This version (Version 4.13) is effective as of July 21, 2023.
At O'Reilly, we pride ourselves on our commitment to protecting your privacy. Our data governance and privacy policies reflect our company's values and how we strive to maintain your privacy. We carry out our processing operations in compliance with privacy and data protection laws, including, where relevant, the EU General Data Protection Regulation ("GDPR"), Data Privacy Framework Principles, and other applicable global privacy and data protection laws, such as the California Consumer Privacy Act ("CCPA").
Any use you make of O'Reilly service offerings is subject to O'Reilly's Terms of Service (TOS) and may also be subject to O'Reilly's Membership Agreement. Any use you make of any Safari service offering is also subject to Safari's Membership Agreement and TOS. If you are a user under a subscription purchased by one of our enterprise customers, the specific terms stipulated between O'Reilly and the relevant enterprise customer may also apply. For specific information relating to our processing of personal information in the context of enterprise accounts, please refer to the "Business-to-Business Accounts" section of this Policy.
O'Reilly Media, Inc. is a corporation registered in Delaware, with a principal office located at 1005 Gravenstein Highway North, Sebastopol, CA 95472, United States of America.
O'Reilly UK Limited is a company registered in England, under company number 03569414, with its registered address at New Derwent House, 69-73 Theobalds Road, London, WC1X 8TA, United Kingdom.
Safari Books Online, LLC is a limited liability company registered in Delaware, with a principal office located at 1003 Gravenstein Highway North, Sebastopol, CA 95472, United States of America.
Questions or Concerns: Contact Us
If you have any questions about this Policy or questions or complaints about our privacy practices, please contact us using the details below:
- Data Protection Officer
- O'Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472, USA
The contact information above should also be used for communications relating to exercising the rights described in section 6.2 below.
- By using EDPO's online request form: https://edpo.com/gdpr-data-request/
- By writing to EDPO at Regus Block 1, Blanchardstown Corporate Park, Ballycoolen Road, Blanchardstown, Dublin 15, D15 AKK1, Ireland
If you prefer, you can, of course, always contact us using our US contact details set out above.
1. Information We Collect
We collect personal information in the following ways:
1.1 Information that you provide to us directly
We gather information that you provide to us when you:
- Purchase products or services from us
- Subscribe to our newsletters and mailing lists
- Participate in promotional offers (such as a trial O'Reilly subscription) and other promotions, competitions, or prize drawings
- Fill in forms, conduct searches, post content on the website, respond to surveys, or use any other features of our websites
- Make an inquiry, provide feedback, submit correspondence, or make a complaint over the phone, by email, on our website, or by post
- Register for and update an online account with us (including if you access it through Facebook, LinkedIn, Twitter, Google, or an open IP provider or our mobile applications)
- Register for, present at, and/or attend our events and conferences or scan your attendance badge at any of the booths at our conferences/events or at our booths when we are present at someone else's conference/event
- Enter into a contract with us
- Sign up for job alerts on our websites; submit a job application, a CV, cover letter, or social media profile to a job vacancy; or attend an interview, assessment, or meeting
- Contact other users on the websites, for example on the O'Reilly Community website
- "Follow", "like," post to, or interact with our social media accounts, including Facebook, LinkedIn, Twitter, Pinterest, Instagram, and Snapchat
- Contribute content and information about yourself in the course of your use of social and sharing features in our websites, services, or products that make users' content and information available to the public or to specific groups, such as others who use those features
The information you provide to us will include (depending on the circumstances):
- Identity and contact data: title, names, addresses, email addresses, phone numbers, or your signature.
- Account profile data: username/display name, password, user preferences, and, if you sign up through a social media account, certain information about that account.
- Conference registration details: the company/organization you work for, job title/position, language preferences, your name, your email, your age, your gender, your job function, your experience, your opinions, why you are attending the conference, what you hope to learn, and your accessibility needs.
- Financial data: payment details, which may include billing addresses, credit/debit card details, and bank account details.
- Employment and background data: if you apply for employment on our sites, your academic and work history, qualifications, skills, projects, research that you are involved in, references, proof of your entitlement to work in the relevant country, your national security number, your passport or other identity document details, your current level of remuneration (including benefits), and any other such similar information that you may provide to us.
