Infobase Data Security and Privacy Policy

Infobase Data Security and Privacy Policy

This Data Security and Privacy Policy was last updated: May 20, 2022.

Infobase Holdings, Inc (“Infobase”) is strongly committed to protecting your privacy and providing a safe online experience for all of our users while offering the highest quality of educational material to them. Because we gather certain types of information during our routine business operations, including when authorized users access our online libraries and services, we feel you should fully understand the terms and conditions surrounding the collection and use of this information. This Data Security and Privacy Policy (“Policy”) discloses the types and categories of information we gather and how we use it, describes your rights and responsibilities pertaining to that information, and informs you of the steps we take to safeguard personal information provided to us both online and offline.

This Data Security and Privacy Policy also applies to the following companies affiliated with Infobase:

  • Facts On File
  • Chelsea House
  • Bloom’s
  • Learn360
  • Films On Demand
  • Credo
For purposes of this Policy, Infobase and these affiliated companies are referred to as the “Company” “we” or “us”. In addition, the terms “personal information” or “personal data” each refer to any information or data, either alone or in conjunction with other identifying information or data, that can be used to identify a person, house, or device and that is subject to, or otherwise afforded protection under, an applicable data protection law, statute, or regulation.

Please read this Policy carefully. By providing us with personal information, by using any of the Company’s websites or services, or by executing with us a contract in which this Policy is incorporated, you agree to the terms and conditions set forth herein.

The Information We Collect About You

The Company may collect information that you voluntarily give to us, such as via our website, in person, or through email, mail, or social media platforms, or which is collected through automated means. As permitted or required by local law, the Company may collect the following information about you:

  • Contact information, such as names, addresses, telephone numbers, and email addresses;
  • Account information, such as usernames, passwords, and transaction-related data for website accounts;
  • Product and services information, such as the product or service you ordered;
  • Financial information, such as credit card and bank account information;
  • Website usage data, such as your Internet Protocol (“IP”) address, browser type and version, browser language, operating system, time of access, website you previously visited, or other information detailed below; and
  • Business contact data, such as information related to other employees, owners, directors, officers, or contractors of a third-party organization (e.g., business, company, partnership, sole proprietorship, nonprofit, or government agency) with whom we may conduct, or possibly conduct, business activities.
  • Recruiting and candidate data in circumstances in which you apply for employment with us, such as information found in your job application and resume; details regarding the type of employment sought; information related to your background, criminal record, credit history and similar data; and information provided about or by your references or other third parties related to your employment history, skills, or qualifications.
  • Communications data, including your marketing preferences and your subscriptions to our publications.
  • Your feedback, including feedback from you about products and services generally, which may include data gathered from any surveys in which you participate.
  • Other identifying information we may obtain from you, as disclosed in other policies or notices.
When you do not provide personal information that a Company requests, we may not be able to provide you the requested service or complete a transaction, and you agree that the Company will not be liable or otherwise responsible for any actions resulting therefrom.

How Does the Company Collect Information?

Most often, the Company obtains personal information about an individual directly from the individual. For example, when an individual undertakes the following activities, we generally collect their personal information:

  • Uses or accesses our website or online services, or completes registration forms or surveys.
  • Contacts our customer service centers or request information from us in any other way.
  • Visits one of our locations or premises.
  • Submits an order to, or makes a purchase with, the Company.
  • Applies to a job posting or otherwise submits an employment application.
  • Provides us personal or business contact information via a business card or through similar communications.
  • Provides us feedback on our products or services.
  • Communicates with us via social networking websites, third party applications, or similar technologies.
  • Visits one of our trade counters at an exhibition.
In accordance with applicable law, we may collect personal information about you from third parties, such as colleges, universities, and schools to which you are affiliated. In addition, (except with regard to children who use our services), we may collect information about you from social media websites/applications and former employers and background check providers, which we may combine with the information we already hold about you in order to promote our legal or business interests, such as to help us improve and customize our websites or online services to your preferences and for other purposes set forth in this Policy. We may also collect your business contact information from your employer or other third parties, which we will use to facilitate or otherwise engage in traditional business activities and similar administrative matters. We may also ask you to provide personal information about third parties to use as references, answer questions about your employment, or for other reasons. If you provide personal information about a third party you expressly represent and warrant to the Company that you have the full right and lawful authority to provide the Company with the information.

