Privacy Policy | eBookquet Network - Online Reading Platform

eBookquet Network Limited, which hereafter referred to as “eBookquet Network, eBookquet, We, Our, Us”, and its website, applications, and services are hereafter referred to as “Services”. eBookquet Network offers online marketplace services that allow owners of books, publications, courses, videos, and forum discussions (collectively referred to as “Content”) to distribute and/or sell them directly to customers, and the customers can access the content for free or at a fee through an online payment platform; and networking services that allow users to read, connect and share knowledge.

eBookquet provides software-as-a-service solutions to individuals, businesses, and organizations (Customer, User, You, Your). We are committed to handling personal data responsibly and transparently when using our Services. As we provide Services, we will continuously enhance our Services, developing new products and features to better serve our Users.

Protecting your personal data with an extra layer for data of underage users is a priority for us, and therefore, we are dedicated to safeguarding the privacy as required by the Underage Data Privacy Regulations in the jurisdictions we operate as stated above. Our goal is to protect your privacy while providing you with personalized and innovative services for a better user experience. For users who are below the consent age limit, kindly visit our Children’s Online Privacy Protection to learn more.

If you are under the consent age limit as defined by law in your jurisdiction, we will require a parent or guardian's consent or authorization before you can use our services, including creating an account. Parents or guardians who provide consent shall be responsible for overseeing their child's account activity.

With parental consent for their children, we collect account registration and authentication information similar to other accounts, allowing them to create an account and access services like BookHut, Bookquet, and Knet Mart, as well as freely communicating and sharing data with users of all ages. We minimize the information we collect and therefore, we DO NOT intentionally collect more data from users than what is necessary to provide our Services.

Any account created with parental consent is automatically added to the consenting parent or guardian’s BookHut. Parents or guardians can withdraw their consent at any time. As the custodians, they can manage their minor's information and activities on the minor’s BookHut settings.

Authors, publishers, or content right holders who are less than 18 years are NOT allowed to create an Author Account and manage a bookstore in the Knowledge Networking Marketplace (Knet Mart). If you are an Author, publisher, or rights holder, you would require an adult with legal rights to your content to set up a bookstore and manage your content.

By consenting to the use of our services, you acknowledge that you agree to our collection and use of your personal information as outlined in this policy. And if you consent to a minor’s request, you agree and represent that you are an adult with the legal authority to provide such consent and bind the minor to the Terms of this Policy and Terms of Service.

Our Data Privacy Policy governs all systems, infrastructure, and processes that involve personal data within the eBookquet Network. We may also share data with trusted sub-processors and partners only when necessary to deliver opted-in services. Our data handling practices align with the purposes and methods detailed in this policy.

Terms used or capitalized in this Privacy Policy have the same meanings as in our Terms and Conditions and Copyright Policy unless otherwise defined here. Our Terms and Conditions, Copyright Policy, and Privacy Policy along with our Third-party Services, form our pact with you and govern your use of our Services.

Data Privacy and Protection Compliance
Our Data Privacy Policy is compliant with the Nigeria Data Protection Act (NDPA), General Data Protection Regulation (GDPR), General Data Protection Regulation UK (GDPR-UK), California Consumer Privacy Act (CCPA), and Children’s Online Privacy Protection Act (COPPA).

We do not control or handle the privacy data practices of our partners. To learn more about their specific privacy policies, please check the individual rules in the Third-Party Privacy Links below.

Key Protections
Privacy Terms Glossary Definition List
Information We Collect
Data Collection Restrictions
How We Use and Share Your Personal Data
Alternative Data Usage
Children’s Online Privacy Protection
Nigeria Data Protection Act (NDPA)
General Data Protection Regulation (GDPR)
United Kingdom General Data Protection Regulation (UK-GDPR)
United States Federal and State Data Privacy
Parental Consent Form
Ongoing Rights
Data Protection
Data Storage
Data Retention
Data Deletion
Data Transfer
Data Sharing
Data Disclosure
Data Processing
Payment Services
Compliance and Security Audits
Data Privacy Request Process
Cookies Policy
Liability
Policy Violations
Data Accessors
Service Providers and Sub-processors
Third-Party Privacy Links
Governing Law
Privacy Policy Update

Privacy Terms Glossary Definition List
 Privacy Policy: Refers to the eBookquet Network's Privacy Policy, available on its website.
 Services: eBookquet Network’s application, website, infrastructure, its services, and third-party services.
 User: any person who uses eBookquet Network Services and may have entered its data while using the Services.
 Data Subject: An individual whose personal information or data is being collected, stored, or processed
 Custodian: A parent or guardian who has the legal right to give consent and stand in as a custodian for their minor while using eBookquet Network Services.
 Data: Information collected electronically, stored, or may be analysed to gain insight.
 Personal Data: Any information or data that can identify an individual either directly or indirectly on eBookquet Network Service and is recognized by law.
 Third Party: Any entity or service eBookquet Network does not own and it has a relationship with and/or provides services for eBookquet Network.
 Data Controller: An individual or entity responsible for data collection, the purpose, and processing of data. eBookquet Network is guided by its Privacy Policy, and the data controller for the Services is within its control.
 Data Processing: Any activity that includes data collection and usage, data storage and security, user rights and consent, data retrieving and disclosure, data sharing and third-party involvement, and data retention and deletion. To enhance your data processing, we may engage third-party service providers for data processing.
 Processor: eBookquet Network and third-party service providers, as defined in this policy, shall be considered the processor, in accordance with applicable regulations.
 Sub-Processor: Refers to a third-party service provider engaged by the Processor for eBookquet Network Services.
 Sensitive Personal Data: This includes racial or ethnic origin, religious or philosophical beliefs, sex life, health or medical information, biometric data, political opinions, or financial information.
 Third Party: An entity or individual outside of eBookquet Network's primary relationship between users and eBookquet Network, but has partnership relationships, support, or services to eBookquet Network.
 Data Protection Regulations: The Data Protection implementation framework, along with any other relevant laws and regulations governing personal data processing and privacy, including any future amendments, revisions, or updates.
 Data Protection Authority: Refers to a data protection regulatory authority.
 Restricted Transfer: Cross-border data transfer to a country outside the originating jurisdiction, subject to applicable regulations.
 Terms and Conditions: Refers to the eBookquet Network Terms of Use/Service agreed to by the Controller.
 NDPA: Nigeria Data Protection Act 2023 as Amended.
 NDPC: Nigeria Data Protection Commission
 DPA: Data Protection Act
 GDPR: General Data Protection Regulation
 GDPR UK: UK General Data Protection Regulation
 COPPA: Children’s Online Privacy Protection Act
 CCPA: California Consumer Privacy Act

