShelf also collects information regarding End Users’ Access Rights (b), as well as information based on the use of our services, including User Content (c) and Usage Data and other Metadata (d):

    a. User Information – When signing up for RedShelf, End user is asked to create RedShelf profile, and provide RedShelf with certain personal information necessary to identify them as a unique and legitimate RedShelf user. This minimum User Information encompasses End User’s name, email address, date of birth and an (automatically generated) RedShelf ID number . End user can choose to complete their RedShelf profile with a second email address, phone number, mailing address, billing address, profile picture or avatar, … This category of information is considered to be “User Information”.

    For Inclusive Access-students, such User Information may include but is not limited to Personally Identifiable Information (PII) as mentioned in FERPA. Under FERPA and the regulations promulgated thereunder, students’ Educational records and any Personally Identifiable Information (PII) contained therein, are confidential, and thus protected. 
    RedShelf is an educational service provider considered to be a “School Official” with a “legitimate educational interest” as described in FERPA. In this capacity, RedShelf is allowed access to certain PII (which RedShelf will only use to fulfill its contractual obligations and services). 
    Based on said ‘school official’-label, the school or institution – upon setting up an IA Course with RedShelf – provides RedShelf with certain personal information about its students, like students’ name, email address, and “Student-Course Information” (which is information as to in which school and which course(s) a student is participating in the Inclusive Access Program). This may also include student ID, secondary email address, phone, and mailing address, billing address, financial aid, … to the extent the school chooses to provide that information to RedShelf. 
    RedShelf will only collect such information that is necessary to provide its IA Students with the services and access to digital content they are entitled to. Just like any other End User, Institutional End Users can choose to complete their RedShelf profile with a second email address, phone number, mailing address, billing address, profile picture or avatar, … 
     
    Inclusive Access Students should note that Opt-in or Opt-out is done on the RedShelf Platform, and thus requires acceptance of RedShelf’s EULA. IA students who ignore or decline the EULA are not automatically opted out and may still be charged by their Institution. Student who have concerns about that, may contact RedShelf through this form
    b. Access Rights Information – For each End User, RedShelf needs to keep track of which Content such End User has a right to access, as well as the duration of such right to access. This information is referenced to as “Access Rights Information”.

    c. User Content – The result of an End User’s activity on the RedShelf Platform, including all his/her highlights, notes, flashcards, study guides, comments, bookmarks, questions, assignments, assessments… added to any digital content, is logged and stored by RedShelf as End User’s personal version of such content. The collectivity of all such personal versions of all of End User’s content, together with any content shared with or by other RedShelf End Users, and any feedback from or to other Users, including assessment and reading scores, is considered to be “User Content”.  

    For Institutional End Users, User Content may also include submitted assessments, assessment scores, reading scores, feedback… within a certain IA Course.

    d. Metadata - “Metadata” is system information and user analytics, automatically collected using cookies, IP tracking and other or similar sensors and technologies, … The Metadata collected by RedShelf include:
    • Device information such as hardware model, operating system version, browser type and version user agent;
    • Log information including details of when and how an End User used our services, Internet Protocol address ("IP Address") including geolocation, time zone, failed login attempts, language;
    • Usage information including the content and pages that End Users access on RedShelf, the dates, times and duration that they visit RedShelf and Content, navigation data (usage of features, opening / closing of menus), user actions (searches, dictionary lookups, creation of notes, flashcards, bookmarks, comments, printing, usage of offline mode, …), … . 

    e. Google Analytics – RedShelf uses a third-party tool, Google Analytics, to collect and process general (aggregate) analytics about the use of our website and Platform. This set of analytic data is de-identified (as defined hereafter, in section 2.3), not re-identifiable (only aggregate information on an entire group of users). Please visit policies.google.com/technologies/partner-sites to know more about how Google Analytics collects and processes data, and to learn how to prevent Google Analytics from tracking your browser. Google Analytics also uses cookies (visit developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage for more information on Google’s cookies). RedShelf does not use Google Analytics Advertising Features, or other advertising networks and does not provide website visitors or End Users with interest-based advertising.
    2.2.  No payment information - RedShelf does not store information used to complete and process payment transactions on RedShelf. RedShelf utilizes third-party payment gateway service providers to complete transactions and, therefore, does not store any payment information.
     

