This version (Version 4.6) is effective as of January 1, 2020.
At O'Reilly, we pride ourselves on our commitment to protecting your privacy. Our data governance and privacy policies reflect our company's values and how we strive to maintain your privacy. We carry out our processing operations in compliance with privacy and data protection laws, including, where relevant, the EU General Data Protection Regulation ("GDPR"), Privacy Shield Principles and other applicable global privacy and data protection laws such as the California Consumer Privacy Act ("CCPA").
Any use you make of O'Reilly service offerings is subject to O'Reilly's Terms of Service (TOS) and may also be subject to O'Reilly's Membership Agreement. Any use you make of any Safari service offering is also subject to Safari's Membership Agreement and TOS.
O'Reilly Media, Inc. is a corporation registered in Delaware, with a principal office at located at 1005 Gravenstein Highway North, Sebastopol, CA 95472, United States of America.
O'Reilly UK Limited is a company registered in England, under company number 03569414, with its registered address at New Derwent House, 69-73 Theobalds Road, London, WC1X 8TA, United Kingdom.
Safari Books Online, LLC is a limited liability company registered in Delaware, with a principal office at located at 1003 Gravenstein Highway North, Sebastopol, CA 95472, United States of America.
Questions or Concerns: Contact Us
If you have any questions about this Policy or questions or complaints about our privacy practices, please contact us using the details below:
- Data Protection Officer
- O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472, USA
The contact information above should also be used for communications relating to exercising the rights described in section 6.2 below.
If we do not resolve your question or concern satisfactorily, then please contact our U.S.-based third party dispute resolution providers (free of charge) at https://feedback-form.truste.com/watchdog/request.
- Data Protection Manager
- O'Reilly UK Limited, 5 St George's Yard, Farnham, Surrey, GU9 7LW, UK
- +44 (0) 1252 721284
If you prefer, you can of course always contact us using our US contact details set out above.
1. Information We Collect
We collect personal information in the following ways:
1.1 Information that you provide to us directly
We gather information that you provide to us when you:
- purchase products or services from us
- subscribe to our newsletters and mailing lists
- participate in promotional offers (such as a trial Safari subscription) and other promotions, competitions or prize drawings
- fill in forms, conduct searches, post content on the website, respond to surveys, or use any other features of our websites
- make an inquiry, provide feedback, submit correspondence, or make a complaint over the phone, by email, on our website or by post
- register for, and update an online account with us (including if you access through Facebook, LinkedIn, Twitter, Google, or an open IP provider, or our mobile applications)
- register to, present at, and/or attend, our events and conferences, scan your attendance badge at any of the booths at our conferences/events, or at our booths when we are present at someone else's conference/event
- enter into a contract with us
- sign up for job alerts on our websites, submit a job application, a CV, cover letter, or social media profile to a job vacancy, attend an interview, assessment, or meeting
- contact other users on the websites, e.g. on the O'Reilly Community website
- 'follow', 'like', post to, or interact with, our social media accounts, including Facebook, LinkedIn, Twitter, Pinterest, Instagram, Google+, and SnapChat
- contribute content and information about yourself in the course of your use of social and sharing features in our websites, services or products that make users' content and information available to the public or to specific groups, such as others who use those features
The information you provide to us will include (depending on the circumstances):
- Identity and contact data: title, names, addresses, email addresses, phone numbers or your signature.
- Account profile data: a username/display name, password, user preferences and, if you sign up through a social media account, certain information about that account.
- Conference registration details: the company/organization you work for, job title/position, language preferences, your name, your email, your age, your gender, your job function, your experience, your opinions and why you are attending the conference and what you hope to learn, and your accessibility needs.
- Financial data: payment details, which may include billing addresses, credit/debit card details and bank account details.
- Employment and background data: if you apply for employment on our sites, your academic and work history, qualifications, skills, projects and research that you are involved in, references, proof of your entitlement to work in the relevant country, your national security number, your passport or other identity document details, your current level of remuneration (including benefits), and any other such similar information that you may provide to us.
- Visual and audio information about yourself: e.g. a photo or video footage, or sound recording.
- Your preferences: information about your preferences, interests, industry focus, community choices, and other customer profile information.
- Sensitive information: information about your race or ethnicity, religious beliefs, sexual orientation, health and whether or not you have any disability. You can find out more about how we use sensitive information below in the "Special Categories of Data" section.
- Any other information that you choose to share with us: for example, any information that you provide via correspondence, when you fill out our survey(s), that you share via our website or social media accounts linked to our website, or any information that you choose to provide in person at events, meetings, or over the phone.
- Mobile application: when you download and use the Safari service, we automatically collect information on the type of device you use and your operating system version.
1.2 Information we collect through technology related to our products and services
Some of our products and services collect information about system and product data. We use this information to manage and administer our products and services, to issue updates and new versions, testing and monitoring services that we provide, enhancing our products and services, and improving and targeting our communications with you.
1.3 Information we collect through online technology
We may collect certain information automatically when you use our online technology. This information may include your Internet protocol (IP) address, browser settings, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system or device, browser session location information, Internet service provider, pages that you visit before, during and after using the Services, information about the links you click, and other information about how you use our online technology. Information we collect may be associated with accounts and other devices (see e.g., Section 2.3 Cross-Device Tracking below).
Technologies such as cookies, beacons, tags, local storage, and scripts are used by us and our affiliates, and other companies, such as third party technology service providers and web analytics providers. These technologies make it easier for you to navigate our website and to help us manage the content on our website and are used to analyze trends, administer the sites, track users' movements around the site (including which site you clicked from to arrive at our site), and gather demographic information about our user base. Additional information about these online technologies is available here.
1.4 Information from other sources
In certain circumstances, we will receive information about you from other sources, including third parties. For example, we may receive personal information from any of the following, who may be based inside and/or outside the EU:
- Other website users.
- Event attendees.
- Your agents or representatives who are acting on your instructions.
- Commercial contact lists that we acquire from other organizations.
- Organizations that we acquire or merge with.
- Organizations with whom we provide co-branded events, websites, products, and services.
- Fraud detection agencies.
- Your current and former employers, recruitment agencies, and referees.
- Service providers including our website developers, IT support providers, cloud services providers, payment services providers, billing service providers, contractors, consultants, advertising agencies and platforms, digital performance monitoring and management providers, advertising analytics providers, marketing and sales service providers, user experience testing platforms, B2B contact databases, recruitment agencies, survey tool providers, customer relationship and customer support service providers, event ticket retailers, event management platform service providers, customer identity account management providers, HR service providers, couriers, instant messaging service providers.
- Social media plugins. By providing your social media account details you are authorizing that third-party provider to share with us certain information about you.
- Publicly available sources such as LinkedIn, Facebook, Twitter, and Google+.
We might also receive information about you from other third parties if you have indicated to such third parties that you would like to hear from us.
1.5 Special categories of data
Special categories of particularly sensitive personal information require higher levels of protection. These so-called "special categories of data" include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Depending on the circumstances, we will also collect information about criminal convictions and offenses.
We need to have further justification for collecting, storing and using this type of personal information. We process special categories of personal information in the following circumstances:
- in limited circumstances, with your explicit written consent
- where it is necessary to carry out our legal obligations or exercise rights in connection with employment
- where it is necessary for reasons of substantial public interest, such as for equal opportunities monitoring
- where it is necessary in relation to legal claims
- where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent
- where you have already made the information public.
For example, we will collect special categories of information:
- when you apply to work for us (for diversity and equal opportunities records, to support your needs and facilitate access to our premises, and to carry out background checks);
- when you attend our events, visit our premises, or apply for a diversity and inclusion scholarship from us to attend one of our conferences (to improve racial balance at our events), to make any necessary arrangements for your attendance, and to investigate claims about breaches of our Conference Code of Conduct.
In limited circumstances, we may request your written consent to allow us to use certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
2. Processing and Using Personal Information
2.1 How we process and use information we collect
We process and use your information for the following purposes:
- To provide access to our website in a manner convenient and optimal and with personalized content relevant to you (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner).
- To register and maintain your O'Reilly or Safari account (on the basis of performing our contract with you).
- To process and fulfill your orders for O'Reilly and Safari products and services (on the basis of performing our contract with you).
- To process and facilitate transactions and payments, and recover money owed to us (on the basis of performing our contract with you, and on the basis of our legitimate interest to recover debts due).
- To monitor your account and use of services to ensure compliance with our end-user agreements and prevent and identify unlawful content use and violations (on the basis of our legitimate interests to operate a safe and lawful business, or where we have a legal obligation to do so).
- To enable you to communicate with other website users and clients (on the basis of your consent where we have requested it, or on the basis of performing our contract with you).
- To enable and support your participation and sharing in connection with those social features of our websites, products, services, and online communities in which you choose to participate.
- To conduct business with you or your employer, including to contact you and manage and facilitate our business relationship with you and your employer (on the basis of performing our contract with you, and our legitimate interest in running our business).
- To provide customer service and support, like dealing with inquiries or complaints about the website, which may include sharing your information with our website developer, IT support provider, and payment services provider as necessary (on the basis of performing our contract with you, our legitimate interest in providing the correct products and services to our website users, and to comply with our legal obligations).
- To enable you to take part in prize drawings, competitions, and surveys (on the basis of performing our contract with you, and our legitimate interest in studying how our website and services are used, to develop them, and to grow our business).
- To work with you and undertake projects with you, including to process any proposals that you submit to us (on the basis of our contract with you, and our legitimate interest in running our business).
- To provide access to, and administer O'Reilly scholarship programs (on the basis of your consent where we have requested it, on the basis of performing our contract with you, and our legitimate interest in making our products and services accessible to a range of individuals with diverse backgrounds).
- For recruitment, including to process any job applications you submit to us, whether directly or via an agent or recruiter including sharing your information with our third party recruitment agencies (on the basis of our legitimate interest to recruit new employees or contractors).
- To carry out marketing and let you know about our news, events, new website features products or services that we believe may interest you, including sharing your information with our marketing services providers (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so).
- To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (on the basis of our legitimate interests in studying how our website/services are used, to develop them, to grow our business and to inform our marketing strategy).
- To interact with users on social media platforms (on the basis of our legitimate interest in promoting our brand and communicating with interested individuals).
- To conduct data analytics to improve our website, products/services, marketing, customer relationships and experiences (on the basis of our legitimate interests in defining types of customers for our website and services, to keep our website updated and relevant, to develop our business, to provide the right kinds of products and services to our customers, and to inform our business and marketing strategy).
- To make suggestions and recommendations by sharing your information with selected third parties such as sponsors and partners, so they can contact you about things that may interest you (either on the basis of your consent where we have requested it, or on the basis of our legitimate interest to share details of conference attendees with our co-presenters and sponsors).
- To carry out marketing research and user testing to assess the levels of satisfaction of existing and proposed products and services (on the basis of our legitimate interest in carrying out research, providing the right kinds of products and services to our customers).
- To protect, investigate, and deter against fraudulent, unauthorized, or illegal activity (on the basis of our legitimate interests to operate a safe and lawful business, or where we have a legal obligation to do so).
- To enable us to comply with our policies and procedures and enforce our legal rights, and to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business, or where we have a legal obligation to do so).
- To create de-identified information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our Services, or other analyses we create (on the basis of our legitimate interests in studying how our website/services are used, to develop them, to grow our business and to inform our marketing strategy).
- To send push notifications through our mobile application. We may, if allowed by applicable law, send you push notifications through our mobile application. You may at any time opt-out from receiving these types of communications by changing the settings on your mobile device.
We will use your information for the purposes listed above either on the basis of:
- your consent (where we request it);
- performance of your contract with us and the provision of our services to you;
- where we need to comply with a legal or regulatory obligation; or
- our legitimate interests or those of a third party (see section 2.2 below for more information).
