BibliU Platform Privacy Notice


Below is a summary of key terms of this Privacy Notice including the following: 

           ● where we collect your personal information from;  
           ● what personal information we collect;  
           ● how we use your personal information;  
           ● who your personal information is shared with;
           ● and  the rights and choices you have when it comes to your personal information. 

Use of our platform and app (our “Platforms”) is subject to our Terms of Use. If you do not agree to these terms, please stop using the Platforms immediately.  

Where we reference “personal information” in this Privacy Notice, we mean any information that directly or indirectly identifies you, or would identify you when matched together with other information e.g. your name or email address, your age,  IP address, demographic information, cookie identifiers/other unique online identifiers.  We may also collect other personal information regarding your interaction with the Platforms, including usage information, the content that you preview, read, annotate, download or otherwise access, your geographic location, and your communications with us.

The main reason we process your personal information is to provide you with the Platforms. For certain purposes set out in Section 5 below, we may share your personal information with Group entities, our service providers, and regulatory or governmental bodies.  We will only hold your personal information for as long as necessary to fulfil the purposes for which we hold that personal information.    

Table of Contents
1. Introduction

2. About us

3. Information we may collect about you

4. How we use information about you and recipients of your information

5. Who we might share your information with

6. Sub-processing

7. Cookies

8. How we look after your information and how long we keep it for

9. Help keep your information safe and up to date

10. International transfers of your information

11. Supplemental Terms and Conditions for Specified Regions12.  Your rights to the information we hold about you

13. Sharing data directly with third parties
14. Third-party links

15. Changes to this privacy notice and your duty to inform us of changes
16. Commitment to GEANT Data Protection Code of Conduct
17. Complaints


1. Introduction

1.1 Welcome to BibliU, an innovative, day one content delivery and campus store management solution brought to you by BibliU Ltd, part of the BibliU Group, which includes US affiliates, BibliU Inc. and BibliU Campus, Inc. (“we”, “us”, “our”). We are committed to ensuring that your privacy is protected. This privacy notice together with any specific privacy documentation we may provide to you on occasion (“Privacy Notice”), sets out the ways in which we collect and use your personal information in connection with our Platforms. It also explains what rights you have to access or change your personal information.  This Privacy Notice supplements other notices and is not intended to override them.

1.2 BibliU is not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 13 in the United States and under the age of 16 in the rest of the world. If you are under the age of 13 in the United States or under the age of 16 in the rest of the world, please do not access our Platforms at any time or in any manner. We will take appropriate steps to delete the personal information of persons under the age of 13 in the United States and age 16 in the rest of the world.

1.3 Where we use your personal information for our business purposes (e.g., usage analytics or marketing) we will determine the purposes for which and the means by which it is processed.  Where we process personal information  on behalf of our higher education institutional customers who make use of certain features of our services as available via our Platforms, they will determine the purposes and means of the processing of personal information. Whilst there is a written contract in place between us and the customer which sets out our data privacy obligations, we neither control what personal information our customers collect nor how they use it. We are not responsible for their privacy statements. This Privacy Notice neither applies to such customers’ use of personal information, nor to our processing of such personal information for such customers. Please consult the terms and conditions and privacy policy of your institution to find out how they use your information and to establish whether and for what purpose they collect it.

2. About us

2.1 We are a company registered in England under company number 09334024 and the ICO under registration number ZB292375, with our registered address as set out below.

2.2 You can contact us as follows:
For Attention: Chief Data Protection Officer
Address: BibliU Ltd, Ark Coworking, All Saints Church Hall, Carnegie Street, London, England, N1 9QW
Email: support@bibliu.com

3. Information we may collect about you

3.1.1 We will collect any information that you provide to us when you:

a. make an enquiry, provide feedback or make a complaint over the phone, by email or on our Platforms;
b. submit correspondence to us by post, email or via our Platforms;
c. create an account to use the Platforms;
d. update your profile and other account details;
e. submit comments and editing notes on the Platforms; and
f. share comments and editing notes with other users on the Platforms.

3.1.2 The information you provide to us will include (depending on the circumstances):
a. Identity and contact data: title, names, addresses, email addresses, phone numbers and your place of study;
b. Account profile data: if you’re registering for an account you may also provide a username and password; and
c. Survey data: from time to time we might ask if you would be willing to participate in our surveys; if you agree, we will also collect any information that you provide as part of that survey.