    2.3.  De-identified Data - Some of the above data will be de-identified before processing or sharing. De-identified Data has all direct and indirect personal identifiers removed, including name, ID, date of birth, demographic information, location information, and school. RedShelf will not attempt to re-identify any de-identified Data.

    3. How will RedShelf use all this data?

    3.1.  Authorized purposes - RedShelf will only use the collected Data to fulfill the services it has been contracted for, which is to serve its End Users and provide them with access to all the digital content and services they are entitled to. These authorized purposes include: 

      a. Identification / Authentication – RedShelf verifies End Users’ identity upon every login, and to verify each End User’s License to access certain Content.

      b. Security – RedShelf may use the collected Data in order to detect, prevent, or otherwise address fraud, security or technical issues, as well as to enforce this Privacy Notice and/or the RedShelf Terms of Use, including investigation of potential violations thereof.

      c. Copyright protection – RedShelf may use the End Users’ User Information, Access Rights Information and User Content to the extent necessary to comply with the Digital Millennium Copyright Act (DMCA) as a service provider.

      d. Communication – RedShelf may use End User’s contact information for administrative and communication purposes such as notifying End Users of account activity, updates, customer service, addressing possible copyright infringement, or to contact End Users regarding any content that they may have posted to or purchased from RedShelf. 

      e. Improving RedShelf products & services – RedShelf uses (aggregate) Metadata and Google Analytics Data in the analytics section in order to improve its products and services in general:  to assess usage of products and features and build new ones, to improve its User Experience, …; 
      RedShelf may use End User’s User Information, Access Rights Information and User Content (identifiable) Metadata for malware/spam detection, for personalization purposes, as well as to provide End User with help and support faced with any kind of problem they encounter and contact our customer service for.

      f. Learn and Report on study behavior – RedShelf additionally uses Usage Data about IA-students, to research and allow Institutions to analyze student reading and study habits, student performance, …

3.2.  What about Marketing and Advertising? - RedShelf will not use any personal information to serve End Users with third-party advertisements or marketing. Individual End Users may receive emails from RedShelf informing them about new products or services, discounts, contests, events, … RedShelf only uses online behavioral / targeted advertising to deliver interest-based ads to redshelf.com visitors when they visit other websites. 

RedShelf does not direct any advertisement or marketing towards Inclusive Access-Students. Advertising or marketing may be directed to End User’s Institution only if student information is properly de-identified. RedShelf does not apply data mining or data scanning for the purpose of advertising or marketing to IA-Students. 

4. Will RedShelf share any of your personal information?

4.1.  No Disclosure of personal information - RedShelf shall not disclose nor share any personal information with any third-party unless permitted by the terms of this Privacy Notice or its Terms of Use. 

4.2.  Exceptional Disclosures

    a. Required by law – RedShelf may disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws (such as U.S. Copyright law) or respond to a court order, judicial or other government subpoena, or warrant in the manner required by the requesting entity;
    b. Court order or subpoena – In case RedShelf receives a court order or lawfully issued subpoena, RedShelf may re-disclose personal information from education records on behalf of End User’s institution in response to that order or subpoena. Unless said court order or subpoena explicitly precludes it, RedShelf will – prior to any re-disclosure in response to the court order or subpoena – make a reasonable effort to notify impacted End Users so they may seek protective action; 

    c. Protection – RedShelf reserves the right to disclose personal information that RedShelf believes, in good faith, is appropriate or necessary: to take precautions against liability; to protect RedShelf from fraudulent, abusive, or unlawful uses; to investigate and defend ourselves against third-party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of RedShelf’s Platform and systems; or to protect the rights, property, or personal safety of RedShelf, our employees, other Users, or others. 

    d. In the event of a Merger or Sale – In the event that RedShelf is acquired by or merged with a third-party entity, RedShelf reserves the right, in any of these circumstances, to transfer or assign the information that RedShelf has collected from End Users as part of that merger, acquisition, sale, or other change of control. Any such assignment would, along with the data, transfer any and all of RedShelf’s obligations as well as rights regarding data security and privacy protection to the assignee, not affecting and thus safeguarding End Users’ personal information. 
    For Institutional End Users, any such assignment will safeguard the Institution’s control over the use and maintenance of the education records and any PII contained therein. 

