Booklinker Privacy Policy

1. Overview

GeoRiot provides a set of services ("Booklinker Services") to commercial customers ("Clients") for purposes of online marketing and sales of digital and physical books ("Products") to individual consumers. The Booklinker Services are provided to Clients worldwide, including in the United States ("US"), the member states of the European Union ("EU"), and Switzerland. The Booklinker Services are not provided to individuals as consumers.

The Booklinker Services provides dynamic links that are used to connect consumers visiting or interacting with a Client's websites, applications, social media, electronic documents, eBooks, text messages and other online digital properties ("Digital Properties") to retail websites ("Storefronts") maintained by international goods and services retailers ("Retailers") where Products identified on the Client's Digital Property ("Products") can be purchased. These dynamic links are called "Booklinker Links." Digital Properties including Booklinker Links are accessed through a personal computer, laptop, smartphone or other device providing Internet access through a browser ("Device") when an individual follows the Booklinker Link to a Storefront.

Information is collected automatically via a Booklinker Link when an individual using a Device clicks a Booklinker Link in the course of viewing and interacting with content on a Client's Digital Properties (a "Transaction"). Such an individual is referred to as a "Buyer" in this Policy. The information collected is referred to as "Potential Personal Information" in this Policy, and is described below. The core terms applicable to Potential Personal Information are provided in Sections 3, 5, 6 and 8.

GeoRiot also collects information about individuals acting as or on behalf of Clients for purposes of the Booklinker Services ("Client Personal Data"). Client Personal Data may be collected in the course of Client account registration and in communications and transactions between the Client and GeoRiot. The core terms applicable to Client Personal Data are provided in Section 4, 5, 7 and 8.

2. Adherence to Privacy Shield

GeoRiot and the Booklinker Services comply with the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework and the Privacy Shield Principles (collectively "Privacy Shield") as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Information from EU member nations and Switzerland.

This compliance includes both Potential Personal Information, whether or not such information is in fact Personal Data for purposes of EU data protection laws and Privacy Shield, and Client Personal Data.

GeoRiot has certified that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability. To learn more about Privacy Shield, and to view GeoRiot's certification, please visit https://www.privacyshield.gov.

GeoRiot shall adhere to the Privacy Shield Principles, as they may be amended from time to time, with respect to and for as long as it retains Potential Personal Information or Client Personal Data collected or maintained while this Privacy Policy is in effect.

3. Collection and Processing of Potential Personal Information

GeoRiot does not provide any products or services to individuals or engage in transactions or communications with them. GeoRiot also does not collect or use information such as names, addresses or other contact information, governmental or corporate identification numbers, account numbers or images, or other information which specifically identifies individuals ("Personally Identifiable Information" or "PII").

GeoRiot does collect and use the information described below. While none of this information in itself identifies any specific individual, it may be possible to use some of this information in combination with information from other sources to identify individual Buyers. As a matter of due diligence and prudence GeoRiot has taken appropriate measures to ensure the security, integrity and ethical use of such information, called "Potential Personal Information" for purposes of this Policy. GeoRiot does not combine Potential Personal Information with other data to identify individuals for purposes of the Services.

When a Buyer clicks a Booklinker Link the following information is collected automatically. The information collected is determined by the coding of the Booklinker Link by GeoRiot.

  • Information identifying the operating system and browser used by the Device for the Transaction ("User Agent Information"), including information identifying and describing the Device used for the Transaction ("Device Data").

  • Information identifying the language used by the Device for the Transaction ("Language Information").

  • The Internet Protocol ("IP") address of the Device used for the Transaction, which allows identification of the logical and to some extent geographical location of the Device used in the Transaction ("Location Data"). An IP address is used for the initial processing of a click but after processing is no longer held.

  • The URL of the Client's Digital Property on which the originating Booklinker Link is sited ("Client URL").

  • Product identification information for Products via the Booklinker Link the Device was used to click ("Product Information").

In addition, GeoRiot may collect the following information from third party sources:

  • Product information including Product price, genre, name, author, publisher, and other general information published by the Retailer, developer or other third party ("Third Party Product Information").

  • Limited purchase information obtained by the Retailer in the event a Buyer purchases a Product in the course of a Transaction, such as the number of products purchased, a list of items (or categories of items), purchase prices, and timestamp of the Transaction ("Purchase Information").