- Visual and audio information about yourself: for example, a photo, video footage, or a sound recording.
- Your preferences: information about your preferences, interests, industry focus, community choices, and other customer profile information.
- Sensitive information: information about your race or ethnicity, religious beliefs, sexual orientation, health, and whether or not you have any disability. You can find out more about how we use sensitive information in "Section 1.5 Special Categories of Data" below.
- Any other information that you choose to share with us: for example, any information that you provide via correspondence, when you fill out our survey(s), via our website or social media accounts linked to our website, in person at events or meetings, or over the phone.
- Mobile application: when you download and use the O'Reilly mobile app, we automatically collect information on the type of device you use and your operating system version.
- Usage data: information related to your usage of the O'Reilly learning platform, such as the content you have accessed, viewed, or otherwise interacted with.
1.2 Information we collect through technology related to our products and services
Some of our products and services collect information about system and product data. We use this information to manage and administer our products and services, to issue updates and new versions, to test and monitor services that we provide, to enhance our products and services, and to improve and target our communications with you.
1.3 Information we collect through online technology
We may collect certain information automatically when you use our online technology. This information may include your internet protocol (IP) address, browser settings, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system, or device, browser session location information, internet service provider, and pages that you visit before, during, and after using the services as well as information about the links you click and other information about how you use our online technology. Information we collect may be associated with accounts and other devices (see for example, "Section 2.3 Cross-Device Tracking" below).
Technologies such as cookies, beacons, tags, local storage, and scripts are used by us and our affiliates and by other companies, such as third-party technology service providers and web analytics providers. These technologies make it easier for you to navigate our website and help us manage the content on our website; they are used to analyze trends, administer the sites, track users' movements around the site (including which site you clicked from to arrive at our site), and gather demographic information about our user base. Additional information about these online technologies is available here.
1.4 Information from other sources
In certain circumstances, we will receive information about you from other sources, including third parties. For example, we may receive personal information from any of the following, who may be based inside and/or outside the EU:
- Other website users.
- Event attendees.
- Your agents or representatives who are acting on your instructions.
- Commercial contact lists that we acquire from other organizations.
- Organizations that we acquire or merge with.
- Organizations with whom we provide co-branded events, websites, products, and services.
- Fraud detection agencies.
- Your current and former employers, recruitment agencies, and references.
- Service providers, including our website developers, IT support providers, cloud services providers, payment services providers, billing service providers, contractors, consultants, advertising agencies and platforms, digital performance monitoring and management providers, advertising analytics providers, marketing and sales service providers, user experience testing platforms, B2B contact databases, recruitment agencies, survey tool providers, customer relationship and customer support service providers, event ticket retailers, event management platform service providers, customer identity account management providers, HR service providers, couriers, and instant messaging service providers.
- Social media plug-ins. By providing your social media account details, you are authorizing that third-party provider to share with us certain information about you.
- Publicly available sources such as LinkedIn, Facebook, and Twitter.
We might also receive information about you from other third parties if you have indicated to such third parties that you would like to hear from us.
1.5 Special categories of data
Special categories of particularly sensitive personal information require higher levels of protection. These so-called "special categories of data" include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, and trade union membership and information about your health and genetic and biometric data. Depending on the circumstances, we will also collect information about criminal convictions and offenses.
We need to have further justification for collecting, storing, and using this type of personal information. We process special categories of personal information in the following circumstances:
- In limited circumstances, with your explicit written consent
- Where it is necessary to carry out our legal obligations or exercise rights in connection with employment
- Where it is necessary for reasons of substantial public interest, such as for equal opportunities monitoring
- Where it is necessary in relation to legal claims
- Where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent
- Where you have already made the information public
For example, we will collect special categories of information:
- When you apply to work for us (for diversity and equal opportunities records, to support your needs and facilitate access to our premises, and to carry out background checks)
- When you attend our events, visit our premises, or apply for a diversity and inclusion scholarship from us to obtain access to our products or services
In limited circumstances, we may request your written consent to allow us to use certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like to use and the reason we need it so that you can carefully consider whether you wish to consent.
2. Processing and Using Personal Information
2.1 How we process and use information we collect
We process and use your information for the following purposes:
- To provide access to our website in a manner convenient and optimal and with personalized content relevant to you (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner).
