Scribbr Privacy Policy
Version 08/03/2022
This privacy policy contains information about how we use your personal data. Please read this policy carefully before you use our services. If you have any questions, please feel free to contact us.
If you click on one of the topics below, the information on this topic will fold out.
1. About us
1.1 Scribbr B.V. (“Scribbr” or “we“) is committed to protecting your personal data. We collect and use your personal data when you use our services. When you use our services, we only ask you for the details we need in order to help you as best we can. This privacy policy explains to you how we collect, use, save, share, transfer or otherwise process your personal data when you use our products and/or services.
2. Responsibility
2.1 We will only process personal data in line with the applicable privacy legislation and as described in this privacy policy.
2.2 We use YouTube Data API to automatically cite YouTube videos and Google Books API to automatically cite books in the Citation Generator. We are not responsible for the content of these websites, services provided by these third parties or their compliance with the applicable privacy legislation. Visit YouTube’s Terms of Service and Google’s Privacy Policy for more information.
3. How we collect your personal data
3.1 We collect your personal data in different ways:
- We collect information when you interact with us. For example, if you contact us or if you create an account on our website.
- We automatically obtain information about you via cookies when you visit our website. For more information on this, please see our Cookie Declaration.
4. Details of processing
4.1 If you use our services, want to know more about us or have any questions for us, we process your personal data. The way we use your personal data, why we need it and on what legal grounds we use it depend on your requests, and sometimes on our needs. Please find an overview below.
| Activity | Categories of personal data processed | Legal ground(s) for processing and purposes for processing |
|---|---|---|
| Visiting our website |
For detailed information about our use of cookies, please see our Cookie Declaration. |
We collect these personal data on the basis of your consent or, in case we are not legally required to obtain consent, on the basis of our legitimate interests, namely improving our online services. This is the case with regard to technical cookies necessary for the functioning of the website and several analytic cookies that are not used to treat you differently from other users.
We process your personal data for (i) improving our website, (ii) being able to show you the services that fit your preferences and (iii) being able to provide you with consistent service across all your devices. |
| Using our services |
|
We collect these personal data as this is necessary for the performance of the contract we have with you or on the basis of our legitimate interests, namely matching our services with your requests and needs.
We process your personal data for providing the requested services to you. |
| Customer service or otherwise corresponding with you |
|
We collect these personal data as this is necessary for the performance of the contract we have with you or on the basis of our legitimate interests, namely verifying your identity for reasons of security, improving our services and providing customer service.
We process your personal data for (i) following up on your questions, complaints and claims and (ii) providing information with regard to products or services that are relevant to you. |
| Job openings |
|
We collect these personal data on the basis of our legitimate interests, namely to assess if you are the right fit for our company.
We process your personal data for recruitment purposes. |
| Other general purposes | Any information we possibly have of you that is necessary for the relevant purpose of processing. | We collect these personal data as this might be necessary for our legal obligations or for purposes of our legitimate interests, namely carrying out our regular business activities and protecting our interests in case of conflicts.
We process your personal data for (i) following requests of authorities, (ii) conducting criminal investigations, prosecutions and the execution of judgments, (iii) protecting rights of third parties, (iv) mergers and acquisitions or other similar transaction in which a third party assumes control of Scribbr’s business (in whole or in part), (v) in case of bankruptcy or (vi) other circumstances. |
4.2 If we use your personal data for our legitimate interests, you can ask us about why we think our interests outweigh your right to privacy. Please find our contact details below.
4.3 Sometimes, we need to use your personal data for other purposes than those for which we collected your personal data in the first place. If that is the case, we will inform you properly.
5. Cookies
5.1 Please see an overview of the cookies that we use in our Cookie Declaration.
5.2 We do not sell your personal data by using cookies.
5.3 You can change your cookie settings in general – for all websites you visit – via your browser settings. For more information on how you can change your browser settings, please be referred to: www.aboutcookies.org/how-to-control-cookies/.
5.4 If you have turned on “no track signals”, there is no need to change your cookie settings. We will not place non-essential cookies on your devices.