3.2 Information we collect about you:

3.2.1 Information contained in correspondence: we will collect any information contained in any correspondence between you and BibliU;

3.2.2 Information transmitted on the Platforms: we will collect information that you upload or post to your BibliU account and/or any correspondence or interactions that you may have with other BibliU users via the Platforms;

3.2.3 Platforms usage data: we will collect information about your interactions with the Platforms, including information such as login data, IP address, page views, searches, requests, confirmations, interactions between you and other BibliU users and other actions on the Platforms; and

3.2.4 Technical data: we will also collect certain information about how you use our Platforms and the device that you use to access our Platforms, even where you have not created an account or logged in. This might include your geographical location, device information (such as your hardware model, mobile network information, unique device identifiers), the data transmitted by your browser (such as your IP address, date and type of the request, content of the request regarding the specific site, time zone settings, access status/HTTP status code, volume of data transmitted, browser type and version, language settings, time zone settings referral source, length of visit to the Platforms, date and time of the request, operating system and interface) number of page views, the search queries you make on the Platforms and similar information. It will also include cookie identifiers and other identifiers that are automatically assigned to your device when you access the Internet. It may also include browsing and/or search history regarding sites visited before or after visiting the Platforms, the type of operating system used to connect to our Platforms, interactions with our services, browser type, ISP, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the services, and your preferences when you use the Platforms.  The analytics will also provide us with GEO-IP information; this means information about the approximate location (at the city or state level) of the computer or device you are using to use the Platforms.  This information may be collected by a third-party Platforms analytics service provider on our behalf and/or may be collected using cookies or similar technologies. For more information on cookies please read the Cookies section below.

3.3 We do not knowingly collect any “special categories” of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

3.4 Information we receive from third parties

3.4.1 In certain circumstances, we will receive information about you from third parties.
For example:

a. Platforms users: we may receive personal information from other users, who may be based inside or outside the, UK EU or North America, for example information that is posted or uploaded by other users and/or correspondence between users;
b. Your institution: we may receive personal information about you from your institution (or your employer, as applicable) where they have the requisite permission to share this information with us;
c. Services providers: we may collect personal information from our third party service providers such as Platforms development and hosting services providers, customer success providers, data analytics providers and our infrastructure providers (most of whom are either based inside the UK, EEA or in the USA). These third parties do not have the right to use personal information we provide to them in any way that is not authorized by us. They are contractually obligated to use such information only as necessary to assist us and to maintain the confidentiality and security of such information;
d. Platforms security: we will collect information from our Platforms security service partners who are based inside the UK, EEA or in the USA, about any misuse to the Platforms, for instance, the introduction of viruses, Trojans, worms, logic bombs, Platforms attacks or any other material or action that is malicious or harmful; and
e. Social media plugins: we use social media plugins from service providers who are based both inside and outside the EU. By providing your social media account details you are authorising that third-party provider to share with us certain information about you.

3.4.2 We might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.

4. How we use information about you and recipients of your information

4.1 We will use your information for the purposes listed below either on the basis of:

4.1.1 performance of your contract with us and the provision of our services to you;

4.1.2 your consent (where we request it);

4.1.3 where we need to comply with a legal or regulatory obligation; or

4.1.4 our legitimate interests or those of a third party (see Section 4.3 below).

4.2 We use your information for the following purposes:

4.2.1 To provide access to our Platforms: to provide you with access to our Platforms in a manner convenient and optimal and with personalised content relevant to you including sharing your information with our Platforms hosts and developers (on the basis of our legitimate interest to ensure our Platforms is presented in an effective and optimal manner);

4.2.2 To register your account: when you sign up to use our Platforms, we will use the details provided on your account registration form (on the basis of performing our contract with you);

4.2.3 To enable you to communicate with other Platform users: certain parts of the Platforms enable you to communicate with each other. We will use the information you have provided (such as your name and contact details) to enable you to communicate with each other (on the basis of our contract with you);

