Perlego Privacy Policy

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint. Summary: We use personal data to provide our ebook service and related content to people who request or register for it, and to manage our relationships with those people. Generally, we do not give your information to third parties, but there are some exceptions where we use external service providers to power our operations – some of these are outside Europe. We are happy to answer your questions about any of this – email us at [email protected].


Who we are


Perlego Ltd collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.


The personal information we collect and use


Information collected by us, and how we use it

In the course of running the Perlego service we collect the following personal information, either when it’s provided to us by you, or where we derive it from your use of the service:

Additionally, we use the information for the purposes of research we undertake to understand how people use our service, and the books on it, in order to identify improvements we can make to the service, how we promote it, and the range of books we offer. The research we produce is on an aggregated basis and does not identify you personally. We use it internally, and may also provide it to others. We also use some of the information for the purposes of keeping Perlego and our communications with you secure from unauthorised access and attacks, and for reporting any unlawful activity. We may need to process your information for the purposes of enforcing our terms of use.

Who we share your personal information with

We routinely share information we collect about you with companies that we use to help us provide and run the Perlego service. For example, for administering payments, storage of data, sending out emails, powering our ‘chat’ function, and tracking and reporting user behaviour patterns. For a list of our current service providers who process personal data of our customers, please see the this list . Some of those companies are based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’ below.

We will share personal information with law enforcement or other authorities if required by applicable law.

How long your personal information will be kept

We will hold your information for different periods of time, as follows:

Reasons we can collect and use your personal information

We rely on the following as the lawful basis on which we collect and use your personal information:


Transfer of your information out of the EEA


We may transfer your personal information to the USA. This is for the purpose of enabling our third party service providers to access and process the data on our behalf. In particular, we use the following service providers who process your information in the USA:

The USA does not have the same data protection laws as the United Kingdom and European Economic Area. Whilst the European Commission has not given a formal decision that the USA provides an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to safeguards as specified in the General Data Protection Regulation that are designed to help protect your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. Some of our US-based providers (including Mixpanel, and Stripe, our payment processor) are certified under the EU-US Privacy Shield, a mechanism which permits transfer of personal data to companies in the US who have certified that they meet privacy norms akin to those in the EU. Our other processors use so-called ‘model clauses’ in our contract with them, which give individual data subjects rights in respect of the provider’s processing of the data and requires the provider to meet certain EU-mandated standard. A description of the

EU-US Privacy Shield is available here - https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.

A description of the Model Clauses is available here - https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

To obtain a copy of the safeguards we have in place, please contact us at [email protected].

We will not otherwise transfer your personal data outside of the United Kingdom or European Economic Area.


Your rights


Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

If you would like to unsubscribe from any promotional emails we send you, you can also click on the ‘unsubscribe’ button at the bottom of the email or uncheck the marketing consent box in Account Settings.


Keeping your personal information secure


We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org.. Get Safe Online is supported by HM Government and leading businesses.


How to complain


We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.


Changes to this privacy notice


This privacy notice last updated on 20/05/2018. We may change this privacy notice from time to time, when we do we will inform you via your Perlego account or (if appropriate) by email.


How to contact us


Please contact us if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact us please send an email to [email protected], or contact our Data Protection Officer as follows: