Privacy Policy

This is our updated Privacy Policy going into effect on September 20, 2018.

Your privacy is critically important to us. At NetGalley, we have a few fundamental principles:

  • We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
  • We store personal information for only as long as we have a reason to keep it.
  • We aim to make it as simple as possible for you to control what information in your account is shared publicly (or kept private), indexed by search engines, and permanently deleted.
  • We aim for full transparency on how we gather, use, and share your personal information.
Below is NetGalley’s privacy policy, which incorporates and clarifies these principles.

Name of the controller:

NetGalley LLC (Limited Liability Company)

Chief Executive Officer:

Francis P. Toolan, Jr.

Address of the controller:

NetGalley LLC (Limited Liability Company)
44 Merrimac St. Newburyport, MA 01950

Data Protection Officer under the EU GDPR:

Michael Vogelbacher
consileo GmbH & Co. KG
Bahnhofstr. 5
53572 Unkel

Purpose and data minimisation

NetGalley is an innovative and easy-to-use online service and connection point for book publishers, reviewers, media, librarians, booksellers, bloggers and educators. We offer digital galleys, often called advance reading copies, or ARCs, to professional readers to help promote new and upcoming titles. We collect and use your personal information only within the framework of the European Union General Data Protection Regulation (EU GDPR) and the legislation of the United Kingdom related to data protection.

What This Policy Covers

This Privacy Policy applies to information on the nature, extent and purpose of the personal data that we collect and use. Data is not processed for reasons other than those specified below. You can access this Policy anytime on this website.

Throughout this Privacy Policy we’ll refer to our website and other products and services collectively as “Services.”

Below we explain how we collect, use, and share information about you, along with the choices that you have with respect to that information.

Please note that this Privacy Policy does not apply to any of our products or services that have a separate privacy policy.

If you have any questions about this Privacy Policy, please contact us.

Data transmission and logging for system-internal and statistic purposes

For technical reasons, your webbrowser automatically transmits data to our webserver when you access our website. This data includes, inter alia, date and time of access, URL of the referring website, file viewed, amount of transmitted data, browser type and version, operating system and your IP address. This data is stored separately from other data you enter when using our service. We are not able to associate this data to a particular person. This data is analysed for statistic purposes and will subsequently be deleted.

Information We Collect

We only collect information about you if we have a reason to do so–for example, to provide our Services, to communicate with you, or to make our Services better.

We collect information in three ways: if and when you provide information to us, automatically through operating our services, and from outside sources. Let’s go over the information that we collect.

Information You Provide to Us

It’s probably no surprise that we collect information that you provide to us. The amount and type of information depends on the context and how we use the information.

  • Basic Account Information: We ask for basic information from you in order to set up your account. This information includes personal data such as your first and last name, organisation, email address, birthday, your home country.
  • A Note about Children: NetGalley is not intended for Children (anyone under 18 years of age). That is why we collect your birthday. If you are under 18 years of age, we ask that you delete your account, or contact us to do so.
  • Public Profile Information: You may provide us with more information–like your biography, your photo, or certain preferences and affiliations–but we don’t require that information to create your account. If you have an account with us, we collect the information that you provide for your public profile. Your public profile is just that–public–so please keep that in mind when deciding what information you would like to include.

If you have an account with us, you can choose not to provide the optional account information, and profile information. Please keep in mind that if you do not provide this information, certain features of our Services–for example, your ability to request books–may not be accessible.

  • Content Information: Depending on the Services you use, you may also provide us with information about you in the draft and published content of your reviews and feedback. This might be obvious to you…but it’s not to everyone!
  • Communications with Us: You may also provide us information when you respond to surveys or communicate with our concierge staff about a support question.
Information We Collect Automatically

We also collect some information automatically:

  • Log Information: Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. We store this data separately other data you enter when you use our Services. This information cannot be connected to a specific person. It will be analysed for statistical purposes and subsequently be deleted. We collect log information when you use our Services–for example, when you request a book from a publisher on NetGalley.
  • Usage Information: We collect information about your usage of our Services. For example, we collect information about the actions that site administrators and members perform on a site–in other words, who did what, when and to what thing on a site. We also collect information about what happens when you use our Services (e.g., page views, support document searches, etc.) along with information about your device (e.g., mobile screen size, name of cellular network, and mobile device manufacturer). We use this information to, for example, provide our Services to you, as well as get insights on how people use our Services, so we can make our Services better.
  • Location Information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Services from certain geographic regions.
  • Information from Cookies & Other Technologies: A cookie is a string of information that a website stores on a visitor’s computer or mobile device, and that the visitor’s browser provides to the website each time the visitor returns. Pixel tags (also called web beacons) are small blocks of code placed on websites and e-mails. NetGalley uses cookies and other technologies like pixel tags to help us identify and track visitors, usage, and access preferences for our Services, as well as track and understand e-mail campaign effectiveness and to deliver targeted ads. At this time, NetGalley does not respond to “do not track” signals across all of our Services. However, you can usually choose to set your browser to remove or reject browser cookies before using NetGalley’s website, with the drawback that certain features of NetGalley’s website may not function properly without the aid of cookies.
  • A Note about Spyware: NetGalley LLC does not install spyware on your computer. Nor does it use spyware to retrieve information from your computer.
Information We Collect from Other Sources

We may also get information about you from other sources. For example, if you create or log into your NetGalley account through another service (like Google) or if you connect your website or account to a social media service (like Twitter), we will receive information from that service (such as your username, basic profile information, and friends list) via the authorisation procedures used by that service. The information we receive depends on which services you authorise and any options that are available.

We may also get information from third party services about individuals who are not yet our members (…but we hope will be!), which we may use, for example, for marketing and advertising purposes.

Data subjects and categories

Data subjects include clients, website users, suppliers and business partners as well as staff members. Data categories include first and last name, and if necessary, your address, IP and payment details.

How We Use Information

We use information about you as mentioned above and as follows:

  • To provide our Services–for example, to set up and maintain your account;
  • To supply Publishers-so that they may process your requests for their books
  • To further develop our Services–for example by adding new features that we think our members will enjoy or will help them to create and manage their accounts more efficiently;
  • To monitor and analyse trends and better understand how members interact with our Services, which helps us improve our Services and make them easier to use;
  • To monitor and protect the security of our Services, detect and prevent fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of NetGalley and others;
  • To communicate with you about offers and promotions offered by NetGalley and others we think will be of interest to you, solicit your feedback, or keep you up to date on NetGalley and our products; and
  • To personalise your experience using our Services, provide content recommendations and serve relevant advertisements.

Data protection declaration for the use of Google Analytics as a web analysis tool

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The information about your visit produced by cookies are transmitted to a Google Server in the United States and stored there. In case of IP-anonymisation on our website, your IP address is shorted by Google within EU members States or other contracting States of the European Economic Area prior to transmission.

In exceptional cases, the full IP address is transmitted to a Google Server in the US and shorted there. Google will use this information to assess your use of the website, compile reports on website activities and render other services connected to website and internet use. The IP address transmitted by your browser within the service of google Analytics will not be connected to other Google data.

Browser Opt Out

You can prevent the collection and processing of the data generated by this cookie and related to your use of the website to and by Google by downloading and installing the browser plugin available via this link:

Mobile Opt Out

Sharing Information

How We Share Information

We do not sell our members’ private personal information.

We share information about you in the limited circumstances spelled out below and with appropriate safeguards on your privacy. In all cases below, we only share the minimum information necessary. For example, we won’t share your username, or password, or your personal Kindle email address with a Third Party Vendor, or Publisher.

  • Subsidiaries, Employees, and Independent Contractors: We may disclose information about you to our subsidiaries, our employees, and individuals who are our independent contractors that need to know the information in order to help us provide our Services or to process the information on our behalf. We require our subsidiaries, employees, and independent contractors to follow this Privacy Policy for personal information that we share with them.
  • Third Party Vendors: We may share information about you with third party vendors who need to know information about you in order to provide their services to us. This group includes vendors that help us provide our Services to you (like bulk email service providers) and those that help us understand and enhance our Services (like analytics providers). We require vendors to agree to privacy commitments in order to share information with them.
  • Publishers: We will share information about you to the book publishers who approve or deny requests you make of them. We require that our publisher customers treat your personal information as confidential.
  • As Required by Law: We may disclose information about you in response to a subpoena, court order, or other governmental request. For more information on how we respond to requests for information about NetGalley members, please see our Legal Guidelines.
  • To Protect Rights and Property: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of NetGalley, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
  • Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that NetGalley goes out of business or enters bankruptcy, member information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.
  • With Your Consent: We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties with which you authorise us to do so, such as the social media services that you connect to your site through our social sharing feature (see below).
  • Aggregated and De-Identified Information: We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.
  • Published Support Requests: And if you send us a request (for example, via a support email or one of our feedback mechanisms), we reserve the right to publish that request in order to help us clarify or respond to your request or to help us support other members.
Information Shared Publicly