What Do We Do with Collected Information?

The Company may use personal information for several business and administrative purposes, or to further our legal or other business interests. Generally, we use personal information for the following reasons:

  • Services and Transactions. We may use your personal information to deliver services to you or carry out transactions that you have requested, including by providing you information on the Company’s products or services, answering customer service requests, and facilitating the use of our websites and online services.
  • Improving our Business. We may use your personal information to perform business analyses or for other purposes that help us to develop and improve the quality of our websites, products and services. We may use your personal information to conduct research and analysis to help us better understand your purchasing preferences, identify the products and services that best meet your requirements, and measure the effectiveness of our advertising and marketing.
  • Marketing. In accordance with applicable laws and regulations, we may use your personal information to inform you of our products or services which may be of interest to you, and to otherwise communicate with you about offerings, events, news, surveys, special offers, and related topics. You are able to opt-out from marketing communications sent via e-mail at any time, free of charge, by using the “unsubscribe” link in any e-mail marketing materials you receive from us.
  • Recruitment Data. In connection with a job application or inquiry, you may provide us with information about yourself, such as a resume/curriculum vitae, professional references, information about education and job background, and information about professional training and certifications. The Company may use this information for the purpose of employment consideration, background checks and employment eligibility, and as otherwise set forth in any separate privacy statement or other notice made available to in connection with your application. We may use a third party (e.g., job recruiter) or social media platform to solicit, collect, and retain employment applications and inquiries.
  • Enforcement and Business Interests. We may use the personal information we collect in order to detect, prevent and respond to fraud, intellectual property infringement, violations of our terms and conditions, violations of law or other misuse of our websites, products, or facilities. We may use personal information to administer and protect our business and our websites, including system maintenance, support, reporting and hosting of data. We may use personal information to promote, defend or protect our legal, regulatory, or business interests.

How Do We Share Personal Information?

We may share your personal information with selected third parties in accordance with applicable law, including as set out below.

  • Service Providers. We may share your personal information with other companies with whom we have contracted to provide services on our behalf, such as hosting our websites and service platforms, conducting surveys, processing transactions, facilitating our marketing activities, performing analyses to improve the quality of our website, products and services. For example, we may share your personal information with Amazon Web Services, who we use for web hosting services and data storage. We may also disclose your personal information to our designated agents, or third-party service providers, who require such information to assist us with administering our employment application and recruitment process, including, but not limited to, obtaining employment verification and background checks. For example, we may share your personal information with Pendo, a service provider we use to help improve our products.
  • Payment Card Transactions. In order to purchases certain goods and services from the Company, you will be required to furnish our third-party vendor (“Payment Vendor”) with a debit card number, credit card number, and/or similar information (collectively, the “Payment Information”). For example, we may share your personal information with PayPal or Stripe, who we use to process your payments. Such Payment Information is collected by our Payment Vendor pursuant to their own terms and conditions, and you hereby acknowledge and agree that the Company is not responsible for, nor has any control over, the data processing of any Payment Vendor. You further acknowledge and agree that the Company is not provided with your full Payment Information and we are only provided an encrypted token by such Payment Vendor in connection therewith.
  • Distributors and Business Partners. We may share your personal information with third parties that distribute our products or marketing materials to you and engage in similar routine business functions.
  • Business Restructuring. Circumstances may arise where the Company decides to sell, buy, divest, merge or otherwise reorganize our business in some countries. We may disclose information we maintain about you to the extent reasonably necessary to proceed with the negotiation or completion of a merger, acquisition, divestiture or sale of all or a portion of the Company’s assets.  If any business restructuring occurs, we will take steps to require that third parties implement equivalent or better security controls to safeguard your personal information.
  • Disclosure for Other Reasons. We may disclose personal information (i) if required by law or government order, or with a legal process served on us, (ii) to protect and defend our rights or property, or (iii) in urgent circumstances, to protect the personal safety of any individual. In addition, the Company may share your personal information with any third party when we believe such disclosure is necessary to defend or protect our legal, regulatory, and business interests. We may also disclose your information upon your express consent.
In the event that you facilitate a transaction with the Company, or request information from, or otherwise engage with us, and such activities require the Company (in our sole judgment) to share your personal information with a service provider or other third party, you hereby direct the Company to intentionally disclose your personal information to the service provider or third party as described herein provided the service provider or third party does not, in its reasonable judgment, sell the personal information, unless that disclosure would be consistent with the law.

