Privacy Policy
Privacy Statement
Your privacy is a top priority for The Social History Archive. We are dedicated to looking after your personal information in a way you feel is 100% safe and secure, handling it in a responsible manner and complying with data protection laws. When it comes to your privacy, we promise to:
- Make it easy for you to understand how we use your personal information and your rights
- Be honest about the personal information we collect and why we collect it
- Give you control over the personal information you provide to us
Our full Privacy Statement is below and we suggest you take the time to read and understand it.
Contents:
- About Us
- Information we collect
- How we use your information
- Communications
- What if I don't provide some or all of the information requested?
- What grounds (legal basis) are we processing the data under?
- Sharing your information with third parties
- Sale of the Business
- Cookies
- How we protect your information
- Your rights regarding your Personal Information
- Right of complaint to the Regulator for Data Protection
- How long we hold your data for
- Links to third-party websites
- Updates to this policy
- Contacting us
- Privacy Notice for Residents of California
- Nevada Resident Rights
Note: If you are a resident of California, please turn to Section 17 of this Policy to see the Privacy Notice we have created for you in accordance with the California Consumer Privacy Act (CCPA). You may also like to read the rest of this Policy for more details of how we process your personal information, in particular, Section 8 (Sale of the Business), but please be aware that as California residents, Sections 5 and 11 will not be relevant to you. If you have a disability, you may access this Privacy Policy in an alternative format by contacting [email protected]
1. About Us
This website www.thesocialhistoryarchive.com is owned and operated by Findmypast Limited (FMP), a company registered in England and Wales no. 04369607, registered at
185 Fleet Street, London, England, EC4A 2HS. We are also registered with the UK Information Commissioner's Office and our registration number is Z6639808.The Social History Archive is committed to protecting your privacy and maintaining the security of any personal information you provide to us. You can contact our Data Protection Officer with any queries or requests regarding the data we hold about you. They can be contacted at [email protected] or by post to
Data Protection Officer, 185 Fleet Street, London, England, EC4A 2HS.In the United Kingdom, Personal information is information or an opinion about an identified, or reasonably identifiable, individual. We strictly adhere to the requirements of the Data Protection laws and regulations that apply to our business, including but not limited to:
- The UK Data Protection Act, 2018 and the UK General Data Protection Regulation (UK GDPR)
- The Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles in the Privacy Act
- The New Zealand Privacy Act 2020 (NZ Privacy Act), including the New Zealand Privacy Principles in the NZ Privacy Act
- The California Consumer Privacy Act (CCPA)
2. Information we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include information where the identity has been removed (anonymous information).
The Social History Archive is an academic publisher of primary source collections for teaching and research. Our digital resources are used for educational purposes and our customers are academic institutions and libraries.
We process the following different types of personal information: licensed material personal data, copyright personal data and user personal data. More information on each is set out below.
Sometimes we obtain personal information, such as names and addresses and other contact details, from libraries and other archive holders. This information is used by us for researching and contacting copyright holders to request permission to include primary source material in our resource. We call this copyright personal data.
In the course of providing our Services, we collect and use specific data to ensure proper account creation and maintain network security. During the first registration, we obtain and record the full name and email address of Institution staff or students to create a user account. This information is retained solely for the purposes of the initial registration and is deleted thereafter. Additionally, we obtain, record, store, analyze, and transmit IP address data to log account usage and ensure network security. The IP address data is retained in accordance with our [IT Security Policy]. The collection and processing of the full name, email address, and IP address of Institution staff or students are essential for user account creation and maintaining a secure network environment.
3. How we use the information
We will use your personal information for a number of purposes including:
- To manage our website (including your account);
- For administration purposes. This means we may contact you regarding goods or services ordered or online content you have signed up for, to let you know that a service or online site has been suspended for maintenance, if your subscription is about to expire to ask if you wish to renew it, or if an online account has become dormant to ask if you wish to retain the account before we close it;
- To provide advanced website features to you and others;
- (For IP addresses and device identifiers) to identify the location of users, to establish the number of visits from different countries to limit/cap adverts of a certain type, and to personalise content and emails;
- To undertake analysis and research to improve our services and goods offered;
- To improve your search results;
- To tailor a certain amount of advertising to individual users based on viewing and/or purchase habits. This is a common practice known as online behavioural advertising;
- To conduct surveys with you (where you have consented to us contacting you for such purpose);
- To provide personalised communications (more details below);
- To offer users a more relevant, tailored service, based on our analysis of personal information you provide and your activity on our (and other) services; and
- To undertake marketing and strategic development activities, where we will only use and disclose information in aggregate (so no individuals are identified).