Information We Collect
Collecting some personal information is necessary if we are to satisfy your expectations and requirements, e.g., by communicating with you effectively and providing an interactive service.

eBookquet Network may collect, store, or process different types of data and/or information as needed to deliver and enhance our services. eBookquet Network is committed to transparent and proper handling of your personal data within the relevant laws and regulations. By using our services, you consent to providing this information. To use our service, you may need to provide personal details that allow us to identify or contact you. For users under the consent age, parents or guardians are required to give consent for their children to register and use our services.

The personal data may include, but not limited to:
• Identity Information: When you create an account, we collect, first name, last name, email address, date of birth, username, government-issued IDs for authors, and other optional details like profile pictures or bios.
• Account Information: Username, password, purchases, interest, and preferences.
• eBook Sales or Rentals: We use third-party payment platforms or an encrypted funded wallet for purchases. We do not store sensitive payment information, like credit card details on our servers.
• e-Learning: For our e-learning account, we may collect reading progress, completion status, and other learning analytics to personalize your experience.
• Chat and Video Conferencing: When you use our chatting or video conferencing features, we collect and store the content of your communications, including messages, audio, and video recordings (if applicable).
• Usage Data: We collect usage website, mobile application, metrics, such as page views, clicks, and other interactions with our platform, to improve our services.
• Contact Information: Physical address, email, social media handles, and phone numbers.
• System Information: It includes, but is not limited to, the domain names, operating systems, internet protocol address, login date, browser version, operating systems, pages of services visited, time spent on those pages, time zones, locations, plugins, operating systems, and device identifiers, to ensure smooth functionality and troubleshoot issues.
• Marketing and Communication Information: Preferences, interests, and newsletters.
• Cookies: Include user preferences, session information, and other tracking information. For more information, see our Cookies Policy below.
• Communications: When you reach out to us directly, such as asking a question or requesting support, we might collect extra personal information and the details of your message.

Know Your Customer: To offer certain services, like author account creation or payment processing, we may need to verify your identity. This involves providing a valid government-issued ID to comply with regulations and securely create accounts or process payments. Any author who is less than 18 years old will NOT be allowed to create an Author Account and sell content on eBookquet Network website. The author should engage a parent, guardian, or any other entity that is a rights holder to the content to create and manage an account on behalf of the author. The account holder may be required to submit documents or information to verify the right to the content.

Data Collection Restrictions
We collect and use personal information only as necessary to provide our services and enhance user experience. For any use beyond our stated purposes in this Policy, including collection, storage, disclosure, or chat interactions, we will obtain your consent or, for minors, their parental consent where required.

Permission Settings: As a user (Knowledge Networker –Knetworker), some of your profile data is limited and accessible only to the community of knetworkers. However, you can enable or disable the permission by going to your account settings to set your preference.

NOTE: eBookquet Network does not collect sensitive personal data intentionally. Please do not share such information unless it’s necessary for specific reasons.

We might contact you with newsletters or promotions that could interest you. To stop receiving these, follow the unsubscribe link or send us an email.

How We Use and Share Your Personal Data
We do not sell or share your personal data without your consent. We only share it when necessary to provide our services or as outlined in this policy.

Account Creation & Access: We collect data like first name, last name, date of birth, photo, social media handles, email, and password to register and authenticate users.

Parental Consent: Various regulatory bodies and privacy laws require online applications to seek parental consent for their children who are under the consent age limit before they can use online services.
• To inform parents that their children want to use our services, which requires sharing personal information, and we need their consent.
• To let parents know we collect personal information from their children and to protect their safety.
• To get parental consent before allowing their children to register and use our services.
• To inform parents that the information we collect from their children will not be used or disclosed for any other purpose without their permission.
• To protect a child’s safety.
• To protect the security or integrity of our website and Services, to take precautions against liability, and to cooperate with law enforcement if necessary.

Service improvement: To monitor, review, and enhance user experience and optimize service performance.

User profiling: Creating profiles to understand user behaviour and preferences.
Personalization: Your browsing, search, and purchase history may be used to show tailored content, product recommendations, or ads.
• To keep you informed about updates to our services.
• To permit your interaction with specific features of our services when you select them.
• To keep you informed about your account status, including subscription updates and renewal notices.
• We may use your information to fulfil contractual obligations when we have a contract with you.

Analytics: Analysing user data for service improvement and quality assurance.
• Understand User behaviour: To analyse how user traffic and interaction with our services, including navigation trends patterns, feature engagement, page navigation, and visitor numbers.
• Improve User Experience: To identify areas for improvement and optimize our services for a better user experience.
• Measure Performance: To track key performance indicators (KPIs) such as page views, bounce rates, and conversion rates.
• Optimize Feature: To analyse feature performance and optimize it for better engagement and conversion.
• To gain valuable insights that enable us to refine our services.

Security: Personal data helps to detect fraud and enforce our policies, and protect personal data against unauthorized access.
• To identify potential security threats, such as hacking attempts or malware.
• To monitor user activity to prevent unauthorized access.
• To detect and prevent fraudulent activities, such as identity theft or payment scams.
• To identify and address the vulnerability of the application infrastructure.

Anonymous aggregate data: We may use and/or share anonymous, aggregated data to improve our Services and make informed decisions, as allowed by applicable laws.