Information collected through Booklinker Links is transferred to and stored by GeoRiot in the United States, according to GeoRiot's standard Data Retention policies.

Booklinker Links may support the following uses of Potential Personal Information, for the benefit of Clients:

  • Automatic Product Localization. A Client can use a single link to automatically route Buyers to the appropriate Product in the Buyer's local Storefront. Automatic affiliation may be used to earn commissions from the correct local Retailer's Storefront. For example, a Buyer in Germany may be sent to the Amazon Germany Storefront by a Booklinker Link from a Client website, and the Client might earn a commission through the Amazon Germany affiliate program.

  • Data Analytics. The Data Analytics service provides Clients with marketing content based on data identifying the geographical location ("Location Data"). The Data Analytics service helps Clients ensure that marketing efforts are relevant to the Buyer and appropriate to the country or region where the Buyer is located.

While Potential Personal Information may not be Personal Data within the meaning of Privacy Shield and the GDPR, as a matter of prudence and due diligence and to help assure transparency, GeoRiot has elected to attest to its adherence to the E.U.-U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework. GeoRiot has also implemented policies and procedures to assure its compliance with the E.U. General Data Protection Directive to the extent the GDPR applies to Potential Personal Information.

In an effort to minimize the burden on our clients and ourselves, we've stopped storing IP addresses, effective May 9th, 2018, after the initially processing of the click.



4. Collection and Processing of Client Personal Data

When a Client creates a Booklinker account the Client must provide GeoRiot with contact information for an individual user authorized to use the Booklinker Services and communicate with GeoRiot, either as an individual Client or on behalf of an organizational Client ("Client Users"). This information may include Client User name, email addresses and other contact information used to communicate with the Client User, as well as the content of communications between GeoRiot and the Client User and any transactions the Client User engages in with GeoRiot.

GeoRiot may use Client Personal Data to communicate with the Client User and with other individuals acting on behalf of the Client with respect to the Booklinker Services ("Administrative Purposes"), and may use Client Personal Data to identify and communicate with respect to potential opportunities for the Client to obtain or use Booklinker Services from GeoRiot, or otherwise promote GeoRiot to the Client and Client User ("Marketing Purposes"). GeoRiot will not use Client Personal Data for Marketing Purposes unless the Client or Client User has consented to such use of Client Personal Data.

Client Personal Data is transferred to and stored by GeoRiot in the United States, according to GeoRiot's standard Data Retention policies.

Client Personal Data is considered Personal Data within the meaning of Privacy Shield and the GDPR. GeoRiot has elected to attest to its adherence to the EU-U.S. Privacy Shield Framework and the Swiss–US Privacy Shield Framework with respect to Client Personal Data. GeoRiot has also implemented policies and procedures to assure its compliance with the GDPR with respect to Client Personal Data.

5. GeoRiot as Limited Data Controller and Data Processor

For Privacy Shield and GDPR purposes GeoRiot may be a Data Processor or a Joint Data Controller with respect to Potential Personal Information subject to this Policy. GeoRiot is a Data Controller with respect to Client Personal Data subject to this Policy.

For purposes of this Policy a "Data Controller" is a party which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, while a "Data Processor" is a party which processes Personal Data on behalf of a Data Controller.

To the extent Privacy Shield and the GDPR apply to Potential Personal Information, for purposes of the Booklinker Services GeoRiot and the applicable Client are Joint Data Controllers of Personal Data included in that Potential Personal Information as follows:

  • GeoRiot offers Booklinker Links and the Booklinker Services to Clients, with pre-established coding and design which determines the information which is collected and the means by which information is processed. The Client determines whether to implement Booklinker Links and use the Booklinker Services, and by agreement with GeoRiot determines to utilize the information collection scope and processing means offered by GeoRiot. All Booklinker Services are provided for the benefit of the Client. The Client is therefore the Data Controller with respect to the determination of the scope of the information to be collected and the means of its processing.

  • The Client determines where to site Booklinker Link(s) in the Client's Digital Properties, and the purpose(s) for which the information collected will be used (e.g., available Storefronts, implementation of routing alternatives, support for commissions, etc.). All Potential Personal Information is processed for the benefit of the Client. The Client is therefore the Data Controller with respect to the determination of siting of the Booklinker Link(s) and the purposes for which information is collected and processed.

  • GeoRiot determines the retention period for information collected via Booklinker Links. GeoRiot is therefore the Data Controller with respect to the retention of the Potential Personal Information.