4.2.4 Relationship management: to manage our relationship with you, which will include notifying you about changes to our Terms of Use or Privacy Notices, and asking you to leave a review or take a survey (on the basis of performing our contract with you, to comply with our legal obligations and on the basis of our legitimate interests to keep our records updated and study how our Platforms and services are used);

4.2.5 To conduct business with you or your place of study: we use your information to contact you and manage and facilitate our business relationship with you and your place of study (on the basis of performing our contract with you);

4.2.6 User and customer support: to provide customer service and support (on the basis of our contract with you or on the basis of our legitimate interests to provide you with customer service), deal with enquiries or complaints about the Platforms and share your information with our Platforms developer, IT support provider or payment services provider as necessary to provide customer support (on the basis of our legitimate interest in providing the correct products and services to our users and to comply with our legal obligations);

4.2.7 Analytics: to use data analytics to improve our Platforms, products/services, customer relationships and experiences (on the basis of our legitimate interests in defining types of customers for our Platforms and services), to keep our Platforms updated and relevant;

4.2.8 Research: to carry out aggregated and anonymised research about general engagement with our Platforms (on the basis of our legitimate interest in providing the right kinds of products and services to our users); and

4.2.9 Compliance with policies, procedures and laws: to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).

4.3 As outlined above, in certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties. Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in:

4.3.1 personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you;

4.3.2 operating a safe and lawful business; and

4.3.3 improving security and optimisation of our network, sites and services.

4.4 Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of “Your Rights to the information we hold about you” in Section 12 below.

5. Who we might share your information with

5.1 In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we will share your personal information when relevant with third parties such as:

5.1.1 Platforms users: other Platforms users who you use the Platforms to communicate with, who may be based both inside and outside the EU;

5.1.2 Our service providers: service providers we work with to deliver our business, who are acting as processors and provide us with:
a. Platforms development and hosting services;
b. IT, system administration and security services;
c. analytics providers;
d. payment services; and
e. legal, accountancy, auditing and insurance services and other professional advisers.

5.1.3 Corporate affiliates: other companies of the BibliU group;

5.1.4 Regulators and governmental bodies: HM Revenue & Customs, regulators, governmental bodies and other authorities acting as processors or joint controllers based in the UK, who require reporting of processing activities in certain circumstances;

5.1.5 Prospective sellers and buyers of our business: any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets; and

5.1.6 Other third parties (including professional advisers): any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) based in the UK, EEA or USA, where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.

5.2 We require third parties to maintain appropriate security to protect your information from unauthorised access or processing. However, BibliU remains liable if a third party agent processes your personal data in a manner inconsistent with the contractual provisions put in place with the third party agent, unless BibliU can prove that it is not responsible for the event giving rise to the damage.

6. Sub-processing

6.1 We engage sub-processors to process End User Data on your behalf.  

6.2 The entities currently engaged by BibliU for Platforms sub-processing are listed at https://bibliu.com/legal/application-sub-processors.

7. Cookies

7.1 We use cookies to ensure that you get the most out of our Platforms. Cookies are small amounts of information in the form of text files which we store on the device you use to access our Platforms. Cookies allow us to monitor your use of the software and simplify your use of the Platforms.

7.2 If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org). Please note that, if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of the Platforms.

7.3 The names of the cookies used on our Platforms and the purposes for which these cookies are used are set out below:

Name
Description
Duration
Classification1
connect.sid
Session id
14 days
strictly necessary
bibliu-sp-cookie
App usage tracking
365 days
strictly necessary
ph_phc_*
Posthog analytics 
365 days
functional
__zlcmid
Zendesk live chat
365 days
functional
_delighted_web
Survey tool
365 days
functional

1[Essential/Performance/functional/Targeting/advertising]

BibliU Application Cookie
We use this cookie to keep you signed in and know which requests come from you for the duration of your session

AWSALB (Amazon Load Balancer)
This cookie is a mechanism to route requests to the same target in a target group.

Matomo
This cookie enables us to track the pages viewed, usage and reading patterns.

Delighted
This cookie is used by our NPS survey plugin, Delighted, to help us determine how well BibliU is serving your needs.

Zendesk
These cookies are used by our support plugin, Zendesk Chat.

7.4 When you first visit our Platforms, we do not set cookies on your device.  Unless cookies are “strictly necessary” - essential for the operation of our Platforms - you will need to consent to them.  Please be aware that if you choose not to consent to  cookies you may not be able to access all of the functions of the Platforms.