5.5 Please note that if you refuse certain cookies, this may reduce the functionality of some parts of our website.
6. Sharing with third parties
6.1 When providing our services to you, we might need to share your information with other parties. Please find an overview below:
| Activity | Recipients | Location |
|---|---|---|
| Visiting our website | Data processors engaged by us, such as advertising companies and hosting providers. | USA, The Netherlands, Germany, Ireland, Belgium |
| Using our services | Data processors engaged by us, such as payment providers, hosting providers and providers of plagiarism software. | USA, The Netherlands, Ireland |
| Customer service or otherwise corresponding with you | Data processors engaged by us, such as payment providers, hosting providers and providers of CRM software. | USA, The Netherlands, Ireland, Germany |
| Job openings | Data processors engaged by us, such as software providers, hosting providers and human resources information system providers. | USA, The Netherlands, Ireland, Germany |
| Other general purposes |
|
USA, The Netherlands, Ireland, Germany |
7. Transfer to countries outside the EEA
7.1 Some of our processing activities take place outside the European Economic Area (“EEA”), for instance in the United States. Your personal data may therefore be subject to other legal rules. We will implement all necessary safeguards designed to duly protect your personal data.
7.2 Some of the parties we share your information with are located outside the EEA, such as the United States. Outside the EEA, other data protection rules may apply. If that is the case, we will implement safeguards designed to duly protect your personal data.
7.3 If we share your personal data with other parties, possible safeguards may include, among others, so-called adequacy decisions. This is a decision in which the European Commission states that e.g. a certain country offers a level of data protection similar to the GDPR. See this link for the current list of adequacy decisions. If and insofar as we transfer personal data with parties in countries outside the EEA to which no adequacy decision applies, we will agree with these parties to data protection provisions set by the European Commission, so called standard contractual clauses. A copy of the agreed standard contractual clauses can be requested by you.
8. Security
8.1 We take appropriate security measures to protect your personal data.
8.2 Examples of technical security measures taken by us are:
- all documents are uploaded to Scribbr via a secure connection;
- logical and physical security (e.g. safe, doorman, firewall, network segmentation);
- technical control of the authorizations (as limited as possible) and keeping log files;
- management of the technical vulnerabilities (patch management);
- keeping software up-to-date (e.g. browsers, virus scanners and operating systems);
- making back-ups to safeguard availability and accessibility of the personal data;
- automatic erasure of outdated personal data;
- encryption of personal data;
- applying hashing or (other) pseudonymization methods to personal data; and
- provide secure storage facilities for end-users (e.g. file server storage).
8.3 Examples of organizational security measures taken by us are:
- special guidelines to which all employees and experts must abide, including confidentiality;
- uploaded documents are never shared with third parties, nor are they published;
- experts are obliged to delete your documents after having edited it;
- assign responsibilities for information security;
- promote privacy and security awareness among new and existing employees;
- establish procedures to test, assess and evaluate security measures periodically;
- check logfiles regularly;
- using a protocol for handling data breaches and other security incidents;
- conclude confidentiality, data processing and data protection agreements;
- assess whether the same objectives can be achieved with less personal data;
- provide access to personal data to as few people within the organization as possible; and
- define the decision-making and underlying considerations per processing.
8.4 We have internal security policies in place in which it is further described how we ensure an appropriate level of technical and organizational security measures. We also have a data breach policy in place in which it is described how we deal with a (possible) data breach.
9. Retention periods
9.1 In principle, we do not store your personal data any longer than is strictly necessary for the purposes for which we process your personal data. We have put in place a Retention Policy to ensure that your personal data are deleted after a reasonable period.
9.2 We have the following retention terms in place:
| Activity | Retention term |
|---|---|
| Visiting our website | Please see our Cookie Declaration |
| Using our services |
|
| Customer service or otherwise corresponding with you |
|
| Job openings | 1 month or, upon your request, 3 months after you have applied |
| Other general purposes | Retention terms depend on the relevant purpose. In any case, no longer than necessary |
9.3 You can always delete your documents and results before the standardized retention terms manually via your account. Documents uploaded in the Citation Checker / Self-Plagiarism Checker can be deleted by contacting us. Please see our contact information below.
10. Your rights (incl. the right to object)
10.1 In relation to our processing of your personal data, you have the below privacy rights.
- Right to withdraw consent: In so far as our processing of your personal data is based on your consent (see above), you have the right to withdraw consent at any time.
- Right of access: You have the right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you (but not necessarily the documents themselves). We will then also provide you with further specifics of our processing of your personal data.
