PRIVACY POLICY

Last Revised on September 9, 2021


Welcome to the Privacy Policy for DirectBooks LLC (“DirectBooks,” “we“, “our” or “us“). This Privacy Policy describes how we collect, use and disclose information we collect from you, or that you provide to us, in connection with your use of the website at DirectBooks.com (the “Site”) and/or the communications service provided by DirectBooks from time to time to customers who have signed a user agreement (a “User Agreement”) with DirectBooks or its affiliate (the “DRB Service”, and together with the Site, the “Services”). For purposes of this Privacy Policy:

 

  • If you are an authorized user (generally an employee) of a company (the “Company”) who uses the DRB Service pursuant to a User Agreement, then you are referred to in this Privacy Policy as an “Authorized Person

  • If you are a visitor to the Site, then you are referred to in this Privacy Policy as a “Visitor” and

  • You” and “your” means you as the user of the Site or DRB Service, as the case may be, and you may also be referred to herein as a “User”.


Certain sections of this Privacy Policy will apply or be read differently depending on which type of User you are.  

 

This is because under applicable data protection law, we are deemed to be the “data controller” for Visitors’ data, and a “data processor” for Authorized Persons’ data.  For Visitors located in the European Union (EU) or the United Kingdom (UK), the legal basis of DirectBooks’ processing of the foregoing information is further described at the end of this page. For Authorized Persons located in the EU or UK, your Company is the data controller with respect to the processing of your data.


The Site can only be accessed and used subject to the DirectBooks Terms of Use and this Privacy Policy.

 

PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY USING AND ACCESSING THE SITE, YOU AGREE THAT YOU ARE BOUND BY THE DIRECTBOOKS TERMS OF USE AND THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO OUR TERMS OF USE AND PRIVACY POLICY, THEN YOU MAY NOT ACCESS AND USE THE SITE.
THIS PRIVACY POLICY SHALL ALSO APPLY TO THE PROCESSING OF YOUR PERSONAL DATA IF YOU ARE AN AUTHORIZED PERSON; HOWEVER, THE DIRECTBOOKS TERMS OF USE SHALL NOT APPLY TO YOUR USE OF THE DRB SERVICE.


Our primary goals in collecting and using information are to provide and improve our Services, to administer your use of the Services, to respond to your comments and questions, to use your email address or other contact information to send you information related to the Services and to enable you to enjoy and easily navigate our Services. DirectBooks has implemented and will maintain reasonable security controls to protect the confidentiality, integrity and availability of the Personal Data that DirectBooks processes.

1. TYPES OF INFORMATION WE COLLECT

We may collect or process the following categories of information from you (“Information”), which includes:

  • Data, information, or a combination of data and information, which relates to an identified or identifiable individual, such as the individual’s name, email address, employer name and position (“Personal Data”);
  • Other information you provide to us when you access or use the Site, for example, when you provide information to the Site or communicate with us by email;

  • Information collected automatically by our servers that records certain information about how a User uses our Site (“Log Data”). Log Data may include information such as a User’s Internet Protocol (IP) address, browser type, operating system, the web page that a User was visiting before accessing our Site, the pages or features of our Site to which a User browsed and the time spent on those pages or features, search terms, the links on our Site that a User clicked on and other statistics. We use Log Data to administer the Site and we analyze (and may engage third parties to analyze) Log Data to improve, customize and enhance our Site by expanding their features and functionality and tailoring them to our Users’ needs and preferences; and

  • To enhance your experience with our Site, we and our partners, affiliates, tracking utility companies and service providers use cookies or similar technologies to analyze trends, administer the Site and to gather demographic information about our User base as a whole. Cookies are text files that are stored on your computer’s browser or temporarily in your computer’s memory. For more information about cookies, and how to disable them, please see our Cookie Policy.

If you are an Authorized Person, we will collect and use the following information about you in connection with your use of the DRB Service:

Account Information. To use the DRB Service, you will need to create an account or your Company will create an account for you (each, an “Account”). When an Account is created, we’ll collect certain Personal Data that can be used to identify you, such as your name, job title, location, and email address. If your Account is created on behalf of your organization, we will also collect certain information about your organization. We will only use such Personal Data and other information for the purposes of providing the DRB Services to you and your Company or notifying you about relevant information relating to your use of the DRB Service.

