Last Revised on April 10, 2023
“You” and “your” means you as the user of the Site or DRB Service, as the case may be, and you may also be referred to herein as a “User”.
This is because under applicable data protection law, we are deemed to be the “data controller” for Visitors’ data, and a “data processor” for Authorized Persons’ data. For Visitors located in the European Union (EU) or the United Kingdom (UK), the legal basis of DirectBooks’ processing of the foregoing information is further described in Section 11 below. For Authorized Persons located in the EU or UK, your Company is the data controller with respect to the processing of your data.
Our primary goals in collecting and using information are to provide and improve our Services, to administer your use of the Services, to respond to your comments and questions, to use your email address or other contact information to send you information related to the Services and to enable you to enjoy and easily navigate our Services. DirectBooks has implemented and will maintain reasonable security controls to protect the confidentiality, integrity and availability of the Personal Data that DirectBooks processes.
1. TYPES OF INFORMATION WE COLLECT
We may collect or process the following categories of information from you (“Information”), which includes:
Data, information, or a combination of data and information, which relates to an identified or identifiable individual, such as the individual’s name, email address, employer name and position (“Personal Data”);
Other information you provide to us when you access or use the Site, for example, when you provide information to the Site or communicate with us by email;
Information collected automatically by our servers that records certain information about how a User uses our Site (“Log Data”). Log Data may include information such as a User’s Internet Protocol (IP) address, browser type, operating system, the web page that a User was visiting before accessing our Site, the pages or features of our Site to which a User browsed and the time spent on those pages or features, search terms, the links on our Site that a User clicked on and other statistics. We use Log Data to administer the Site and we analyze (and may engage third parties to analyze) Log Data to improve, customize and enhance our Site by expanding their features and functionality and tailoring them to our Users’ needs and preferences; and
If you are an Authorized Person, we will collect and use the following information about you in connection with your use of the DRB Service:
Account Information. To use the DRB Service, you will need to create an account or your Company will create an account for you (each, an “Account”). When an Account is created, we’ll collect certain Personal Data that can be used to identify you, such as your name, job title, location, and email address. If your Account is created on behalf of your organization, we will also collect certain information about your organization. We will only use such Personal Data and other information for the purposes of providing the DRB Services to you and your Company or notifying you about relevant information relating to your use of the DRB Service.
Other Information. Other information provided to us by Authorized Persons may include, but is not limited to, user feedback and user support requests, in which case, we will collect your name and email address as well as any other content included in your communication, in order to send you a reply or in order to improve the DRB Service.
Information Related to Use of the DRB Service. We collect certain information about how the DRB Service is used (we refer to this information as “Usage Data”). Usage Data could include information such as a User’s Internet Protocol (IP) address, browser type, operating system, a User’s interactions and/or activities within the DRB Service, including the frequency with which the DRB Service and its features are used by a User, and other statistics. We use Usage Data to administer the DRB Service and we may analyze Usage Data to improve, customize, and enhance the DRB Service. Our use of your Usage Data will be subject to the terms and conditions of the User Agreement.
Please note that if you decide not to provide us with the Personal Data that we or the DRB Service request, you will not be able to access or use certain features of the DRB Service.
2. HOW WE COLLECT YOUR INFORMATION
You may give us the information described in Section 1 above by filling in forms or by corresponding with us by email or otherwise. This includes information you provide when you:
opt-in to marketing information;
sign up for our newsletter; or
give us feedback or contact us.
As you interact with the Site, we will automatically collect certain technical data about your equipment, browsing actions and patterns. We collect this data by using cookies, web beacons, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.
3. USE OF YOUR INFORMATION BY DIRECTBOOKS
DirectBooks may use your Information for the following purposes:
To provide you with the Site and the information you request;
To communicate with you about our products and services and send you information about features of our products and services;
To ensure consistency with local law and choices and controls that may be available to you;
To detect, investigate and prevent activities that may violate our policies or be illegal;
To optimize or improve the content, products, services, and features of the Services;
To monitor and analyze the Services usage and trends and otherwise measure the effectiveness of the Services.
If you have chosen to receive communications from us and no longer wish to receive such communications, you may unsubscribe as set forth in Section 5.
As our Users and Services operate globally, we may need to transfer Personal Data outside of your country of residence in order to provide the Services, and therefore your Personal Data may be transferred to and processed in countries that may not be deemed to provide the same level of data protection as the country in which you reside. When we transfer Personal Data from the European Economic Area (EEA), the UK, or Switzerland to other countries, we make sure that such Personal Data is sent with appropriate safeguards, including utilization of the European Commission’s Model Clauses, also known as the Standard Contractual Clauses pursuant to Decision 2010/87/EU, to ensure an adequate level of protection for the transfer of Personal Data to third countries such as the United States.