GeoRiot alone controls the processing of Client Personal Data and is therefore the Data Controller with respect to such information.

6. Provision of Notice to Buyers

This Policy is published to provide notice of GeoRiot's data collection and privacy practices to individuals including Buyers. However, GeoRiot does not typically interact directly with individuals, since its presence on its Clients' Digital Properties is limited to the Booklinker Link(s) in/on the Client's Digital Properties. GeoRiot therefore contractually requires its Clients to ensure their compliance with any legal requirements for notification to and consent by individuals with respect to their data collection and use practices, as required in their applicable jurisdictions.

In addition, GeoRiot contractually requires its Clients to comply with the Network Advertising Initiative Code of Conduct where it is applicable to their business. In particular, if a Client attempts to combine PII or Personal Data from other sources with Potential Personal Information, it is required to notify the affected individuals and obtain their opt-in consent in accordance with the NAI Code of Conduct.

a. Collection of Potential Personal Information

GeoRiot principally collects information through transactions that occur as part of "Link Localization." In this process a Booklinker Link which promotes or sells a product is posted on a Client's Digital Property, and automatically points to a Retailer's online Storefront. When a Buyer clicks the Booklinker Link, Potential Personal Information is collected and transmitted to GeoRiot's servers. This information is automatically analyzed to identify the location and type of Device being used to access the link. Based on this information, the Booklinker Link automatically redirects the Device to a web page in regional or country-specific storefront of the Retailer ("Localized Page") which promotes or sells the product.

GeoRiot does not create or administer either its Clients' Digital Properties or Retailers' Storefront pages, does not provide content for either, and does not sell or promote products on either. The only information GeoRiot collects from either the Digital Property or the Storefront is that provided in response to the click on the Booklinker Link.

GeoRiot may collect and process the following information from the Device used to click on the Booklinker Link:

  • User Agent Information which identifies the Device, operating system and browser used by the Device in use. User Agent Information is treated as if it were Potential Personal Information.

  • Location Information, which is the IP address of the Device used in the Transaction. The IP address provides network information, which can often be used to determine the country, state and sometimes city and postal code where the Device is in use. Location Information is treated as if it were Potential Personal Information.

  • Language Information, which is the language associated with the Device's browser. Language Information is not treated as Personal Data.

  • The Client URL, which is the URL of the Client's Digital Property on which the originating Booklinker Link is sited. The Client URL is not treated as Personal Data.

  • Product Information, which is identification information for Products the Device was used to view. Product Information is not treated as Personal Data.

  • Limited Purchase Information such as the number of products purchased, a list of items (or categories of items), purchase prices, and timestamp of the Transaction ("Limited Purchase Information"). Limited Purchase Information is collected and provided to GeoRiot by Clients, who are responsible for ensuring that any individual consent or authorization required for its use by GeoRiot has been obtained. Limited Purchase Information is treated as if it were Potential Personal Information.

  • Third Party Product Information including Product price, genre, name, developer, publisher, and other general information published by the Retailer, developer or other third party. Third Party Product Information is not treated as Personal Data.

GeoRiot does not collect any other information that might be considered, or might be used to derive, an individual's Personal Data, sensitive or otherwise.

GeoRiot's Booklinker Services are only offered with respect to individuals who are 18 years of age or older. GeoRiot does not knowingly collect or maintain any PII or Personal Data from individuals who are under 13 years of age, and no aspect of the Booklinker Services is designed to attract people under the age of 13. If GeoRiot obtains knowledge that a Buyer is under the age of 13, GeoRiot will remove Potential Personal Information with respect to that individual from its databases.

b. Use and Retention of Potential Personal Information by GeoRiot

GeoRiot may use Potential Personal Information it obtains as follows:

  • For purposes of Link Localization, to redirect Consumers from digital properties to appropriate Storefronts.

  • For purposes of Data Analytics, to create reports of Client marketing activities using Booklinker links.

  • For purposes of Data Analytics, in aggregated data sets to support specific marketing strategies and Product and advertising content offerings, based on mashups of various types of data with different Transactions.

  • For purposes of GeoRiot's internal management and administration, and fulfillment of its legal responsibilities or protection of its legal interests.