Other Information.  Other information provided to us by Authorized Persons may include, but is not limited to, user feedback and user support requests, in which case, we will collect your name and email address as well as any other content included in your communication, in order to send you a reply or in order to improve the DRB Service.

Information Related to Use of the DRB Service. We collect certain information about how the DRB Service is used (we refer to this information as “Usage Data”). Usage Data could include information such as a User’s Internet Protocol (IP) address, browser type, operating system, a User’s interactions and/or activities within the DRB Service, including the frequency with which the DRB Service and its features are used by a User, and other statistics.  We use Usage Data to administer the DRB Service and we may analyze Usage Data to improve, customize, and enhance the DRB Service.  Our use of your Usage Data will be subject to the terms and conditions of the User Agreement.

Please note that if you decide not to provide us with the Personal Data that we or the DRB Service request, you will not be able to access or use certain features of the DRB Service.

2. HOW WE COLLECT YOUR INFORMATION

  • You may give us the information described in Section 1 above by filling in forms or by corresponding with us by email or otherwise. This includes information you provide when you:

    • opt-in to marketing information;

    • sign up for our newsletter; or

    • give us feedback or contact us.

  • As you interact with the Site, we will automatically collect certain technical data about your equipment, browsing actions and patterns. We collect this data by using cookies, web beacons, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.

3. USE OF YOUR INFORMATION BY DIRECTBOOKS

DirectBooks may use your Information for the following purposes:

  • To provide you with the Site and the information you request;

  • To communicate with you about our products and services and send you information about features of our products and services;

  • To ensure consistency with local law and choices and controls that may be available to you;

  • To detect, investigate and prevent activities that may violate our policies or be illegal;

  • To optimize or improve the content, products, services, and features of the Services;

  • To monitor and analyze the Services usage and trends and otherwise measure the effectiveness of the Services.

 

If you have chosen to receive communications from us and no longer wish to receive such communications, you may unsubscribe as set forth in Section 5.

As our Users and Services operate globally, we may need to transfer Personal Data outside of your country of residence in order to provide the Services, and therefore your Personal Data may be transferred to and processed in countries that may not be deemed to provide the same level of data protection as the country in which you reside.  When we transfer Personal Data from the European Economic Area (EEA), the UK, or Switzerland to other countries, we make sure that such Personal Data is sent with appropriate safeguards, including utilization of the European Commission’s Model Clauses, also known as the Standard Contractual Clauses pursuant to Decision 2010/87/EU, to ensure an adequate level of protection for the transfer of Personal Data to third countries such as the United States.

4. SHARING YOUR INFORMATION WITH OTHER COMPANIES

We may disclose your Information, solely in connection with the operation of the Services, as described below:

  • With third-party service providers that help us provide the DRB Service or provide the Site on our behalf, as described below;
  • If you are an Authorized Person, with your counterparty when using the DRB Service;

  • With our affiliates, subsidiaries or parent companies;

  • In response to a request for information if we believe disclosure is in accordance with any applicable law such as to comply with a subpoena, regulation or legal process, or as otherwise required by any applicable law, rule or regulation;

  • If we believe your actions are inconsistent with the spirit or language of our User Agreement or policies or that such sharing is necessary or appropriate to protect the rights, property and safety of the Services, Users, such Users’ employees, or others;

  • Proactively with local, state and federal law enforcement and/or with other web and mobile marketplaces if we believe there is harm to another User or the general public;

  • As may be required or permitted pursuant to any applicable law, rule or regulation or court or administrative order;

  • In connection with an actual or potential merger, sale, acquisition, assignment, or transfer of all or part of our assets, affiliates, lines of business, or products, including at bankruptcy;

  • With your consent or as otherwise disclosed to you at the time of collection; and

  • With third parties in aggregated, anonymized form for industry research and analysis, demographic profiling and other similar purposes, and for third-party programs to access the DRB Service in a manner that extends the DirectBooks User experience and helps us operate and improve the DRB Service.