4. SHARING YOUR INFORMATION WITH OTHER COMPANIES
We may disclose your Information, solely in connection with the operation of the Services, as described below:
- With third-party service providers that help us provide the DRB Service or provide the Site on our behalf, as described below;
If you are an Authorized Person, with your counterparty when using the DRB Service;
With our affiliates, subsidiaries or parent companies;
In response to a request for information if we believe disclosure is in accordance with any applicable law such as to comply with a subpoena, regulation or legal process, or as otherwise required by any applicable law, rule or regulation;
If we believe your actions are inconsistent with the spirit or language of our User Agreement or policies or that such sharing is necessary or appropriate to protect the rights, property and safety of the Services, Users, such Users’ employees, or others;
Proactively with local, state and federal law enforcement and/or with other web and mobile marketplaces if we believe there is harm to another User or the general public;
As may be required or permitted pursuant to any applicable law, rule or regulation or court or administrative order;
In connection with an actual or potential merger, sale, acquisition, assignment, or transfer of all or part of our assets, affiliates, lines of business, or products, including at bankruptcy;
With your consent or as otherwise disclosed to you at the time of collection; and
With third parties in aggregated, anonymized form for industry research and analysis, demographic profiling and other similar purposes, and for third-party programs to access the DRB Service in a manner that extends the DirectBooks User experience and helps us operate and improve the DRB Service.
Information Shared with Third-Party Service Providers. We engage certain service providers to work with us to administer and provide a portion of the DRB Service. Such service providers include, but are not limited to:
customer support services, headquartered in the US and which process certain Personal Data in the US, which allows us to deal with any service issues that Users may face and respond quickly to any questions about our Services;
user access management services, headquartered in the US and which process certain Personal Data in the US, for purposes of Authorized Person authentication, authorization and administration;
Internet hosting and cloud service provider services, such as Amazon Web Services, headquartered in the US, which process certain Personal Data in the US and enables us to offer a Software as a Service (SaaS) platform; and
customer relationship management software providers, including Salesforce, headquartered in the US, which process certain Personal Data in the US, in order to assist us in providing the Services and contacting you.
These third-party service providers have access to and use Personal Data only for the purpose of performing services on our behalf, and in compliance with applicable laws and regulations (including, without limitation, the CAN-SPAM Act of 2003, the EU General Data Protection Regulation and UK equivalent thereof (together, “GDPR”), and the California Consumer Privacy Act of 2018 (as amended, the "CCPA”), as applicable). Such performance can include the processing of Personal Data.
Such service providers will be required to maintain the confidentiality of all Personal Data that they process on our behalf and to implement and maintain reasonable security controls to protect the confidentiality, integrity and availability of such Personal Data, and DirectBooks is accountable for the protection of your Personal Data that we transfer to our third-party service providers.
5. YOUR RIGHTS AND CHOICES
You may unsubscribe from our promotional emails (if any) at any time by following the instructions included in those emails. Please note that if you choose to opt out of receiving such communications, we may continue to send you non-promotional emails (if any).
In addition, if you are a User located in the EU or the UK, then depending on whether you are an Authorized Person or a Visitor, we will offer you certain choices regarding the collection, use and sharing of your Personal Data.
- Authorized Persons. If you are an Authorized Person, the Personal Data associated with your Account is managed by your Company. DirectBooks can only act on the instructions of your Company, so you must contact them directly to exercise any rights over your Personal Data.
- Visitors. If you are a Visitor, you have specific rights over the Personal Data that DirectBooks controls which you can exercise in specific circumstances, such as:
- Access: to know whether we process Personal Data about you, to access that Personal Data and find out how we use it and who we share it with;
Portability: to receive a subset of the Personal Data we collect from you in a structured, commonly-used and machine-readable format, and to request that we transfer such Personal Data to another party.
Correction: to require us to correct Personal Data about you that is accurate or incomplete;
Erasure: to request that we erase Personal Data we hold about you in certain circumstances. Note that in cases where we grant your request for deletion, copies of erased Personal Data could remain in archived/backup copies for our records, as we are not always able to delete information from those locations;
Restriction: to require us to stop processing the Personal Data we hold about you other than for storage purposes in certain circumstances; and
Objection: to object to our processing of Personal Data about you and we will consider your request.
Please contact us at email@example.com with such requests. We will respond to your request as soon as we reasonably can and we will attempt to respond to all requests within 30 days of verifying your identity.
If you are a California resident, please refer to our Supplemental Privacy Notice for California Residents.
