23 - O'Reilly Media (original) (raw)

This version (Version 4.14) is effective as of September 26, 2023.

Overview
About Us
Questions or Concerns: Contact Us

Information We Collect
Processing and Using Personal Information
How We Share and Disclose Personal Information
How We Look After Your Personal Information and How Long We Keep It
International Transfers of Your Information
Your Rights: Access and Accuracy, Updating, Correcting, or Deleting Information
Children's Privacy
Notice Regarding Sharing Data with Third-party Websites, Social Media Platforms, and Software Development Kits
California "Shine the Light" Law
US Privacy Rights
Changes to This Privacy Policy
Previous Versions of the Privacy Policy

Overview

At O'Reilly, we pride ourselves on our commitment to protecting your privacy. Our data governance and privacy policies reflect our company's values and how we strive to maintain your privacy. We carry out our processing operations in compliance with privacy and data protection laws, including, where relevant, the EU General Data Protection Regulation ("GDPR"), Data Privacy Framework Principles, and other applicable global privacy and data protection laws, such as the California Consumer Privacy Act ("CCPA").

This Privacy Policy (the "Policy") discloses the privacy practices of O'Reilly Media, Inc. and O'Reilly UK Limited ("O'Reilly"), and Safari Books Online, LLC ("Safari") (referred to collectively as "we," "us," and "our"). This Policy governs how we use and protect personal information that we collect when you visit our website, use our services or mobile apps, or otherwise engage with us. Any practices or points that are specific to O'Reilly or Safari are also clearly marked out in this Policy.

Any use you make of O'Reilly service offerings is subject to O'Reilly's Terms of Service (TOS) and may also be subject to O'Reilly's Membership Agreement. Any use you make of any Safari service offering is also subject to Safari's Membership Agreement and TOS. If you are a user under a subscription purchased by one of our enterprise customers, the specific terms stipulated between O'Reilly and the relevant enterprise customer may also apply. For specific information relating to our processing of personal information in the context of enterprise accounts, please refer to the "Business-to-Business Accounts" section of this Policy.

About Us

O'Reilly Media, Inc. is a corporation registered in Delaware, with a principal office located at 1005 Gravenstein Highway North, Sebastopol, CA 95472, United States of America.

O'Reilly UK Limited is a company registered in England, under company number 03569414, with its registered address at New Derwent House, 69-73 Theobalds Road, London, WC1X 8TA, United Kingdom.

Safari Books Online, LLC is a limited liability company registered in Delaware, with a principal office located at 1003 Gravenstein Highway North, Sebastopol, CA 95472, United States of America.

Questions or Concerns: Contact Us

If you have any questions about this Policy or questions or complaints about our privacy practices, please contact us using the details below:

FAO

Data Protection Officer

Address

O'Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472, USA

Phone

1-800-889-8969

The contact information above should also be used for communications relating to exercising the rights described in section 6.2 below.

Our EU representative: as we, O'Reilly Media, Inc. and Safari Books Online, LLC, are not established in the EU, pursuant to Article 27 of the General Data Protection Regulation (GDPR), we have appointed European Data Protection Office (EDPO) as our GDPR representative in the EU, whom you may contact if you are located in the EU to raise any issues or queries you have relating to our processing of your personal information and/or this Privacy Policy more generally. You can contact EDPO:

By using EDPO's online request form: https://edpo.com/gdpr-data-request/
By writing to EDPO at Regus Block 1, Blanchardstown Corporate Park, Ballycoolin Road, Blanchardstown, Dublin 15, D15 AKK1, Ireland

Our UK representative: we have appointed O'Reilly UK Limited as our representative in the UK, whom you may contact if you are located in the UK to raise any issues or queries you have relating to our processing of your personal information and/or this Privacy Policy more generally. You can contact O'Reilly UK Limited via email at the following address:

If you prefer, you can, of course, always contact us using our US contact details set out above.

