Privacy Notice for Worldreader Applications

Full version

This Privacy Notice governs your use of Worldreader Digital Platforms that are developed by “Worldreader” (“our Services”, “we” and “us”) . These include Worldreader’s current and future proprietary software applications and systems including but not limited to:

Native and web-based reading applications, APIs and other software solutions that can be reached via mobile phones, tablets and other relevant hardware;
Worldreader Web and Native Mobile Applications;
Worldreader BookSmart and Home Companion Applications (online, offline); and
Worldreader Partners Applications’ Powered by Worldreader.

Worldreader Digital Platforms are mobile optimized and enable users to access and read the copyrighted and open source content available on Worldreader Digital Platforms. They are intended to be used by families at home and on the go. Children under the age of 16 may use our Services under the supervision of a parent or legal guardian. In this Policy, “you” or “your” means a website visitor or adult user of our Services. To understand how we collect and use Personal Data from child profile users, please see Section 9 “Children’s Privacy Policy” below and our Direct Notice to Parents and Legal Guardian.

This Privacy Notice applies only to Worldreader Digital Platforms If a link leads you to another website, please check the information there for the respective treatment of the Personal Data concerning you.

1. Data Controller

The entity responsible for collecting, processing and using the Personal Data relating to you (Controller) in terms of the EU General Data Protection Regulation (GDPR), is:

Fundación Worldreader.org
C/ Diputación, 211
08011 Barcelona
SPAIN
privacy@worldreader.org

Worldreader is a global initiative. Our Privacy Notice addresses the standards put in place by the GDPR and all Worldreader affiliates adhere to this Privacy Notice. All users deserve to have their data protected and understand how it’s being used.

Please contact the Controller if you have questions with respect to the Personal Data concerning you, this Data Privacy Notice or how to exercise your rights as a data subject.

2. Collection, processing, and use of personal data

2.1 Personal data

“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Worldreader only processes the Personal Data concerning you (e.g. email address, Personal Data in the Worldreader Digital Platforms) in accordance with the provisions of applicable data protection law. The following provisions inform you about the nature, scope and purposes of collecting, processing and using Personal Data.

2.2. Information we collect

It goes without saying that to help you read more we need some information about you and your device. We collect information generated as you use our Services, for example access logs, your email account, as well as information you provide third parties when you access our Services through a social media account. If you want additional info, we go into more detail below.

2.2.1 Information collected when you use our services

When you use our Services, we collect information about which features you’ve used, how you’ve used them and the devices you use to access our Services.

Usage Information

We collect information about your activity on our Services, for instance how and when you use them (e.g. date and time you logged in, features you’ve been using, searches, clicks and pages which have been shown to you, referring web page addresses, suggestions and banners that you click on).

Additionally, Worldreader Digital Platforms collect information about the titles you read, the time you spend reading, your searches and other information about how you read when using Worldreader Digital Platforms, to help us understand what content is best suited to your needs and extract learnings about digital reading.

Device information

We collect information from and about the device(s) you use to access our Services, including:

hardware and software information such as IP address, device ID and type, device-specific and apps settings and characteristics, app crashes, browser type, version and language, operating system, time zones, identifiers associated with cookies or other technologies that may uniquely identify your device or browser; and
information on your wireless and mobile network connection, like your service provider and signal strength.

Worldreader Digital Platforms do not collect precise information about the location of your mobile device. They only collect information at country level based on your current IP address.

We do this pursuant to:

Art. 6(1)(b) GDPR:
- to comply our contractual obligations to provide Servicess according to the Terms & Conditions of Worldreader Digital Platforms; and
- because our publishers only let us show their books in some countries. So, without tracking your IP, we cannot determine where you are connecting from and therefore cannot give you access to books; and
Art. 6(1)(f) GDPR, to pursue our legitimate interests.

