Privacy Policy

Policy Effective Date: 31/01/2024

Introduction

BookIT Digital Technologies Pvt. Ltd. (“BookIT”, “us”, “we”) helps organizations from across the world achieve their business goals through its learning content, digital marketing, and technology services. We design and build our solutions on core principles of innovation, end-user experience, and customer satisfaction, such that they work across traditional and newer mobile platforms, formats, and devices to deliver and manage highly compelling and engaging digital content.

This Privacy Policy describes how BookIT collects, uses, and discloses information, and what choices you have concerning your information. You hereby expressly consent to the processing of your personal information in accordance with this Privacy Policy. Your personal information may be stored, processed, or transmitted in India or any other part of the world, where laws regarding storing, processing, or transmitting personal information may be less restrictive than the laws in your country. If you do not agree to the terms of this Privacy Policy, please do not use, or access the Services.

Services

It is BookIT’s policy to respect your privacy regarding any information we may collect while you use or access our software applications and websites.

This Privacy Policy applies to your use and access to the software, applications, products, and/or services offered by BookIT (which includes BookIT’s websites, stores, e-reader apps, digital contents, etc.), each as defined/described in BookIT’s ‘Terms of Service’ available at www.kitaboo.com/terms-and-conditions/

BookIT operates web-based applications such as Kitaboo and ePub3Automation, which are part of our services. These products are offered through the domain www.kitaboo.com. All such products, applications, and websites are collectively called “Services”.

This Privacy Policy applies when you use and/or access our Services. A link to this privacy policy is also available in “the application” for our customers and their end customers.

Acceptance

This document is an electronic record in terms of the Information Technology Act, 2000 and the rules framed thereunder, as applicable and amended from time to time, about electronic records in various statutes as amended by the Information Technology Act, 2000. This electronic record is generated by a computer system and does not require any physical or digital signatures.

Data Controller/Data Fiduciary and Data Processor

We process two main types of personal data.

1. Customer Data – Personal data that forms part of the data that is provided by our customers and their end-users for processing.

1. Other Data – Personal data about our customers, Website visitors, and other individuals that is collected and processed directly by us.

Our Customers are the Data Controller (for the EU region)/ Data Fiduciary (for the India region) of ‘Customer Data’. BookIT is the processor of ‘Customer Data’ and the controller/fiduciary of ‘Other Data’.

Domains and Websites for this Policy

For this Policy, the term, “Websites”, shall refer collectively to www.kitaboo.com, www.kitaboo.com as well as the other websites that the BookIT Group operates and that link to this Policy.

Information We Collect

Customer Data that you provide

As customers, you provide data to us for processing as part of the usage of our BookIT applications.

‘Customer Data’ may be processed by us as a result of the customer’s use of the Services when our customers, or their end-users, input or upload information into the Service. For example, customers who use our Kitaboo application may upload ‘Customer Data’ about themselves or their employees, institutional partners, or schools.

• We collect personal information from you when you create an account, such as your first name, last name, email address and phone number.
• We collect any personal information that you include in your user profile and public profile, public contents, and during the use of our services such as annotations, file uploads and notes.

If you are a school, you should contact your publisher about their privacy practices.  If you are a school student, you should contact your school or teacher to understand your school’s privacy practices.

Other Data that we collect

BookIT also collects data when you use our Websites, Social Media, Blogs, and applications:

• We collect information related to your use of our products and services, such as your touch gestures, highlights, bookmarks, page views, and other applications you may use with our products and services. Our products provide information to us about their status, such as uptime, available memory, and errors that may have occurred.
• We use software tools such as Flash or JavaScript to collect information about how you interact with our products and services, such as mouse clicks, drags, hover-overs, response times, errors, and length of visits to certain pages.

Website Visitor Data

• Users on the BookIT website may voluntarily provide certain personal data, not limited to first and last name and email address, to BookIT when choosing to participate in various activities regarding its services such as surveys, webinars, forums, downloads of whitepapers, videos, case studies, and other documents, requests for demonstrations or pricing information, uploads of job resumes, and subscription of various services provided by BookIT. This will be used by BookIT to operate, maintain, and provide you with the features and functionality of BookIT’s services.