1. Information We Collect

We collect personal information in the following ways:

1.1 Information that you provide to us directly

We gather information that you provide to us when you:

Purchase products or services from us
Subscribe to our newsletters and mailing lists
Participate in promotional offers (such as a trial O'Reilly subscription) and other promotions, competitions, or prize drawings
Fill in forms, conduct searches, post content on the website, respond to surveys, or use any other features of our websites
Make an inquiry, provide feedback, submit correspondence, or make a complaint over the phone, by email, on our website, or by post
Register for and update an online account with us (including if you access it through Facebook, LinkedIn, Twitter, Google, or an open IP provider or our mobile applications)
Register for, present at, and/or attend our events and conferences or scan your attendance badge at any of the booths at our conferences/events or at our booths when we are present at someone else's conference/event
Enter into a contract with us
Sign up for job alerts on our websites; submit a job application, a CV, cover letter, or social media profile to a job vacancy; or attend an interview, assessment, or meeting
Contact other users on the websites, for example on the O'Reilly Community website
"Follow", "like," post to, or interact with our social media accounts, including Facebook, LinkedIn, Twitter, Pinterest, Instagram, and Snapchat
Contribute content and information about yourself in the course of your use of social and sharing features in our websites, services, or products that make users' content and information available to the public or to specific groups, such as others who use those features

The information you provide to us will include (depending on the circumstances):

Identity and contact data: title, names, addresses, email addresses, phone numbers, or your signature.
Account profile data: username/display name, password, user preferences, and, if you sign up through a social media account, certain information about that account.
Conference registration details: the company/organization you work for, job title/position, language preferences, your name, your email, your age, your gender, your job function, your experience, your opinions, why you are attending the conference, what you hope to learn, and your accessibility needs.
Financial data: payment details, which may include billing addresses, credit/debit card details, and bank account details.
Employment and background data: if you apply for employment on our sites, your academic and work history, qualifications, skills, projects, research that you are involved in, references, proof of your entitlement to work in the relevant country, your national security number, your passport or other identity document details, your current level of remuneration (including benefits), and any other such similar information that you may provide to us.
Visual and audio information about yourself: for example, a photo, video footage, or a sound recording.
Your preferences: information about your preferences, interests, industry focus, community choices, and other customer profile information.
Sensitive information: information about your race or ethnicity, religious beliefs, sexual orientation, health, and whether or not you have any disability. You can find out more about how we use sensitive information in "Section 1.5 Special Categories of Data" below.
Any other information that you choose to share with us: for example, any information that you provide via correspondence, when you fill out our survey(s), via our website or social media accounts linked to our website, in person at events or meetings, or over the phone.
Mobile application: when you download and use the O'Reilly mobile app, we automatically collect information on the type of device you use and your operating system version.
Usage data: information related to your usage of the O'Reilly learning platform, such as the content you have accessed, viewed, or otherwise interacted with.

Some of our products and services collect information about system and product data. We use this information to manage and administer our products and services, to issue updates and new versions, to test and monitor services that we provide, to enhance our products and services, and to improve and target our communications with you.

1.3 Information we collect through online technology

We may collect certain information automatically when you use our online technology. This information may include your internet protocol (IP) address, browser settings, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system, or device, browser session location information, internet service provider, and pages that you visit before, during, and after using the services as well as information about the links you click and other information about how you use our online technology. Information we collect may be associated with accounts and other devices (see for example, "Section 2.3 Cross-Device Tracking" below).

Technologies such as cookies, beacons, tags, local storage, and scripts are used by us and our affiliates and by other companies, such as third-party technology service providers and web analytics providers. These technologies make it easier for you to navigate our website and help us manage the content on our website; they are used to analyze trends, administer the sites, track users' movements around the site (including which site you clicked from to arrive at our site), and gather demographic information about our user base. Additional information about these online technologies is available here.

