1. Online Privacy Practices
This website (www.bibliotheca.com), (“the Site”) is operated by bibliotheca Group GmbH, a company registered in Switzerland, company registration number CH-170.4.011.563-8, whose registered office is located at bibliotheca Switzerland AG, Erlenstrasse 4a, 6343, Rotkreuz, Switzerland (“the Company”).
We are keen to strike a fair balance between your personal privacy and ensuring that you obtain full value from the products and services (“the Services”) that we may provide to you.
The Company has nominated the Information Commissioner (ICO) as their Lead Supervisory Authority with registration number ZA317140.
2. The Information we collect
In some areas of our website (“the Site”), we ask you to register and thereby provide personal information. When you do so, we ask you to give us your name, email address, company or affiliation, job title and other personal information for the purpose of supplying the Services to you.
We collect statistical information about browsing actions and patterns in order to improve the Site’s user experience. This includes aggregated statistical information.
We also collect statistical information about browsing actions and patterns which can be associated with specific users, including the pages on the website that you visit and the functionality of the services, of which you may use.
3. How we use your Personal Information
The information you provide will be kept confidential. We will hold, use and disclose your personal information for our legitimate business purposes including:
i. to identify you and authenticate your use when you visit the Site; ii. to provide our Services to you as a user of the Site, including enhancing your user experience; iv. to notify you about changes to our service and/or the Site; v. to advise you of news and industry updates, events, promotions and competitions; vi. to fulfil contractual obligations with our clients; vii. to provide further services to you by sharing your personal information with other companies within our Group of companies viii. to release personal information to regulatory or law enforcement agencies, if we are required or permitted to do so.
On each occasion that we send you a newsletter or marketing information, you will be given the choice to opt-out.
4. The Legal Basis for Processing your Personal Information
Under GDPR, the main grounds that we rely upon in order to process personal information of our users are the following:
(a) Necessary for entering into, or performing, a contract – in order to perform obligations that we undertake in providing a service to you, or in order to take steps at your request to enter into a contract with us, it will be necessary for us to process your personal data;
(b) Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your personal data. We may also be obliged by law to disclose your personal data to a regulatory body or law enforcement agency;
(c) Necessary for the purposes of legitimate interests – either we, or a third party, will need to process your personal data for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected. Our legitimate interests include responding to requests and enquiries from you or a third party, optimising our website and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner;
(d) Consent – in some circumstances, we may ask for your consent to process your personal data in a particular way.
5. How we share your Personal Information
In certain circumstances we will share your personal information with other parties. Details of third parties can be made available upon request.
Transfer of Information outside the EEA
Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers.
The parties mentioned above may be established in jurisdictions other than your own and outside the EEA and Switzerland. These countries do not always afford an equivalent level of privacy protection. We have taken specific steps, in accordance with EEA data protection law, to protect your Personal Data. Other transfers may be based on contractual protections.
Under the General Data Protection Regulation, we are required to tell you if we transfer or intend to transfer information which we hold on you to countries outside the European Economic Area (“EEA”). We currently transfer such information outside the EEA in the following circumstances:
(a) where you have registered or subscribed to the Services, to members of our Group of companies operating in countries outside the EEA to enable them to inform you of changes or enhancements to the Site or the products or services which we offer; (b) our marketing department are head quartered in the USA and will have access to information listed in section 2; (c) to servers which are currently located in the USA, but which may in the future be located in another country outside the EEA. A full list of the companies in our Group outside of the EEA and their locations can be found on our website.
We apply equal rigour to the security of data held and processed by us, or on our behalf, outside of the EEA. We have taken steps to ensure that our subsidiaries and affiliates and those who process data on our behalf enter into the standard contractual clauses approved by the European Commission, to safeguard the personal information which is transferred to and from the European Economic Area and beyond.
As our website is hosted in the USA, transfer of all our data outside the EEA is necessary to enable us to operate the Site. To the extent that any personal information is provided to third parties outside the EEA, or who will access the information from outside the EEA, we take steps to ensure that approved safeguards are in place, such as bibliotheca’s Intra-Group Agreements incorporating Standard Contractual Clauses.
We protect our transfers from the European Economic Area with approved legal safeguards that may include: (1) the existence of a European Commission adequacy decision (covering, for example, transfers to Canada, New Zealand, and Switzerland; (2) bibliotheca’s Intra-Group Agreement incorporating Standard Contractual Clauses approved by the European Commission; or (3) Standard Contractual Clauses and other contract terms executed between bibliotheca and a third-party data processor.
With regards to risk, the data received from libraries is very low level data and this data is protected by a number of physical and logical controls to reduce the risk to the data subjects even further.
bibliotheca commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our policy should first contact bibliotheca at: email@example.com.
Trusted Third Parties
We will only share your personal information with trusted third parties, where we have retained them to provide services that you have requested such as onsite engineering, or, for our legitimate business purposes, such as IT or professional support services. bibliotheca as the data controller accepts liability for the transfer of data to third parties.
Regulatory and Law Enforcement Agencies
As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies.
New business owners
If we, or our business merges with, or is acquired by, another business or company, we will share your personal information with the new owners of the business, or company and their advisors. If this happens, we will notify you of such event.
How long we will hold your information
In particular, we will store certain categories of your personal information for the following periods of time:
|Category of Personal Data Storage||time period|
|Analytics data||5 years|
|Customer Contact Information||For the duration of the commercial relationship and for 6 years beyond this|
|Prospect Contact Information||6 years|
We respect your information and have put in place measures to ensure the security of the information we collect and store about you. We are committed to protecting your personal data from unauthorised disclosure and/or access including through the use of network and database security measures (though these cannot always guarantee the security of any data which is collected and stored).