- To register and maintain your O'Reilly or Safari account (on the basis of performing our contract with you).
- To process and fulfill your orders for O'Reilly and Safari products and services (on the basis of performing our contract with you).
- To process and facilitate transactions and payments, and recover money owed to us (on the basis of performing our contract with you and on the basis of our legitimate interest to recover debts due).
- To monitor your account and use of services to ensure compliance with our end-user agreements and prevent and identify unlawful content use and violations (on the basis of our legitimate interests to operate a safe and lawful business, or where we have a legal obligation to do so).
- To enable you to communicate with other website users and clients (on the basis of your consent where we have requested it, or on the basis of performing our contract with you).
- To enable and support your participation and sharing in connection with those social features of our websites, products, services, and online communities in which you choose to participate.
- To conduct business with you or your employer, including to contact you and to manage and facilitate our business relationship with you and your employer (on the basis of performing our contract with you, and our legitimate interest in running our business).
- To provide customer service and support, like dealing with inquiries or complaints about the website, which may include sharing your information with our website developer, IT support provider, and payment services provider as necessary (on the basis of performing our contract with you, our legitimate interest in providing the correct products and services to our website users, and to comply with our legal obligations).
- To enable you to take part in prize drawings, competitions, and surveys (on the basis of performing our contract with you, and our legitimate interest in studying how our website and services are used and to develop them and to grow our business).
- To work with you and undertake projects with you, including to process any proposals that you submit to us (on the basis of our contract with you, and our legitimate interest in running our business).
- To provide access to and administer O'Reilly scholarship programs (on the basis of your consent where we have requested it, on the basis of performing our contract with you, and our legitimate interest in making our products and services accessible to a range of individuals with diverse backgrounds).
- For recruitment, including to process any job applications you submit to us, whether directly or via an agent or recruiter, including sharing your information with our third-party recruitment agencies (on the basis of our legitimate interest to recruit new employees or contractors).
- To carry out marketing and let you know about our news, events, new website features, products, or services that we believe may interest you, including sharing your information with our marketing services providers (either on the basis of your consent where we have requested it or our legitimate interest to provide you with marketing communications where we may lawfully do so).
- To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (on the basis of our legitimate interests in studying how our website and services are used, to develop them, to grow our business, and to inform our marketing strategy).
- To interact with users on social media platforms (on the basis of our legitimate interest in promoting our brand and communicating with interested individuals).
- To conduct data analytics to improve our website, products and services, marketing, customer relationships, and experiences (on the basis of our legitimate interests in defining types of customers for our website and services, to keep our website updated and relevant, to develop our business, to provide the right kinds of products and services to our customers, and to inform our business and marketing strategy).
- To make suggestions and recommendations by sharing your information with selected third parties such as sponsors and partners, so they can contact you about things that may interest you (either on the basis of your consent where we have requested it or on the basis of our legitimate interest to share details of conference attendees with our copresenters and sponsors).
- To carry out marketing research and user testing to assess the levels of satisfaction of existing and proposed products and services (on the basis of our legitimate interest in carrying out research and providing the right kinds of products and services to our customers).
- To protect, investigate, and deter against fraudulent, unauthorized, or illegal activity (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
- To enable us to comply with our policies and procedures and enforce our legal rights, and to protect the rights, property, or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
- To create deidentified information, such as deidentified demographic information, deidentified location information, information about the computer or device from which you access our services, or other analyses we create (on the basis of our legitimate interests in studying how our website/services are used, to develop them, to grow our business, and to inform our marketing strategy).
- To send push notifications through our mobile application. We may, if allowed by applicable law, send you push notifications through our mobile application. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device.
We will use your information for the purposes listed above either on the basis of:
- Your consent (where we request it)
- Performance of your contract with us and the provision of our services to you
- Where we need to comply with a legal or regulatory obligation
- Our legitimate interests or those of a third party (see "Section 2.2 Legitimate Interests" below for more information)
2.2 Legitimate interests
As outlined above, in certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties. Where we refer to our "legitimate interests," we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interests we have specified in Section 2.1 above.
Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don't automatically override yours, and we won't use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing, please refer to the details of your rights in Section 6 below.