What Is Our Lawful Basis for Data Processing? (EEA Only)

Pursuant to the General Data Protection Regulation (“GDPR”) and similar laws, individuals within the European Economic Area and the United Kingdom (post-Brexit) have the right to be informed as to the lawful basis used to process their personal data. Accordingly, we process personal data in accordance with several of the legal bases set forth in the GDPR, many of which overlap and are not mutually exclusive. For example, our processing of personal information (as described herein) is justified based on the following GDPR provisions: (1) processing is based on your consent; (2) processing is necessary for our legitimate interests as set out herein; (3) processing is necessary for the performance of a contract to which you are a party; and (4) processing is required to comply with a legal or statutory obligation.

What About Social Media Authentication?

Any Social Media Login Options available in our products, such as log in with Google, do not transfer any user data to be collected into our systems or database. These optional features are used solely for authentication purposes and can be disabled by your account administrator.

Third-Party Services

Our website also utilizes YouTube API Services when engaging with YouTube content and services embedded on our website. The processing of data through those services is subject to the Google Privacy Policy (http://www.google.com/policies/privacy).

Data Retention and Transfer

The information (including personal information) that the Company collects and processes is stored in the United States. If you are located outside of the United States, please be aware that information you submit will be transferred to the United States, and that the United States may not provide the same level of protections as the laws in your country. By continuing to provide us such information you hereby consent to this transfer. We access, retain, store, and use information for the least amount of time necessary pursuant to our relationship with you, and in accordance with our data retention policies and applicable law. We do not collect more personal information than is necessary to fulfill our obligations to you or for purposes stated in this Policy.

How Do We Use Cookies?

Your Web Browser offers so-called “cookies,” which, if you allow their use, store small amounts of data on your computer when you visit a website. Cookies do not contain any personally identifiable information about you and therefore cannot be used to identify you personally. Cookies assist us in tracking which of our features you like best. Cookies also enable us to customize our content according to your preferences. You have the ability to accept or decline cookies by modifying your browser. Our websites are viewable even if you disable the cookie function on your browser. However, if you disable cookies, some features or offerings will not be available to you.

We use a tool called “Google Analytics” to collect information about use of the Company’s websites. Google Analytics collects information such as how often users visit the websites, what pages they visit when they do so, and what other sites they used prior to coming to our websites. We use the information we get from Google Analytics only to improve our website’s functionality and operability. Google Analytics collects only the IP address assigned to you on the date you visit this site, rather than your name or other personal information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to our websites is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser. Google Analytics also uses electronic images known as web beacons (sometimes called single pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our websites are used. You can find additional information on how to install a browser add-on to prevent your data from being used by Google Analytics at tools.google.com/dlpage/gaoptout. For the cases in which personal data is transferred to the United States, Google has self-certified pursuant to the EU-US Privacy Shield. To receive the most recent information concerning how Google uses your personal information and other data, please visit google.com/policies/privacy/partners.

Do We Sell Personal Data?

No. The Company does not sell, lease, or rent personal information on any individual, including minors, to a third party for profit or other valuable consideration. We only share information with such third parties as described in this Policy, and such sharing and disclosure is never undertaken for profit.

How Can You Control Your Personal Information?

We believe that choice in how and when you are contacted is key to customer satisfaction, so we offer several ways for you to update your contact information or change your preferences. If you are a registered user at our websites, you will be able to log in and update or change your contact or account information. You may unsubscribe to any of our online email updates by following the unsubscribe instructions in the body of any message. You may write to us and update your contact information or ask that we not share your personal contact information with third parties at: Infobase, c/o Privacy Coordinator, 8 The Green, Suite 19225, Dover, DE 19901. In those instances, we will retain your information in a “do not promote” file in our database. You may also contact us at Support@Infobase.com. We will take commercially reasonable steps to implement your opt-out requests promptly.

