Follett is the data controller in that instance, and as such, users are covered under Follett’s privacy policy and associated terms of use in the first instance and should direct all privacy related questions to Follett. For example, this Policy does not apply to End Users who purchased their digital content specifically from Follett or a Follett-affiliated bookstore or institution. This Privacy Policy does not apply to electronic readers or other platforms or websites that do not link to this Policy. Your use of the Services is also subject to our Terms of Use. This Privacy Policy applies to the information that we collect and process about individual users ( “End Users”) of (i) the RedShelf platform and services, including the RedShelf eReader (including mobile applications) and RedShelf Classroom (collectively, the “Platform” or ”RedShelf Platform”), (ii) all digital content accessible through the RedShelf Platform ( “Digital Content”) and (iii) visitors ( “Site Visitors”) to ( “”) and all associated websites, including all websites that RedShelf hosts and manages for certain of its customers (the “White Label Sites”) to the extent such sites link to this Privacy Policy (collectively, “Sites”), as well as information provided when you interact with RedShelf, such as by emailing us or chatting with us (the Platform, Digital Content, and Sites are collectively, the “Services”). It also describes the rights and choices you have regarding our use of your information. (“RedShelf,” “we,” “us,” or “our”) collects, uses, and discloses your information. In this Privacy Policy, we describe how RedShelf, Inc. We reside in Amazon Web Services (AWS) and Google Cloud Platform (GCP), both of which are SOC 2 Type 2 certified, meaning they promise to securely manage our data to protect the interest of RedShelf and the privacy of our users. We partner with third-party organizations such as Qualys Scan, and White Hat Hackers to conduct third-party penetration testing and vulnerability scans of our environment. We regularly update our Higher Education Community Vendor Assessment Tool (HECVAT) to mature cybersecurity standards within the higher education industry. We require our third-party processing partner to adhere to the Payment Card Industry Data Security Standards (PCI-DSS) to ensure we do not receive or store payment information. We utilize the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) as a guiding principle. We are committed to compliance with applicable privacy laws such as the California Consumer Privacy Act (CCPA). We are committed to compliance with the Family Educational Rights and Privacy Act (FERPA) when institutions provide Personally Identifiable Information (PII) to us for legitimate and necessary educational purposes. We are committed to achieving and implementing the following benchmarks and industry standards:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |