WhyRedShelf-banner-FINAL.png

Committed to 
Protecting 

Our Users & Partners

Nearly half of all colleges, thousands of publishers, and countless businesses have entrusted RedShelf to safely and securely power their digital publishing initiatives. We take that responsibility seriously, employing multi-faceted, rigorous strategies to ensure we meet the highest industry standards for privacy and security.

Our Commitment to Privacy & Security

We respect and protect our users’ data by employing a range of strategies, including: 

  • Retaining an in-house privacy and security team dedicated to protecting our users’ privacy and securing our platform.

  • Implementing privacy and security measurements throughout the software development lifecycle.

  • Collecting the minimum amount of personal information required to deliver our services to users and our business partners.

  • Implementing a multi-layered defense to assist with platform protection and security.

  • Conducting third-party testing and vulnerability scans to identify potential security risks.

If you have any questions or concerns regarding how RedShelf collects and protects user privacy or implements platform security, please reach out to us at privacy@redshelf.com.

We are committed to achieving and implementing the following benchmarks and industry standards: 

  • We are committed to compliance with the Family Educational Rights and Privacy Act (FERPA) when institutions provide Personally Identifiable Information (PII) to us for legitimate and necessary educational purposes.

  • We are committed to compliance with applicable privacy laws such as the California Consumer Privacy Act (CCPA). 

  • We utilize the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) as a guiding principle.

  • We require our third-party processing partner to adhere to the Payment Card Industry Data Security Standards (PCI-DSS) to ensure we do not receive or store payment information.

  • We regularly update our Higher Education Community Vendor Assessment Tool (HECVAT) to mature cybersecurity standards within the higher education industry. 

  • We partner with third-party organizations such as Qualys Scan, and White Hat Hackers to conduct third-party penetration testing and vulnerability scans of our environment.

  • We reside in Amazon Web Services (AWS) and Google Cloud Platform (GCP), both of which are SOC 2 Type 2 certified, meaning they promise to securely manage our data to protect the interest of RedShelf and the privacy of our users.

In an exclusive interview, RedShelf's Director of Information Security, Kevin Shin, discusses RedShelf's holistic approach to privacy and security. Kevin spent 20+ years of his career with the Department of Defense and U.S. Army. Read the Article.

KevinShin-Twitter.jpg

RedShelf Privacy Notice

Effective Date: June, 2021

In this Privacy Policy, we describe how RedShelf, Inc. (“RedShelf,” “we,” “us,” or “our”) collects, uses, and discloses your information. It also describes the rights and choices you have regarding our use of your information. 

 

This Privacy Policy applies to the information that we collect and process about individual users (“End Users”) of (i) the RedShelf platform and services, including the RedShelf eReader (including mobile applications) and RedShelf Classroom (collectively, the  “Platform” or ”RedShelf Platform”), (ii) all digital content accessible through the RedShelf Platform (“Digital Content”) and (iii) visitors (“Site Visitors”) to RedShelf.com (“RedShelf.com”) and all associated websites, including all websites that RedShelf hosts and manages for certain of its customers (the “White Label Sites”) to the extent such sites link to this Privacy Policy (collectively, “Sites”), as well as information provided when you interact with RedShelf, such as by emailing us or chatting with us (the Platform, Digital Content, and Sites are collectively, the “Services”).  Your use of the Services is also subject to our Terms of Use. This Privacy Policy does not apply to electronic readers or other platforms or websites that do not link to this Policy. For example, this Policy does not apply to End Users who purchased their digital content specifically from Follett or a Follett-affiliated bookstore or institution. Follett is the data controller in that instance, and as such, users are covered under Follett’s privacy policy and associated terms of use in the first instance and should direct all privacy related questions to Follett.


RedShelf acts as a data controller for the information we process, with the exception of information processed solely pursuant to the instruction of your institution (“Institution”), business organization, or another controller, in which case we act as a data processor. RedShelf is headquartered in the United States. Our contact information is listed below in the Contact Information section.

 

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR INFORMATION. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES.

 

This Privacy Policy contains the following sections:

  1. Information We Collect

  2. How We Use Your Information

  3. How We Share Your Information

  4. Cookies and Similar Technologies

  5. Online Analytics and Advertising

  6. Third-Party Links and Features

  7. Your Rights & Choices Regarding Your Information

  8. Additional Information for Residents of Certain Jurisdictions

  9. Children’s Privacy

  10. How We Protect Your Information

  11. Changes to Our Privacy Policy

  12. How to Contact Us

 

  1.  INFORMATION WE COLLECT

We obtain a variety of information from and about you as you use the Services.  Please note that if you choose not to provide us with certain information, or ask us to delete it, you may no longer be able to access or use the Services, including but not limited to the RedShelf eReader and RedShelf Classroom.

The type of information we collect and how we use and share it depends on how you use the Services. 

  • RedShelf Site Visitors browse the Sites (including RedShelf.com) and may contact us via email or otherwise.   

  • End Users use the RedShelf Platform and/or make purchases through the Sites. There are three categories of End Users of the Services—Individual End Users, Institutional End Users and Enterprise End Users:

 

  • “Individual End Users” are End Users who acquire access to the Services and /or the Digital Content directly from RedShelf, either (i) on the RedShelf Site; (ii) through an Institution’s bookstore (including their websites); or (iii) through a White Label Site customized for their Institution. Individual End Users also include (iv) organizational staff such as bookstore managers, course administrators, publisher representatives who access the Services and (v) customers who purchase physical items from or via RedShelf.

 

  • “Institutional End Users” are End Users who acquire access to Digital Content and/or Services through their educational institution ("Institution") and its Inclusive Access (IA) program. Institutional End Users may be students (“IA-Students”) as well as teachers, faculty and professors, instructors, staff, assistants, and lecturers (“Faculty”) within the Institution. “Inclusive Access” or “IA” is a program offered by an Institution, whereby students receive their required course materials digitally on or before the first day of class for their course  (“IA Courses”), with the cost of such course materials being charged by the Institution to the IA-Student via a course fee or as part of their tuition.

 

  • “Enterprise End Users” are End Users who acquire access to Digital Content on the Services through their employer or another corporate business partner (“Enterprise”) who is partnering with RedShelf to offer certain RedShelf Services to its customers, employees or members.

 

If you are an Institutional End User or an Enterprise End User, your Institution or Enterprise, as applicable, is the data controller of the information collected through the Services about you.  In such case, that entity may provide or remove access to the Services, manage permissions and settings, determine data retention periods, and export certain data. You should contact your Institution or Enterprise, as applicable, with questions about settings or its privacy practices.  Inclusive Access Students will continue to have access to their Digital Content for the duration of their purchase. If you graduate or are no longer enrolled in the Institution through which you received Institutional access or your Institution terminates its agreement with us, you will have continued access on the RedShelf website (www.redshelf.com) using your previous institutional email address and you will continue as an Individual End User.

 

RedShelf is the data controller of Individual End User information, information collected through the Sites about Site visitors, and information about its customers.

 

Information Provided Directly by or About End Users

We collect information by and about End Users when End Users:

  • Register for an account or have an account created for them;

  • Use any of the Services;

  • Communicate with us (including through forms on our Sites and by mail, email or chat);

  • Participate in surveys; and

  • Request customer support or technical assistance from us.

 

This information generally includes the following:

  • End User Information:

  • Registration Information:

    • To register and be verified, End Users must provide their name, an email address, and a RedShelf ID number will be automatically generated.

    • Institutions may provide registration information about Institutional End Users including name, email address, and “Student-Course Information” (information about the Institution and course(s) in which a student is participating in the Inclusive Access Program).

    • Enterprises may provide registration information about Enterprise End Users including name and email address.

  • Additional Profile Information:

    • All End Users can choose to complete their RedShelf profile with additional optional information, including a second email address, phone number, mailing address, billing address, profile picture or avatar. Institutions may also choose to provide certain additional information about Institutional End Users including student ID, secondary email address, phone number, and mailing address, billing address, and financial aid information.

Note: For IA-Students, End User Information may include, but is not limited to “Personally Identifiable Information” as defined by FERPA.

 

  • Information from Publisher Partners:  RedShelf partners with numerous third-party publishers (“Publisher Partners”) to distribute their Digital Content to End Users and Institutions (and we may get the following type of information from these publishing partners: transactional information, student name, email, and certain school records (e.g., student ID, course selections).