7.5 If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. Find out how to manage cookies on popular browsers:
Google Chrome
Microsoft Edge
Microsoft Internet Explorer
Apple Safari


7.6 For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org).

7.7 Our Platforms may contain content and links to other sites that are operated by third parties that may also operate cookies. We don’t control these third party sites or cookies and this Privacy Notice does not apply to them. Please consult the terms and conditions and privacy notice of the relevant third party site to find out how that site collects and uses your information and to establish whether and for what purpose they use cookies.

8. How we look after your information and how long we keep it for‍

8.1 We operate a policy of “privacy by design” by looking for opportunities to minimise the amount of personal information we hold about you. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:

8.1.1 ensuring the physical security of our offices or other sites;

8.1.2 ensuring the physical and digital security of our equipment and devices by using appropriate password protection;

8.1.3 maintaining a data privacy policy for, and delivering data privacy training to, our employees; and

8.1.4 limiting access to your personal information to those in our company who need to use it in the course of their work.

8.2 We will retain your personal information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain it for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do, or until you delete it, or request it is deleted (unless a longer retention period is required to meet applicable legal, tax or accounting contractual requirements). We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it.

8.3 Generally, you can expect us to keep your information while you use the Platforms or if you have an active account with us. Even if you delete or ask us to delete your personal information it may persist on backup or archival media for legal, tax, or regulatory purposes.

9. Help keep your information safe and up to date

9.1 You can also play a part in keeping your information safe by:

9.1.1 choosing a strong account password and changing it regularly;

9.1.2 using different passwords for different online accounts;

9.1.3 keeping your login and password confidential and avoiding sharing these details with others;

9.1.4 making sure you log out of the Platforms each time you have finished using it. This is particularly important when using a shared computer;

9.1.5 letting us know if you know or suspect that your account has been compromised, or if someone has accessed your account without your permission;

9.1.6 keeping your devices protected by using the latest version of your operating system and maintaining any necessary anti-virus software; and

9.1.7 being vigilant to any fraudulent emails that may appear to be from us. Any emails that we send will come from an email address ending in ‘@bibliu.com’.

9.2 It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal  information changes during your relationship with us by updating your profile account information or contacting us via the contact details at Section 2 of this Privacy Notice.

10. International transfers of your information

10.1 Your personal information may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data privacy laws that are different to the laws of your country.

10.1.1 Our company is located in the UK and our first-party application data is hosted in the EEA (Ireland).

10.1.2 We share your personal information within the BibliU Group. This will involve a transfer of data outside of the UK and/or the European Economic Area (EEA).

10.1.3 Many of our external third parties are based outside the UK, predominantly in the USA or EEA so their processing of your personal information will involve a transfer of data outside the UK.

10.1.4 Whenever we transfer your personal information out of the EU or the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following transfer solutions are implemented:
a. we may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal information; or
b. we may use specific contracts and any additional safeguards we consider necessary (on a case by case basis) to ensure an adequate level of protection in the jurisdictions in which we process it. Any international transfers of personal information will be in accordance with this Privacy Notice and in compliance with applicable laws.

10.1.5 Please contact us at support@bibliu.com if you want further information on the specific mechanism used by us when doing international transfers of your personal information.

11. Supplemental Terms and Conditions for Specified Regions

11.1 Canada

Personal data (as the term is defined in the Personal Data Protection and Electronic Documents Act of Canada (“PIPEDA”)) will be collected, stored, used and/or processed by BibliU Group in accordance with BibliU Group’s obligations under PIPEDA.

11. 2 USA

11.2.1 A number of states in the United States where BibliU operates have passed or are in the process of passing consumer privacy laws. This includes California, Colorado, Maryland, Tennessee, Texas, Virginia and West Virginia. These additional disclosures are required by the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (CCPA), the Colorado Privacy Act of 2021, the Maryland Online Data Privacy Act of 2024, the Texas Data Privacy and Security Act Notice of 2023, the Tennessee Information Protection Act of 2023 and Virginia Consumer Data Protection Act, and serve as a Notice at Collection under the CCPA. This Section 11.2 applies if you are a resident of one of a state that has enacted consumer privacy laws granting you certain rights and requiring additional disclosures (“State Privacy Laws”).