1.4 Information from other sources

In certain circumstances, we will receive information about you from other sources, including third parties. For example, we may receive personal information from any of the following, who may be based inside and/or outside the EU:

Other website users.
Event attendees.
Your agents or representatives who are acting on your instructions.
Commercial contact lists that we acquire from other organizations.
Organizations that we acquire or merge with.
Organizations with whom we provide co-branded events, websites, products, and services.
Fraud detection agencies.
Your current and former employers, recruitment agencies, and references.
Service providers, including our website developers, IT support providers, cloud services providers, payment services providers, billing service providers, contractors, consultants, advertising agencies and platforms, digital performance monitoring and management providers, advertising analytics providers, marketing and sales service providers, user experience testing platforms, B2B contact databases, recruitment agencies, survey tool providers, customer relationship and customer support service providers, event ticket retailers, event management platform service providers, customer identity account management providers, HR service providers, couriers, and instant messaging service providers.
Social media plug-ins. By providing your social media account details, you are authorizing that third-party provider to share with us certain information about you.
Publicly available sources such as LinkedIn, Facebook, and Twitter.

We might also receive information about you from other third parties if you have indicated to such third parties that you would like to hear from us.

1.5 Special categories of data

Special categories of particularly sensitive personal information require higher levels of protection. These so-called "special categories of data" include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, and trade union membership and information about your health and genetic and biometric data. Depending on the circumstances, we will also collect information about criminal convictions and offenses.

We need to have further justification for collecting, storing, and using this type of personal information. We process special categories of personal information in the following circumstances:

In limited circumstances, with your explicit written consent
Where it is necessary to carry out our legal obligations or exercise rights in connection with employment
Where it is necessary for reasons of substantial public interest, such as for equal opportunities monitoring
Where it is necessary in relation to legal claims
Where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent
Where you have already made the information public

For example, we will collect special categories of information:

When you apply to work for us (for diversity and equal opportunities records, to support your needs and facilitate access to our premises, and to carry out background checks)
When you attend our events, visit our premises, or apply for a diversity and inclusion scholarship from us to obtain access to our products or services

In limited circumstances, we may request your written consent to allow us to use certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like to use and the reason we need it so that you can carefully consider whether you wish to consent.

2. Processing and Using Personal Information

2.1 How we process and use information we collect

We process and use your information for the following purposes:

To provide access to our website in a manner convenient and optimal and with personalized content relevant to you (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner).
To register and maintain your O'Reilly or Safari account (on the basis of performing our contract with you).
To process and fulfill your orders for O'Reilly and Safari products and services (on the basis of performing our contract with you).
To process and facilitate transactions and payments, and recover money owed to us (on the basis of performing our contract with you and on the basis of our legitimate interest to recover debts due).
To monitor your account and use of services to ensure compliance with our end-user agreements and prevent and identify unlawful content use and violations (on the basis of our legitimate interests to operate a safe and lawful business, or where we have a legal obligation to do so).
To enable you to communicate with other website users and clients (on the basis of your consent where we have requested it, or on the basis of performing our contract with you).
To manage our relationship with you, which will include notifying you about changes to our Terms of Service or Privacy Policy and asking you to leave a review or take a survey (on the basis of performing our contract with you, to comply with our legal obligations, and our legitimate interests in keeping our records updated and study how our website and services are used).
To enable and support your participation and sharing in connection with those social features of our websites, products, services, and online communities in which you choose to participate.
To conduct business with you or your employer, including to contact you and to manage and facilitate our business relationship with you and your employer (on the basis of performing our contract with you, and our legitimate interest in running our business).
To provide customer service and support, like dealing with inquiries or complaints about the website, which may include sharing your information with our website developer, IT support provider, and payment services provider as necessary (on the basis of performing our contract with you, our legitimate interest in providing the correct products and services to our website users, and to comply with our legal obligations).
To enable you to take part in prize drawings, competitions, and surveys (on the basis of performing our contract with you, and our legitimate interest in studying how our website and services are used and to develop them and to grow our business).
To work with you and undertake projects with you, including to process any proposals that you submit to us (on the basis of our contract with you, and our legitimate interest in running our business).
To provide access to and administer O'Reilly scholarship programs (on the basis of your consent where we have requested it, on the basis of performing our contract with you, and our legitimate interest in making our products and services accessible to a range of individuals with diverse backgrounds).
For recruitment, including to process any job applications you submit to us, whether directly or via an agent or recruiter, including sharing your information with our third-party recruitment agencies (on the basis of our legitimate interest to recruit new employees or contractors).
To carry out marketing and let you know about our news, events, new website features, products, or services that we believe may interest you, including sharing your information with our marketing services providers (either on the basis of your consent where we have requested it or our legitimate interest to provide you with marketing communications where we may lawfully do so).
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (on the basis of our legitimate interests in studying how our website and services are used, to develop them, to grow our business, and to inform our marketing strategy).
To interact with users on social media platforms (on the basis of our legitimate interest in promoting our brand and communicating with interested individuals).
To conduct data analytics to improve our website, products and services, marketing, customer relationships, and experiences (on the basis of our legitimate interests in defining types of customers for our website and services, to keep our website updated and relevant, to develop our business, to provide the right kinds of products and services to our customers, and to inform our business and marketing strategy).
To make suggestions and recommendations by sharing your information with selected third parties such as sponsors and partners, so they can contact you about things that may interest you (either on the basis of your consent where we have requested it or on the basis of our legitimate interest to share details of conference attendees with our copresenters and sponsors).
To carry out marketing research and user testing to assess the levels of satisfaction of existing and proposed products and services (on the basis of our legitimate interest in carrying out research and providing the right kinds of products and services to our customers).
To protect, investigate, and deter against fraudulent, unauthorized, or illegal activity (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
To enable us to comply with our policies and procedures and enforce our legal rights, and to protect the rights, property, or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
To create deidentified information, such as deidentified demographic information, deidentified location information, information about the computer or device from which you access our services, or other analyses we create (on the basis of our legitimate interests in studying how our website/services are used, to develop them, to grow our business, and to inform our marketing strategy).
To send push notifications through our mobile application. We may, if allowed by applicable law, send you push notifications through our mobile application. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device.