2.3 Cross-device tracking
Your browsing activity may be tracked across different websites and different devices or apps. For example, we may attempt to match your browsing activity on your mobile device with your browsing activity on your laptop to efficiently serve content to you if you're a logged-in user or, in the case of non-logged-in users, to increase the accuracy of site usage analytics. To do this, our technology service providers may share data, such as your browsing patterns and device identifiers, and will match the information of the browser and devices that appear to be used by the same person.
2.4 Business-to-business accounts
You may be receiving access to our O'Reilly learning platform service pursuant to a business-to-business ("B2B") contract in place between us and your employer. Some of our B2B customers are subject to laws and regulations such as GDPR which require them to execute a data processing addendum or other kinds of stipulations regarding privacy and personal data protection with us. To the extent that your employer has executed a data processing addendum with O'Reilly, the following terms apply to our processing of your personal information in relation to a B2B account:
- We act as data processors for the personal information that we receive from your employer. This is the personal information that we require in order to create a user account for you under our B2B contract with your employer. As data processors, we only process this personal information in accordance with the instructions provided to us by your employer, who, as data controller, is solely responsible for determining the purposes for which we may process your personal information.
Please note that this section may also apply in circumstances where you are obtaining access to the O'Reilly learning platform as an authorized user under a B2B account that is administered by an entity that is not your employer (for example, an organization for which you act as a contractor or as an agent).
Please note that your employer and O'Reilly may have executed legal terms, including ad hoc terms relating to the processing of your personal information, which deviate from the representations made under this section. If you have any questions relating to the stipulations between O'Reilly and your employer with respect to the processing of your personal information, please reach out to us using the contact information under the "Contact Us" section above, or reach out to your employer directly.
4. How We Look After Your Personal Information and How Long We Keep It
We use administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of personal information against loss, misuse, unauthorized access, disclosure, alteration, and destruction. We also operate a policy of "privacy by design" by looking for opportunities to minimize the amount of personal information we hold about you.
The safeguards we use include:
- Ensuring the physical security of our offices, warehouses, or other sites
- Ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption
- Using standard security protocols and mechanisms, such as Secure Sockets Layer (SSL) encryption, to transmit sensitive data such as credit card details
- Maintaining a data protection policy for and delivering data protection training to our employees
- Limiting access to your personal information to those who need to use it in the course of their work
If you have any questions about the security of your personal information, please contact us using the methods outlined in the "Contact Us" section above.
We will keep your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do so. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it.
Please contact us using the methods outlined in the "Contact Us" section above if you would like to obtain details of our retention periods for different aspects of your personal information.
4.3 Help keep your information safe
You can also play a part in keeping your information safe by:
- Choosing a strong account password, changing it regularly, and using different passwords for different online accounts.
- Keeping your login and password details confidential.
- Logging out of the website and closing the browser each time you have finished using it, especially when using a shared computer.
- Informing us if you know or suspect that your account has been compromised or if someone has accessed your account without your permission.
- Keeping your devices protected by using the latest version of your operating system and maintaining any necessary antivirus software.
- Being vigilant against fraudulent emails that may appear to be from us. Any emails that we send will come from an email address ending in either @oreilly.com (O'Reilly US), @mail.oreilly.com.cn (O'Reilly China), @oreilly.co.uk (O'Reilly UK), @oreilly.co.jp (O'Reilly Japan), or @safaribooksonline.com or @e.safaribooksonline.com (Safari Books).
5. International Transfers of Your Information
O'Reilly and Safari are both based in the United States of America.
5.1 EU-US Data Privacy Framework
O'Reilly Media, Inc. and Safari Books Online, LLC (and entities and subsidiaries that are, or may become, covered by O'Reilly or Safari's Data Privacy Framework certification) participate in and have certified their compliance with the EU-US Data Privacy Framework and the Swiss-US Data Privacy Framework (collectively the "Data Privacy Framework"). O'Reilly and Safari are committed to subjecting all personal information received from the European Economic Area, United Kingdom, and Switzerland ("DPF Covered Data"), respectively, in reliance on each Data Privacy Framework, to the Framework's applicable Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, and Enforcement and Liability, any applicable supplemental principles (collectively the "DPF Principles"). O'Reilly and Safari have each certified to the US Department of Commerce that it adheres to the DPF Principles. To learn more about the Data Privacy Framework and to view O'Reilly and Safari's certifications, please visit the US Department of Commerce's Data Privacy Framework List, available at https://www.dataprivacyframework.gov/s/. If there is any conflict between the terms in this Policy and the DPF Principles, the DPF Principles shall govern. Additionally, O'Reilly and Safari may protect your data through other legally valid methods, including international data transfer agreements.