• Log Data – Our servers automatically collect information when you access or use our applications and services. This data is recorded in log files. Examples of such data include IP Address

• Product Demo and Subscription – You provide personal data to us as part of signing up for our newsletters or to request product demos.

• Contact Us Data – When you enquire about our products and services, we collect and store this data to communicate with you and respond to your enquiry. Examples of such data include First Name, Last Name, and Email ID.

Data from Others

User registration services that you use

You may also use third-party registration services or applications to sign up with Kitaboo. We then get data from these applications.

Google Analytics

We currently use Google Analytics to collect information anonymously and report website trends without identifying individual visitors.

As our customer, you have the option to decide if the following personal data can be captured by Google Analytics:

• Which user accesses/downloads ebook. (Username/email ID only)
• User location and device Type
• What reader feature do users use more

We use Google Analytics for analytics and measurement to understand how our services are used. For example, we analyse data about your visits to our sites to do things like optimise product design.

Cookies

We collect data through cookies.

BookIT uses cookies to help BookIT identify and track visitors, their usage of the BookIT website, and their website access preferences. We may also use navigational data like Uniform Resource Locators (URLs) on our products and services to gather and store information about your activities relating to our products and services. If cookies or Flash cookies are disabled, then certain areas of our products and services may not work properly.

BookIT visitors can control cookies through your browser settings. You have the option of blocking or not allowing cookies, which is provided for by our cookie banner asking you which type of cookie you wish to enable.

For more details about how we use these technologies, please see our Cookie Policy.

How We Use Your Data

How we use your personal data will depend on which Services you use and how you use those Services.

Customer Data will be used by BookIT by Customer’s instructions, including any applicable terms in the Customer Agreement and as required by applicable law. BookIT is a processor of Customer Data and Customer is the controller/fiduciary.

Other Data is used by us to provide our services, send our newsletters, send promotional material, and communicate with you by responding to your requests, comments, and questions.

Lawful bases for processing

We have lawful bases to process your personal data. We also use your consent to lawfully process your personal data.

We process your personal data only when we have a lawful basis. Presently, we use the Performance of Contract (i.e. to deliver the services to our customers) and consent as the lawful basis for processing. For certain processing, we may also use legitimate interests as provided under the EU General Data Protection Regulations. If you believe certain services are not in your interest, you have a right to object.

In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

Also, as provided under India’s Digital Personal Data Protection Act, we use your consent as a basis for processing your personal data. In some cases, we may also have a Certain Legitimate Interest to lawfully process the personal data.

Where you have consented to a particular processing, you have a right to withdraw the consent at any time by sending an email to our product support team at gdpr.compliance@kitaboo.com.

How we use Customer data

We use your data to authenticate you and authorize access to our services.

We only process Customer Data on behalf of our customers and in accordance with their instructions provided in the applicable Services agreement with us. We use the data that we have about you to provide our services and provide support to you. In each case, BookIT collects such information only in so far as is necessary or appropriate to fulfil the purpose of the interaction with our services.

• To send emails and other communications. We may send you service, technical, and other administrative emails, messages, and other types of communications. We may also contact you to inform you about changes in our Services and our Services offerings. These communications are considered part of the Services and you may not opt out of them. We may use your information in the following ways:

1. to send you a welcome e-mail and to verify ownership of the e-mail address provided when your user account was created;
2. to identify you as a user in BookIT’s system;
3. to provide access to the Website;
4. to facilitate the creation of and secure your user account;
5. to provide improved administration of the Website;
6. to notify you about updates to the Website;
7. to improve and customize the quality of experience when you interact with the Website;
8. to send you administrative e-mail notifications, such as security or support and maintenance advice;
9. to engage with or contact inactive users of the Website;
10. to direct certain content and advertisements to you so that you are more likely to see content and advertisements that are relevant to you;
11. to analyse the data submitted by you;
12. to send offers and promotional materials related to the Website and those of third parties for marketing and other purposes.

• Aggregated Analytics. We also use our Customer’s end-user data to derive aggregated analytics such as duration of book reading, Book Opened / Assigned, Reading Time, Pages Read, Reading Sessions, Avg. Reading Time / Session, Avg. Pages Read / Session, Notes Shared / Created, Highlights Shared / Created, Resources Viewed / Available, etc.