We will use your information for the purposes listed above either on the basis of:

Your consent (where we request it)
Performance of your contract with us and the provision of our services to you
Where we need to comply with a legal or regulatory obligation
Our legitimate interests or those of a third party (see "Section 2.2 Legitimate Interests" below for more information)

2.2 Legitimate interests

As outlined above, in certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties. Where we refer to our "legitimate interests," we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interests we have specified in Section 2.1 above.

Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don't automatically override yours, and we won't use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing, please refer to the details of your rights in Section 6 below.

2.3 Cross-device tracking

Your browsing activity may be tracked across different websites and different devices or apps. For example, we may attempt to match your browsing activity on your mobile device with your browsing activity on your laptop to efficiently serve content to you if you're a logged-in user or, in the case of non-logged-in users, to increase the accuracy of site usage analytics. To do this, our technology service providers may share data, such as your browsing patterns and device identifiers, and will match the information of the browser and devices that appear to be used by the same person.

2.4 Business-to-business accounts

You may be receiving access to our O'Reilly learning platform service pursuant to a business-to-business ("B2B") contract in place between us and your employer. Some of our B2B customers are subject to laws and regulations such as GDPR which require them to execute a data processing addendum or other kinds of stipulations regarding privacy and personal data protection with us. To the extent that your employer has executed a data processing addendum with O'Reilly, the following terms apply to our processing of your personal information in relation to a B2B account:

We act as data processors for the personal information that we receive from your employer. This is the personal information that we require in order to create a user account for you under our B2B contract with your employer. As data processors, we only process this personal information in accordance with the instructions provided to us by your employer, who, as data controller, is solely responsible for determining the purposes for which we may process your personal information.
We act as data controllers for any personal information we collect in relation to your usage of the O'Reilly learning platform ("B2B Usage Data"), such as the content you have accessed, as well as for any additional personal information you choose to share with us. Our policies in relation to our collection and processing of your personal information as data controllers are covered by this Privacy Policy.

Please note that B2B Usage Data may be made visible, shared, or otherwise disclosed to your employer. When we make B2B Usage Data available to your employer, we do so based on the fact that your employer administers your account and that it has a legitimate interest in understanding and optimizing your usage of the O'Reilly learning platform. Your employer's processing of B2B Usage Data is governed by your employer's privacy policy. Please contact your employer if you have any questions or concerns in relation to your employer's use of B2B Usage Data.