- Right to rectification: You have the right to request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Right to erasure: You have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where: (i) the personal data are no longer necessary, (ii) you have withdrawn your consent, (iii) you have objected to the processing activities, (iv) the personal data have been unlawfully processed, (v) the personal data have to be erased on the basis of a legal requirement, or (vi) where the personal data have been collected in relation to the offer of information society services. We do not have to honour your request to the extent that the processing is necessary: (i) for exercising the right of freedom of expression and information, (ii) for compliance with a legal obligation which requires processing, (iii) for reasons of public interest in the area of public health, (iv) for archiving purposes, or (v) for the establishment, exercise or defence of legal claims.
- Right to object: You have the right to object to processing of your personal data where we are relying on legitimate interests as processing ground (see above). Insofar as the processing of your personal data takes place for direct marketing purposes, we will always honour your request. For processing for other purposes, we will also cease and desist processing, unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or that are related to the institution, exercise or substantiation of a legal claim.
- Right to restriction: You have the right to request restriction of processing of your personal data in case: (i) the accuracy of the personal data is contested by you, during the period we verify your request, (ii) the processing is unlawful and restriction is requested by you instead of erasure, (iii) we no longer need the personal data but they are required by you for the establishment, exercise or defence of legal claims, or (iv) in case you have objected to processing, during the period we verify your request. If we have restricted the processing of your personal data, this means that we will only store them and no longer process them in any other way, unless: (i) with your consent, (ii) for the establishment, exercise or defence of legal claims, (iii) for the protection of the rights of another natural or legal person, (iv) or for reasons of important public interest
- Right to data portability: You have the right to request the transfer of your personal data to you or to a third party of your choice (right to data portability). We will provide to you, or such third, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies if it concerns processing that is carried out by us by automated means, and only if the our processing ground for such processing is your consent or the performance of a contract to which you are a party (see above).
- Automated decision-making: You have the right not to be subject to a decision based solely on automated processing, which significantly impacts you (“which produces legal effects concerning you or similarly significantly affects you”). In this respect, please be informed that when processing your personal data, we do not make use of automated decision-making.
- Right to complaint: In addition to the above mentioned rights you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or of an alleged infringement of the GDPR at all times. Please be referred to this webpage for an overview of the supervisory authorities and their contact details. However, we would appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us beforehand.
10.2 The exercise of the abovementioned rights is free and can be carried out by phone or by e-mail via the contact details displayed below.
10.3 We may request specific information from you to help us confirm your identity before we comply with a request from you concerning one of your rights.
10.4 We will provide you with information about the follow-up to the request as soon as possible and in any case within one month of receipt of the request, unless your request is complex or if you have issued a number of requests at the same time. In those cases, we can extend the response period by another two months. We will notify you of such an extension within one month of receiving your initial request.
10.5 We may refuse your request. If we cannot comply with your request, we will inform you of the reasons why.
11. Protection of minors
11.1 We attach great importance to the protection of personal data of minors. Given the nature of our products and services, we do not offer our products or services to minors. If you are a minor under the age of 16, please do not attempt to register or otherwise use the Services or send us any personal data. If we find ourselves collecting personal data of a minor without prior consent, we will delete it as soon as possible.
12. Contact details
12.1 If you have any questions about how we use your personal data or if you want to invoke one of your rights, feel free to contact our Data Protection Officer via [email protected]
12.2 For general questions, comments or requests, you may contact us via [email protected] or by telephone (001 (510) 822-8066).
13. Miscellaneous
13.1 We reserve the right to change this privacy policy on a regular basis. Where required, we will inform you of the updates. The current version is always available on our website. This privacy policy was last amended and revised in March 2022.
14. Definitions
14.1 In this privacy policy, the following definitions apply:
| Applicable privacy legislation | All applicable privacy legislation, including the General Data Protection Regulation (“GDPR”) and the relevant national implementation acts. |
| Privacy policy | This present privacy policy. |
| Scribbr B.V. | Scribbr B.V. Singel 542, 1017 AZ Amsterdam The Netherlands Registered with the Dutch Chamber of Commerce under number 67863019 |
| Website | scribbr.com, scribbr.nl, scribbr.de, scribbr.fr, scribbr.es, scribbr.it, scribbr.se, scribbr.com.br, scribbr.co.uk, scribbr.at, scribbr.ch, scribbr.fi, scribbr.no, scribbr.dk |
14.2 Other terms that are defined in the applicable privacy legislation, such as personal data, (joint) controller, processor, data subject and processing will have the meaning as described in the applicable privacy legislation.