Subject to the Section 6(c), Potential Personal Data may be retained by GeoRiot for any period GeoRiot determines is necessary to ensure compliance with its legal responsibilities or protection of its legal interests, according to GeoRiot's Data Retention policies, except that IP Address is only processed during the initial click on a Booklinker Link and is not stored after such processing.

c. Buyer Choice with Respect to Potential Personal Information

The Potential Personal Information GeoRiot maintains after processing a Booklinker Link click is limited to User Agent Information, Language Information, Client URL, Product Information, Limited Purchase Information and Third Party Product Information. The only information maintained by GeoRiot which might in principle allow identification of an individual Buyer is User Agent Information and Limited Purchase information, which would have to be combined with other information from third parties which is not available to GeoRiot in order to allow identification of an individual Buyer.

GeoRiot therefore can only provide a Buyer with an opportunity to exercise choice with respect to their Personal Data included in Potential Personal Information if the Buyer can provide GeoRiot with additional information regarding the Buyer's association with specific User Agent Information and/or Limited Purchase Information for GeoRiot to identify the Buyer with specific Potential Personal Information in GeoRiot's control, with a reasonably high degree of reliability. In the event a Buyer provides such information, GeoRiot will provide the opportunity to opt-in before any Personal Data included in Potential Personal Information associated with the Buyer is disclosed to a third party other than one disclosed in this Policy, or used for a purpose incompatible with the purpose for which it was originally collected or as otherwise permitted or authorized by the Buyer.

For additional information and to request the opportunity to opt-in, please email GeoRiot here.

GeoRiot may retain Device information that is subject to a Buyer's disclosure opt-in accordance with GeoRiot's Data Retention Policy. The purpose of retaining such information is for GeoRiot's internal management and administration or fulfillment of its legal responsibilities or protection of its legal interests. Residual User Agent information may also remain within databases, access logs, and other records.

GeoRiot does not collect, use or disclose sensitive information, which is defined as personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual. In the event GeoRiot should do so, GeoRiot will give Buyer's an explicit opt-in choice if their sensitive information is to be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or as authorized by the individual.

d. Accountability for Onward Transfer of Potential Personal Information

GeoRiot may disclose or provide Potential Personal Information to third parties as follows:

  • To a Client for purposes of Data Analytics, as part of aggregated data in a report or data set.

  • To a subsidiary or affiliated company of GeoRiot, subject to their compliance with this Privacy Policy.

  • To a third-party services provider, such as a hosting or analysis service or a security consulting firm, for purposes of GeoRiot's internal management and administration or fulfillment of its legal responsibilities or protection of its legal interests, subject to contractual requirements for protection of the information consistent with this policy and Privacy Shield requirements.

  • To governmental authorities or their legal designees, if required by applicable law.

  • In the cases of a client using an affiliate program with the Booklinker Services, GeoRiot may share client and account information with affiliate program's account management teams in order to ensure compliance with the affiliate program.

GeoRiot shall not transfer Personal Data to a third-party Data Controller without the consent of the individuals, and shall first enter into a contract with Data Controller that provides:

  • That the Potential Personal Information may only be processed for purposes consistent with such consents.

  • That the Data Controller will provide the level of protection required for Personal Data required under Privacy Shield.

  • That the Data Controller will notify GeoRiot if the Data Controller makes a determination that it can no longer meet this obligation.

  • That the Data Controller will cease processing the Potential Personal Information or takes other reasonable and appropriate steps to remediate in case of such a determination.

Consent is not required when GeoRiot discloses Potential Personal Information to a third party that is acting as an agent to perform task(s) on behalf of and under the instructions of GeoRiot, such as a Data Processor. In the event of such a disclosure, GeoRiot shall:

  • Identify the purposes for which it is transferring such information.

  • Ensure that the agent is obligated to provide at least the same level of privacy protection as is required under Privacy Shield.

  • Take reasonable and appropriate steps to ensure that the agent effectively processes the Potential Personal Information transferred in a manner consistent with GeoRiot's obligations under Privacy Shield.

  • Require the agent to notify GeoRiot if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required under Privacy Shield

  • Require the agent upon notice, including notice based on a determination the agent can no longer meet its obligation to provide the same level of protection as is required under Privacy Shield, to take reasonable and appropriate steps to stop and remediate unauthorized processing.

GeoRiot shall provide a summary or a representative copy of the relevant privacy provisions of its contract with any such agent to the U.S. Department of Commerce upon request.