Marketing and Advertising: To deliver personalized ads based on interests and behaviours.
• Customer Segmentation: To segment the audience and tailor marketing efforts to specific groups.
• News and Information: To keep you informed about similar products, services, and events that may interest you, unless you have opted out.
• Targeted Advertising: To deliver personalized ads based on user interests and behaviours.
• Personalization: To personalize content and offers based on user preferences and behaviours.
• Demographic Data: To understand user characteristics, such as age, location, and interests.

Advertisement: Users do not get personalized ads if the personal information on their eBookquet Network account indicates they are under 18 years old.

Note: Your identifiable information is not shared with advertisers, though we may provide aggregated data in accordance with legal requirements.

Third-party Sharing: We may share your data with our third-party service providers who may require personal data to provide the services (e.g., analytics firms, payment processors, or social media plugins) described in their privacy policies.

Some of our services include third-party integrations or links. Their privacy practices differ from ours. If you share personal data or allow us to do so with these third parties, their privacy policies apply.

Legal Compliance: Data may be shared with authorities if required by law (e.g., for law enforcement or tax purposes).
• Regulatory Requirements: To comply with laws and regulations, such as NDPC, GDPR, DPA, COPPA, or CCPA.
• Tax and Accounting: To comply with tax laws and accounting regulations.
• Know-Your-Customer (KYC): To verify user identities and prevent financial crimes.
• Data Retention: To retain data for legal purposes, such as record-keeping, chargeback, complaint, or dispute resolution.
• Compliance with Industry Standards: To comply with industry-specific regulations, such as PCI-DSS for the payment card industry, data security, and privacy.

Cookies: Our website uses cookies to enhance user experience, ensure site security, and customize content. Cookies are small text files stored by your browser that help us recognize repeat visitors and provide personalized content. You can adjust your browser settings to delete or reject cookies, but this might affect your experience on our site.

Alternative Data Usage
• Your data will be used as intended unless there are legitimate reasons to use it differently.
• Your data will be used for the intended purpose unless a legitimate and compatible reason requires alternative use.
• We will get your express consent before using your data for any unrelated purposes.

Children’s Online Privacy Protection
Our Data Privacy Policy is compliant with the Nigeria Data Protection Act (NDPA), European Union General Data Protection Regulation (GDPR), United Kingdom General Data Protection Regulation (UK-GDPR), California Consumer Privacy Act (CCPA), and Children’s Online Privacy Protection Act (COPPA).

Protecting the data privacy of underage users is a priority for us, and therefore, we are dedicated to safeguarding the privacy as required by the Underage Data Privacy Regulations in the jurisdictions we operate as stated above. Our goal is to protect your privacy while providing you with personalized and innovative services for a better user experience.

With parental consent for their children, we collect account registration and authentication information similar to other accounts, allowing them to create an account and access services like BookHut, Bookquet, and Knet Mart, as well as freely communicating and sharing data with users of all ages. We minimize the information we collect and therefore, we DO NOT intentionally collect more or sensitive data from minors than what is necessary to provide our Services.

Below are the distinct provisions and laws in each of the regulations and acts for online data privacy protection for users considered as children in the respective jurisdictions. This Policy outlines our processes and protocols, which are designed to ensure compliance with our Children’s Data Privacy Protection Policy, as applicable.

Please note that the provisions and laws stated in each regulation or act can be used in part or whole as applicable in our Data Policy and Terms of Service.

Nigeria Data Protection Act (NDPA)
The Nigeria Data Protection Act, 2023, has several key elements that aim to protect personal data in Nigeria and promote a culture of data protection in the country. See below the relevant sections of our Data Policy based on the Nigerian Data Protection Act requirements for users under 18 years old, including Parental Consent, Data Rights, Data Protection, Data Storage, Data Transfer, Data Sharing, Data Disclosure, Data Processing, Data Retention, and Data Access.
Definition of Personal Data: The Act defines personal data as any information relating to an identified or identifiable natural person.
Data Protection Principles: The Act outlines principles for processing personal data, including lawfulness, fairness, and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

Lawful Basis for Processing: The Act specifies lawful bases for processing personal data, such as consent, contract, legal obligation, vital interests, public interest, or legitimate interests.

Data Subject Rights: The Act grants data subject rights, including the right to access, rectification, erasure, restriction of processing, objection to processing, and data portability.

Data Controller and Processor Obligations: The Act imposes obligations on data controllers and processors, including implementing data protection policies, conducting data protection impact assessments, and ensuring data security.

Data Breach Notification: The Act requires data controllers to notify the Nigeria Data Protection Commission within 72 hours of becoming aware of a breach which is likely to result in a risk to the rights and freedoms of individuals, and where the breach is likely to result in a high risk to the rights and freedoms of a data subject, to immediately communicate the personal data breach to the data subject.

Cross-Border Data Transfers: The Act regulates cross-border data transfers, requiring data controllers to ensure adequate protection of personal data transferred outside Nigeria.

National Data Protection Commission: The Act establishes the National Data Protection Commission to oversee data protection in Nigeria, including enforcing the Act and developing regulations.

Minor User Access
In the Nigeria Data Protection Act, a child is anyone under 18 years old according to the 2003 Child Rights Act. Therefore, data controllers are expected to obtain parental consent before processing a child's personal data, ensuring compliance with the Act's requirements. NDPA mandates that personal data processing, including children's data, adhere to principles of lawfulness, fairness, and transparency.

Data Collection and Use: We collect and use your personal data in accordance with this privacy policy. We ensure that your data is handled securely and in accordance with the NDPA applicable laws.

We do not knowingly collect or use the personal information of any intending user who selects a date of birth that is under 18 years while creating an account without parental consent.

By signing up for our services, you agree to our Personal Information practices as outlined in this Policy. You also confirm that you're a parent or guardian with the authority to consent on behalf of your child. Terms not defined here have meanings assigned in our Terms of Service, Privacy Policy, or Copyright Policy.

General Data Protection Regulation (GDPR)
The European Union's General Data Protection Regulation (GDPR), enacted on 25th May 2018, protects EU citizens' personal data through seven key principles.

Data Protection Principles: Organizations must follow strict guidelines for collecting, processing, and storing personal data, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

• Lawfulness, fairness, and transparency: Individuals have the right to know what data they are providing, its intended use, and the security measures in place to protect it.
• Purpose Limitation: Organizations should collect only the data that is required for a specific purpose.
• Data Minimization: Individuals do not need to provide more information than what is required for a specific purpose.
• Accuracy: Data collected should be precise and kept up to date.
• Storage Limitation: Organizations can only keep personal data for as long as it's necessary.
• Integrity and Confidentiality: Organizations should take reasonable steps to protect collected data.
• Accountability: Every organization should have a data protection policy that's easily accessible.

Data Subject Rights: Individuals have rights over their data, such as access, correction, erasure, restriction of processing, data portability, and objection to processing.

Data Protection Officer (DPO): Some organizations must appoint a DPO to oversee data protection practices, especially those involved in large-scale systematic monitoring or processing of sensitive data. Such organizations include public authority bodies and/or organizations whose core activities involve large-scale monitoring of individuals, large-scale sensitive data processing, data complexity, and risk.

Data Protection Impact Assessment (DPIA): Organizations must conduct DPIAs for high-risk data processing activities to identify and mitigate potential risks.

Breach Notification: Organizations must report personal data breaches to the relevant supervisory authority within 72 hours and notify affected individuals if necessary.

Accountability and Governance: Organizations must demonstrate compliance with GDPR principles and maintain records of data processing activities.

Cross-Border Data Transfers: Organizations must ensure adequate protection for personal data transferred outside the EU, using mechanisms like Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).

Cookies: Users need to give consent or opt in before websites can store analytics or advertising cookies on their devices. But consent isn't required for essential cookies that help the website work properly.

Minor User Access
In the General Data Protection Regulations, a minor is anybody less than 16 years old, and it is considered a vulnerable member of society. However, each member state can set its consent age limit provided it is not above 16 years. If a child is below the specified age limit, processing their personal data is lawful only if consent is given or authorized by the holder of parental responsibility.

Profiling: GDPR prohibits profiling children in ways that produce legal effects or similarly significant consequences, impacting automated decision-making.

Data Collection and Use: We collect and use your personal data in accordance with this privacy policy. We ensure that your data is handled securely and in accordance with the GDPR applicable laws.

We do not knowingly collect or use the personal information of any intending user who selects a date of birth that is under 16 years while creating an account without parental consent.

By signing up for our services, you agree to our Personal Information practices as outlined in this Policy. You also confirm that you are a parent or guardian with the authority to consent on behalf of your child. Terms not defined here have meanings assigned in our Terms of Service or Privacy Policy.

United Kingdom General Data Protection Regulation (UK-GDPR)
The UK GDPR framework is a data protection regulation that governs how organizations handle personal data of residents in the United Kingdom. It's largely based on the EU's GDPR but with some UK-specific changes post-Brexit.

• Lawfulness, Fairness, and Transparency: Process personal data lawfully, fairly, and transparently.
• Purpose Limitation: Collect data for specified, explicit, and legitimate purposes.
• Data Minimization: Collect only necessary data.
• Accuracy: Keep data accurate and up-to-date.
• Storage Limitation: Store data only as long as necessary.
• Integrity and Confidentiality: Protect data with appropriate security measures.
• Accountability: Demonstrate compliance with these principles.

Data Subject Rights: Individuals have rights over their data, such as access, correction, erasure, restriction of processing, data portability, and objection to processing.

Breach notification: Organizations must report data breaches to the Information Commissioner's Office (ICO) within 72 hours and notify affected individuals if necessary.

Accountability and Governance: Organizations must demonstrate compliance with UK-GDPR principles and maintain records of data processing activities.

Cross-Border Data Transfers: Organizations must ensure adequate protection for personal data transferred outside the UK.

Minor User Access
Under the UK General Data Protection Regulations, a minor is considered anybody less than 13 years old, and it is considered a vulnerable member of society. If a child is below the specified age limit, processing their personal data is lawful only if consent is given or authorized by the holder of parental responsibility.

Profiling: UK-GDPR prohibits profiling children in ways that produce legal effects or similarly significant consequences, impacting automated decision-making.

Data Collection and Use: We collect and use your personal data in accordance with this privacy policy. We ensure that your data is handled securely and in accordance with the UK-GDPR applicable laws.

We do not knowingly collect or use the personal information of any intending user who selects a date of birth that is under 13 years while creating an account without parental consent.

United States Federal and State Data Privacy
For United States residents, we handle your personal data in compliance with relevant federal and state privacy laws, including the Children’s Online Privacy Protection Act (COPPA) and California Consumer Privacy Act (CCPA). This section outlines the information required by the COPPA, CCPA, and other state laws, as well as corresponding details from our privacy policy. Key Elements are:

• Transparency: Organizations must clearly communicate data practices and provide accessible notices.
• Data Minimization: Limit data collection to what is necessary for specific purposes.
• Security Measures: Implement robust security protocols to protect personal data.
• Individual Rights: Consumers have the right to access, correct, delete, and opt out of data processing.
• Accountability: Organizations must demonstrate compliance and accountability through regular assessments and documentation.
Children’s Online Privacy Protection Act (COPPA): Is a United States Federal law that protects the online privacy of children, mandating parental consent for data collection from minors under 13, and to comply with certain rules concerning how personal information collected from such individuals is processed, secured, and disclosed. We are committed to protecting the privacy of our users covered by COPPA. This Policy outlines how eBookquet Network collects, uses, and handles United States User Personal Information.

Under COPPA, parents or guardians can provide consent for online services like eBookquet Network to collect personal information from children under 13 for educational purposes. With parental consent, we collect necessary information from minors to facilitate learning and knowledge sharing. The key elements include:

• Parental Consent: Websites and applications must obtain parental consent before collecting personal information from children under 13 years old. Signed consent can be transmitted via electronic medium.
• Notice: A clear notice must be provided to parents about data collection practices.
• Data Minimization: Only collect information necessary for the activity.
• Data Security: Implement measures to protect collected data.
• Deletion: Delete data when no longer needed.
• Right to Withdraw Consent: Parents have the right to withdraw their voluntary consent anytime.
• Privacy Policy: Organizations must describe their privacy practice, as well as third-party service providers collecting personal information on their websites, for example, plug-ins, analytics, advert networks.
• Third-party: List all third-party service providers (e.g., advert networks, social media plugins) that collect or store children’s personal data via your website or platform.

Data Collection and Use: We collect and use your personal data in accordance with this privacy policy. We ensure that your data is handled securely and in accordance with the COPPA applicable laws.

We do not knowingly collect or use the personal information of any intending user who selects a date of birth that is under 13 years while creating an account without parental consent.

California Consumer Privacy Act (CCPA): The California Consumer Privacy Act (CCPA), enacted in 2018 and effective as of January 1, 2020, draws inspiration from Europe's General Data Protection Regulation (GDPR). The CCPA aims to safeguard consumers' personal data and establish guidelines for businesses handling their data. While primarily targeting California-based businesses, the regulations also apply to out-of-state companies that collect data from California residents. Notably, the CCPA provides enhanced protections, including specific rules for minors under the age of 16 (with particular emphasis on those under 13), to ensure their personal data is handled appropriately. It requires businesses to seek parental consent for children under 13 years old before collecting or selling their personal data.

Businesses, service providers, and third parties handling California consumers' personal data must follow specific rules. Businesses need to be transparent about the personal information they are collecting and sharing. Consumers can request data be deleted and opt out of data collection altogether.

Under the California Consumer Privacy Act (CCPA), Californians have key rights that protect their personal data. These rights include:

• Right to Know: Businesses must disclose what personal info they are collecting.
• Right to Limit Use: Consumers can limit how businesses use and share their personal information.
• Right to Delete: Consumers can request that their personal information be deleted.
• Right to Opt-Out: Consumers can stop businesses from selling their personal information.
• Right to Opt-In: Businesses need consent before selling the personal information of minors.
• Right to Non-Discrimination: Businesses cannot discriminate against consumers for exercising their CCPA rights.
• Right to Private Action: Consumers can sue for data breaches.
• Right to Correction: Consumers can correct inaccurate personal information.

Data Collection and Use: eBookquet Network is committed to protecting the personal information of our California consumers. Although we are not currently subject to the California Consumer Privacy Act (CCPA) as our annual gross revenue is less than $25 million and we handle the personal information of fewer than 100,000 California consumers, we choose to adhere to similar principles and practices to ensure the privacy and security of your data.

We do not knowingly collect or use the personal information of any intending user who selects a date of birth that is under 13 years while creating an account without parental consent.

Parental Consent Form
In different jurisdictions, data protection laws require that anybody who is under the consent age limit is considered a child or a minor and requires parental consent to sign up and use online application services. Therefore, we will not collect or use the personal information of any intending user without parental consent who selects a date of birth below the consent age limit in their jurisdiction while creating an account.

eBookquet Network uses a “Consent Form” that contains the necessary information according to different jurisdiction consent age limits for a legal parent or a guardian to give consent to their children before using our services.
• Kindly read the information in the Consent Form –the Consent age limit and Custodianship Agreement giving consent. Please ensure that you have the right to give consent to the requester. It is against the law to give false information, and you could be prosecuted within the applicable laws in your jurisdiction.
• Our Privacy Policy is clearly displayed in the Consent Form. We advise you to read and understand our Children’s Protection and Privacy Policy before consenting to the request. However, you can opt out of the consent agreement at any time. Please note when you opt out, the account of your child will be suspended for one week. Within the suspension window, you can reinstate the account if use so wish. If there is no reinstatement and the suspension window elapses, the account and personal information will be permanently deactivated from our system. However, if you want to permanently deactivate your child’s account and personal information, kindly send us a request to support@ebookquet.com. You will get an acknowledgement response within 72 hours of your request. We will act on the request after verifying your relationship with the account holder before deactivating the account permanently.
• We advise parents to help their children create an account to avoid using the wrong information while creating an account.

Ongoing Rights
At eBookquet Network, we prioritize your right to control your personal information. As a user, you have ongoing rights over your data, including your child's information if you are a parent. We're committed to upholding our Privacy Policy and complying with data privacy laws. Here is what that means for you:

• Know Your Data: You have the right to know what personal data we collect, use, or share.
• Data Collection Control: You decide how your personal data is collected and used.
• Access Your Data: You have the right to request information on your processed personal data by contacting us at privacy@ebookquet.com
• Withdraw Consent: You can withdraw your consent for data use, as outlined in our Privacy Policy. We ensure consent is voluntary and informed, with explicit written consent for sensitive data. For minors under the consent age limit, consent is obtained through their legal custodians, in line with our Children’s Privacy Protection Policy. Manage marketing preferences and unsubscribe from messages anytime via our website or opt-out instructions in marketing messages.
• Automated Decision Protection: You are protected against automated decisions under applicable personal data laws and regulations.
• Data Update: You have the right to request for rectification of your personal data to keep it accurate and up-to-date.
• Data Deletion: You have the right to request data deletion, except where retention is legally necessary or technically required.
• Data Portability: You can request your data and transfer it to another controller, subject to laws and technical processing times.
• Marketing Opt-Out: You have the right to object to direct marketing and restrict processing.
• Limited Disclosure: You can limit data disclosure to third parties, except when necessary for our services.
• Processing Restriction: You can object to data processing and notify us verbally or in writing if you disagree.
• No Discrimination: Exercising your rights will not lead to discrimination under applicable laws.
• Submit a Complaint: You can file a complaint with the Data Rights Regulatory Body. In Nigeria, you have a right to lodge a complaint with the Nigeria Data Protection Commission.
• Notice of Changes: We will notify you of material practice changes and obtain consent if needed.