4. Communications
Communication types
Service messages
This applies only to the account manager or buyer of the product. We send service emails to you to administer the service. Service emails include registration and payment confirmations and emails that provide useful information about how to use a service or feature when you sign up or start using it. We will also send you a service email if we make a fundamental change to the website, or to our terms & conditions that we think we need to make you aware of, or to let you know important information about your account.
Marketing messages
This applies only to the account manager or buyer of the product. We use your email address to update you on new products, services and subscription offers. We will only contact you with your consent. You are entitled to withhold this consent and refrain from receiving such communications by contacting us by email at [email protected], by calling +44 (0)20 3326 6300 [UK, IE, AU] / +1 (855) 246-8234 [US] or by post to
Findmypast, 185 Fleet Street, London, England, EC4A 2HS. We will always provide you with a way of opting out of receiving future marketing messages from us each time we send them to you.5. What if I don't provide some or all of the information requested?
This applies only to the account manager or buyer of the product. The impact of this will depend on what information you withhold, but the main impacts may be:
- We will not be able to process or fully process your order;
- We will not be able to contact you to let you know of problems regarding your order or the goods/services provided;
- We will not be able to respond fully to requests and queries you may have;
- We cannot personalise the service you receive. So, if you are online you will have to search more for the content type you normally view or for similar/related products; and/or
We won't be able to limit online adverts to products or services you have shown interest in and so you may receive adverts that are not related to your interests.
6. What grounds (legal basis) are we processing the data under?
There are a number of grounds under which we process your personal information. These are:
- Contractual – we need the information to perform the contract for goods or services you have requested/ordered including payment, delivery etc;
- Legal – should we be legally required to contact you concerning a purchase or service;
- Legitimate interest – this means the processing is in Findmypast's interest. It allows us to manage the customer relationship effectively and efficiently and improve the goods and/or services we provide by better understanding how our online provisions are used and which goods are popular with which groups of individuals; and/or
- Consent – where you have given us consent to market to you.
7. Sharing your information with third parties
We may from time to time share your personal information with third parties for the purposes of providing you with our services, understanding how you use them, and making them better. Our third-party providers include payment processors, providers of card validation services, credit referencing providers, providers of website analytics, and the provider of our subscriber referral program. Please note that we do not keep a record of your credit or debit card data and our payment processors do not decide what is done with it, they only process it on our behalf.
We share your information when we have a legitimate interest in doing so, or to fulfill our contract with you. The third parties with whom we share it may not be located in your country of residence; however, we only use providers that ensure adequate protection for your personal information at all times. When we transfer your personal information to a third party in another country, we use recognised mechanisms for ensuring it is properly protected, which include:
- The country in question is subject to the same Data Protection regulation (for example, when we transfer data from one EU country to another, GDPR will apply in both);
- The country in question has been deemed safe for data transfer by the European Commission (also known as an 'adequacy finding'); or
- The contract for data processing contains contractual provisions approved by relevant Data Protection regulators (for example, the standard contractual clauses laid down by the European Commission to safeguard the transfer of personal information, or the International Data Transfer Agreement approved by the UK Information Commissioner's Office).
We also take reasonable steps to ensure that any such overseas recipients do not hold, use or disclose your personal information in a way that is inconsistent with the obligations imposed under the Privacy Act and the Australian Privacy Principles in the Privacy Act, or the NZ Privacy Act and the New Zealand Privacy Principles in the NZ Privacy Act, or the California Consumer Privacy Act.
We will disclose your personal information in order to comply with any legal obligation. This includes disclosing information to organisations for the purposes of fraud protection, credit risk reduction, or the order of a court or regulator.
We also share your details with service providers who assist us with hosting our marketing campaigns and surveys but only in cases where you have consented to marketing or surveys. We will not provide your personal information to other third parties for marketing purposes.You are entitled to decline communications by contacting us by email at [email protected] or by post to
Findmypast, 185 Fleet Street, London, England, EC4A 2HS.8. Sale of the Business
All of your personal information that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.
9. Cookies
This website uses cookies. For more information about what cookies are, what we use them for and how you can delete them, please read our cookies policy.
We do collect some information from cookies and similar software that allows us to understand how you arrive on our websites and use and navigate around them so we can improve the sites. We obtain some information from Google Analytics.
10. How we protect your information
We are committed to international security standards and Findmypast are ISO 27001 certified for our information security controls. Findmypast follows strict security procedures in the storage and disclosure of personal information which we receive and that you have given us, to prevent unauthorised access to, and loss, misuse or alteration of your information in accordance with the Privacy Act, the NZ Privacy Act, the California Consumer Privacy Act and UK Data Protection legislation.
You are responsible for keeping secret any confidential passwords or other login or access details that you select or which we allocate to you. While we take steps to ensure the security of your information, there is a risk that any information transmitted over the Internet and stored on a computer may be intercepted or accessed by an unauthorised party. If you think that someone has accessed your information held by us without your permission or gained unauthorised access to your login details, you must notify us at [email protected].
We also recommend that if you use a shared computer or a computer in a public place such as a library that you close your browser when you have finished your session.
11. Your rights regarding your Personal Information
You have a number of rights with respect to your personal information, which are:
- Correcting your Information
- You are entitled to have your personal information updated to ensure it is up to date and accurate. In order to maintain the accuracy of the information we hold, you can update your personal details through your 'My Account' page or by sending us an email to [email protected].
- Obtaining a copy of your Information
- You have the right to receive a copy of the personal information we hold about you. You can do this by contacting [email protected] from the email address attached to your account, providing the full name attached to your account.
- Deleting your information
- You can request that we delete personal information in certain circumstances. These will be specific to each case. You can do this by contacting [email protected] from the email address attached to your account, providing the full name attached to your account.
- Data Portability
- You have the right to ask us to transfer the personal information that you have given us to another controller.
- Restricting Processing
- You can request a restriction on the processing of your data in some limited circumstances. Examples are concerns over data accuracy or we no longer need to hold your data but you have requested its retention by us to aid you in a legal matter. You can do this by contacting [email protected] from the email address attached to your account, providing the full name attached to your account.
- Right to object to Processing
- You have the right to request that we stop processing your data for marketing purposes and in other limited circumstances such as asking us not to process your data by wholly automated means or not to analyse your information for targeted content etc. (also known as profiling).
You can action any of these rights by contacting our Customer Support Team or by contacting us by email at [email protected] or by post to
Data Protection Officer, Findmypast, 185 Fleet Street, London, England, EC4A 2HS.12. Right of complaint to the Regulator for Data Protection
Please direct all privacy complaints to us. At all times, privacy complaints:
- will be treated seriously;
- will be dealt with promptly;
- will be dealt with in a confidential manner; and
- will not affect your existing obligations or affect the commercial arrangements between you and us.
We will acknowledge your complaint within [14] days of receipt and endeavour to resolve it within [30] days, unless we inform you otherwise and seek your agreement in writing.
We will commence an investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation. In the event that you are dissatisfied with the outcome of your complaint, or an extension to the time in which we will resolve it, you may refer the complaint to your data protection authority.
United Kingdom
The data protection laws in the UK are regulated and enforced by the Information Commissioner's Office (ICO). Each individual has the right to raise a concern/complaint to the ICO if they have any concerns about how their personal information and/or privacy is treated. You can do this via the ICO's website, follow the links or have an online Live Chat.
Call the ICO helpline on 0303 123 1113
Email [email protected]
Postal address: Information Commissioner's OfficeWycliffe House
Water Lane
Wilmslow, Cheshire,
SK9 5AF
Ireland
Data Protection Commissioner
Phone: +353 57 8684800
Email: [email protected]
https://forms.dataprotection.ie/contact
21 Fitzwilliam Square SouthDublin 2
D02 RD28
Ireland
Australia/New Zealand
The office of the Privacy Commissioner in New Zealand (the entity that regulates privacy laws in New Zealand) or the Office of the Australian Information Commissioner (OAIC), which is the entity that regulates privacy laws in Australia. You can do this via the OAIC website or the New Zealand Privacy Commissioner website (as relevant) and follow the links.
California & Nevada
For residents of California and Nevada please review sections 17 and 18.
13. How long we hold your data for
Some of the information you provide to us will be necessary to carry out repeated tasks, such as verifying your identity or payment details when signing in to use an account, providing our services to you or when you are using an online checkout. We will keep this information for as long as you remain a registered user of any of our sites and for so long as reasonably necessary. After this time, we may need to hold your personal data in order to meet our financial obligations or identify or resolve issues or causes of action. If your account is inactive for more than ten years and you are no longer paying for a service, we reserve the right to delete any information you have provided to us, including all information in your family tree, unless we are otherwise required or authorised by law to retain the information.
14. Links to third-party websites
Our website contains links to other websites belonging to third parties which are not covered by this privacy policy. If you want to go through to a third-party website, please make sure that you read the privacy policy for that website.
15. Updates to this policy
We may update this policy at any time without notice. We may tell you that we have updated the policy by emailing you at the email address you have provided to us and/or by posting an announcement on the website. By continuing to use the website after we have emailed you or posted a notice informing you of an update, you accept the changes to this Policy.
