Last Updated: 2018-06-02
We (Lolibrary Inc) only collect the absolute minimum information required for Lolibrary to operate.
You are not required to sign up to use the majority of the website. Sign-up is required to access personalised sections of the website, e.g.:
Our legal basis for collecting Personal Data is that it is necessary for providing our Services (namely, the services above, on websites/apps).
The data we collect (if you submit it to us) is limited to the following:
All data given to us here is used exclusively for the operation of the website and is not passed onto third parties for marketing purposes. If we allow ads on Lolibrary in future, we will not pass this information onto third-party ad partners.
We process data across Lolibrary, such as search queries submitted, and general stats to see how Lolibrary is performing. No personal data is collected in this process, and search queries are stored completely anonymised and not tracable to any specific person or persons.
We use the following subprocessors at Lolibrary:
We do not currently use any third-party tracking or analytics providers.
All of the personal information you submit to Lolibrary is held within a managed database in Google Cloud Platform, using Google Cloud SQL.
You can learn more about Google Cloud’s security here, and Google Cloud Platform have regular audits for the security of their infrastructure.
Access to data is only possible from within our main application cluster, which requires cryptographic controls (SSH keys, as well as authorization) to access, and all access to data is logged.
If you browse from a website, a session cookie is set, even if not logged in. This is used to prevent cross-site request forgery (e.g. another website forcing your browser to do an action such as registering for the site without your consent).
You can block cookies in your browser to prevent these from being saved on your computer, but you will no longer be able to submit the registration form on the website, or log in.
No personal information is transmitted in cookies, either through identifiers or contents, and cookies generated by Lolibrary are asymmetrically encrypted.
Certain cookies set by Cloudflare cannot be blocked or opted out of, as they provide essential functions of our website (such as malware blocking, or DDoS prevention), and you may be unable to access Lolibrary as a result.
Lolibrary processes data as both a Processor and a Data Controller as defined in the GDPR.
You can contact us at firstname.lastname@example.org.
You have the right to access any information we hold on you. You can do this by contacting us at email@example.com.
We may ask you for additional information in order to verify your identity when sending a request.
We will fulfil your request electronically (via email). If you’d like us to encrypt the copy of your data we send you, please request this or provide us with a public key.
You have the right to have all of your personal data removed from our systems on your request.
If you’d like to do this, please delete your account from your profile page while logged in.
If you’d like to make a formal request under the GDPR for us to remove all data on you, we’ll delete your account for you, provided you’ve verified your identity. Deleting your account is permanent, and will delete all resources associated with your user account.
Some users of the site are able to upload and submit items (searchable items of apparel) to Lolibrary; these submitted items do not consititute Personal Data and will not be removed when an account is deleted or when we receive a right to erasure notice.
Under our terms of service, these submitted items are public domain or an archive of third-party information in the public interest.
Any such items will no longer display your username next to them after your account is deleted. Instead they will show “Anonymous” (or similar) as their author.
You can edit/correct all of your personal data from within your profile page while logged into the site.
To change your email address, we’ll require you to verify that you control the new email address once changed, by sending it a verification link to click.
Lolibrary’s servers are located outside of the EU (in the USA).
We ensure that all of our infrastructure providers and data subprocessors comply with the US-EU Privacy Shield Framework to allow safe transfer and storage of Personal Data.
We will use your email address to send you emails relating to your account that you’ve explicitly requested (Transactional Email).
Examples of Transactional Email are:
We only pass your data to our email service providers in order to send you email.
We will only use your email (if provided) for marketing purposes with your explicit consent; we’ll provide privacy notices where you can give consent to this, and not opting in will have no impact on your ability to use our website/apps.
We will not share your email address with people outside of our data processors list, nor sell it to third-parties.
You can find previous versions of this policy, and all of our other policies, at https://github.com/lolibrary/legal