Data Protection
We prioritize the security and confidentiality of your personal information, using a combination of physical, technical, and administrative measures to protect it from loss, misuse, or unauthorized access. Our security protocols include data encryption, firewalls, access controls, and regular updates to ensure compliance with industry standards. We limit access to authorized personnel and maintain a data breach procedure to respond promptly to incidents. In the event of a breach, we will report it to the relevant authorities within 72 hours and take necessary steps to secure your information. If you suspect a breach or compromised access credentials, please contact our Data Protection Officer (DPO) immediately at privacy@ebookquet.com.

Data Storage
We may store and process your personal data in your region or in any other region where our affiliates or service providers have facilities. Usually, your data is stored primarily in your region, with a backup in another region for added security. We choose storage locations based on efficiency, performance, and redundancy to ensure your data is protected in case of outages or issues. We will process your data according to this Policy and applicable laws.

Data Retention
Personal data is retained only as long as necessary for the purposes stated in our policy and to meet our services, legal, regulatory, tax, and reporting requirements. We retain user Personal Information only as long as necessary to access our Services. Except for disposal in response to a valid deletion request or because eBookquet Network otherwise determines that data is no longer necessary for the provision of the Services, user Personal Information will be retained for as long as it is an active user of our Services, and/or to fulfil our legal obligations.
The duration for storing personal data will be determined by, among other factors:
• As long as necessary to provide our services to you.
• While your account is active and we have your consent.
• If we have a lawful basis for retaining the data beyond the original purpose.

Data Deletion
eBookquet Network will return, delete, or destroy your personal data according to our data retention policy, unless the law requires us to keep it.

You can request that we delete your personal data at any time. We will take reasonable steps to erase your data from our systems, unless we need to keep it for legitimate business purposes, to comply with laws, or resolve disputes or security, or fraud. To request deletion, email us at privacy@ebookquet.com with enough information to verify your identity. We aim to process your request within 30 days and let you know once it is done or if some data cannot be deleted due to legal reasons.

eBookquet Network, along with its sub-processors and employees, will not retain copies of your personal data unless legally obligated to do so. In such cases, retention will be limited to the extent and duration required by law. Our commitment to safeguarding your data remains in effect until it is returned, deleted, or destroyed.

If you ask us to delete your data, it might affect your experience and limit your use of some services that rely on your personal information. Deleting essential data could make certain services unavailable. Please note that exercising your rights will not lead to any discrimination.

Data Transfer
We may transfer user data, including personal data, to third-party service providers and partners located in countries outside of your country of residence, which could involve transferring your personal data internationally. These transfers are made to facilitate the operation of our application, including processing delivering eBooks, payments, and providing customer support. We will ensure your data remains protected according to our policy and applicable laws, regardless of storage location.
For international data transfers, we implement robust security measures, comply with relevant regulations, and utilize contractual terms or other safeguards to protect your data. If data is transferred to a country with limited data protection laws, we will obtain your consent and inform you of potential risks. We will always prioritize secure transmission of your personal information. When transferring data across borders, we ensure that appropriate safeguards are in place to protect your data, such as:
• Implementing standard contractual clauses (SCCs) or other approved contractual mechanisms.
• Ensuring that third-party service providers adhere to our data protection policies.
• Encrypting sensitive data during transmission.

Business Transfers: In the event of a merger, acquisition, or business transfer, we may transfer collected data to the new entity. We will notify you in advance, and any acquiring company must adhere to this policy's terms, including notifying you before making significant changes.

By accepting this policy or providing your personal data, you consent to these transfers and processing. We will take reasonable steps to ensure your data is treated securely and transferred only according to applicable laws and to parties with adequate security controls.

Data Sharing
We may share your data, including personal data, with third parties for collaboration, analysis, or other purposes in the following circumstances:
• Service Providers: We share data with third-party service providers who assist us in operating the application
o Integrated Third-party Services: We share data with third-party services to enhance the application’s functionality, user experience, or operational efficiency. For example, hosting server, video-conferencing, analytic tools, etc.
o Customer Support Services: We may share personal data with third-party service providers who help us with specific functions, such as customer support, auditing, and data processing. These providers only access the data needed to perform their services, and we ensure they are bound by a written contract to protect your data in line with our Privacy Policy.
• Legal Requirements: We may share data if required by law, regulation, or court order, or to respond to lawful requests from public authorities.
• Security: We prioritize security, safety, and rights protection. We will disclose personal data when necessary to users, maintain service security, prevent cyberattacks, and safeguard our systems.
• Mergers and Acquisitions: In the event of a merger, acquisition, or sale of assets, we may transfer user data to the acquiring entity.

Our website and applications also work with third-party analytics and advertising companies that collect personal data, like marketing information, demographics, content, location, and device details (including cookie IDs, device IDs, and IP addresses). These companies might combine your data from multiple sites to improve their analytics and services. For example, we use Google Cloud Suite Analytics to understand how you use our site - you can see how Google Cloud Suite handles your data at https://cloud.google.com/terms/cloud-privacy-notice. Some of our services also link to or integrate with third-party services that have their own privacy rules. If you share personal data with these third parties, their policies will apply. We might share your info without identifiers like names or addresses in accordance with applicable laws.

We do not sell user data to third-party advertisers or marketers. Our primary goal is to provide a secure and seamless experience for our users while protecting their personal data.

Data Disclosure
We treat your personal data like our own confidential information, protecting it with reasonable care from unauthorized access, misuse, or disclosure. We only share it with third parties if it is necessary for our services or if you give us written consent, following applicable data protection laws.