Information Shared with Third-Party Service Providers.  We engage certain service providers to work with us to administer and provide a portion of the DRB Service.  Such service providers include, but are not limited to:

  • customer support services, headquartered in the US and which process certain Personal Data in the US, which allows us to deal with any service issues that Users may face and respond quickly to any questions about our Services;

  • user access management services, headquartered in the US and which process certain Personal Data in the US, for purposes of Authorized Person authentication, authorization and administration;

  • Internet hosting and cloud service provider services, such as Amazon Web Services, headquartered in the US, which process certain Personal Data in the US and enables us to offer a Software as a Service (SaaS) platform; and

  • customer relationship management software providers, including Salesforce, headquartered in the US, which process certain Personal Data in the US, in order to assist us in providing the Services and contacting you.

These third-party service providers have access to and use Personal Data only for the purpose of performing services on our behalf, and in compliance with applicable laws and regulations (including, without limitation, the CAN-SPAM Act of 2003 and the EU General Data Protection Regulation and UK equivalent thereof (together, “GDPR”), as applicable). Such performance can include the processing of Personal Data.

Such service providers will be required to maintain the confidentiality of all Personal Data that they process on our behalf and to implement and maintain reasonable security controls to protect the confidentiality, integrity and availability of such Personal Data, and DirectBooks is accountable for the protection of your Personal Data that we transfer to our third-party service providers.

DirectBooks will also take reasonable steps to confirm that any such third-party service provider processes such Personal Data in a manner that provides at least the same level of data protection as is provided for by this Privacy Policy and as is required of us pursuant to the User Agreement. DirectBooks will obligate any such service provider to notify DirectBooks if such provider becomes unable to satisfy such data protection obligations, and DirectBooks will take reasonable steps to stop and remediate unauthorized or noncompliant processing by such service provider, upon becoming aware of such processing.

5. YOUR RIGHTS AND CHOICES

You may unsubscribe from our promotional emails (if any) at any time by following the instructions included in those emails. Please note that if you choose to opt out of receiving such communications, we may continue to send you non-promotional emails (if any).

In addition, if you are a User located in the EU or the UK, then depending on whether you are an Authorized Person or a Visitor, we will offer you certain choices regarding the collection, use and sharing of your Personal Data.

  • Authorized Persons. If you are an Authorized Person, the Personal Data associated with your Account is managed by your Company.  DirectBooks can only act on the instructions of your Company, so you must contact them directly to exercise any rights over your Personal Data.
  • Visitors.  If you are a Visitor, you have specific rights over the Personal Data that DirectBooks controls which you can exercise in specific circumstances, such as:
    • Access: to know whether we process Personal Data about you, to access that Personal Data and find out how we use it and who we share it with;
    • Portability: to receive a subset of the Personal Data we collect from you in a structured, commonly-used and machine-readable format, and to request that we transfer such Personal Data to another party.

    • Correction: to require us to correct Personal Data about you that is accurate or incomplete;

    • Erasure: to request that we erase Personal Data we hold about you in certain circumstances. Note that in cases where we grant your request for deletion, copies of erased Personal Data could remain in archived/backup copies for our records, as we are not always able to delete information from those locations;

    • Restriction: to require us to stop processing the Personal Data we hold about you other than for storage purposes in certain circumstances; and

    • Objection: to object to our processing of Personal Data about you and we will consider your request.

Please contact us at legal@directbooks.com with such requests. We will respond to your request as soon as we reasonably can and we will attempt to respond to all requests within 30 days of verifying your identity.

6. THIRD-PARTY WEBSITES AND LINKS

Our Site may contain links to other sites operated by third parties. DirectBooks does not control such other sites and is not responsible for their content, their privacy policies, or their use of Personal Data. DirectBooks’ inclusion of such links does not, by itself, imply any endorsement of the content on such sites or of their owners or operators except as disclosed on the Site. DirectBooks expressly disclaims any and all liability for the actions of third parties, including but without limitation to actions relating to the use and/or disclosure of Personal Data by third parties. Any information submitted by you directly to these third parties is subject to that third party’s privacy policy.