GeoRiot shall remain responsible for the processing of Potential Personal Information it transfers to an agent acting on its behalf, and shall be liable if the agent processes such Potential Personal Information in a manner inconsistent with the Privacy Shield unless GeoRiot proves that it is not responsible for the event giving rise to the damage, if any.

e. Buyer Access to Potential Personal Information

The Potential Personal Information GeoRiot maintains after processing a Booklinker Link click is limited to User Agent Information, Language Information, Client URL, Product Information, Limited Purchase Information and Third Party Product Information. The only information maintained by GeoRiot which might in principle allow identification of an individual Buyer is User Agent Information and Limited Purchase information, which would have to be combined with other information from third parties which is not available to GeoRiot in order to allow identification of an individual Buyer.

GeoRiot therefore can only provide a Buyer with an opportunity to review and request that GeoRiot update or delete their Personal Data included in Potential Personal Information if the Buyer can provide GeoRiot with additional information regarding the Buyer's association with specific User Agent Information and/or Limited Purchase Information for GeoRiot to identify the Buyer with specific Potential Personal Information in GeoRiot's control, with a reasonably high degree of reliability. In the event a Buyer provides such information, GeoRiot will upon request allow them to review and request that GeoRiot update or delete Potential Personal Information to the extent the information can be identified to the individual Buyer or is identifiable to a specific Device used by the Buyer for the Transaction(s) for which the information was collected.

For additional information and to request the opportunity to review and request update or deletion, please email GeoRiot here.

f. Security

GeoRiot maintains reasonable and appropriate physical, electronic and procedural safeguards to protect Potential Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Potential Personal Information. However, GeoRiot cannot guarantee that these safeguards will not be penetrated or compromised or that all information will remain secure under all circumstances.

g. Data Integrity and Purpose Limitation

GeoRiot will take reasonable steps to ensure that Potential Personal Information is accurate, complete, current, and reliable for its intended use, and to ensure that it does not process Potential Personal Information in a way that is incompatible with the purposes for which it was collected unless authorized by the individual. GeoRiot will take reasonable and appropriate measures to ensure that it does not retain Potential Personal Information which may identify an individual only for as long as is consistent with the purposes for which it was collected.

h. Disclosures for Law Enforcement and National Security Purposes

GeoRiot may be required to disclose Potential Personal Information in response to lawful requests by public authorities with appropriate jurisdiction, including to meet national security or law enforcement requirements, if require by applicable law.

7. Provision of Notice to Client Users

This Policy is also published to provide notice of GeoRiot's data collection and privacy practices to Client Users. GeoRiot interacts directly with Client Users in the course of account registration and communications and transactions with respect to the Booklinker Services.

a. Collection of Client Personal Data

When a Client creates a GeoRiot account it must provide GeoRiot with contact information for individual users authorized to use the Booklinker Services and communicate with GeoRiot as or on behalf of a Client ("Client Users"). This information may include Client User name, email addresses, and potentially other information used to communicate with the Client User, as well as the content of communications between GeoRiot and the Client User and any transactions the Client User engages in with GeoRiot.

b. Use and Retention of Client Personal Data

GeoRiot may use Client Personal Data to communicate with the Client User and with other individuals acting on behalf of the Client with respect to the Booklinker Services, and may use Client Personal Data to identify and communicate with respect to potential opportunities for the Client to obtain or use Booklinker Services from GeoRiot, or otherwise promote GeoRiot to the Client and Client User. GeoRiot will not use Client Personal Data for marketing or promotional purposes unless the Client or Client User has consented to such uses of Client Personal Data.

GeoRiot may also use Client Personal Data for purposes of GeoRiot's internal management and administration, and fulfillment of its legal responsibilities or protection of its legal interests.

Subject to Section 7(c), Client Personal Data may be retained by GeoRiot for any period during which the Client maintains an active account with GeoRiot, plus any additional period GeoRiot determines is necessary to ensure compliance with its legal responsibilities or protection of its legal interests, according to GeoRiot's standard data retention policies.

c. Client User Choice with Respect to Potential Personal Information

GeoRiot will provide Client Users the opportunity to opt-in if their Client Personal Data is to be disclosed to a third party other than one disclosed in this Policy, or used for a purpose incompatible with the purpose for which it was originally collected or as otherwise permitted or authorized by the Client User.

A Client User may request to opt-out of any previously authorized or permitted disclosure of Client Personal Data information by GeoRiot, except disclosure to the Client with which the Client User is associated, by emailing us here. In order to opt-out GeoRiot may require the Client's approval, if the Client is not the same as the Client User.

GeoRiot may retain Client Personal Data that is subject to a Client User's disclosure opt-out in accordance with GeoRiot's Data Retention Policy. The purpose of retaining such information is for GeoRiot's internal management and administration or fulfillment of its legal responsibilities or protection of its legal interests. GeoRiot is not responsible for updating or removing Client Personal Data disclosed to third parties before the Client User's opt-out.

GeoRiot does not collect, use or disclose sensitive information, which is defined as personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual. In the event GeoRiot should do so, GeoRiot will give Client Users an explicit opt-in choice if their sensitive information is to be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or as authorized by the individual.

d. Accountability for Onward Transfer of Client Personal Data

GeoRiot may disclose or provide Client Personal Data to third parties as follows:

  • To the Client with which the Client User is associated, if applicable, for any purpose.

  • To a subsidiary or affiliated company of GeoRiot, subject to their compliance with this Privacy Policy.

  • To a third-party services provider, such as a hosting or analysis service or a security consulting firm, for purposes of GeoRiot's internal management and administration or fulfillment of its legal responsibilities or protection of its legal interests, subject to contractual requirements for protection of the information consistent with this policy and Privacy Shield requirements.

  • To governmental authorities or their legal designees, if required by applicable law.

GeoRiot shall not transfer Client Personal Data to a third-party Data Controller without the consent of the individuals, and shall first enter into a contract with Data Controller that provides:

  • That the Client Personal Data may only be processed for purposes consistent with such consents.

  • That the Data Controller will provide the level of protection required for Personal Data required under Privacy Shield.

  • That the Data Controller will notify GeoRiot if the Data Controller makes a determination that it can no longer meet this obligation.

  • That the Data Controller will cease processing the Client Personal Data or takes other reasonable and appropriate steps to remediate in case of such a determination.

Consent is not required when GeoRiot discloses Client Personal Data to a third party that is acting as an agent to perform task(s) on behalf of and under the instructions of GeoRiot, such as a Data Processor. In the event of such a disclosure, GeoRiot shall:

  • Identify the purposes for which it is transferring such information.

  • Ensure that the agent is obligated to provide at least the same level of privacy protection as is required under Privacy Shield.

  • Take reasonable and appropriate steps to ensure that the agent effectively processes the Client Personal Data transferred in a manner consistent with GeoRiot's obligations under Privacy Shield.

  • Require the agent to notify GeoRiot if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required under Privacy Shield

  • Require the agent upon notice, including notice based on a determination the agent can no longer meet its obligation to provide the same level of protection as is required under Privacy Shield, to take reasonable and appropriate steps to stop and remediate unauthorized processing.

GeoRiot shall provide a summary or a representative copy of the relevant privacy provisions of its contract with any such agent to the U.S. Department of Commerce upon request.

GeoRiot shall remain responsible for the processing of Client Personal Data it transfers to an agent acting on its behalf, and shall be liable if the agent processes such Client Personal Data in a manner inconsistent with the Privacy Shield unless GeoRiot proves that it is not responsible for the event giving rise to the damage, if any.

e. Client User Access to Potential Personal Information

GeoRiot provides Client Users with the opportunity to review and request that GeoRiot update or delete Client Personal Data. Modification or deletion of Client Personal Data may be subject to Client notice and approval. To access this information, email us here.

f. Security

GeoRiot maintains reasonable and appropriate physical, electronic and procedural safeguards to protect Client Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Client Personal Data. However, GeoRiot cannot guarantee that these safeguards will not be penetrated or compromised or that all information will remain secure under all circumstances.

g. Data Integrity and Purpose Limitation

GeoRiot will take reasonable steps to ensure that Client Personal Data is accurate, complete, current, and reliable for its intended use, and to ensure that it does not process Client Personal Data in a way that is incompatible with the purposes for which it was collected unless authorized by the individual. GeoRiot will take reasonable and appropriate measures to ensure that it does not retain Client Personal Data which may identify an individual only for as long as is consistent with the purposes for which it was collected.

h. Disclosures for Law Enforcement and National Security Purposes

GeoRiot may be required to disclose Client Personal Data in response to lawful requests by public authorities with appropriate jurisdiction, including to meet national security or law enforcement requirements, if require by applicable law.