• Customer Support. If you send us a request (for example via a support email or one of our feedback mechanisms), we respond to your request or to help your issues.

• For any other purpose as provided for in the Services Agreement between us and the customer, or as otherwise authorized by the customer;

• In accordance with or as may be required by law.

How we use Other data

We may set up product demos or send you marketing / promotional materials. You may choose to restrict the collection or use of your personal information

We will update you with improvements in our services, and new features and from time to time also carry out direct marketing of our products and services. Direct marketing is carried out only if you consent to receiving such communications from us.

We also send invitations to our events or conferences.

Users under 16 years of age

The Sites and Services do not knowingly collect personal information from users under the age of 16 as per the EU region and the age of 18 as per India region.

If you are under the age of 16 as per the EU region and the age of 18 as per India region, you are not permitted to use the Sites and Services except as an end-user student.

Data Retention Policy

We will retain your personal information for as long as is needed to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).

Customer Data – We retain your information for as long as you have an active Services account. We may also retain your personal information for an extended period under applicable statutory laws.

BookIT will retain Customer Data by a Customer’s instructions, including any applicable terms in the Customer Agreement, or for two years if there are no such instructions, and as required by applicable law. When you decide to close your account, we delete all personal information about you including any user-generated content save and except the personal information required to be retained under applicable law and order.

Other Data – We retain your information for as long as necessary for the purposes that we have described in this Privacy Policy.

BookIT may retain Other Information about you for as long as necessary for the purposes described in this Privacy Policy.

Your Rights

You can request to access, update or correct your personal information. You also have the right to object to direct marketing.

For all requests relating to your rights, you can contact us at “gdpr.compliance@kitaboo.com.”

You may have additional rights under your local law applicable to the processing.

For example, if the processing of your personal information is subject to the GDPR, and your personal information is processed based on legitimate interests, you have the right to object to the processing on grounds relating to your specific situation.

Under GDPR you may also have the right to request to have your personal information deleted or restricted and ask for portability of your personal information.

Customer’s Rights to Control Data based on Jurisdiction:

For EEA (“European Economic Area”) Users

Whenever you use our services, we aim to provide you with easy means to access, modify, delete, object to or restrict the use of your personal information.

We strive to give you ways to access, update/modify your data quickly or to delete it unless we have to keep that information for legal purposes. Some rights can be accessed from within the BookIT application. For visitors, these rights can be exercised by contacting us with your specific request.

• Change or Correct Data:  You can edit some of your personal data through your account.  You can also ask us to change, update, or fix your data in certain cases, particularly if it’s inaccurate.

• Delete Data:  You can ask us to erase or delete all or some of your personal data (e.g. if it is no longer necessary to provide Services to you).

 

• Object to, or Limit or Restrict, Use of Data:  You can ask us to stop using all or some of your personal data (e.g. if we have no legal right to keep using it) or to limit our use of it (e.g. if your personal data is inaccurate or unlawfully held).

• Withdraw your consent – Any consent that you provide, including for direct marketing, can be withdrawn at any time, by contacting us or by changing your preferences in the application.

• Right to Access and/or Take Your Data:  You can ask us for a copy of your personal data and can ask for a copy of the personal data you provided in machine-readable form.

 

For India Users

• The Right to Access Information about Personal Data: You have the right to access personal data and supplementary information. You can ask us for a copy of your personal information.

• The Right to Correction and Erasure of Personal Data: You can ask us to change, update or fix your data in certain cases, particularly if it is inaccurate. You can ask us to erase or delete all or some of your personal information (e.g., if it is no longer necessary to provide Services to you) without undue delay.

• The Right of Grievance Redressal: You have the right to contact us in case of any grievances or any unlawful processing related to your personal data. You can contact us at gdpr.compliance@kitaboo.com. Also, you have the right to lodge a complaint with the Data Protection Board of India if you are dissatisfied with the way we handle or process your personal data.

• The Right to Nominate: You have the right to nominate any other individual, who could exercise the rights guaranteed under the Act in the event of your death/ or any inability (unsoundness of mind or infirmity of body).

 

• The Right to Withdraw Consent: You have the right to withdraw your consent at any time with effect in the future. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Account Closure

We keep some personal data even after account closure.

