Privacy Policy of National Digital Library of India (NDLI)

National Digital Library of India (NDLI) respects users' privacy and wants its users to understand how NDLI collects, uses, and shares data about any user. This Privacy Policy covers NDLI's data collection and usage practices and describes how a user may restrict collection of his/her personal data.

Unless NDLI links in its website a different policy or states otherwise, this Privacy Policy applies when a user visits or uses the NDLI website, mobile applications, NDLI Club or related services (the "Services").

By using the Services, the user agrees to the terms of this Privacy Policy. A person shouldn't use the NDLI Services if s/he doesn't agree with this Privacy Policy.

What data NDLI gets about a user
How NDLI gets data about users
What for NDLI uses user's data
With whom NDLI may share user data
Steps NDLI takes to protect user's privacy
User rights
Updates and contact details

1. What data NDLI gets about a user

NDLI collects three (3) types of information:

Personal information that a user provides directly to NDLI when s/he registers in NDLI by filling up the registration form or submits information through a form based on a specific request or purpose.
Data collected automatically such as tracking information, IP addresses or other data related to usage of NDLI sites, which are covered in section 1.2 below.
Cookies, to help NDLI understand what areas of NDLI services are most useful and interesting to its users.

1.1. Data user provides directly to us

NDLI may collect different data from or about user depending on how user uses the Services. Below are some examples to help user understand better the data NDLI collects.

When a user registers in NDLI and uses its Services, NDLI collects the data s/he provide directly, including:

Registration Data: In order to use certain features (like accessing some contents), user needs to register in NDLI. When user registers giving his/her personal information or later updates these information, NDLI stores these data, like user's email address, password, address, educational role, institute name, preferred language, gender, date of birth and mobile number ("Registration Data").

Content Usage Data: When user accesses contents, NDLI may collect certain data including the contents, courses, assignments, labs, workspaces, and quizzes that user may have worked on.

Data about user account on other platforms/services: If user accesses or uses NDLI Services through a third-party platform or service, or clicks on any third-party links, the collection, use, and sharing of her/his data will also be subject to the privacy policies and other agreements of that third party.

Communications and Support: If a user contacts NDLI for support or to report a problem or concern, NDLI may collect and store the user's contact information, messages, and other data about the user like her/his name, email address, messages, location and any other data s/he provides. NDLI uses these data to respond to the user and research her/his question or concern, in accordance with this Privacy Policy.

1.2. Data NDLI may collect through automated means

When a user accesses NDLI's Services (including browsing content), NDLI may collect certain data by automated means, including:

System Data: Technical data about user's computer or device, like his/her IP address, device type, operating system type and version, unique device identifiers, browser, browser language, other systems data, and platform types ("System Data").

Usage Data: Usage statistics about user's interactions with NDLI's Services, including contents accessed, time spent on pages or the Service, pages visited, features used, search queries, date and time, and other data regarding user's use of the Services ("Usage Data").

The data listed above is collected through the use of server log files and tracking technologies, as detailed in the "Cookies and Data Collection Tools" section below. It is stored and associated with user's account.

1.3. Data collected with cookies

NDLI uses cookies, which are small pieces of information, stored in user's browser, to collect, store, and share data about his/her activities across NDLI sites. These allow NDLI to remember things about user's visits to NDLI, like his/her preferred language, his/her preferences etc. so that NDLI can display customized contents/services on user's next visit. To learn more about cookies, visit https://cookiepedia.co.uk/all-about-cookies.

2. How NDLI gets data about users

NDLI uses cookie technology to gather the data listed above.

2.1. Data collection tools

NDLI and its home grown Analytics tool uses server log files and automated data collection tool like cookies (covered in section 1.3 above) (together, "Data Collection Tools") when user accesses and uses the Services. These Data Collection Tools automatically track and collect certain System Data and Usage Data (as detailed in Section 1) when user uses NDLI's Services.

2.2. Why NDLI uses Data Collection Tools

NDLI uses Data Collection Tools for the following purposes:

Strictly Necessary: These Data Collection Tools enable users to access the site, provide basic functionality (like logging in or accessing contents), secure the site, protect against fraudulent logins, and detect and prevent abuse or unauthorized use of user’s account. These are required for the Services to work properly; so if user disables these, parts of the site may break or be unavailable.
Functional: These Data Collection Tools remember data about user’s browser and preferences, provide additional site functionality, customize content to be more relevant to him/her, and remember settings affecting the appearance and behavior of the Services (like user’s preferred language).
Performance: These Data Collection Tools help measure and improve the Services by providing usage and performance data, visit counts, traffic sources, frequency of visits etc. These tools can help NDLI test different versions of NDLI to see which features or contents users prefer and determine other performance factors.