7. DATA SECURITY, INTEGRITY AND RETENTION

We care about the integrity and security of your Personal Data. We use commercially reasonable measures to protect your Personal Data, and such measures as are required by applicable law. We also use reasonable security measures in line with the information we collect, may limit use of Site features in response to possible signs of abuse, and may suspend or disable access to the Site for violations of our Terms of Use or Privacy Policy.

Although you may set privacy options that limit access to your information, please be aware that no security measures are perfect or impenetrable. We are not responsible for third party circumvention of any privacy settings or security measures on the Site. You can reduce these risks by using common sense security practices, such as secure storage of passwords and installation and maintenance of anti-virus software. Please be aware that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.

Retention of Personal Data.

  • Authorized Persons. If you are an Authorized Person, DirectBooks will retain your Personal Data in accordance with your Company’s instructions, including any applicable terms in the User Agreement, and subject to the requirements of applicable law.

  • Visitors. DirectBooks will retain your Personal Data for the period necessary to fulfill the purposes described in this Privacy Policy unless a longer retention period is required or permitted by law.

8. CHILDREN’S PRIVACY

We do not seek or knowingly collect any Information about children under 13 years of age. If we become aware that we have unknowingly collected Information from a child under the age of 13, we will make commercially reasonable efforts to delete such information from our database.


If you are the parent or guardian of a minor child who has provided us with Information, you may contact us at legal@directbooks.com to request it be deleted.

9. UPDATING THIS PRIVACY POLICY

We may modify this Privacy Policy from time to time in which case we will update the “Last Revised” date at the top of this Privacy Policy; provided however that no such modification will enable DirectBooks to apply a lesser standard of data protection to your Personal Data than was in place prior to such modification. Notice may be made by posting notice of such changes on the Site, or by other means consistent with applicable law. However, it is your sole responsibility to review the Privacy Policy from time to time to view any such changes. The updated Privacy Policy will be effective as of the time of posting, or such later date as may be specified in the updated Privacy Policy. If we make changes that are material, where required by applicable law, we will obtain your consent. IF YOU DO NOT ACCEPT AND AGREE TO THIS PRIVACY POLICY, INCLUDING ANY CHANGES THERETO, THEN YOU MUST NOT ACCESS OR USE THE SITE OR THE DRB SERVICE.

10. YOUR CALIFORNIA PRIVACY RIGHTS

DirectBooks is not at this time subject to the California Consumer Privacy Act of 2018 (as amended, supplemented and/or superseded from time to time,  the “CCPA”), nor do we sell your Personal Data (as the term “sale” is defined in the CCPA).

11. HOW TO CONTACT US; OTHER

If you have any questions about this Privacy Policy or our treatment of your Information, please write to our Head of Legal & Business Affairs by email at legal@directbooks.com, or by postal mail to:

DirectBooks LLC

72 Madison Avenue

11th Floor

New York, NY 10016

USA


Attn: Head of Legal & Business Affairs

For the purposes of UK data protection laws, our representative in the UK is DirectBooks UK Ltd., registered at  C/O Legalinx Limited, 3rd Floor, 207 Regent Street, London. W1B 3HH, with the contact email address legal@directbooks.comDirectBooks will respond promptly to any complaints or inquiries within one month from the date on which we receive such complaint or inquiry and have verified your identity. This is without prejudice to your right to launch a complaint with the data protection authority in the UK or in the EEA country in which you live or work.

Conflict

Notwithstanding any other provisions of this Privacy Policy, nothing in this Privacy Policy will be interpreted to expand DirectBooks’ rights under the privacy and data processing provisions of any User Agreement, and specifically:

  • Authorized Persons: If you are an Authorized Person, in the event of any conflict or inconsistency between the provisions of this Privacy Policy or the User Agreement with your Company, the applicable provision of the User Agreement shall govern; and
  • Visitors: If you are a Visitor, in the event of any conflict or inconsistency between the provisions of this Privacy Policy and the Terms of Service governing use of the Site, the applicable provision of this Privacy Policy shall govern.

Legal Basis Table

Please note that this table applies only to Visitors located in the EU and the UK where DirectBooks is acting as the data controller.  If you are an Authorized Person, please contact your Company for information about its legal basis for processing your data.