8. Third Party Cookies

Many types of information is collected through cookies, web beacons, and other tracking technologies, as well as through your web browser or device (e.g., IP address, MAC address, browser version, etc.).  The tracking technologies employed when you use our Services may be first-party or third-party.

 

We use cookies to analyze how the GeoRiot websites are accessed, used or is performing. We use this information to maintain, operate and continually improve the GeoRiot websites. We may also obtain information from our e-mail newsletters, to learn whether you opened or forwarded the newsletter or clicked on any of the content. This information tells us about our newsletters' effectiveness and helps us ensure that we're delivering information that you find interesting. Third parties, including Google, Facebook, and other social media platforms, may use tracking technologies on our website to collect or receive information from the GeoRiot websites and elsewhere on the internet and use that information to provide measurement services and target ads.  

 

Google Analytics help us analyze how users interact with and use the Services, compile reports on the Services' activity, and provide other services related to our Services' activity and usage. To learn more about Google's partner services and to learn how to opt out of tracking of analytics by Google, click here.

 

Most web browsers automatically accept cookies but, if you prefer, you can usually modify your browser setting to disable or reject cookies. If you delete your cookies or if you set your browser to decline cookies, some features of the Services may not be available, work, or work as designed.

 

You can learn more about ad serving companies and the options available to limit their collection and use of your information by visiting the websites for the Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative. Similarly, you can learn about your options to opt-out of mobile app tracking by certain advertising networks through your device settings and by resetting the advertiser ID on your Apple or Android device.

 

Please note that opting-out of advertising networks services does not mean that you will not receive advertising after browsing our site, while using our Services or on other websites, nor will it prevent the receipt of interest-based advertising from third parties that do not participate in these programs. It will, however, exclude you from interest-based advertising conducted through participating networks, as provided by their policies and choice mechanisms.  If you delete your cookies, you may also delete your opt-out preferences.

Your browser or device may include "Do Not Track" functionality.

9. Recourse, Enforcement and Liability

GeoRiot is subject to the jurisdiction of the United States Federal Trade Commission ("FTC") with respect to this Policy. The FTC may investigate violations of this Policy, and enforce compliance with the Privacy Shield and applicable law.

GeoRiot provides assurance of its compliance with this Policy by conducting internal assessments of its relevant practices internally. In the event such an assessment finds non-compliant privacy, corrective action plans will be developed to resolve the identified gaps in compliance, as well as preventive action plans to maintain compliance.

Any employee GeoRiot finds has violated this Policy will be subject to disciplinary action up to and including termination of employment.

Any complaints, questions or concerns about the use or disclosures of Potential Personal Information or Client Personal Data by GeoRiot or other matters subject to this Policy should be directed to the address given below. GeoRiot will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy, and will respond to any complaint within thirty (30) days of receiving a complaint.

In the event you are not satisfied with the response to a complaint you may seek independent review by arbitration. In such an event the dispute will be subject to arbitration by the International Centre for Dispute Resolution of the American Arbitration Association ("ICDR"), under the rules of the ICDR, at no cost to you.

In the event you have filed a complaint and pursued arbitration for a violation of this Policy or the Privacy Shield by GeoRiot and are not satisfied with the result, you have the right to seek arbitration by a Privacy Shield Panel. This panel may impose individual-specific, non-monetary equitable relief to remedy the violation of the Principles with respect to your rights. You may seek such arbitration through your nation's Data Protection Authority ("DPA").

GeoRiot will respond promptly and appropriately to inquiries about this Policy and compliance with the Privacy Shield from the FTC or the U.S. Department of Commerce, including inquiries from DPAs.

10. Amendment of Policy

GeoRiot reserves the right to modify this Policy at any time without notice. If GeoRiot amends this Policy, notice of the amendment and the amended policy will be posted on the Booklinker website and such other sites as GeoRiot may deem appropriate. Any amendment will be consistent with the requirements of Privacy Shield and applicable E.U. law. The terms of this Privacy Policy in effect at the time Potential Personal Information is collected by GeoRiot shall continue to apply to such information notwithstanding such amendment.

11. Contact Information

Please contact us at admin@booklinker.net with any questions, comments, or concerns. You may also mail us at:

GeoRiot Networks, Inc.
Att'n: Data Protection
5506 6th Avenue S. #203
Seattle, WA 98108