User can set his/her web browser to alert him/her about attempts to place cookies on his/her computer, limit the types of cookies s/he allows, or refuses cookies altogether. If user does so, s/he may not be able to use some or all features of the Services, and his/her experience may be different or less functional. To learn more about managing Data Collection Tools, refer to Section 6 (User Rights) below.

3. What purpose does NDLI use users' data

NDLI uses users' data to do things like provide its Services, communicate with users, troubleshoot issues, secure against fraud and abuse, improve and update its Services, analyze how people use its Services, and as required by governmental authority or law or necessary for safety and integrity.

NDLI uses the data it collects through user’s use of its Services to:

Provide and administer the Services, including to facilitate participation in educational activities, issue participation certificates, display customized contents;
Manage users' account and account preferences;
Facilitate the Services' technical functioning, including troubleshooting and resolving issues, securing the Services, and preventing fraud and abuse;
Solicit feedback from users;
Identify unique users across devices;
Improve its Services and develop new products, services, and features;
Analyze trends and traffic, track usage data;
As required or permitted by law; or
As NDLI, in its sole discretion, otherwise determine to be necessary to ensure the safety or integrity of its users and Services.

4. To whom NDLI may share users' data with

NDLI may share certain user-data with a very limited population like researchers, NDLI affiliates, etc. NDLI may also share users' data as needed for security, legal compliance, and governmental requirements or as part of a change in ownership.

It may be noted that NDLI uses its home-grown Analytics tool for service improvement and thus the question of sharing data with third parties for Analytics and Data enrichment does not arise.

NDLI may share users' data with third parties under the following circumstances or as otherwise described in this Privacy Policy:

With Other Researchers: Depending on user's settings, user's shared content and profile data may be shared with some researchers.
With Service Providers: NDLI may share users' data with content/service providing partners who perform services on behalf of NDLI, like email and hosting services, specific content or service providing partners, user support etc. These service providers may access user data to provide requested services.
For Security and Legal Compliance: NDLI may disclose users' data to third parties if NDLI (in its sole discretion) beliefs that the disclosure is:
- Permitted or required by law;
- Requested as part of a judicial, governmental, or legal inquiry, order, or proceeding;
- Reasonably necessary to enforce its Terms of Use, Privacy Policy, and other agreements;
- Required to detect, prevent, or address fraud, abuse, misuse, potential violations of law (or rule or regulation), or security or technical issues; or
- Reasonably necessary in its discretion to protect against imminent harm to the rights, property or safety of NDLI, its users and employees.
During a Change in Ownership: If NDLI undergoes a change in ownership by being transferred to a third party, NDLI may share, disclose, or transfer all user data to the successor organization during such transition or in contemplation of a transition (including during due diligence).

5. Steps NDLI takes to protect users' privacy

NDLI takes appropriate security measures to protect against unauthorized access, alteration, disclosure, or destruction of users' personal data that it collects and stores. These measures vary based on the type and sensitivity of the data. However, no system can be 100% secured. So NDLI cannot guarantee that communications between user and NDLI or any information it collects through its Services will be free from unauthorized access by third parties. User's password is an important part of security system, and it is user's responsibility to protect it. User should not use a very simple password and should not share password with anyone, and at any time, if a user believes that her/his password or account has been compromised, s/he should change it immediately.

6. Users' rights

A user may choose not to provide certain data to NDLI, but in that case, s/he may not be able to use certain features of the NDLI Services.

The browser or device user uses may allow him/her to control cookies and other types of local data storage. To learn more about managing cookies, visit https://cookiepedia.co.uk/how-to-manage-cookies.

Apple iOS, Android OS, and Microsoft Windows each provide their own instructions on how to control in-app tailored advertising. For other devices and operating systems, user should review his/her privacy settings on that platform.

7. Updates and contact details

From time to time, NDLI may update this Privacy Policy. If it makes any material change to it, NDLI will inform this through a notification posted on its websites, or as required by applicable law. It will also include a summary of the key changes. Unless stated otherwise, changes will become effective on the day the update is posted on its websites.

If a user continues to use NDLI Services after the effective date of any update of the Privacy Policy, then user’s access and/or use will be deemed an acceptance of the revised Privacy Policy. The revised Privacy Policy supersedes all previous Privacy Policies.

For any communication, users may write to ndl-support@iitkgp.ac.in.

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Mr. Siddhartha Mukherjee siddhartha@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	ndl-support@iitkgp.ac.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Libarray of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in