11.2.2 Unless stated otherwise, the disclosures and practices described in this Section 11, describe our current practices and our practices for the 12 months preceding the date of this Privacy Notice.

11.2.3 This Section 11 provides additional information for California residents. In the event of a conflict between any other parts of this Privacy Notice and this Section 11, this Section 11 will take priority in respect of residents' rights under their State Privacy Laws.

11.2.4 What Personal Information We Collect and Why We Collect It: The table below indicates the categories of personal information that are collected. Please note that the specific pieces of personal information we collect about you may vary depending on the nature of your interactions on the Platforms and may not include all of the examples listed. 

11.2.5 Other than Bibliu’s sharing of personal information as detailed in the second table below, BibliU does not sell personal information as we understand the term sale to be defined by the CCPA.

Categories of Personal Information We Collect
Categories of Third Party Recipients to Whom We Disclose Information for Business Purposes
Identifiers (such as name, email address, date of birth, institution identifier, IP address or other similar identifiers)
Service providers; third parties (in connection with purposes we aim to make clear to you at or prior to collection)
Account profile data / Customer Records / Customer support / Account Registration Information (such as address, telephone number, username and password)
Service providers; third parties (in connection with purposes we aim to make clear to you at or prior to collection)
Internet or Other Network or Device Activity (such as browsing history or app usage)
Service providers; third parties (in connection with purposes we aim to make clear to you at or prior to collection)
Internet or Other Network or Device Activity (such as browsing history or app usage)
Service providers
Geolocation Data (such as approximate location inferred from your IP address, city, country)
Service providers
Institution or Education information (such as the name of the higher education institution and courses you’re enrolled an)

Categories of Personal Information Shared in the Preceding 12 Months:
Service providers
Categories of Third-Party Recipients
This is some text inside of a div block.
Categories of Third-Party Recipients
Purpose for Disclosure
All categories of information we collect may be shared within the BibliU Group companies.
Our Group companies. 
To deliver our Platforms to you, improve your experience and our Platforms as detailed in this Privacy Notice and the Corporate Website Privacy Notice. Our Group companies may also use your information for their own purposes, including marketing purposes.
Any or all categories of information may be shared with third party prospective sellers and buyers depending on the specific transaction.
Third Parties as prospective sellers and buyers of our business:
In connection with any prospective seller or buyer of such business or assets in the event that we decide to sell or buy any business or assets.
Depending on the specific legal requirements any or all categories of information may be shared with third parties for legal requirements and proceedings.
Third Parties for Legal Requirements and Proceedings.
● To law enforcement authorities or other government officials if required to do so to comply with court orders, subpoenas, legal process, other law enforcement or government measures, and to comply with other legal obligations;
● if we believe disclosure is appropriate/necessary in connection with an investigation of suspected or actual illegal or fraudulent activities.
Depending on the circumstances, any or all categories of information may be shared with third parties for your protection and the protection of the Platforms.
Third Parties for your protection and the protection of the Platforms.
To protect and defend the rights, interests, and safety of the BIbliU Group, their employees, contractors and agents; to protect the security and safety of our users of the Platforms.  Disclosures may occur where we believe it is necessary to prevent physical harm or financial loss.
● Identifiers
● Internet Data
● Geolocation Data
Data Analytics Providers.  
To operate, evaluate and improve our business.
● Identifiers
● Internet Data
● Geolocation Data
Internet Services Providers (ISPs).
in connection with the provision of the Platforms.
● Identifiers
Operating Systems and platforms. 
To power your devices  and/or provide common tools/information for software or apps.

11.2.6 BibliU does not use or disclose sensitive personal information for purposes other than those permitted purposes under the CCPA.

11.2.7 BibliU does not have actual knowledge that it sells or shares the personal information of consumers under 16 years of age.

11.2.8 BibliU retains personal information as detailed in Section 8.

11.2.9 Sources of Personal Information: The sources from which we collect personal information are described in Section 3 (Information we may collect about you).

11.2.10 Purposes for Collecting Personal Information:  The purposes are set at Section 4 (How we use information about you and recipients of your information) above.