2.2.2 Information you give us

We do not require you to sign in with Google or Facebook or an account you can create on Worldreader Digital Platforms in order to use our Services. You may choose to give us certain information if you register an account in one of our Services. This includes:

Username;
Email address;
Password;
Preferred language; and
Optional information:
- Gender;
- Age;
- Avatar / Custom profile image by user.

This Personal Data is recorded on the basis of your consent pursuant to Art. 6(1)(a) GDPR and is used to personalize Worldreader Digital Platforms, offer you a better user experience, and continue to improve Worldreader Digital Platforms and overall reading programs. This data is not visible to third parties.

2.2.3 Notifications

Our Android apps have the functionality for sending you in-app and push notifications you have subscribed to containing book recommendations, reading tips and other helpful information. You can use the app settings to enable or turn off these notifications.

2.2.4 Data Provided by Third Parties

You may be able to use your Facebook or Google login details to access account-only functionality of Worldreader Digital Platforms. This saves you from having to remember yet another username and password and allows you to share books and your progress in social media. Please refer to the privacy policies of these platforms to understand how they manage and share your Personal Data.

3. Data sharing with third parties

We use third party service providers to help us operate and improve our Services. These third parties assist us with various tasks, including data hosting and maintenance, data analytics and data security operations. Worldreader will never sell, rent or trade this information to third parties for commercial reasons. Worldreader will continue to be the controller of your data and the service providers will be the data processors that will only act under our instructions. We sign agreements with all the organizations we share data with to ensure they comply with applicable data law. These service providers will never be allowed to use your data for their own commercial purposes or disclose it to third parties without our consent.

Occasionally, we may share data with some partner organizations that help us implement programs in the different countries we work in. These partners will be required to adhere to this Privacy Notice and you will be asked to provide us your consent before we share your Personal Data.

Worldreader periodically transfers aggregated and anonymized data to external service providers, research institutions and partners to help us implement and improve our programs and the user experience. We also share this data with publishers that provide us their content, to extract learnings about digital reading. We will not share your Personal Data with them. We may from time to time publish aggregated data on usage of Worldreader Digital Platforms and create reports and studies based on this data.

We may disclose your Personal Data:

as required by law, such as to comply with a subpoena, or similar legal process;
when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request; and
with our trusted service providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this Privacy Notice.

If Worldreader is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of Personal Data, as well as any choices you may have regarding your Personal Data.

4. Transfers of Data outside the EEA

The sharing of the Personal Data described in previous sections sometimes involves cross-border data transfers. As an example, even though you use a Worldreader Digital Platform when you are located in the European Economic Area (“EEA”), your Personal Data may be transferred to the United States of America or other jurisdictions for the purposes set out in this Privacy Notice. In order to protect your Personal Data and their use by entities located outside of the EEA, we use standard contract clauses approved by the European Commission or other suitable safeguards to permit data transfers from the EEA to other countries. Standard contractual clauses are commitments between companies transferring Personal Data, binding them to protect the privacy and security of your Personal Data to ensure that the level of protection guaranteed by GDPR is maintained.

5. Data Localization and Geo-Partitioning

We keep your data within your selected region or country to help ensure the security of your personal information and compliance with the latest data protection and privacy regulations. You may update your location by clicking on “Settings—User Location.”

6. Data Retention Policy, Managing Your Information

We will retain user-provided data for as long as you use Worldreader Digital Platforms and for a reasonable time thereafter. We will retain automatically collected information for a period of 10 years. We may store anonymized, aggregate data indefinitely for research purposes.

7. Security

We are concerned about safeguarding the confidentiality of your Personal Data. We provide physical, electronic, and procedural safeguards to protect Personal Data we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve Worldreader Digital Platforms. Please be aware that, although we endeavor to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

8. Your rights

Please do not hesitate to contact us using the contact details in section 1 above at any time if you have questions regarding your rights and other topics surrounding Personal Data.

You have the following rights:

8.1 Right of access

You have the right to request, free of charge at any time, information regarding the Personal Data concerning you that is stored by Worldreader, the origin and recipients of such data, the purpose of data processing, the planned duration of data storage and a copy of the Personal Data that are being processed (Art. 15 GDPR).