4.3.  Sharing of de-identified Data – RedShelf will only transfer de-identified Data to third parties who agree not to attempt any re-identification. 

4.4.  Necessary disclosure of select information – As a rule, RedShelf only shares de-identified information with third parties. In some instances however, in order to render our services and to provide End User with access to the Content, RedShelf needs to share User Information (name, email address and RedShelf ID number) with other parties.  

    a. Disclosures to other School Officials – For Institutional End Users, RedShelf will share certain User Information, Course Information, Usage Data and User Content with relevant administrative and academic staff and faculty within the Institution, which RedShelf may assume to be school officials under FERPA as well.
    b. Disclosures to Content holders – RedShelf needs to share certain User Information, Access Rights Information and Usage Data with Content holders and other educational service providers that are instrumental in the delivery of and reporting on the Content and services to End Users.
    For Institutional End Users, RedShelf may assume these Content holders and other educational service providers to be school officials as well, pursuant to FERPA.
    c. Authorized purposes only – RedShelf will not disclose any personal information for any other purposes (such as commercial, advertising marketing purposes) then to fulfill our obligations towards End User and, if applicable, towards End Users’ Institution) and to the extent authorized by this Privacy Notice, the RedShelf Terms of Use and, if applicable, the contract with RedShelf.

5. How long will RedShelf collect/keep your personal information?

5.1.  Request to anonymize – Under certain circumstances, End User can request that RedShelf anonymizes his/her user account. In order to file a request to anonymize, End User can submit a request form. As a result of such (confirmed) request, RedShelf will de-identify as much personal information as possible, given the restrictions mentioned in section 5.3. After a RedShelf account has been anonymized, RedShelf will have no means whatsoever to retrieve/re-identify any User Information, any Access Rights Information or any Usage Data or any other information linked to such anonymized End User. End User will be warned thereof and asked to confirm his request through email (see section 5.2).

5.2.  Final notice – Prior to proceeding with the anonymization of an End User’s account, RedShelf will notify such End User: (i) to inform End User that the anonymization of his/her account will be permanent and not-reversible; (ii) if applicable, to inform End User that he/she will lose access to any and all Content; (iii) to ask End User to confirm his/her request to de-identify his/her personal information; (iv) to ask the End User for feedback on our services and the reason for anonymizing. RedShelf will notify End User based on the email address RedShelf has on record.  

5.3.  Exceptions/ limitations:

    a. Active access rights - End Users who still have active access rights to certain Digital Content, will irreversibly lose access to such Content upon anonymization, and RedShelf will only proceed with such anonymization (i) after such End User explicitly confirms the Digital Content can be de-activated; and (ii) to the extent that no other limitations preclude anonymization (see this Section 5.3); 
    b. Accessed content less than 2 years ago – In case End User has accessed any Digital Content in the 2 years prior to the anonymization request, User cannot be de-identified;
    c. Transaction data – Certain User information contained in transaction data cannot be removed from RedShelf’s records for tax, audit and liability purposes, and will therefore survive any un-subscription or request for anonymization;
    d. Inclusive Access – For Institutional End Users, the Institution through which an End User was provided access to Content on the RedShelf Platform, has authority over their students’ personal data. Therefore, RedShelf cannot independently anonymize information of Institutional End User linked to an Institution’s Inclusive Access Program and the following restrictions apply:
    i.   Individual request from End User – Institutional End Users cannot request to have their account anonymized directly by RedShelf, but are advised to contact their Institution’s administration, who will then coordinate with RedShelf over any such request. In any case, RedShelf can only anonymize user accounts to the extent described in section 5.3. a. through c.
    ii.  Students with Continued access – In the event the Institutional End User graduates, or for any other reason is no longer enrolled in or linked to the Institution, but still has active access rights to certain content, such Institutional End User will have Continued Access. RedShelf will keep the personal information unless and until such End User requests and confirms that RedShelf anonymize his/her account, pursuant to sections 5.1 through 5.3.
    iii.   Institution’s request to anonymize – In the event an Institution directs RedShelf to de-identify certain or all Personally Identifiable Information relating to its students, RedShelf will only do so to the extent described in section 5.3. a. through c.