2.2 Legitimate interests
As outlined above, in certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties. Where we refer to our "legitimate interests", we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interests we have specified in section 2.1 above.
Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don't automatically override yours and we won't use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of "Your Rights" in Section 6 below.
2.3 Cross-Device Tracking
Your browsing activity may be tracked across different websites and different devices or apps. For example, we may attempt to match your browsing activity on your mobile device with your browsing activity on your laptop to efficiently serve content to you if you're a logged-in user or, in the case of non-logged in users, to increase the accuracy of site usage analytics. To do this our technology service providers may share data, such as your browsing patterns and device identifiers, and will match the information of the browser and devices that appear to be used by the same person.
4. How We Look After Your Personal Information and How Long We Keep It
We use administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of personal information against loss, misuse and unauthorized access, disclosure, alteration, and destruction. We also operate a policy of "privacy by design" by looking for opportunities to minimize the amount of personal information we hold about you.
The safeguards we use include:
- ensuring the physical security of our offices, warehouses, or other sites
- ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption
- using standard security protocols and mechanisms (such as secure socket layer (SSL) encryption) to transmit sensitive data such as credit card details
- maintaining a data protection policy for, and delivering data protection training to, our employees
- limiting access to your personal information to those who need to use it in the course of their work
If you have any questions about the security of your personal information, please contact us using the methods outlined in the "Contact Us" section above.
We will keep your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it.
Please contact us using the methods outlined in the "Contact Us" section above if you would like to obtain details of our retention periods for different aspects of your personal information.
4.3 Help keep your information safe
You can also play a part in keeping your information safe by:
- choosing a strong account password, changing it regularly, and using different passwords for different online accounts
- keeping your login and password details confidential
- logging out of the website and closing the browser each time you have finished using it, especially when using a shared computer
- informing us if you know or suspect that your account has been compromised, or if someone has accessed your account without your permission
- keeping your devices protected by using the latest version of your operating system and maintaining any necessary anti-virus software
- being vigilant to any fraudulent emails that may appear to be from us. Any emails that we send will come from an email address ending in either: @oreilly.com (O'Reilly US), @mail.oreilly.com.cn (O'Reilly China), @oreilly.co.uk (O'Reilly UK), @oreilly.co.jp (O'Reilly Japan), @safaribooksonline.com or @e.safaribooksonline.com (Safari Books)
5. International Transfers of Your Information
O'Reilly and Safari are both based in the United States of America.
5.1 Privacy Shield Certification
O'Reilly Media, Inc. and Safari Books Online, LLC (and entities and subsidiaries that are, or may become, covered by O'Reilly or Safari's privacy shield certification) participates in and have certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively the "Privacy Shield Framework"). O'Reilly and Safari are committed to subjecting all personal information received from the European Economic Area, United Kingdom and Switzerland ("Privacy Shield Covered Data"), respectively, in reliance on each Privacy Shield Framework, to the Framework's applicable Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability, including the 16 supplemental principles described in each Privacy Shield Framework (collectively, the "Privacy Shield Principles"). O'Reilly and Safari have each certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield Framework and to view O'Reilly and Safari's certifications, please visit the U.S. Department of Commerce's Privacy Shield List available at https://www.privacyshield.gov. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Additionally, O'Reilly and Safari may protect your data through other legally-valid methods, including international data transfer agreements.
Under the Privacy Shield Framework, O'Reilly and Safari collect, use, and disclose Privacy Shield Covered Data for the purposes described in this Policy. Under the Privacy Shield Framework, as described in Section 6 below, you may inquire as to whether O'Reilly and/or Safari is processing personal information about you, request access to Personal Information, and ask that we correct, amend or delete your personal information where it is inaccurate or has been processed in violation of the Privacy Shield Principles. O'Reilly and Safari are responsible for the processing of personal information each receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Privacy Shield requires that O'Reilly and Safari remain liable should its third parties process personal information in a manner inconsistent with the Privacy Shield Principles. O'Reilly and Safari comply with the Privacy Shield Principles for all onward transfers of personal information from the European Economic Area, United Kingdom and Switzerland, including the onward transfer liability provisions.