 

  • Transactional information: information about the Digital Content purchased by you or on your behalf.  Please note our third-party payment processor collects and processes billing and payment information you provide us.  RedShelf does not directly collect or store any payment card information you may provide at the time of purchase through any of the Sites.

 

  • Access Rights Information: information about the Digital Content each End User has a right to access, as well as the duration of such right to access.

    • For Institutional End Users, either the IA-Student or the Institution may provide RedShelf with opt-out information from an IA Course, which will determine access rights to certain Digital Content for IA Students in their relevant Institution IA program.

 

  • User Content: End User activity (including activity of Faculty) on the Platform, including through Classroom, or the RedShelf eReader, such as highlights, notes, flashcards, study guides, comments, bookmarks, questions, assigned and submitted assignments, assigned and submitted assessments, Faculty feedback and any assignment, assessment and reading scores.

 

  • Survey information: information you provide if you participate in a survey with us.

 

  • Inquiries and feedback: comments, feedback, suggestions and questions you submit through customer service or other interactions with us, including via the RedShelf Platform.

 

Information Provided Directly by All Other Visitors or Users

We collect information from you when you use visit the Sites or communicate with us. This information generally includes the following types:

 

  • Contact Information When You Communicate with Us: such as name, email and/or phone number.

 

  • Survey information: information you provide if you participate in a survey with us.

 

  • Inquiries and feedback: comments, feedback, suggestions and questions you submit through customer service or other interactions with us.

 

Automatically Collected Information:

When Site Visitors, End Users, or others use our Services, we collect certain information automatically. We and our service providers (which are third-party companies that work on our behalf) may use a variety of technologies, including cookies and similar tools, to assist in collecting this information. You can learn more about our use of cookies and similar tools in the “Cookies and Similar Technologies” section below.

 

Automatically collected information may include: 

  • Device information and related identifiers: When you use our Services, we and our service providers collect and analyze information such as your IP address, browser characteristics, number of devices, device IDs, usage characteristics, systems, mobile device’s service provider, platform type, advertising identifiers, operating system, and the state and/or country from which you accessed the Services.

 

  • Usage information: When you use our Services, we and our service providers collect and analyze information about your usage activity such as referring and exit pages and URLs, Digital Content viewed, navigation data (usage of features, opening / closing of menus), user actions (e.g., searches, dictionary lookups, creation of notes, flashcards, bookmarks, comments, printing, pasting and usage of offline mode), the number of clicks, pages viewed and the order of those pages, time in reader, the amount of time spent on particular pages, the date and time you use the Services and upload or post content, error logs, language preferences, and other similar information. 

 

  • Location Information: When you use the Services, we and our service providers collect general location information (i.e., city and state) from your computer or mobile device based on its IP address. 

 

Information from Third Party Sources

 

As described above, we may receive certain End User information from Institutions, Enterprises, publishing partners, and our service providers.

 

2.  HOW WE USE YOUR INFORMATION

We and our service providers use the information described above to accomplish the following business and operational purposes:

 

  • Administer user accounts, including to process account registration, authenticate users, and verify and provide access to Digital Content and use of our various Services;

  • Provide and personalize the Services;

  • Improve the Services we offer our customers and develop new features, functionality and services for our customers;

  • Assess usage of products and features and build new ones and improve user experiences;

  • Engage in transactions with you, including contacting you about your account, billing you for the Services, and processing payments;

  • Provide you with updates and information about your use of the Services and provide information to End Users, customers or Site Visitors about products or services, discounts, deals or events that may be of interest to you;

  • Respond to requests for information and provide support and customer service;

  • Learn and report on End User study behaviors and activities, improve End User experience and educational outcomes and allow Institutions and Faculty to view, use and/or analyze student reading and study habits and behaviors and student performance;

  • Advertise RedShelf on other websites or services based on Site Visitor information from RedShelf or advertise White Label Sites based on other websites or services based on Site Visitor information from applicable White Label Sites;

  • Comply with laws, regulations, and other legal process (such as a subpoena or warrant), including complying with the Digital Millennium Copyright Act (DMCA);

  • Establish, exercise, or defend our legal rights; and

  • Detect, prevent, or otherwise address fraud, security or technical issues, as well as to enforce this Privacy Policy and/or the RedShelf Terms of Use, including investigation of potential violations thereof and to take steps reasonably believed to be necessary to protect the safety, security, property and rights of RedShelf, its employees, publishing partners, service providers, and others.

 

We may also aggregate, de-identify, and/or anonymize any information collected through the Services in such a way that we cannot reasonably link information to you or your device. We may use such aggregated, de-identified, or anonymous information for any purpose, including without limitation for research and marketing purposes or to deliver insights to our customer and relevant faculty at Institutions using our Services. We will not attempt to re-identify such information.  

 

3.  HOW WE SHARE YOUR INFORMATION

 

We and our service providers will share the information collected from and about you for the following business and operational purposes:

  • To Provide the Services: In certain cases, RedShelf must share User Information with third parties such as Digital Content providers, Institutions and their Faculty in order to provide the Services, including:

    • Digital Content Publishing Partners & Service Partners – RedShelf shares certain User Information, Access Rights Information and Usage Data with Digital Content Publishing Partners and in certain circumstances, third party service providers, to enable delivery of Digital Content, manage refunds, fraud detection, enable access to Digital Content through IA programs and other sales channels, enable removal of access rights to Digital Content for IA-Students who opt-out of IA Courses and reporting regarding the Digital Content and services provided to such End Users.  For Institutional End Users, RedShelf understands such Digital Content holders and other educational service providers are “school officials” under FERPA.

    • Your Institution & Related School Officials & Faculty – RedShelf shares certain User Information, Course Information, Usage Data and User Content about End Users, such as Digital Content usage and answers to assessments, with relevant administrative and/or academic staff and Faculty within the Institution, as well as the Institution’s bookstore and staff, which RedShelf understands are school officials under FERPA.  We may also share information with your Institution’s selected learning management service provider to enable access to Digital Content.  For RedShelf Classroom, this includes the sharing of your Usage Data and performance data within Classroom and the eReader with your Faculty using Classroom.

  • Service Providers:  We may provide access to or share your information with select third parties who perform services on our behalf, such as payment processing, identity verification, product content and features, analytics, customer service, data storage, security, fraud prevention, and legal services.

  • Protection of RedShelf and Others & Legal Compliance: We may disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such disclosure is reasonably necessary to: (i) comply with law or legal process (e.g., a subpoena or court order); (ii) enforce our Terms of Use, this Privacy Policy, or other contracts with you, including the investigation of potential violations thereof and to take precautions against liability or investigate or defend ourselves against third-party claims or allegations; (iii) respond to your requests for customer service; and/or (iv) protect the rights, property, intellectual property, security, or personal safety of RedShelf, its agents, its partners (including our publishing partners), its users, and/or the public. This includes exchanging information with other companies and organizations for fraud protection, spam/malware prevention, and similar purposes.

 

  • Business Transfers:  We may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions), user information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third party, user information would likely be one of the transferred business assets. 

 

  • Your Consent:  If you have consented to our sharing of your information for other purposes not listed above, we will also share your information consistent with your consent.

  • At the Direction of Your Institution or Business Organization:  For Institutional End Users or Business End Users, we share information as directed by any applicable Institution or business organization with whom we partner or provide Services to.

We may share anonymized or de-identified information with third parties.

 

4. COOKIES AND SIMILAR TECHNOLOGIES

To collect the information in the “Automatically Collected Information” section above, we and our service providers use web server logs, cookies, tags, tracking pixels, and other similar tracking technologies (“Cookies”).  

  • A web server log is a file where website activity is stored.

  • A cookie is a small text file that is placed on your computer or mobile device when you visit a website, and it enables us to: (i) recognize your computer; (ii) store your preferences and settings; (iii) understand the web pages of the Services you have visited; (iv) enhance your user experience by delivering and measuring the effectiveness of content tailored to your interests; (v) perform searches and analytics; and (vi) assist with security and administrative functions.

  • Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads, and/or email that are designed to: (i) collect usage information like ad impressions or clicks and email open rates; (ii) measure popularity of the Services and associated advertising; and (iii) access user cookies.