6. Data Security

6.1.  RedShelf’s Security measures – RedShelf uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of RedShelf’s systems and End Users’ personal information. These measures can only be effective to the extent End User applies equally reasonable precautionary measures. 

    a. Identification – RedShelf verifies End User’s identity (through double authentication) before granting account access to his/her account and Content, or before making corrections to End User’s User Information or User Content.  However, END USER IS RESPONSIBLE FOR MAINTAINING THE SECRECY OF HIS/HER LOGIN INFORMATION AT ALL TIMES.
    b. Security Incidents – If RedShelf learns of a security systems breach, RedShelf will electronically notify both the relevant authorities (security breach agencies) as well as impacted End Users so that they can take appropriate protective steps. REDSHELF THEREFORE INSISTS END USER TO KEEP HIS/HER USER INFORMATION UP TO DATE AT ALL TIMES. RedShelf may post a notice on redshelf.com if a security breach occurs.

6.2.  No warranty – RedShelf cannot, however, ensure or warrant the security of any information End User transmits to RedShelf, and End User does so at his/her own risk. Once RedShelf receives End User’s transmission of information, RedShelf makes commercially reasonable efforts to ensure the security of our systems. However, please note that RedShelf does not guarantee that such information will not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. No data transmission over the Internet or information storage technology can be guaranteed to be 100% secure. SECURITY MECHANISMS IN THE SERVICES HAVE INHERENT LIMITATIONS.

7. RedShelf's commitment to Children's Privacy

7.1.  Children’s Privacy Protection – Protecting the privacy of young children is especially important. For that reason, RedShelf does not knowingly collect or maintain personal information from persons under 13 years-of-age.  

    a. If RedShelf learns that personally-identifiable information of persons less than 13-years-of-age has been collected on or through RedShelf, then RedShelf will take the appropriate steps to delete this information.
    b. RedShelf invites the parent or legal guardian of a child under 13 who has become a RedShelf End User, to submit a request form to have that child’s account terminated and information deleted.

7.2.  Monitoring tools for parents - The following are some resources that may help parents and legal guardians in monitoring and limiting your children’s access to certain types of material on the internet. While RedShelf does not endorse these products, RedShelf provides information about them as a public service to our community.

  • "OnGuard Online," maintained by the Federal Trade Commission.
  • WiredSafety
  • Netsmartz.org
  • The Child Safety Network
  • Control Kids
  • Cyber Sitter
  • Net Nanny

8. International visitors

For users visiting RedShelf from non-U.S. Territories, please note that any data that passes through RedShelf will be transferred outside such non-U.S. Territory for use by RedShelf and its affiliates for any of the purposes outlined in this Privacy Notice. By providing data to RedShelf, End User hereby expressly consents so such transfers of data to the United States or other countries. 

9. Changes and update to this privacy notice

This Privacy Notice may be revised periodically, which will be reflected by an updated “last modified” date mentioned at the top of this document. End User will be notified of any updates to this Privacy Notice and will be asked to re-accept them. 

For Institutional End Users, RedShelf will not change what Data is collected, or how Data is used or shared under the terms of this Privacy Notice without notice to End Users’ Institution.

10. RedShelf Contact Information

RedShelf is committed to addressing and resolving any complaints about End User privacy and RedShelf’s collection or use of End Users’ personal information. For all questions, inquiries or complaints regarding this Privacy Notice or RedShelf’s privacy practices, please first contact RedShelf at: RedShelf, Inc., 500 N Dearborn St. Suite 1200, Chicago, IL 60654, or by submitting a request form. RedShelf will respond to your inquiry within 30 days of its receipt.

END USER ACKNOWLEDGES TO HAVE READ AND UNDERSTOOD THIS PRIVACY NOTICE, AND TO  AGREE TO REDSHELF’S PRIVACY PRACTICES HEREIN.