Please note that this section may also apply in circumstances where you are obtaining access to the O'Reilly learning platform as an authorized user under a B2B account that is administered by an entity that is not your employer (for example, an organization for which you act as a contractor or as an agent).

Please note that your employer and O'Reilly may have executed legal terms, including ad hoc terms relating to the processing of your personal information, which deviate from the representations made under this section. If you have any questions relating to the stipulations between O'Reilly and your employer with respect to the processing of your personal information, please reach out to us using the contact information under the "Contact Us" section above, or reach out to your employer directly.

There are certain circumstances in which we may share your personal information with certain third parties, as follows

Other website users and clients who use our websites and/or applications to communicate or otherwise interact with you
Sponsors, partners, and collaborators, including sponsors of our events, products, or services and organizations with whom we host co-branded events
Our service providers who are acting as processors and who assist us with our administrative or business functions or in the provision of any of our products/services to you
Wholly owned subsidiaries and foreign offices of O'Reilly Media, Inc., including those based in the USA, the UK, China, and Japan
Regulators and governmental bodies like the IRS, HMRC, and other authorities and regulators acting as processors or joint controllers who require reporting of processing activities in certain circumstances
Marketing parties, which are any selected third party that you consent to our sharing your information with for marketing purposes
Any prospective buyer of our business or assets, only in the event that we wish to sell any part of our business or assets
Your employer, pursuant to Section 2.4 above
Other third parties, including legal, professional, or other advisors, regulatory authorities, courts, law enforcement agencies, and government agencies, where necessary to enable us to enforce our legal rights or to protect the rights, property, or safety of our employees, or where such disclosure may be permitted or required by law

For a list of the categories of personal information we have disclosed about consumers for a business purpose in the past 12 months, please click here. For a list of categories of personal information we have sold or shared about consumers for a business purpose in the past 12 months for valuable consideration, please click here. We rely on the lawful bases set out in Section 2.1 above when we use your information for these purposes.

4. How We Look After Your Personal Information and How Long We Keep It

4.1 Security

We use administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of personal information against loss, misuse, unauthorized access, disclosure, alteration, and destruction. We also operate a policy of "privacy by design" by looking for opportunities to minimize the amount of personal information we hold about you.

The safeguards we use include:

Ensuring the physical security of our offices, warehouses, or other sites
Ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption
Using standard security protocols and mechanisms, such as Secure Sockets Layer (SSL) encryption, to transmit sensitive data such as credit card details
Maintaining a data protection policy for and delivering data protection training to our employees
Limiting access to your personal information to those who need to use it in the course of their work

If you have any questions about the security of your personal information, please contact us using the methods outlined in the "Contact Us" section above.

4.2 Retention

We will keep your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do so. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it.

Please contact us using the methods outlined in the "Contact Us" section above if you would like to obtain details of our retention periods for different aspects of your personal information.

4.3 Help keep your information safe

You can also play a part in keeping your information safe by:

Choosing a strong account password, changing it regularly, and using different passwords for different online accounts.
Keeping your login and password details confidential.
Logging out of the website and closing the browser each time you have finished using it, especially when using a shared computer.
Informing us if you know or suspect that your account has been compromised or if someone has accessed your account without your permission.
Keeping your devices protected by using the latest version of your operating system and maintaining any necessary antivirus software.
Being vigilant against fraudulent emails that may appear to be from us. Any emails that we send will come from an email address ending in either @oreilly.com (O'Reilly US), @mail.oreilly.com.cn (O'Reilly China), @oreilly.co.uk (O'Reilly UK), @oreilly.co.jp (O'Reilly Japan), or @safaribooksonline.com or @e.safaribooksonline.com (Safari Books).

5. International Transfers of Your Information

O'Reilly and Safari are both based in the United States of America.