 

Cookies are typically classified as either “session cookies,” which do not stay on your device after you close your browser or “persistent cookies,” which will usually remain on your device until you delete them or they expire. Sometimes cookies are placed by us (“First-Party Cookies”) and sometimes they are placed by others (“Third-Party Cookies”). Different cookies are used to perform different functions on our Services:

 

  • Essential Cookies: Some cookies are essential to the Services and enable you to use the features of the Services and access secure areas of the Services. Without these cookies, we cannot enable appropriate content based on the type of device you are using (for example, essential cookies store user log-in information so that you don’t have to re-enter it for each page you visit on our website).

 

  • Functional Cookies: These cookies allow us to remember choices you make on our Services (such as your preferred language or the region you are in).

 

  • Personalization Cookies: We also use cookies to change the way our Services behave or look in order to personalize your experience from information we infer from your behavior on our Services or information we may already know about you because, for example, you are a registered user. These cookies may be used to tailor the Services or the content, look, and feel delivered to you on subsequent sessions to our Services.  For example, if you personalize webpages, or use specific parts of the Services, a cookie helps our webpage server recall your specific information.   

 

  • Analytics Cookies: We use our own cookies and/or third-party cookies to see how you use our Services in order to enhance their performance and develop them according to the preferences of our customers and visitors. For example, cookies may be used to: maintain a consistent look and feel across our Services, track and provide trend analysis on how our users interact with our Services, track errors, and measure the effectiveness of our content.

 

  • Advertising Cookies: These cookies log your visit to our Services, the pages you have visited, and the links you have clicked. We or our service providers may use this information to deliver more relevant advertisements about RedShelf or, if applicable, a White Label Site, to you.

 

There are a number of ways you can manage what cookies are set on your devices. If you do not allow certain cookies to be installed, the Services may not be accessible to you and/or the performance or features of the Services may be compromised.  See Online Analytics and Advertising below for more information. 

 

5. ONLINE ANALYTICS AND ADVERTISING

 

Analytics

 

We may use third-party web analytics services (such as those of Google Analytics) on our Services to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

 

Usage information of our Services is collected to compile statistical data in order to develop new and improved Services and marketing, identify popular features, and to provide you content that is of interest to you.

 

Online Advertising

The Services may allow third-party advertising technologies (e.g., ad networks and ad servers such as Google) to place cookies or other tracking technologies on your computer, mobile phone, or other device to collect information about you to assist in the delivery of relevant advertising about the Services on other websites you visit and other services you use.  

 

We neither have access to, nor does this Privacy Policy govern, the cookies or other tracking technologies that may be placed on the device you use to access the Services by such non-affiliated third parties. If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link, the Digital Advertising Alliance’s Consumer Opt-Out link, or Your Online Choices (or, if you’re located in the EEA or the United Kingdom, here) to opt out of receiving tailored advertising from companies that participate in those programs. To opt-out of Google Analytics for display advertising or customize Google display network ads, visit the Google Ads Settings page. Please note that these opt-outs apply per device, so you will have to opt-out for each device through which you access our Services.

 

Notice Concerning Do Not Track.

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website for third-party purposes, which is why we describe a variety of opt-out mechanisms above. However, we do not currently recognize or respond to browser-initiated DNT signals. Learn more about Do Not Track .

 

6. THIRD-PARTY LINKS AND FEATURES

The Services may contain links to third-party websites, third-party plug-ins (e.g., Facebook, Instagram, and Twitter). If you choose to use these websites, plug-ins, or services, you may disclose your information not just to those third parties, but also to their users and the public more generally depending on how their services function. If you choose to use these services, we are not responsible for the content or practices of such third-party websites or services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third-party websites or services, and not this Privacy Policy. We urge you to read the privacy and security policies of these third parties.

 

7. RIGHTS & CHOICES REGARDING YOUR INFORMATION

Marketing Communications

If you are a Site Visitor, customer or End User we may send you marketing communications in your jurisdiction (based on our relationship with you, your consent, your Institution, or applicable law).  You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions and special events that might appeal to your interests by contacting us using the information below.