6. THIRD-PARTY WEBSITES AND LINKS
7. DATA SECURITY, INTEGRITY AND RETENTION
Although you may set privacy options that limit access to your information, please be aware that no security measures are perfect or impenetrable. We are not responsible for third party circumvention of any privacy settings or security measures on the Site. You can reduce these risks by using common sense security practices, such as secure storage of passwords and installation and maintenance of anti-virus software. Please be aware that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.
Retention of Personal Data.
- Authorized Persons. If you are an Authorized Person, DirectBooks will retain your Personal Data in accordance with your Company’s instructions, including any applicable terms in the User Agreement, and subject to the requirements of applicable law.
8. CHILDREN’S PRIVACY
We do not seek or knowingly collect any Information about children under 13 years of age. If we become aware that we have unknowingly collected Information from a child under the age of 13, we will make commercially reasonable efforts to delete such information from our database.
If you are the parent or guardian of a minor child who has provided us with Information, you may contact us at firstname.lastname@example.org to request it be deleted.
10. HOW TO CONTACT US; OTHER
72 Madison Avenue
New York, NY 10016
Attn: Chief Legal Officer
For the purposes of UK data protection laws, our representative in the UK is DirectBooks UK Ltd., registered at C/O Legalinx Limited, 3rd Floor, 207 Regent Street, London. W1B 3HH, with the contact email address email@example.com. DirectBooks will respond promptly to any complaints or inquiries within one month from the date on which we receive such complaint or inquiry and have verified your identity. This is without prejudice to your right to launch a complaint with the data protection authority in the UK or in the EEA country in which you live or work.
11. Legal Basis Table
Please note that this table applies only to Visitors located in the EU and the UK where DirectBooks is acting as the data controller. If you are an Authorized Person, please contact your Company for information about its legal basis for processing your data.
12. SUPPLEMENTAL PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
The CCPA regulates how businesses handle “personal information” (as such term is defined in the CCPA) of California residents and gives California residents certain rights with respect to their personal information. If you are a resident of California, we may be required to inform you of how we use and disclose your personal information, as well as of certain rights you may have. This supplemental privacy notice (this “Notice”) is effective as of January 1, 2023, and shall apply only to residents of California who are Visitors of our Site.
This Notice applies only to personal information we collect in our role as a business under the CCPA. We act as a business when we collect and use personal information about Visitors of the Site.
Collection and Disclosure of Personal Information
Over the past 12 months, we have collected and disclosed for business purposes* the following categories of personal information about Visitors:
Identifiers, such as your name, IP address, email alias, email address, and mobile device identifier. This information is collected directly from you and/or your device when you utilize the Site and/or submit such information to us through the Site, and it is collected to enable us to provide, improve, and personalize the Services.
Internet or other electronic network activity information, such as cookies. This information is collected directly from you and your device to provide, improve, and personalize the Services.
Geolocation data derived from your IP address or obtained from your device’s location services (including GPS coordinates or coarse location). This information is collected directly from your device to improve and personalize our Services.
Professional or employment-related information such as your employer name and job title. This information is collected directly from you and is collected to provide, improve, and personalize the Services.
*We collect and disclose the above categories of personal information for “business purposes” as defined in the CCPA, which include providing our Services, maintaining and servicing accounts, providing customer service and support, detecting and protecting against security incidents and malicious or fraudulent activities, identifying and repairing errors within the Services, verifying and maintaining the quality of the Services, improving, upgrading, and enhancing the Services, and conducting research and development activities. We may also disclose your information to comply with laws and protect the rights and safety of DirectBooks or third parties, as described above.
DirectBooks does not, and during the past 12 months did not, “sell” personal information of California residents (as such term is defined in the CCPA).
Rights under the CCPA
If you are a Visitor who is a California resident, you may have the right to:
Request we disclose to you, free of charge, the following information covering the 12 months preceding your request:
the categories of personal information about you that we collected;
the categories of sources from which the personal information was collected;
the purpose for collecting personal information about you;
the categories of third parties to whom we disclosed personal information about you and the categories of personal information that was disclosed (if applicable) and the purpose for disclosing the personal information about you; and
the specific pieces of personal information we collected about you;
Request we delete personal information we collected from you, unless the CCPA recognizes an exception; and
Be free from unlawful discrimination for exercising your rights including providing a different level or quality of services or deny goods or services to you when you exercise your rights under the CCPA.
How to Exercise Your Rights
Visitors may contact us to exercise their rights at firstname.lastname@example.org. Once we receive your request, we will review it, determine whether we can verify your identity, and process the request accordingly. If we need additional information to verify your identity or to respond to your request, we will let you know. We aim to fulfill all verified requests within 45 days pursuant to the CCPA. If necessary, extensions for an additional 45 days will be accompanied by an explanation for the delay.