NetGalley is fully compliant with the General Data Protection Regulation (GDPR). Data protection and privacy have always been of the utmost importance to us at NetGalley, and we built our products and services with those principles in mind. As of May 22, 2018, NetGalley’s updated Privacy Policy and Terms of Use for members meet GDPR requirements, and the site has been updated to ensure compliance regarding data protection and storage.
Rest assured that NetGalley’s marketing programs and activity reports continue to meet all requirements for data protection under GDPR. Click below for more detailed information about compliance in each of these areas:
Is NetGalley compliant in how members’ personal information and email addresses are stored and displayed?
The GDPR regulation specifies that all personal information must be stored securely and certain information must also be encrypted. NetGalley is fully compliant with GDPR regulations. Member email addresses are only visible to publishers with whom they have interacted--either by clicking Read Now or Request to get access to a publisher’s book, or by clicking a Widget link to access a book the publisher invited them to view. These interactions are the primary reason that members use NetGalley, and are covered by our Terms of Use.
Are NetGalley’s Terms of Use & Privacy Policy compliant with GDPR regulations?
NetGalley is fully compliant with GDPR regulations. NetGalley released updated Terms of Use and Privacy Policy on May 22, 2018. All NetGalley members must accept both the Terms of Use and the Privacy Policy in order to use the site.
Members may also fully delete their account. If a member deletes their account, publishers will still be able to see historical information about titles for which the member was approved and declined, and reviews that were provided. All personally identifiable information about the member, however, will be removed
How are NetGalley promotional emails compliant with GDPR?
NetGalley members are able to opt out of promotional emails at any time. They may do so from their Profile, or from the individual emails they receive. All existing members who receive promotional emails from NetGalley will continue to do so until they choose to opt out.
When new members register for NetGalley, they must choose whether to opt in to receive these emails. They may also change their preferences at any time in their Profile.
We also regularly update our promotions lists to exclude members who have not opened any of our recent emails. This ensures that newsletters and eblasts are sent to members who are actively engaged with our promotions.
How is the email upload for auto-approvals compliant?
Publishers may upload email addresses to NetGalley in order to add contacts to their NetGalley Auto-Approved list. These email addresses are stored in NetGalley’s database separately from all other member information, in full compliance with GDPR regulations. A publisher will only see further information about those members once the member has interacted with the publisher’s books, at which point the member’s Profile is visible according to the Terms of Use.
Here is more information about best practices for using member email addresses.
How is NetGalley compliant in the way automated notifications are delivered? (Activity-based notifications, such as approval or decline messages, weekly to-do list, etc.)
NetGalley members receive automated email notifications as a result of their activity on the site, such as alerting a member that their request has been approved. These notifications are critical to the NetGalley user experience and are covered in our Terms of Use; therefore, members do not have the ability to opt out of these vital notifications (unless they choose to delete their NetGalley account).
How is the Automated Weekly Checklist email compliant?
NetGalley members will only receive an automated Weekly NetGalley Checklist email as a result of their activity on the site. The member’s Checklist includes the number of books that are:
- Ready for Download (approved titles they have not yet accessed)
- Ready for Feedback (approved titles they downloaded, but have not yet submitted feedback)
- Reviews that are ready to be shared (feedback submitted via NetGalley, but not yet clicked to share to social media and/or retail sites) for books published in the last 30 days.
Members have the ability to opt in or out of receiving the Weekly Checklist email in their Profile.
How can publishers use member email addresses that they can see in their NetGalley account or reports?
We expect NetGalley clients to comply with all local laws and statutes related to the protection and legal use of members’ personal information. Publishers may contact NetGalley members directly only when the communication is related to that member’s NetGalley activity. Examples include:
- Following up with members to remind them to download an approved book.
- Reminding the member to submit or share feedback for an approved book.
- Inviting a member to request or download (via widget link) another book they may enjoy on NetGalley, while clearly acknowledging why based on their prior activity.
We do not condone the sharing of member contact information with any third parties, and publishers should not add NetGalley members to any internal marketing or publicity lists or databases without additional, explicit consent from the member outside of the NetGalley platform. Click here for more resources on communicating with NetGalley members.