 

You can opt-out of commercial messages by following the instructions located at the bottom of commercial email messages. Removing your name from the email list may take a reasonable amount of time. Please note that, regardless of your request, we may still use and share certain information as permitted by this Privacy Policy or as required by applicable law. For example, you may not opt-out of certain operational emails, such as those reflecting our relationship or transactions with you.

 

Privacy Rights

Your local laws (such as those in the European Union, Canada, California, or Nevada) may permit you to exercise certain rights with respect to the information we collect from and about you.  Please see the “Additional Information for Residents of Certain Jurisdictions” section below for more information. 

 

Account Deletion

 

End Users:

Individual and Institutional End Users can request that RedShelf delete their account and anonymize certain User Information, Access Rights Information and User Content by submitting this form.  

  • Following a verified and confirmed request (through the email we have on file for you), RedShelf will delete or de-identify as much personal information as possible, except as provided below.

  • If you choose to delete your RedShelf account, we will be unable to retrieve/re-identify any User Information, any Access Rights Information or any Usage Data or any other information linked to the End User. You will lose access to any and all Digital Content for which you have active access rights associated with your account. In addition, for Inclusive Access students your information may be pulled back in to RedShelf in the future if your Institution resubmits your information for other courses.

  • RedShelf will not delete or de-identify certain transactional data that may contain User Information that RedShelf must maintain for tax, audit, liability or other legally required purposes.

  • Even if you request that we delete your account, your Institution and Faculty may still have their own copy of certain of your User Content, such as assessments, scores or Usage Information, such as time spent reading assigned text. 

 

Enterprise End Users:

  • Your Enterprise controls your account and must make any deletion requests. 

  • Contact your Enterprise to request deletion and RedShelf will work with the administrator for the Enterprise with respect to any such request the Enterprise conveys to us.

  • As described above, End Users with deleted accounts will lose access to any and all Digital Content for which you have active access rights associated with your account.

  • RedShelf will not delete or de-identify certain transactional data that may contain User Information that RedShelf must maintain for tax, audit, liability or other legally required purposes.

  • Even if we delete your account, your Enterprise may still have their own copy of certain of your User Content, such as assessments, or Usage Information, such as time spent reading assigned text. 

 

8. Additional Information for Residents of Certain Jurisdictions

Your local laws may entitle you to additional information or permit you to exercise certain rights with respect to the information we collect from and about you.  Please note that your rights vary depending upon your location, and that we may request you provide us with information necessary to confirm your identity before responding to your request as required or permitted by applicable law. Certain information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide the Services to you or to comply with a legal obligation. In some circumstances, if you still ask us to delete your information, you may no longer be able to access or use our Services.

Please note: If you are an Enterprise End User or a Follett End User, you should contact your administrator(s) from your Enterprise or Follett to exercise any data subject rights you have under applicable local laws, including your ability to access, delete, rectify, transfer, or object under the GDPR or your rights under California law.  RedShelf will work with Follett or the administrator for your Enterprise for requests it conveys to us.

California Residents

Additional Information

If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).

Throughout our Privacy Policy, we discuss in detail the personal information we collect, the categories of sources from which we collect such information, our business or commercial purposes for collecting such information, the categories of information we disclose to others, and the categories of third parties to whom we disclose such information. See “Information We Collect” for more details.

The following are the “categories” of personal information under the CCPA that we collect from you, an applicable Institution or business organization, a publishing partner from which you buy Digital Content, or from your activity on the RedShelf Platform or your usage of any of the Services, and that we may, as discussed throughout this Policy, use and disclose for our business purposes:

  • Identifiers (such as name, address, email address, RedShelf ID numbers);

  • Commercial information (such as transaction data regarding your purchases);

  • Device identifiers (such as IP address and unique device identifiers);

  • Education information from and about Institutional End Users (such as school attended, courses, course materials, certain quiz/question results and usage activity in the Services);

  • Education Records (such as class lists, schedules, student ID numbers, and financial aid information);

  • Potentially protected classification characteristics (such as age if you are over 40 or disability status if provided by your Institution so we can provide you accessibility or other assistance);

  • Internet or other network or device activity (such as browsing history or Platform usage (such as your notes and highlights in the Services)); 

  • General geolocation data; any user-generated content or feedback provided by visitors or End Users;

  • Physical characteristics or description (e.g., if you voluntarily submit a profile photo); and other information that identifies or can be reasonably associated with an End User.