8.2 Right to rectification

You further have the right to obtain without undue delay the rectification of inaccurate Personal Data and to have incomplete Personal Data completed (Art. 16 GDPR).

8.3 Right to withdraw consent

You have the right to withdraw, without stating reasons, your consent to data processing at any time. This will not affect the lawfulness of processing based on consent prior to withdrawal (Art. 7(3) GDPR).

8.4 Right to erasure

You have the right to obtain erasure of Personal Data concerning you without undue delay if the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or if you withdraw your consent to lawful processing and there are no other legal grounds for the processing. If you object to data processing and there are no overriding legitimate grounds for the processing, your Personal Data will also be erased. Finally, your Personal Data will be erased if processing is unlawful for any other statutory reasons (Art. 17 GDPR).

8.5 Right to restriction of processing

You have the right to obtain restriction of processing if you contest the accuracy of the Personal Data for a period of time that enables us to review its accuracy.

Data processing is also restricted if processing is unlawful and you oppose erasure of your Personal Data and instead request restriction of processing, or if we no longer need the Personal Data for the corresponding purposes, but we need them for the establishment, exercise or defence of legal claims, or if you have previously objected to processing, pending verification of whether Worldreader has legitimate grounds to store the Personal Data that override your interests (Art. 18 GDPR).

8.6 Right to data portability

You have the right to receive the Personal Data concerning you that you provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller where the processing is based on consent or a contract and the Personal Data is processed by automated means (Art. 20 GDPR).

8.7 Right to object

Finally, you have the right to object at any time to processing of Personal Data concerning you in the future.

You have the right to object at any time to the compilation of user profiles and to the processing of the corresponding Personal Data concerning you where processing is based on legitimate interest. We will no longer process your Personal Data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise or defenses of legal claims (Art. 21 GDPR).

8.8 Right to lodge a complaint

In addition, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

9. Children’s Privacy Policy

Please review this section to learn how we collect and use children’s personal information and to learn about your rights.

Worldreader is committed to complying with all applicable laws and regulations regarding the collection, storage and use of personal information of minors under the age of 16, including the Children’s Online Privacy Protection Act of 1998 of the United States. We are committed to the following principles to protect children’s personal information:

We do not collect personal information of a child we know to be under 16 without the consent and active participation of a parent.
We collect only as much personal information as is reasonably necessary for the child to use the Worldreader Services.
We do not display targeted ads to child users in Worldreader Digital Platforms.
We do not use or disclose data collected from child users for targeted advertising or marketing purposes.
We believe that parents should have control over their children’s data.
We will not knowingly retain a child’s personal information after it is no longer needed for the purpose for which it was collected.
We will never sell or rent a child’s personal information to third parties, unless the sale is part of a corporate transaction, such as a merger, acquisition, bankruptcy, or other sale of assets.
We employ industry-standard network security and encryption technology to protect children’s personal information.

Creating a profile

We do not permit children under 16 to create an account and do not knowingly collect personal information from children under the age of 16 without the consent and at the direction of a parent or legal guardian.

Parents may set up an account using the parent’s contact information so that children under 16 may access our Services under the parent’s supervision. We take special precautions to collect only as much information as is reasonably necessary for the users to use our Services and to ensure that parents have access to and control of their child’s use of the Services.

What Child Personal Data does Worldreader collect from children?

Profile Information. Worldreader does not collect Personal Data of a child we know to be under 16 without the consent, and active participation, of a parent or legal guardian (collectively, “Child Personal Data”).

If you are using our BookSmart Applications, we may ask you, the parent, to provide limited Personal Data about the child to better understand what content is best suited to your needs. Information may be collected include:

How many children you read to;
Your relationship to them;
The age of the children you read to; and
Whether you are reading to boys or girls.