We may share your personal data with:
• Service Providers: Third-party service providers who help us provide services, such as payment processors, cloud storage, or customer support.
• Partners: Partners who offer complementary services or products, but only with your consent.
• Authorities: Law enforcement, regulatory bodies, or other authorities, when required by law or to comply with a legal obligation.
• Transfers: We may transfer personal data to countries outside your country of residence, ensuring adequate protection measures are in place, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).

Data Processing
eBookquet Network processes your personal data lawfully under the following conditions:
• Compliance with Law: To comply with applicable laws, regulations, or legal obligations.
• Your Consent: When you have given us specific consent for a particular purpose.
• Legitimate Interest: We process your data for the purposes of ensuring network and information security, fraud and crime prevention, handling user enquiries and resolution of issues, and enhancing overall user experience.
• Lawfulness: We process personal data lawfully and transparently.
• Fairness: We process personal data fairly and in accordance with your reasonable expectations.
• Transparency: We provide clear and concise information about our data processing activities.
• Purpose Limitation: We process personal data for specified, legitimate purposes.
• Data Minimization: We collect and process only the minimum amount of personal data necessary.
• Accuracy: We ensure personal data is accurate and up-to-date.
• Storage Limitation: We store personal data for no longer than necessary.
• Integrity and Confidentiality: We implement robust security measures to protect personal data.

Data Security and Confidentiality
At eBookquet Network, we prioritize the security of personal data. To comply with applicable laws and regulatory guidelines, we retain the data you provide for as long as necessary. When transferring data to countries outside your residence, including outside Nigeria, we implement adequate security measures to ensure data protection.

We take steps to ensure personal data is processed and protected according to this Privacy Policy and applicable laws, regardless of data location. We adhere to Data Protection and Privacy Laws, protecting confidentiality, security, and integrity of personal information, especially for children.

We prioritize the security of your information, storing it on encrypted servers with restricted access to authorized personnel only. We have implemented robust physical, electronic, and procedural safeguards to protect your data from unauthorized access, modification, or erasure. Our security measures include:

• Encryption: We encrypt data in transit and at the hosted databases to keep data at rest to ensure confidentiality, integrity, and authenticity.
• Password Protection: Access to user personal information requires login authentication, so keep your credentials confidential and choose a strong password.
• Firewalls: Industry-standard firewalls detect and protect against malicious traffic.
• Incident Response: We have a plan in place for data breaches, complying with applicable law requirements, including direct notification to impacted users and regulatory bodies.
• Continuous Monitoring: We regularly monitor for vulnerabilities, perform vulnerability testing, and engage third-party penetration testing to ensure service security.

While we implement robust security measures to protect your personal data, no system is completely immune to potential breaches. In the unlikely event of a breach, we shall act swiftly in accordance with our Personal Data Breach Management Procedures. This includes notifying the relevant regulatory body within 72 hours and, where necessary based on the severity and potential impact, keeping you informed about the breach, the steps we have taken, and the measures we are implementing to prevent recurrence. Our employees are also bound by confidentiality obligations.

Given the nature of internet data transmission, we want to be transparent that while we strive to use commercially viable security protocols, absolute security cannot be guaranteed when transmitting data electronically. By choosing to transmit data online, you understand that you are doing so with awareness of these risks.

Payment Services
For paid products or services within our Service, we partner with third-party payment processors to handle transactions. Your payment card details are shared directly with these processors, and we do not store or collect this sensitive information. Their use of your data is governed by their own privacy policy, and they comply with the PCI-DSS standards set by the PCI Security Standards Council, ensuring the secure handling of payment information.

When you make payments and fund your wallet, your details are stored in an encrypted mode in your BookHut and/or Bookquet wallet. You play a key role in keeping your information secure by maintaining confidentiality and choosing strong passwords while making payments through the third-party payment platforms. We currently use Paystack payment services. You can read their privacy policy at https://paystack.com/terms.

Compliance and Security Audits
eBookquet Network engages external auditors to verify the adequacy of its security measures and ensure compliance with its obligations under this Privacy Policy. These audits:
• Is conducted at least annually.
• Adhere to applicable International Standards.
• Performed by independent third-party security professionals selected and paid by eBookquet.
• Result in certificates and/or audit reports confirming that data security controls meet prevailing industry standards, as per attestation standards set by the International Standards Organization or equivalent standards.
• Audit Report and Summary: Upon written request, eBookquet Network will provide a redacted summary of the audit report to the user free of charge. The report will be treated as eBookquet’s confidential information under the confidentiality provisions of this Privacy Policy.
• Data Protection Audit Conditions: Data Protection Audits will not involve access to other eBookquet Network users' data, systems, or facilities not related to Personal Data processing for users. eBookquet will not breach confidentiality obligations to any third party.

Data Privacy Request Process
To exercise your data privacy rights, please submit a formal request to privacy@ebookquet.com. We will respond within 7 working days to confirm receipt and may ask for additional information to verify your identity.

Verification Process: We will record your request and verify your identity using the details provided and a valid identification card. If a third party makes the request, we will verify their authority to act on your behalf and may contact you to confirm their identity and request your consent.

Responding to Your Request: Once your identity is verified, we will gather the relevant information in a concise, transparent, and accessible format, using clear language. We will provide the information in writing, electronically, or orally, once your identity is proven. We may contact you for further information to expedite our response.

Fees and Response Time
• We will respond to your request within 1 month, or longer if it is complex, and keep you updated.
• If we cannot act on your request, we will inform you within 1 month with reasons and complaint options.
• If your rights are violated, we will investigate, report, recover/correct personal data, and enhance controls.
• Information will be provided free of charge, unless requests are manifestly unfounded or excessive, in which case we may:
o Charge a reasonable administrative fee.
o Refuse to act on the request and notify the regulatory body.

Limitations on Accessing Your Data
We may deny your access request if:
• Required by law.
• To protect you or someone else's vital interests.
• It is in the public interest or part of our official duties.

Cookies Policy
Cookies are small text files stored on a user's device (computer, phone, personal device, etc.) when they visit a website or use an application. They help track user activity, remember preferences, and enable essential features. Our cookies collect anonymous, aggregated data only. We do not store personal information in cookies or use them to identify individual users. Our cookie policy is in compliance with applicable laws in the environment we operate.