Once you choose to close your account, we generally delete your personal information within 30 days of the closure of your account. Some information that is necessary for statutory obligations such as records of payment processing, and invoicing data will be retained as necessary.

Your information shared with others

Recipients of your data

Your data will be shared with other recipients to provide you with services.

While we aim to limit the sharing of your data, at times, it is necessary to share your data with certain service providers.  Examples of when and for what purpose your data is shared include data centre/hosting services, email marketing services, etc.

The following categories of recipients will most likely receive your data for us to provide services to you:

• Third-Party Data Center Services
• Third-Party SMTP Services
• Third-party temporary file upload tools
• Salesforce/Pardot CRM for direct marketing
• Third-party analytics tools and services

To comply with laws. If we receive a request for information, we may disclose if we reasonably believe disclosure is by or required by any applicable law, regulation or legal process.

Customer Profiles

Your data that is publicly accessible may be seen by others.

Your username, public profile information, and public content may be seen by other users of our products and services. It’s your choice whether to include sensitive information on your profile and to make that sensitive information public. Please do not post or add personal data to your profile that you would not want to be publicly available.

BookIT may share information as per the terms of this Privacy Policy; however, BookIT shall endeavour that such use of information does not create hindrance to your use of the Website.

BookIT may disclose your information to third parties if it determines that such disclosure is reasonably necessary to: (a) comply with the laws; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of its name, brands, trademarks or such other rights belonging to it or its other users; or (d) protect its rights.

Stewardship of your data is critical to BookIT and a responsibility that BookIT embraces. BookIT believes that its users’ data should receive the same legal protections regardless of whether it’s stored on its servers or your home computer systems or devices. BookIT will abide by the following principles when receiving, scrutinizing, and responding to government requests for its users’ data:

1. Be transparent,
2. Fight blanket requests,
3. Protect all users, and
4. Provide trusted services.

Cross-Border Data Transfers

Your data will be stored and processed in multiple countries including outside of the European Union (EU) Region and India Region. Your data will be processed within Third Party Data Centers in the USA, India, and Germany. Data of our customers operating from the European Union and the United Kingdom is located in Frankfurt, Germany. Some countries where we process data may not have as protective laws as your own country and there are risks associated with such transfer which you hereby agree and acknowledge.

BookIT offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of Customer Data. These clauses are contractual commitments between parties transferring personal data (for example, between BookIT and its Clients, suppliers, or data processors outside the EU), binding them to protect the privacy and security of the data.

Security Measures to Protect Your Data

Security Measures

We implement security controls to prevent breaches and unauthorised access to your data. We maintain reasonable and appropriate security measures to protect Customer Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

Examples of security measures include physical access controls, encryption, HTTPS, restricted access to data, monitoring for threats and vulnerabilities, etc.

We also subject our services to internationally recognised certification and attestation standards.

Protection of personal information

Our Sites and Services use commercial efforts to maintain safeguards for the protection of your Personal Information. BookIT takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally identifying and personally-identifying information.

However, no method of transmission over the internet, or method of electronic storage, is 100% secure so BookIT cannot fully ensure or guarantee the security of any information you transmit to BookIT or guarantee that information on the Website may not be accessed, disclosed, altered, or destroyed by any person.

Other Information

Contact Information

You can contact us about this privacy policy or use of our services.

If you have questions or complaints regarding this Policy, you may contact us through email at gdpr.compliance@kitaboo.com.   You may contact us at our mailing address below:

BOOKIT DIGITAL TECHNOLOGIES PRIVATE LIMITED

SF-B-01, ART GUILD HOUSE

WING B, PHONEIX MARKET CITY COMPLEX,

KAMANI JUNCTION,

LBS MARG, KURLA

Mumbai, Maharashtra 400 070, IN

Privacy policy change:

BookIT may change this Privacy Policy from time to time, at our sole discretion.

BookIT encourages visitors and customers to frequently check this page for any changes to its Privacy Policy. We will notify you of material changes in advance by email or by notice when you log in to the Sites and Services or both. You confirm that your continued use of our services after any change in this Privacy Policy will constitute your acceptance of such changes and agree to be subject to the revised privacy policy.

We often introduce new features, which may require the collection of new information. If we collect materially different personal data or materially change how we use your data, we will notify you and may also modify this Privacy Policy.