How we use and disclose these categories of personal information.

We use the categories of personal information we collect from and about Users consistent with the various business purposes we discuss throughout this Policy.  See “How we Use Your Information” for more details.  These purposes include to: Administer user accounts, including to process account registration, authenticate users, and verify and provide access to Digital Content and use of our various Services.

  • Provide and personalize the Services;

  • Improve the Services we offer our customers and develop new features, functionality and services for our customers;

  • Assess usage of products and features and build new ones and improve user experiences;

  • Engage in transactions with you, including contacting you about your account, billing you for the Services, and processing payments;

  • Provide you with updates and information about your use of the Services and provide information to End Users, customers or Site Visitors about products or services, discounts, deals or events that may be of interest to you;

  • Respond to requests for information and provide support and customer service;

  • Learn and report on study behavior about Inclusive Access Students to research and allow Institutions and Faculty to view, use and analyze student reading and study habits, and student performance;

  • Advertise RedShelf on other websites or services based on Site Visitor information;

  • Comply with laws, regulations, and other legal process (such as a subpoena or warrant), including complying with the Digital Millennium Copyright Act (DMCA);

  • Establish, exercise, or defend our legal rights; and

  • Detect, prevent, or otherwise address fraud, security or technical issues, as well as to enforce this Privacy Policy and/or the RedShelf Terms of Use, including investigation of potential violations thereof and to take steps reasonably believed to be necessary to protect the safety, security, and rights of RedShelf, its employees, service providers, and others.

 

The CCPA sets forth certain obligations for businesses that “sell” personal information. Although we do not believe we engage in the sale of personal information (and have not in the past twelve months) as we currently understand such term to be defined under applicable law and relevant regulatory guidance, we do share information as described in this Privacy Policy, including with certain analytics and advertising partners who perform services like analyzing our Services and showing you ads for RedShelf. You can choose to limit the information shared with our analytics and advertising partners by selecting “Decline” in the Cookie Banner at the bottom of our Sites or following the steps described in the “Cookies and Similar Technologies” section of this Privacy Policy.

 

California Privacy Rights

 

If you are a California resident, the CCPA allows you (or an authorized agent acting on your behalf) to make certain requests related to your personal information. Specifically, the CCPA allows you to request us to:

 

  • Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we share/disclose personal information. This information is also set forth in this Privacy Policy.

  • Provide access to and/or a copy of certain personal information that we hold about you.

  • Delete certain personal information that we hold about you.

  • Provide you with information about the financial incentives that we offer to you, if any exists.

 

The CCPA further provides you with the right not to be discriminated against (as provided in applicable law) for exercising your rights.

 

Certain information may be exempt from such requests under California law. For example, we may retain certain information for legal compliance and to secure our Services and to maintain opt-outs for Inclusive Access programs. We may need certain information in order to provide the Services to you; if you ask us to delete it, you may no longer be able to use the Services or access any of the Digital Content you had previously acquired or had access to through our Services.

 

We will take reasonable steps to verify your identity and for deletion, confirm your request, before responding to a request. In doing so, we may request information from you so that we can match the data you provide to us with the data we maintain to confirm your identity.

 

If you would like further information regarding your legal rights under California law or would like to exercise any of these rights, or if you are an authorized agent making a request on a user’s behalf, please contact us at Privacy@RedShelf.com and include “CCPA Consumer Request” in the subject, or submit your request here.  Please provide sufficient information to allow us to reasonably verify you are the person about whom we collected personal information or an authorized representative and please describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.  We try to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

 

California’s “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third-parties for their own direct marketing purposes.

 

European Union Economic Area, Canadian & Brazilian Residents

Legal Bases for Use of Your Information

Some countries require that companies only process your “Personal Data” (as that term is defined in the applicable law like the EU General Data Protection Regulation) if they have a “legal basis” (or justifiable need) for processing your Personal Data. To the extent those laws apply, our legal bases for processing Personal Data are as follows:

 

  • To perform our obligations pursuant to a contract (or pending contract) with you, an Institution or a business organization. For example, we will process your Personal Data to comply with our Terms of Use, and to honor our commitments in any contracts that we have with you, your Institution or your business organization.