• Notice at Collection: We inform users about cookie collection and purposes at or before collection.
• User Consent: We obtain explicit consent before storing or accessing cookies, except for strictly necessary cookies.
• Right to Withdraw Consent: We allow users to withdraw consent as easily as they gave it.
• Opt-out Option: We provide a clear and conspicuous link to opt-out of cookie-based sales or sharing.
• User Rights: We honor user requests to access, delete, or opt-out of cookie-based processing.
• Cookie Banner or Pop-up: We display a prominent cookie notice upon first visit.
• Cookie Settings: We provide an easy way for users to manage cookie preferences.
• Third-party Cookies: We ensure third-party vendors comply with relevant regulations.
• Data Minimization: We only collect and process data necessary for intended purposes.
• Security Measures: We implement appropriate security measures to protect user data.
• Regular Updates: We keep cookie policies up-to-date and reflect changes in regulations or practices.

Required Cookies: We use essential cookies to make our website work, like logging you in, user authentication, saving language preferences, and improving performance. These cookies are necessary and do not require consent.

Session Cookies: These help us operate our Services smoothly.

Preference Cookies: These remember your preferences and settings, making it easier for you to use our platform.

Security Cookies: These protect your data and ensure a secure experience.

Third-party Cookies: We use third-party cookies to enhance our services, including:
• Analytics Cookies: We and third parties use these cookies to understand website usage and improve our websites.
• Social Media Cookies: We and third parties use these cookies to show targeted ads and content based on your profiles.
• Advertising Cookies: We and third parties use these cookies to display relevant adverts, track ad performance, and for payment purposes

These third-party cookies are set by companies we partner with, such as site analytics providers, content deliverers, and advertisers. They process data according to their own privacy policies.

You can set your browser to decline all cookies or set up alerts to notify you when websites are setting or accessing cookies. This can usually be done through your browser settings. Declining cookies might limit your access to certain parts of our website, as some features require cookies to function properly.

Liability
By using our services, you acknowledge that eBookquet Network relies on the accuracy and completeness of your personal information. To the extent permitted by law, we shall not be held liable for any claims arising from actions or omissions based on the information you provide. By signing up or giving consent, you affirm the information you provide is accurate and true as far as you know. Providing false information on purpose could have legal consequences and violate these Privacy Terms.

Policy Violations
If you think your Privacy is violated, please let our Data Protection Officer know at dpo@ebookquet.com so we can take the necessary actions.

If we believe you have violated our Policy and Terms of Service, we may take action without notice, including suspending or terminating your access, ending our business relationship, taking legal action, disclosing information to affected parties or law enforcement, and charging fees or penalties.

Data Accessors
We share your information with trusted parties, including:
• Authorized Personnel: Employees, contractors, or agents with legitimate access.
• Third-Party Providers: External parties processing or storing data on our behalf, who may access your data to ensure quality service.
• Partners: Affiliate third parties with similar privacy standards for the same purposes.
• Specialized Service: Professional service providers, like IT experts.

Service Providers and Sub-processors
To enhance our Service, we may collaborate with third-party providers who act on our behalf. These partners may have access to your personal data solely to perform specific tasks and are bound by obligations not to disclose or use it for other purposes.

Third-Party Privacy Links

S/n Service Provider Service Privacy Policy
1 GitHub, Inc A software development platform that enables developers to host, preview, integrate, and manage code. GitHub - github/site-policy

2 Namecheap Cloud hosting https://www.namecheap.com/legal/general/privacy-policy/

3 Google Cloud Suite A tool that helps us understand how users interact with our website and application. Continuous Integration/Continuous Deployment (CI/CD) https://cloud.google.com/terms/cloud-privacy-notice

4 LiveKit Real-time communication for video conferencing, interaction, livestreaming, and polling. https://livekit.io/legal/privacy-policy

5 Paystack Online payment solution. https://paystack.com/terms

6 Firebase Real-time database synchronization. https://firebase.google.com/support/privacy

7 Web STMP Email services. https://wpmailsmtp.com/privacy-policy/

8 Smartsupp Customer service live chat https://help.smartsupp.com/en_US/privacy-legal/privacy
https://help.smartsupp.com/en_US/privacy-policy/

Governing Law
Jurisdiction: By using this website, you agree that any legal disputes will be interpreted and governed by the laws of the Federal Republic of Nigeria. All disputes arising out of or relating to these terms, your use of the website, or any services provided shall be subject to the exclusive jurisdiction of the courts located in Nigeria.

Compliance with Local Laws: You are solely responsible for compliance with all applicable local laws (except those laws that have extra-territorial applications and are binding on eBookquet Network) if you access or use the Services outside of Nigeria. We make no representations that the Service or its content is appropriate or available for use in other locations.

Privacy Policy Update
We will keep our Privacy Policy up to date with the latest technology and services, making changes as needed to meet legal standards. If we make major updates to how we handle your personal data, we will let you know or get your consent if required by law. The updated policy shall go into effect on the date posted on our website.

This Policy should be read in conjunction with other eBookquet Network Policies, as we regularly update them to meet evolving user needs and standards. Be sure to review the specific sections in each policy for additional details and relevant information. Our other policies are: Terms and Conditions and Intellectual Property Rights to learn more.

Note: This Policy was last updated on 20th July 2025 and should be read in conjunction with other eBookquet Network Policies, as we may update them periodically to meet evolving user needs and our objectives. The latest version is always available at https://ebookquet.com/data-privacy.

For more information on Data Collection, Usage, Protection, Privacy, and data privacy rights, contact our Data Protection Officer (DPO) at:
House 4,
Victoria Garden City,
Lekki, Lagos,
Nigeria.
+234 (0) 903 1995 380; (0) 706 756 2810
dpo@ebookquet.com.

Last updated: 27 October 2025.