Privacy statement last updated .
16. Contacting us
If you live in California and would like a PDF version of this policy, please contact our customer support team.
If you have any questions about privacy or wish to update your details or have them removed from our mailing list at any time, please contact us at:
Email: [email protected]
Phone: +44 (0)20 3326 6300 [UK, IE, AU] / +1 (855) 246-8234 [US]
Post:
Data Protection Officer, Findmypast, 185 Fleet Street, London, England, EC4A 2HS17. Privacy Notice for Residents of California
This Privacy Notice for California Residents supplements the information contained in The Social History Archive's Privacy Policy above and applies solely to all visitors, users, and others who reside in the State of California (”consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Notice.
A. Personal Information We Collect
We collect a variety of personal information about our visitors, users and other people who reside in California. For the purpose of this Section 17, as defined by the CCPA, “personal information” means information that identifies, relates to, describes or references a particular consumer, household or device. It can also include information that could be associated or linked with a particular consumer, household, or device. However, personal information does not include:
- Publicly available information from government records, or
- Information that cannot be used to identify a consumer, household or device because it has been anonymised.
In particular, we have collected the following categories of personal information from our consumers within the last twelve (12) months:
Category of personal information | Examples | Where we source this information | Why we process this information | Third parties we share this information with |
---|---|---|---|---|
Identifiers | Your unique personal identifier(s) such as an online userID, Your I.P. address | From you, the consumer, when you register to use our products and services (with your consent) | To manage your account with us, including any free trial To tailor our products and services to your needs and circumstances To administer our products and services and ensure they work correctly and securely. To analyse and research how our products and services are used To enable us to send you surveys | Companies who help to provide our technology such as our databases, customer relationship management system and document storage Companies who process payments on our behalf, Companies who help us with marketing campaigns, advertising and surveys Where required, law enforcement agencies |
Internet activity | Information about your activity on our website Information about how you use our products and services, including things you search for (such as particular records) | From you, the consumer, via cookies we place on your device, third party analytics providers (such as Google Analytics) | To communicate with you To tailor our products and services to your needs and circumstances To analyse and research how our products and services are used and can be improved To provide you with advanced website features such as search 'hints' To improve your search results on our site | Companies who help to provide our technology such as our databases, customer relationship management system and document storage Companies who help us with marketing campaigns, advertising and surveys Where required, law enforcement agencies |
Geolocation data | Your I.P. address Your device identifier(s) | From you, the consumer, via cookies we place on your device and third party analytics providers (such as Google Analytics) | To understand where our consumers are located To analyse and research how our products and services are used and can be improved To assist with marketing and advertising | Companies who help to provide our technology such as our databases, customer relationship management system and document storage Companies who help us with marketing campaigns, advertising and surveys Where required, law enforcement agencies |
Inferences drawn from other personal information | Information we have inferred about your preferences or characteristics, based on other information we hold about you | From our internal records From you, the consumer, via cookies we place on your device and third party analytics providers (such as Google Analytics) | To communicate with you To analyse and research how our products and services are used and can be improved To assist with marketing and advertising To enable us to send you surveys | Companies who help to provide our technology such as our databases, customer relationship management system and document storage Companies who help us with marketing campaigns, advertising and surveys Where required, law enforcement agencies |
B. Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we do this, we enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract or as otherwise permitted under the CCPA.
We share your personal information with the following categories of third parties:
- Analytics Partners. These parties provide analytics on web traffic or usage of the products or service. They include:
- Companies that track how users found or were referred to the products or services
- Companies that track how users interact with the product or services
- Companies hosting our technology such as our databases, customer relationship management system and document storage
- Companies who help us to keep our technology and services secure and to prevent and detect fraud
- Companies who support our marketing and advertising activity
- Companies who help us to conduct consumer surveys
- Our parent company (D.C. Thomson & Co. Ltd, a UK-registered company)
- Law enforcement agencies, if we are legally required to do so.
- Parties you authorise, access or authenticate
Disclosures of Personal Information for a Business Purpose
In the past 12 months, we have disclosed the following categories of personal information for a business purpose:
- Identifiers
- Information that relates to characteristics that are protected under California or federal law
- Internet activity
- Geolocation data
- Sensory data
- Inferences drawn from other personal information
- Personal information categories per The California Customer Records statute
For business purposes we disclose your personal information to the categories of third parties listed in the table under “Personal Information We Collect”, above – see the column “Third parties we share this information with”.
Sales of Personal Information
In the past 12 months, we have not sold personal information.
Based on our current understanding of the CCPA, we do not “sell” your personal information as defined in the legislation. However, like many companies that operate online, we do use services provided by Google. Use of these services could constitute a “sale” of personal information under the CCPA if you did not consent to your activity being tracked in this way. If you wish to withdraw your consent, you can change your browser settings to disable cookies - please see our cookie policy for information on how to do this.
Data that is not personal information
We may create aggregated, de-identified or anonymised data from the personal information we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymised data and share it with third parties for our lawful business purposes, including to analyse, build and improve our products and services and promote our business, provided that we will not share such data in a manner that could identify you.
Security and Retention
We seek to protect your personal information from unauthorised access, use and disclosure using appropriate physical, technical, and administrative security measures and storage and processing practices based on the type of personal information. For example, our website uses industry standard HTTPS protocols which encrypt your connection to us and the personal information you provide to us using Transport Layer Security (TLS) technology. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data or storing data over the Internet is completely secure. We cannot guarantee the complete security of any data you share with us, and except as expressly required by law, we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content.
We retain personal information about you in accordance with Section 11 of this privacy notice, to comply with our legal obligations, resolve disputes, or as otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.
C. Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Your Right to Know
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and verify that it's from you (see “How to exercise your rights”), we will disclose to you:
- The categories of personal information we have collected about you
- The categories of sources from which we collected the information
- Our purposes for collecting the information
- The categories of third parties with whom we share the information
- The specific pieces of personal information we collected about you
- If we sold or disclosed your personal information for a business purpose, two separate lists showing:
- Sales we made, identifying the personal information categories that each category of recipient purchased; and
- Disclosures we made for a business purpose, identifying the personal information categories that each category of recipient received.
Your Right to Request Deletion
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive your request and verify that it's from you (see “How to exercise your rights”), we will delete your personal information from our records, unless an exception applies. We will also ask our service providers to delete any personal information we have disclosed to them.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a product or service that you requested, take actions you would reasonably expect as part of our ongoing relationship with you (e.g. resolving a question or complaint), fulfil the terms of a written warranty or product recall, or do anything else required to honour our contract with you
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
- Debug products to identify and repair errors that adversely affect how they function
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.)
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, if you have previously consented to this and if deleting the information would significantly affect the research
- Comply with a legal obligation
- Make internal use of the information for purposes that are lawful and that you would reasonably expect when you provided the information (e.g. quality control)
Your Right to Non-Discrimination
At The Social History Archive we are committed to treating consumers fairly and we will not discriminate against you for exercising any of your rights under the CCPA, for example by charging you a higher price or denying you access to our products and services.
How to Exercise your Rights
To exercise your rights as described above, please submit your request to us by:
- Calling us at +1 (855) 246-8234, or
- E-mailing us at [email protected]
Only you, or someone legally authorised to act on your behalf, may make a request related to your personal information and you may only make two requests within a 12-month period.
To help us respond to your request, please ensure it is clear, specific and detailed enough that we can understand it and provide what you require. Please also note that we will be unable to respond or provide any personal information unless we can verify that your request is genuine (and if you are making the request on someone else's behalf, that you are legally authorised to do so). To enable us to act on your request, we will need you to provide sufficient information to verify your identity. For The Social History Archive users, this may include the following:
- If we are able to verify your request through a password-protected account, we may do so, and we will ask you to re-authenticate yourself before we disclose or delete your data.
- If we are not able to verify your request through a password-protected account, we will require additional information to verify your identity. Such information will depend on the type of request and the sensitivity of the personal information. For example, we may ask you to confirm your current subscription plan and details and/or other identifying information associated with your use of The Social History Archive that allows us to verify your identity before we act on your request.
- If your request is for specific pieces of personal information, we may also require a signed declaration under penalty of perjury to verify your identity.
- If you have an account with Findmypast, you can also access personal information associated with your account through your account settings once you are logged in.
You may also authorise an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf. We may deny requests from Authorized Agents if we do not receive sufficient proof of authorization on your behalf.
When and How we will Respond
We will endeavor to respond to a request we have been able to verify within 45 days of receiving it. If for any reason we are unable to comply or if we need more time (up to additional 45 days), we will let you know and explain why in writing. We will deliver our response electronically unless you ask us otherwise; please note that as we are UK-based, a postal response will take longer to reach you. We will not charge you a fee for making a request unless your request(s) is excessive, repetitive or manifestly unfounded.
Other California Rights
California residents are entitled to contact us to prevent disclosure of personal information to third parties for such third parties' direct marketing purposes, under California Civil Code Sections 1798.83-1798.84. If you would like to submit such a request, please contact us at [email protected].
18. Nevada Resident Rights
If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at [email protected] with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A.