With respect to Privacy Shield Covered Data received or transferred pursuant to the Privacy Shield Framework, O'Reilly and Safari are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (the "FTC"). The FTC has jurisdiction over O'Reilly and Safari's compliance with the Privacy Shield Framework. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. For additional information, see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. If your request remains unresolved, you may contact the national data protection authority for your EU Member State.
5.2 Special note to users outside of the United States
We transact business throughout the world and have operations, processes and systems that cross borders. Our offices are located in the United States, the United Kingdom, China and Japan, and our servers are located in the United States, the United Kingdom, Belgium, China and Japan. We transfer your personal information within the O'Reilly and Safari group of companies in the United States, and to affiliates, joint venture partners, and third party service providers around the world.
- only transferring your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission;
- where we use providers based in the US, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal information shared between the Europe and the US; or
- where we use certain service providers, we may use specific contracts approved by the European Commission which give personal information the same protection it has in Europe (the so-called European Commission's Standard Contractual Clauses).
6. Your Rights: Access and Accuracy, Updating, Correcting, or Deleting Information
6.1 Your rights – summary
You have certain rights in respect of the information that we hold about you, including:
- the right to restrict or object to the processing of your personal information, including the right to opt in or opt out of the sale of your personal information to third parties, if applicable, where such requests are permitted by law.
- the right to request access to the information that we hold about you
- the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect
- the right to object to our using your information on the basis of our legitimate interests (refer to section 2 above to see when we are relying on our legitimate interests) (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground
- the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances
- in certain circumstances, the right to ask us to limit or cease processing or erase information we hold about you
- the right to lodge a complaint about us to the UK Information Commissioner's Office (https://ico.org.uk/) as well as a right to lodge a complaint with the relevant authority in your country of work or residence
- the right of non-discrimination for exercising your rights
6.2 How to exercise your rights
You may exercise your rights above by contacting us using the methods outlined in the "Contact Us" section above and we will comply with your requests unless we have a lawful reason not to do so.
In the case of preventing processing for marketing activities, you can opt out of marketing by signing in to your O'Reilly Online Learning account and updating your account settings. You may also opt-out of receiving newsletters or other communications by following the opt-out instructions included in each newsletter or communication or by contacting us using the methods outlined in the "Contact Us" section above.
Please note that your objection to processing (or withdrawal of any previously given consent) could mean that we are unable to provide you with our services. Even after you have chosen to withdraw your consent we may continue to process your personal information when required or permitted by law, in particular in connection with exercising and defending our legal rights, or meeting our legal and regulatory obligations.
To opt out of advertising cookies please consult the list of cookies and instructions here.
6.3 What we need from you to process your requests
We may need to request specific information from you to help us confirm your identity and to enable you to exercise the rights set out above. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to exercise the rights set out above. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
7. Children's Privacy
Our website and services are not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 13, and in some jurisdictions under the age of 16. If you are under the age of 13, please do not access our website at any time or in any manner. If we learn that we have collected personal information of children under the age of 13 or 16 (as applicable), we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child's account as applicable.
8. Notice Regarding Sharing Data with Third Parties Websites, Social Media Platforms and Software Development Kits
Please be responsible with personal information of others when using our website and the services available on it. We are not responsible for your misuse of personal information, or for the direct relationship between you and others that takes place outside of the website or our services.
We may use third party APIs and software development kits ("SDKs") as part of the functionality of our Services. APIs and SDKs may allow third parties including analytics and advertising partners to collect your personal information for various purposes including to provide analytics services and content that is more relevant to you. For more information about our use of APIs and SDKs, please contact us.
9. For California Residents: Additional Privacy Rights
9.1 California Shine the Light Law
9.2 Do Not Track
California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. We do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers at this time.
Please note that this Policy may change from time to time. We will not reduce your rights under this Policy without your consent. If we make any material changes we will notify you by email or by means of a notice on this website prior to the change becoming effective. You can also view prior versions of the Policy by viewing the links in section 11 below.