5.1 Data Privacy Framework: EU-US, Swiss-US, and UK Extension

O'Reilly Media, Inc. and Safari Books Online, LLC (and entities and subsidiaries that are, or may become, covered by O'Reilly or Safari's Data Privacy Framework certification) participate in and have certified their compliance with the EU-US Data Privacy Framework, the Swiss-US Data Privacy Framework, and the UK Extension to the EU-US Data Privacy Framework (collectively the "Data Privacy Framework"). O'Reilly and Safari are committed to subjecting all personal information received from the European Economic Area, United Kingdom, and Switzerland ("DPF Covered Data"), respectively, in reliance on each Data Privacy Framework, to the Framework's applicable Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, and Enforcement and Liability, any applicable supplemental principles (collectively the "DPF Principles"). O'Reilly and Safari have each certified to the US Department of Commerce that it adheres to the DPF Principles. To learn more about the Data Privacy Framework and to view O'Reilly and Safari's certifications, please visit the US Department of Commerce's Data Privacy Framework List, available at https://www.dataprivacyframework.gov/s/. If there is any conflict between the terms in this Policy and the DPF Principles, the DPF Principles shall govern. Additionally, O'Reilly and Safari may protect your data through other legally valid methods, including international data transfer agreements.

Under the Data Privacy Framework, O'Reilly and Safari collect, use, and disclose DPF Covered Data for the purposes described in this Policy. Under the Data Privacy Framework, as described in Section 6 below, you may inquire as to whether O'Reilly and/or Safari is processing personal information about you, request access to personal information, and ask that we correct, amend, or delete your personal information where it is inaccurate or has been processed in violation of the DPF Principles. O'Reilly and Safari are responsible for the processing of personal information each receives, under each Data Privacy Framework, and subsequently transfers to a third party acting as an agent on its behalf. The Data Privacy Framework requires that O'Reilly and Safari remain liable should their third parties process personal information in a manner inconsistent with the DPF Principles. O'Reilly and Safari comply with the DPF Principles for all onward transfers of personal data from the European Economic Area, United Kingdom, and Switzerland, including the onward transfer liability provisions.

With respect to DPF Covered Data received or transferred pursuant to the Data Privacy Framework, O'Reilly and Safari are subject to the investigatory and enforcement powers of the US Federal Trade Commission (the "FTC"). The FTC has jurisdiction over O'Reilly and Safari's compliance with the Data Privacy Framework. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you are an EU or Swiss citizen and feel that we are not abiding by the terms of this Privacy Policy or that we are not in compliance with the DPF Principles, please contact us by using the contact information provided at the top of this Privacy Policy.

Under certain conditions, more fully described on the Data Privacy Framework website https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. For additional information, see https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf.

If you are not satisfied with our response, O'Reilly and Safari further commit to cooperate with the EU data protection authorities (DPAs), the UK Information Commissioner's Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to the investigation and resolution of unresolved Data Privacy Framework complaints concerning data transferred from the EU and Switzerland to the United States.

5.2 Special note to users outside of the United States

We transact business throughout the world and have operations, processes, and systems that cross borders. Our offices are located in the United States, the United Kingdom, China, and Japan, and our servers are located in the United States, the United Kingdom, China, and Japan. We may transfer your personal information within the O'Reilly group of companies in the United States and to affiliates, joint venture partners, and third-party service providers around the world.

If you reside in the European Union, please be advised that your personal information will be processed outside of the European Economic Area (EEA). We will take all steps necessary to ensure that your information is adequately protected and processed in accordance with this Privacy Policy, including but not limited to:

Only transferring your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission.
Where we use certain service providers, we may use specific contracts approved by the European Commission, which give personal information the same protection it has in Europe (the so-called European Commission's Standard Contractual Clauses).

We may transfer your personal information to countries in the following regions outside of the EEA: North America and Asia. Please contact us using the contact details in this Privacy Policy if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.