Under the Data Privacy Framework, O'Reilly and Safari collect, use, and disclose DPF Covered Data for the purposes described in this Policy. Under the Data Privacy Framework, as described in Section 6 below, you may inquire as to whether O'Reilly and/or Safari is processing personal information about you, request access to personal information, and ask that we correct, amend, or delete your personal information where it is inaccurate or has been processed in violation of the DPF Principles. O'Reilly and Safari are responsible for the processing of personal information each receives, under each Data Privacy Framework, and subsequently transfers to a third party acting as an agent on its behalf. The Data Privacy Framework requires that O'Reilly and Safari remain liable should their third parties process personal information in a manner inconsistent with the DPF Principles. O'Reilly and Safari comply with the DPF Principles for all onward transfers of personal data from the European Economic Area, United Kingdom, and Switzerland, including the onward transfer liability provisions.
With respect to DPF Covered Data received or transferred pursuant to the Data Privacy Framework, O'Reilly and Safari are subject to the investigatory and enforcement powers of the US Federal Trade Commission (the "FTC"). The FTC has jurisdiction over O'Reilly and Safari's compliance with the Data Privacy Framework. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions, more fully described on the Data Privacy Framework website https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. For additional information, see https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf.
If you are not satisfied with our response, O'Reilly and Safari further commit to cooperate with the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to the investigation and resolution of unresolved Data Privacy Framework complaints concerning data transferred from the EU and Switzerland to the United States.
5.2 Special note to users outside of the United States
We transact business throughout the world and have operations, processes, and systems that cross borders. Our offices are located in the United States, the United Kingdom, China, and Japan, and our servers are located in the United States, the United Kingdom, China, and Japan. We may transfer your personal information within the O'Reilly group of companies in the United States and to affiliates, joint venture partners, and third-party service providers around the world.
- Only transferring your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission, which give personal information the same protection it has in Europe (the so-called European Commission's Standard Contractual Clauses).
6. Your Rights: Access and Accuracy, Updating, Correcting, or Deleting Information
6.1 Your rights – summary
You have certain rights in respect of the information that we hold about you, including:
- The right to restrict or object to the processing of your personal information, including the right to opt in or opt out of the sale of your personal information to third parties, if applicable, where such requests are permitted by law
- The right to request access to the information that we hold about you
- The right to request that we correct or rectify any information that we hold about you which is out of date or incorrect
- The right to object to our using your information on the basis of our legitimate interests (refer to Section 2 above to see when we are relying on our legitimate interests) or those of a third party, and there is something about your particular situation which makes you want to object to processing on this ground
- The right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly used machine-readable format, in certain circumstances
- In certain circumstances, the right to ask us to limit or cease processing or erase information we hold about you
- The right to lodge a complaint about us to the UK Information Commissioner's Office (https://ico.org.uk/) as well as the right to lodge a complaint with the relevant authority in your country of work or residence
- The right of nondiscrimination for exercising your rights
6.2 How to exercise your rights
You may exercise your rights above by contacting us using the methods outlined in the "Contact Us" section above, and we will comply with your requests unless we have a lawful reason not to do so.
In the case of preventing processing for marketing activities, you can opt out of marketing by signing in to your O'Reilly account and updating your account settings. You may also opt out of receiving newsletters or other communications by following the opt-out instructions included in each newsletter or communication or by contacting us using the methods outlined in the "Contact Us" section above.
You can opt out of our Google Analytics data collection by using the tools available here.
Please note that your objection to processing (or withdrawal of any previously given consent) could mean that we are unable to provide you with our services. Even after you have chosen to withdraw your consent, we may continue to process your personal information when required or permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
California residents can exercise their "Do Not Sell My Personal Information" rights under the California Consumer Privacy Act (CCPA) by clicking here.
To opt out of advertising cookies, please consult the list of cookies and instructions here.