Security of Your Personal Information

We are committed to protecting the security of your personal information. Although we use our best efforts to secure your data when maintained by us, security during Internet transmissions cannot be assured. We have put in place physical, electronic, and administrative measures to safeguard the personal information we collect, and we use a variety of industry-standard security technologies and procedures to help protect your personal information from unauthorized access, use or disclosure, including:

  • Encryption. We use Secure Sockets Layer (SSL) technology to encrypt important information, such as your credit card data, in an effort to prevent unauthorized access during transmission of your orders over the Internet.
  • Vendor Safeguards. Infobase takes steps to require that third party organizations that work for the Company comply with our information collection, use, and disclosure policies and are do not to sell your information to third parties or to use it except as authorized by us and you, or as permitted or required by law.
  • Password Protection. Your personal information will also be protected by the password you created when you registered at our website. The confidentiality of any password is yours to protect. You may change it anytime by following the instructions on the website.
  • Policies and Training. Company employees are made aware of its privacy practices through Company policies, periodic communications and training.
  • Access Controls. We limit access to personal data only to those Company employees or agents with a specific need to access or retrieve this information. The Company agrees to limit internal access to education records to those individuals who are determined to have legitimate educational interests. The Company will not use education records for any other purposes than those explicitly authorized in this contract.
  • Data Storage. We store data on multiple service systems in controlled, secure, and encrypted environments.
  • Audits and Review. To maintain the highest level of security, we conduct internal reviews of our security measures on a regular basis. The Company’s network activity is continually monitored and tested by our staff and multiple service providers to improve product delivery and maintain scalability. These audits and reviews may trigger design changes and/or the deployment of new regional data centers to handle new or unusual client traffic.
  • Data Retention. When an agreement expires, client data will be purged from our systems upon request from the institution.
  • Breach Notification. The Company will notify its clients in the event that certain types of customer data is accessed by any breach of security resulting in an unauthorized release of client data.

Educational Institutions and Schools

If you are an educational agency or institution to which regulations under the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g (FERPA), apply, the Company acknowledges that for the purposes of the Policy, the Company is a “school official” with “legitimate educational interests” in the educational records (and the personal information therein) that you provide to us, as those terms have been defined under FERPA and its implementing regulations, and the Company agrees to abide by the limitations and requirements imposed by 34 CFR 99.33(a) on school officials. Notwithstanding the foregoing, you hereby understand and agree that the Company may possess limited or no contact information for your students and students’ parents, and therefore you will be responsible for obtaining any parental consent for any authorized user’s use of our services that may be required by applicable law and to convey notification on behalf of the Company to students (or, with respect to a student under 18 years of age and not in attendance at a postsecondary institution, to the student’s parent) of any judicial order or lawfully-issued subpoena requiring the disclosure of educational records (and the personal information therein) in the Company’s possession as may be required under applicable law.

What Are My Rights and My Responsibilities?

You are permitted, and hereby agree, to only provide personal data to the Company if such personal data is accurate, reliable, and relevant to our relationship and only to the extent such disclosure will not violate any applicable data protection law, statute, or regulation or infringe upon any individual’s data privacy rights or privileges. If you provide the Company with any personal data, including personal data about a third party, you expressly represent that you (i) have the full right and authority to submit the personal data to the Company, (ii) have obtained all necessary and appropriate consent for such disclosure of personal data to the Company, and (iii) will immediately contact the Company in the event such personal data is no longer accurate or needs to be amended for any reason to ensure compliance with this privacy statement. In addition, you may have certain rights with respect to the personal data that we collect and retain about you, and they are set forth below.

Parental Rights. The Company’s services are directed to adults and educational institutions, which may furnish our services to students, including students/children under the age of thirteen. In compliance to the Children’s Online Privacy Act (COPPA), the Company will not require a child to disclose more information than is reasonably necessary to participate in an activity related to our services.  A description of the information the Company collects from children, how we use it, and to whom the information is disclosed is set forth above in this Policy, but only those areas applicable in the student user context (i.e., children do not attend our trade shows or serve as our service providers). The Company does not offer any services, or features within our services, that children may use to make their personal information publicly available.  Parents can review their child’s personal information, direct us to delete it, and refuse to allow any further collection or use of the child’s information. Any such information will not be disclosed to third parties. Access to primary content and features is entirely possible with generic, non-specific user information. If you have any questions or concerns related to our data processing on children, please email us at Support@Infobase.com.