  • For our legitimate interests or the legitimate interests of others. For example, we will process your Personal Data to: operate our business and our Services; identify and fix any issues with our Services; secure the Services; learn more about how our customers use the Services; perform internal analytics; improve the Services and users’ experiences; provide you with certain information about new products, special offers or other information that we think you may find interesting in accordance with applicable law; make and receive payments; comply with legal requirements and defend our legal rights; prevent fraud; engage in a business change (e.g., sale, merger); and to know the customer to whom we are providing Services.

  • To comply with our legal obligations.

  • With your consent.

 

Privacy Rights

If you are a citizen of the European Economic Area (“EEA”), the United Kingdom, Switzerland, Canada or Brazil, you may request that we:

  • provide access to and/or a copy of certain information we hold about you

  • delete certain information that we are holding about you

  • prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling) and uses of information for secondary purposes

  • update or rectify information that is out of date or incorrect

  • oppose, cancel, or restrict the way that we process and disclose certain of your information

  • transfer your information to a third-party provider of services in some instances

  • revoke your consent for the processing of your information

 

To make such a request, please send such request to EUprivacy@redshelf.com.

 

If applicable, you may make a complaint to the data protection supervisory authority in the country where you are based. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.

Data Transfers

RedShelf currently stores or may transfer personal data to countries other than your country of residence, including the United States, and may subcontract the processing of your data to, or otherwise share your data with trusted service providers, and trusted business partners in countries other than your country of residence, including the United States, in accordance with applicable law. By providing us with your information, you acknowledge any such transfer, storage, or use and further that the protection of such information may be different then the laws in the jurisdiction in which you live which may include access rights by law enforcement and governmental authorities.

 

If you live in the EEA, the United Kingdom or Canada, please note that, if we provide any information about you to third-party information processors, we will take appropriate measures to ensure that such companies protect your information adequately in accordance with this Privacy Policy. These measures may include signing Standard Contractual Clauses in accordance with EU and other data protection laws to govern the transfers of such data. For more information about these transfer mechanisms, please contact us as detailed in the “Contact Information” section below.

 

Retention of Information

 

We keep your information for the time necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.

 

Nevada Resident Privacy Rights

Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration (as such terms are defined by Nevada law) to a person for that person to license or sell such information to additional persons. We do not engage in such activity. 

 

9. CHILDREN’S PRIVACY

The Services are not for children under the age of 13. We do not knowingly collect, maintain, or use personal information (as defined by the United States Children’s Online Privacy Protection Act) from such persons. If you believe that we might have any such information from a child, please contact us as described at the end of this Privacy Policy. If we discover that personally identifiable information of a child has been submitted without legally valid parental consent, we will take reasonable steps to delete it as soon as possible.

 

10. HOW WE PROTECT YOUR INFORMATION

We take measures, including the implementation of physical, technical, and managerial safeguards, to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access. However, no method of transmission over the internet, and no means of electronic or physical storage, is absolutely secure. By using our Services, you acknowledge and accept that we cannot guarantee the security of your information transmitted to, through, or on our Services and that any such transmission is at your own risk. You are responsible for keeping your account information—and especially your login information—confidential. We ask you not to share your login credentials with anyone and recommend you use a complex and unique password.  We also ask you to consider using two-factor authentication, which we offer many of our End Users as a more secure way to authenticate and protect your user credentials.

 

11. CHANGES TO OUR PRIVACY POLICY

We reserve the right to amend this Privacy Policy at any time. We will make the revised Privacy Policy accessible through the Services, so you should review the Privacy Policy periodically. You can know if the Privacy Policy has changed since the last time you reviewed it by checking the “Effective Date” at the beginning of this Privacy Policy. If we make a material change to this Privacy Policy, we will provide you with notice in accordance with legal requirements. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Privacy Policy.

 

12. HOW TO CONTACT US

For all questions, inquiries or complaints regarding this Privacy Policy or RedShelf’s privacy practices, please first contact RedShelf at: RedShelf, Inc., 500 N Dearborn St. Suite 1200, Chicago, IL 60654, or email us at privacy@redshelf.com.