6. Your Rights: Access and Accuracy, Updating, Correcting, or Deleting Information

6.1 Your rights – summary

You have certain rights in respect of the information that we hold about you, including:

The right to be informed of the ways in which we use your information, as we seek to do in this Privacy Policy
The right to restrict or object to the processing of your personal information, including the right to opt in or opt out of the sale of your personal information to third parties, if applicable, where such requests are permitted by law
The right to request access to the information that we hold about you
The right to request that we correct or rectify any information that we hold about you which is out of date or incorrect
The right to withdraw your consent for our use of your information in reliance of your consent (refer to Section 2 above to see when we are relying on your consent), which you can do by contacting us using any of the details at the top of this Privacy Policy
The right to object to our using your information on the basis of our legitimate interests (refer to Section 2 above to see when we are relying on our legitimate interests) or those of a third party, and there is something about your particular situation which makes you want to object to processing on this ground
The right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly used machine-readable format, in certain circumstances
In certain circumstances, the right to ask us to limit or cease processing or erase information we hold about you
The right to lodge a complaint about us to the UK Information Commissioner's Office (https://ico.org.uk/) as well as the right to lodge a complaint with the relevant authority in your country of work or residence
The right of nondiscrimination for exercising your rights

6.2 How to exercise your rights

You may exercise your rights above by contacting us using the methods outlined in the "Contact Us" section above, and we will comply with your requests unless we have a lawful reason not to do so.

In the case of preventing processing for marketing activities, you can opt out of marketing by signing in to your O'Reilly account and updating your account settings. You may also opt out of receiving newsletters or other communications by following the opt-out instructions included in each newsletter or communication or by contacting us using the methods outlined in the "Contact Us" section above.

You can opt out of our Google Analytics data collection by using the tools available here.

Please note that your objection to processing (or withdrawal of any previously given consent) could mean that we are unable to provide you with our services. Even after you have chosen to withdraw your consent, we may continue to process your personal information when required or permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.

California residents can exercise their "Do Not Sell or Share My Personal Information" rights under the California Consumer Privacy Act (CCPA) by clicking here.

Thanks. You have been added to the list.

To opt out of advertising cookies, please consult the list of cookies and instructions here.

6.3 What we need from you to process your requests

We may need to request specific information from you to help us confirm your identity and to enable you to exercise the rights set out above. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You will not have to pay a fee to exercise the rights set out above. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

7. Children's Privacy

Our website and services are not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 13, and in some jurisdictions under the age of 16. If you are under the age of 13, please do not access our website at any time or in any manner. If we learn that we have collected personal information of children under the age of 13 or 16 (as applicable), we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child's account as applicable.

You might provide personal information directly to third parties as a consequence of your interactions with our website and other services offered by us. For example, our website may contain content and links to other third-party websites, plug-ins, and applications that are operated by third parties that may also operate cookies. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We don't control these third-party websites or cookies; we do not endorse, screen, or approve and are not responsible for their privacy statements; and this Privacy Policy does not apply to them. Please check the terms and conditions and privacy policy of the relevant third-party website to find out how they collect and use your information. If you do not want us to share your personal information with these companies, contact us using one of the methods described in the "Contact Us" section above.

Please be responsible with the personal information of others when using our website and the services available on it. We are not responsible for your misuse of personal information or for the direct relationship between you and others that takes place outside of the website or our services.

Our services may include publicly accessible blogs, forums, social media pages, and private messaging features. By using such services, you assume the risk that the personal information provided by you may be viewed and used by third parties for any number of purposes. In addition, social media buttons such as Facebook, LinkedIn, Twitter, and Snapchat (that might include widgets such as the "share this" button or other interactive mini-programs) may be on our site. These features may collect your IP address and which page you are visiting on our site and may set a cookie to enable the feature to function properly. These social media features are either hosted by a third party or hosted directly on our site. Your interactions with these features apart from your visit to our site are governed by the privacy policy of the company providing it.

We may use third-party APIs and software development kits ("SDKs") as part of the functionality of our services. APIs and SDKs may allow third parties including analytics and advertising partners to collect your personal information for various purposes, including to provide analytics services and content that is more relevant to you. For more information about our use of APIs and SDKs, please contact us using the methods outlined in the "Contact Us" section above.