EEA Resident RightsIf you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by contacting us at Support@Infobase.com.

In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information. Again, you can exercise these rights by contacting us at Support@Infobase.com.

You have the right to opt out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt out” link in the marketing emails we send you. Registered users can manage their account settings and email marketing preferences. If you are an unregistered user, or to opt out of other forms of marketing (such as postal marketing or telemarketing), you may contact us at Support@Infobase.com.

Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Notwithstanding the foregoing, we reserve the right to keep any information in our archives that we deem necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

California Privacy Rights. Pursuant to the California Consumer Privacy Act of 2018, as amended (“CCPA”), certain California residents may have additional data privacy rights, such as the right (i) to be notified about what personal information is collected about you, and our intended use and purpose for collecting your personal information, (ii) the right to know and access the categories or specific pieces of personal information we have collected, used, or disclosed about you over the past twelve (12) months; the categories of sources from which the personal information is collected; and, the business or commercial purpose for which your personal information was collected, used, or disclosed, and (iii) to request the Company transfer, to the extent feasible, personal information in certain forms and formats. California residents have the right to request that we (and any applicable service provider) delete/erase your personal information under certain circumstances. California residents have the right to opt-out of the sale of their personal information, and the Company does not sell, lease, or rent personal information on any individual, including minors, to a third party for profit or other valuable consideration. California residents have the right not to be subject to discrimination for asserting their rights under the CCPA.  To exercise any of these data privacy rights, please contact us, or have your authorized agent contact us, in accordance with the “Contact Information” section listed below. In the event you submit, or your authorized agent submits on your behalf, a data request, you (and your authorized agent) hereby acknowledge and agree, under penalty of perjury, that you are (or the authorized agent of) the consumer whose personal data is the subject of the request. We will respond to any data requests within the timeframes required by law, and we may charge a fee to facilitate your request, where permitted by law. The rights afforded under the CCPA are not absolute, and the Company may be permitted to refrain from undertaking any action or changing its data processing activities, in response to a data request you submit to us. If you make, or an authorized agent on your behalf makes, any request related to your personal data under the CCPA, the Company will ascertain your identity (and the identity of the authorized agent, to the extent applicable) to the degree of certainty required under the law before addressing your request. The Company may require you to match at least two or three pieces of personal data we have previously collected from you before granting you access to, or erasing, specific pieces, or categories of, personal data, or otherwise responding to your request. We may require written documentation that demonstrates a third party is authorized to serve as your agent for the purposes of submitting the requests set forth herein.

Marketing. You have the right to opt-out of receiving electronic direct marketing communications from us. All electronic direct marketing communications that you may receive from us, such as e-mail messages, will give you an option of not receiving such communications from us in the future. In addition, we do not share personal information with third parties with whom we have reason to believe use such information for their own direct marketing purposes.

Persons with Disabilities. The Company strives to ensure that every person has access to information related to our products and services, including this Policy. Please contact us if you would like this Privacy provided in an alternative format and we will seek to meet your needs.

Change to Our Privacy Policy

We will occasionally update this Privacy Policy as necessary to protect our users and to comply with a changing environment. If we update this Privacy Policy, we will notify you by posting a new Privacy Policy on this page. If we make any changes that materially change the ways we process or protect your information, we will provide additional notification of the changes by notifying registered users at the email addresses associated with their accounts. We will not make material changes in how we handle previously collected personal information that have retroactive effect unless legally required to do so.

Contact Information

If you have any questions about this Privacy Policy or our privacy practices, or would like to exercise a privacy right set forth herein, please email us at Support@Infobase.com. Please include the URL of the website and/or name of the publication/product involved in your request.

Or you can contact us by mail at:

Privacy Coordinator
Infobase
8 The Green, Suite 19225
Dover, DE 19901