11.2.11 State Privacy Law Rights gives residents the right to make certain requests with regard to their personal information. Please see Section 12 (Your rights to the information we hold about you) for a description of those rights and how you may make a request.

11.2.12 California's "Shine the Light" law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses' practices related to disclosing personal information to third parties for their' direct marketing purposes. We do not currently disclose your personal information for these purposes. 

12. Your rights to the information we hold about you

12.1 You have certain rights in respect of the information that we hold about you, including:

121.1 the right to be informed of the ways in which we use your information, as we seek to do in this Privacy Notice;

12.1.2 the right to request access to the information that we hold about you;

12.1.3 the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;

12.1.4 the right to withdraw your consent for our use of your information in reliance of your consent, which you can do by contacting us using any of the details at the top of this Privacy Notice;

12.1.5 the right to object to our using your information on the basis of our legitimate interests and there is something about your particular situation which makes you want to object to processing on this ground;

12.1.6 the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances;

12.1.7 in certain circumstances, the right to ask us to limit or cease processing or erase information we hold about you; and12.1.8 the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) as well as a right to lodge a complaint with the relevant authority in your country of work or residence.

Please note that we may need to retain certain information for our own record-keeping and research purposes. We may also need to send you service-related communications relating to your user account even when you have requested not to receive marketing communications.

12.2 How to exercise your rights

12.2.1 You may exercise your rights above by contacting us at support@bibliu.com if you wish to action any of these additional rights, or in the case of preventing processing for marketing activities also by checking certain boxes on forms that we use to collect your data to tell us that you don’t want to be involved in marketing. We will comply with your requests unless we have a lawful reason not to do so.

12.2 What we need from you to process your requests:

12.2.1 We may need to request specific information from you to help us confirm your identity and to enable you to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

12.2.2 You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

13. Sharing data directly with third parties

13.1 You might end up providing personal information directly to third parties as a consequence of your interactions with our Platforms and other services offered by us. For example, your name and other personal information will be shared with other users when you correspond with them via the Platforms. We are not responsible for how such third parties use personal information provided by you.

13.2 Please be responsible with the personal information of others when using our Platforms and the services available on them. We are not responsible for your misuse of personal information, or for the direct relationship between you and others when such use takes place outside of the Platforms or our services.

14. Third-party links

14.1 The Platforms may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Platforms, we encourage you to read the privacy notice of every website you visit.

15. Changes to this privacy notice and your duty to inform us of changes

15.1 We may make changes to this Privacy Notice from time to time.  Any changes will be published on the site and you may be asked to agree to significant changes to this Privacy Notice. If you do not agree with any changes please do not continue to use the Platforms.

15.2 This Privacy Notice shall be governed and construed in all respects in accordance with the laws of England and Wales.

16.  Commitment to GEANT Data Protection Code of Conduct

16.1 Recognising the importance of privacy and user control to stakeholders in learning platforms and scholarly communication, BibliU has adopted and endorsed the GEANT Data Protection Code of Conduct.

16.2 The GEANT Data Protection Code of Conduct provides specific guidance to service providers about how they should handle personal information in the context of federated authentication. Key points include:

16.2.1 Purpose limitation: to only process Attributes of the End User that are necessary for enabling access to the service provided by the Service Provider.

16.2.2 Data minimisation: to minimise the Attributes requested from a Home Organisation to those that are adequate, relevant and not excessive for enabling access to the service and, where a number of Attributes could be used to provide access to the service, to use the least intrusive Attributes possible.

16.2.3 Deviating purposes: not to process the Attributes for any other purpose (e.g. selling the Attributes or selling the personalisation such as search history, commercial communications, profiling) than enabling access, unless prior consent has been given to the Service Provider by the End User.

16.2.4 Data retention: to delete or anonymise all Attributes as soon as they are no longer necessary for the purposes of providing the service.

17. Complaints

17.1 You are encouraged to raise any complaints in respect of data privacy issues with BibliU. BibliU will respond to the individual within 30 days of receiving the complaint.

17.2 You have the right to make a complaint at any time to the you have the right to lodge a complaint with the data privacy authority where you reside. In the UK this is the Information Commissioner’s Office (ICO) (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

This Privacy Notice was updated in August 2024.