9. California "Shine the Light" Law

This section applies only to California consumers. O'Reilly's and Safari's policy is to share your personal information only if you have given us your consent, for instance, by your agreeing to this Privacy Policy through your use of our sites. After obtaining such consent, O'Reilly may in accordance with this Privacy Policy from time to time provide its business partners with your contact details for direct marketing purposes of relevant services, products, and programs. If you no longer wish your information to be shared, please let us know, and we will prevent disclosure of your information to such business partners free of charge, or if you have further inquiries regarding our information sharing practices, please let us know using the methods outlined in the "Contact Us" section above.

How we collect, use, and share your personal information

We have collected the following statutory categories of personal information in the past twelve (12) months:

Identity and contact data: names, addresses, and email addresses
Account profile data: username/display name, password, user preferences, and, if you sign up through a social media account, certain information about that account
Financial data: payment details, which may include billing addresses, credit/debit card details, and bank account details
Any other information that you choose to share with us: for example, any information that you choose to provide within the bio and social profiles sections of your profile settings, when you fill out our survey(s), via our website or social media accounts linked to our website, in person at events or meetings, or over the phone
Technical data: your web browser user agent information and IP address
Usage data and analytics: information related to your usage of the O'Reilly learning platform, such as the content you have accessed, viewed or otherwise interacted with

The business and commercial purposes for which we collect this information are described in Section 2 of this Privacy Policy. The categories of third parties to whom we "disclose" this information for a business purpose are described in Section 3 of this Privacy Policy.

9.2 Do Not Track

California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. DNT is a way for users to inform websites and services that they do not want certain information about their web page visits collected over time and across websites or online services. We do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers at this time.

10. US Privacy Rights

This section applies if you are a resident of a US state that has enacted a consumer privacy law, such as the California Consumer Privacy Act ("CCPA") for California residents, the Colorado Privacy Rights Act ("CPA") for Colorado residents, or the Connecticut Data Privacy Act ("CDPA") for Connecticut residents. For a description of the categories of personal information about consumers that we have collected and processed in the past 12 months, please refer to sections 2 and 3 of this Policy. Please note that any Sensitive Personal Information, as defined under the CCPA, shall only be processed by us for the purpose of performing the services or provide the products you have requested from us, to prevent, detect, and investigate security incidents, to detect security incidents, resist malicious, deceptive, fraudulent, or illegal actions and to prosecute those responsible for those actions, to ensure customers and other peoples' physical safety, for short-term use such as nonpersonalized advertising as part of our current interactions, to verify or maintain the quality or safety of service, improve, upgrade, or enhance service, or other reasons that do not require an opt-out of this use.

Your US privacy rights

You have certain rights regarding the personal information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.

Right to know. You have the right to request that we disclose to you what personal information we collect, use, and share, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you.
Right to correct inaccurate information. You have the right to request that we correct any inaccurate personal information we process about you.
Right to delete personal information. You have the right to request that we delete personal information collected or maintained by us, subject to certain exceptions.
Right to opt out. To the extent that we sell or share your personal information, you have the right to opt out from such sale or sharing of your personal information. In any case, please note that we do not knowingly sell or share any personal information of consumers under 16 years of age.
Right to nondiscrimination. You have the right to nondiscrimination, which means that you will not receive any discriminatory treatment should you decide to exercise one of your privacy rights.

How to exercise your rights

You can exercise your rights yourself, or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your personal information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your personal information.

Please use the contact details methods outlined in the Contact Us" section above if you would like to:

Access this policy in an alternative format
Exercise your rights
Learn more about your rights or our privacy practices
Designate an authorized agent to make a request on your behalf

You may also opt out from the sale or sharing of your personal information by directly filling out the form included under the "Contact Us" section of this Policy.

11. Changes to This Privacy Policy

Please note that this Policy may change from time to time. We will not reduce your rights under this Policy without your consent. If we make any material changes, we will notify you by email or by means of a notice on this website prior to the change becoming effective. You can also view prior versions of the Policy by viewing the links in Section 12 below.

12. Previous Versions of the Privacy Policy