6.3 What we need from you to process your requests
We may need to request specific information from you to help us confirm your identity and to enable you to exercise the rights set out above. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to exercise the rights set out above. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
7. Children's Privacy
Our website and services are not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 13, and in some jurisdictions under the age of 16. If you are under the age of 13, please do not access our website at any time or in any manner. If we learn that we have collected personal information of children under the age of 13 or 16 (as applicable), we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child's account as applicable.
8. Notice Regarding Sharing Data with Third-Party Websites, Social Media Platforms, and Software Development Kits
Please be responsible with the personal information of others when using our website and the services available on it. We are not responsible for your misuse of personal information or for the direct relationship between you and others that takes place outside of the website or our services.
We may use third-party APIs and software development kits ("SDKs") as part of the functionality of our services. APIs and SDKs may allow third parties including analytics and advertising partners to collect your personal information for various purposes, including to provide analytics services and content that is more relevant to you. For more information about our use of APIs and SDKs, please contact us using the methods outlined in the "Contact Us" section above.
9. California "Shine the Light" Law
How we collect, use, and share your personal information
We have collected the following statutory categories of personal information in the past twelve (12) months:
- Identity and contact data: names, addresses, and email addresses
- Account profile data: username/display name, password, user preferences, and, if you sign up through a social media account, certain information about that account
- Financial data: payment details, which may include billing addresses, credit/debit card details, and bank account details
- Any other information that you choose to share with us: for example, any information that you choose to provide within the bio and social profiles sections of your profile settings, when you fill out our survey(s), via our website or social media accounts linked to our website, in person at events or meetings, or over the phone
- Technical data: your web browser user agent information and IP address
- Usage data and analytics: information related to your usage of the O'Reilly learning platform, such as the content you have accessed, viewed or otherwise interacted with
9.2 Do Not Track
California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. DNT is a way for users to inform websites and services that they do not want certain information about their web page visits collected over time and across websites or online services. We do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers at this time.
10. US Privacy Rights
This section applies if you are a resident of a US state that has enacted a consumer privacy law, such as the California Consumer Privacy Act ("CCPA") for California residents, the Colorado Privacy Rights Act ("CPA") for Colorado residents, or the Connecticut Data Privacy Act ("CDPA") for Connecticut residents. For a description of the categories of personal information about consumers that we have collected and processed in the past 12 months, please refer to sections 2 and 3 of this Policy. Please note that any Sensitive Personal Information, as defined under the CCPA, shall only be processed by us for the purpose of performing the services or provide the products you have requested from us, to prevent, detect, and investigate security incidents, to detect security incidents, resist malicious, deceptive, fraudulent, or illegal actions and to prosecute those responsible for those actions, to ensure customers and other peoples' physical safety, for short-term use such as nonpersonalized advertising as part of our current interactions, to verify or maintain the quality or safety of service, improve, upgrade, or enhance service, or other reasons that do not require an opt-out of this use.
Your US privacy rights
You have certain rights regarding the personal information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.
- Right to know. You have the right to request that we disclose to you what personal information we collect, use, and share, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you.
- Right to correct inaccurate information. You have the right to request that we correct any inaccurate personal information we process about you.
- Right to delete personal information. You have the right to request that we delete personal information collected or maintained by us, subject to certain exceptions.
- Right to opt out. To the extent that we sell or share your personal information, you have the right to opt out from such sale or sharing of your personal information. In any case, please note that we do not knowingly sell or share any personal information of consumers under 16 years of age.
- Right to nondiscrimination. You have the right to nondiscrimination, which means that you will not receive any discriminatory treatment should you decide to exercise one of your privacy rights.
How to exercise your rights
You can exercise your rights yourself, or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your personal information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your personal information.
Please use the contact details methods outlined in the Contact Us" section above if you would like to:
- Access this policy in an alternative format
- Exercise your rights
- Learn more about your rights or our privacy practices
- Designate an authorized agent to make a request on your behalf
You may also opt out from the sale or sharing of your personal information by directly filling out the form included under the "Contact Us" section of this Policy.
Please note that this Policy may change from time to time. We will not reduce your rights under this Policy without your consent. If we make any material changes, we will notify you by email or by means of a notice on this website prior to the change becoming effective. You can also view prior versions of the Policy by viewing the links in Section 12 below.