Our Privacy Notice describes other information we collect that is not Child Personal Data. If you are a parent or legal guardian who believes that your minor under the age of 16 has provided us with Personal Data without your consent, please contact us at privacy@worldreader.org. Once we verify that you are the parent or legal guardian, at your request, we will promptly provide to you information regarding what, if any, Child Personal Data we have collected about your child and how it has been used or shared. We will, at your request, remove Personal Data about your child from our database

How Does Worldreader Use Child Personal Data?

We use Child Personal Data to personalize the Booksmart Applications, offer you a better user experience by recommending books appropriate for the interests and ages of the children you are reading to, and to continue to improve Worldreader Digital Platforms and overall reading programs.

How does Worldreader share or disclose Child Personal Data?

We share Child Personal Data only as described in this Privacy Notice.

What Choices Do I Have?

You may access, review or modify the Child Personal Data we have collected about your child at any time by signing into your account.

To exercise such rights, you can also do so by emailing: privacy@worldreader.org with the subject line, “Privacy Request,” or submit a request through the Worldreader Website.

Unless you submit a deletion request, we will retain the Personal Data collected from you and your child for as long as necessary to provide the Services and will thereafter de-identify or delete the Child Personal Data.

What About Information Collected By Third Parties?

This Children’s Privacy Policy does not apply to the practices of any third-party services (including apps, skills, and websites) that may be accessed through our Services. Before using any third-party service, you should review the applicable terms and policies to determine their appropriateness for your child, including the service’s data collection and use practices.

List of third parties

Here is a link to a list of third party processors we use and their contact information.

Still Have Questions?

Please contact us at: privacy@worldreader.org.

10. Changes

This Privacy Notice is published in accordance with the provisions of Rule 3(1) of the Information Technology (Intermediaries Guidelines and Digital Media Ethics Code) Rules, 2021 of Government of India.

This Privacy Notice may be updated from time to time to reflect changes to our privacy practices. In the event of change, we will post the current version in our website here and within Worldreader Digital Platforms you are using. If the changes are significant, we will notify users via Worldreader Digital Platform notifications. We encourage you to set your Worldreader Digital Platform preferences to receive these notifications and/or periodically review this Privacy Notice for the latest information about our privacy practices.

Last update: 03 May 2023

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
apay-session-set	1 day	This cookie is set by Amazon Pay. This cookie is used for the payment processing via Amazon. It is necessary to make secure transaction.
CAKEPHP	session	This cookie is used as a cookie controller used for managing other cookies.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
Location	5 days	Records the country code associated with your IP address to provide content relevant to your location.
session-token	1 year	This cookie is set by Amazon Pay. This cookie is used for the payment processing via Amazon. It is neccessary to make secure transaction.
ubid-main	session	This cookie is set by Amazon Pay. This cookie is used for the payment processing via Amazon. It is neccessary to make secure transaction.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
aka_debug	session	Vimeo sets this cookie which is essential for the website to play video functionality.
amazon-pay-connectedAuth	session	This cookie is set by the provider Amazon Pay.This cookie is used for the payment processing and login for the Amazon Pay.
fundraiseup_cid	10 years	No description available.
fundraiseup_session	session	No description
language	1 day	This cookie is used to store the language preference of the user.
player	1 year	Vimeo uses this cookie to save the user's preferences when playing embedded videos from Vimeo.

Cookie	Duration	Description
__hstc	1 year 24 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_53LVSNSG66	2 years	This cookie is installed by Google Analytics.
_ga_73M6R67S2Q	2 years	This cookie is installed by Google Analytics.
_gat_UA-12817542-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjTLDTest	session	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
CONSENT	16 years 2 months 11 days 9 hours 9 minutes	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
ab_disable_remember_me	7 years	No description available.
AWSALBTG	7 days	No description available.
AWSALBTGCORS	7 days	No description available.
FORMASSEMBLY	session	No description available.
m	2 years	No description available.
session-id	1 year	No description available.
session-id-apay	1 year	No description available.
session-id-time	1 year	No description available.
sync_active	never	No description available.