8. Your rights on the information we hold about you
You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them, are set out below. We will require evidence of your identity before we are able to act on your request.
Right of Access
You have the right at any time to ask us for a copy of the personal information about you that we hold. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
Right of Correction or Completion
If personal information we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed.
Right of Erasure
In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed, or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.
Right to object to or restrict processing
In certain circumstances, you have the right to object to our processing of your personal information, by contacting us. For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing, which override your rights and interests. You also have the right to object to use of your personal information for direct marketing purposes.
You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information, and during the period where we are verifying its accuracy.
Right of Data Portability
In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.
You can ask us to transmit that information to you, or directly to a third party organisation.
The above right exists only in respect of personal information that:
- you have provided to us previously; and
- is processed by us using automated means.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to personal information of others without their consent.
You can exercise any of the above rights by contacting us, using any of the methods in section 13.
Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request, for the exercise of your rights.
To the extent that we are processing your personal information based on your consent, you have the right to withdraw your consent at any time. You can do this by using the details in the Contact section below.
You have the right to lodge a complaint with a Supervisory Authority in your country or Member State. These can be found here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
11. Internet based transfers
Given that the Internet is a global environment, using the Internet to collect and process personal data, necessarily involves the transmission of data on an international basis. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site via third party networks; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
13. Contact us for Further Information on Data Protection and Personal Privacy
If you have any enquiries, or if you would like to contact us about our processing of your personal information, including to exercise your rights as outlined above, please contact us centrally by any of the methods below. When you contact us, we will ask you to verify your identity.Contact name: Data Protection Team Telephone:+44 (0)161 498 1140 Email: firstname.lastname@example.org Post: Landmark House, Station Road, Cheadle Hulme, Stockport, SK8 7BS
Information we may collect from you
We may collect and process the following data about you:
- Information that you provide by filling in forms or providing information online to register an interest or to request further information;
- If you contact us by telephone, email, web form or letter, information that forms a record of that correspondence and your contact details;
- When registering interest in a webinar we ask you to register and thereby provide personal information. When you do so, we ask you to give us your name, email address, company or affiliation, job title and other personal information for the purpose of supplying the Services to you.
- Information you provide by responding to feedback requests, questionnaires, surveys and competitions and input contributed during events such as using a chat function and attending events.
Where We Store Your Personal DataThe data we collect is stored on information technology systems owned and run by or on behalf of Bibliotheca or on systems run by those businesses processing it on our behalf. Information you provide to us is stored on secure servers. Unfortunately, the transmission of information via the internet is not completely secure and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the Internet to our site; any transmission is at your own risk. Once we have received your information, we will use all necessary procedures and security measures to try to prevent unauthorised access, loss, disclosure or amendment. If you decide to participate in one of our webinars, you will need to sign up to the Zoom service, and to their terms and conditions. You should be aware that Zoom process your information in the US, details can be found within the Zoom Privacy Notice
How Your Personal Data Will Be ProcessedWe use information about you in the following ways:
- To provide you with information on proposed developments, ideas and events in which you have expressed an interest;
- To notify you about news and progress of the developments, ideas and events in which you have expressed an interest;
- To gather and analyse your views and feedback through surveys, focus groups, events and webinars;
- To ensure that your use of our services is safe and secure.
- To notify you about changes to our Services
- To fulfil contractual obligations with our clients
- To provide you with newsletters, special offers, information of relevant content or other services we offer to help you make the most of our services and for related marketing purposes
- It is necessary for them to provide you with services on our behalf, including Zoom as our webinar platform provider;
- To provide further services to you by sharing your information with other companies within our Group of companies
- We sell or buy any business or assets, in which case we may disclose your personal data to the prospective buyer or seller of such business or assets insofar as they relate to them;
- We are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce agreements or contracts or to protect our rights, our property, or the safety of our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention and credit risk reduction.
- We will not share your personal data with any other third party or for the purposes of direct marketing.
- We will not sell, rent, lease or give away your data to any third party unless we have a legal basis or legitimate interest.
The Legal Basis for Processing your Personal InformationThe main grounds that we rely upon in order to process personal information of our users are the following: (a) Necessary for entering into, or performing, a contract (b) Necessary for compliance with a legal obligation (c) Necessary for the purposes of legitimate interests (d) Consent How long will we hold your information:
|Category of Personal Data Storage||Storage Time Period|
|Webinar Recordings||240 days on Zoom platform and archived on a private Vimeo account.|
|Chat Log||240 days on Zoom platform and archived on a private Vimeo account|
|Customer Contact Information||For the duration of the commercial relationship and for 6 years beyond this|
|Prospect Contact Information||6 years|
- You have the right of access to your information. This includes a description of the data being processed, the purposes of processing and any recipients to whom the data is disclosed. Where we have good reason, and if the GDPR or any relevant Data Privacy Regulation permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
- You have the right to ask us not to process your personal data for direct marketing purposes. You can withdraw your consent to receive stakeholder marketing material at any time by contacting us on the address above or by ‘unsubscribing’ on any emails you receive from us.
- You have the right to rectify your personal data at any time.
- You have the right to have your personal data erased under certain conditions.
- You have a right to restrict or object to some forms of data processing.
- You have the right to prevent any unwarranted processing likely to cause damage or distress.
- In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.