Information that you choose to make public is–you guessed it–disclosed publicly. That means, of course, that information like your public profile, reviews, other content that you make public on the NetGalley website, and your “likes” and comments on other websites that use our Services, are all available to others–and we hope you get a lot of views! We provide a “Firehose” stream of public data (like reviews) from sites that use our Services to provide that data to subscribers, who may view and analyse and republish the content. Public information may also be indexed by search engines or used by third parties. Please keep all of this in mind when deciding what you would like to share.


Under the EU GDPR and at any time, you have the right to address the controller or our DPO (see above) and request information on how your data is process. You also have a right to rectification of your data. Or you can have the processing restricted, meaning a right to have processing limited to parts of your data. At any time, you may object to the processing of your personal data. When you do so, we will check whether there are any conflicting legal transmitting and processing obligations and inform you accordingly. You also have a right to data portability, meaning that we hand over your data in a structured, commonly used and machine-readable format determined by us upon your request.

In addition, if you feel that we do not treat your personal data properly and as laid out in this Policy, you have a right to complaint to the supervisory authority responsible for your country.

When you’ve given your consent to the processing of your data you may, of course, revoke your consent at any time.

If you receive advertisement from us, you also have a right to object at any time so that we stop sending you ads.

Use of Social Plugins

We’re using so-called Social Plugins (Plugins) in order to participate in social networks with social media content:

Privacy Policy for the use of Facebook (Like button)

Our website integrates plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. You will recognize the Facebook plugins from the Facebook Logo or the “Like button” or maybe even content about our Facebook presence on the right side of our website. You may find an overview on Facebook plugins here:

When you visit our website, a direct connection is made via the plugin between your browser and the Facebook server. From your IP address, Facebook thus receives the information that you’ve been visiting our website. When you click on the Facebook “like” button or on a Facebook content while logged into your Facebook account, you can link our website’s contents to your Facebook profile. This also means that Facebook can then connect your Facebook account to your visit on our website. Please note that as the owner of this website, we will not receive any information of the content of transmitted data or their use from Facebook. You can get more information on this from Facebook’s Privacy Policy here:

Privacy Policy for the use of Twitter

This website also uses Twitter plugins. These are operated by Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA). When you’re visiting a site using such a plugin, which you may recognize from the Twitter bird, the logo or embedded tweets, a direct connection is made via the plugin between your browser and the Twitter servers. We don’t have any influence on the nature and extent of data the plugin transmits to the Twitter servers. According to Twitter, only your IP address is collected and stored. You can find more information on the use of personal data by Twitter here:

Privacy Policy for the use of our Facebook fan page

When you visit our Facebook fan page, Facebook places cookies on the device you use for your visit (i.e. your computer or your mobile device). These cookies store information in web browsers and will remain valid fort wo years unless they are deleted. Facebook receives the information stored in the cookies, stores and processes it. This not only happens when you use Facebook services such as our fan page, but also when you use services offered by other members of the Facebook company group as well as services offered by other companies who use Facebook services. Facebook partners and third parties also use cookies on Facebook services to offer their services to Facebook or to companies placing ads on Facebook.

Please note that the cookie will be set upon your visit of our Facebook fan page regardless of whether you have a Facebook account or not.

If you do have a Facebook account, Facebook collects and processes data upon accessing the fan page, in case you have disclosed this information in your Facebook account. This includes your age, gender, relationship status, employment status as well as information about your life style, your interests and your purchases or shopping behaviour (demographic data). Facebook also collects and processes geographical data such as your location. Facebook uses both types of data to offer customised information and advertisement (personalisation). Facebook can link this data to your person.

If you do not have a Facebook account, the cookie placement at least collects your IP address, information about your device, the region or possibly the more exact location where you use your device, time and duration of your visit and estimates the above-mentioned demographic data via your surfing behaviour.

As the administrator of our fan page, we receive anonymised visitor statistics produced by Facebook based on this data.

You can prevent the collection of data through the cookie and related to your use of the website (including your IP address), its transfer to and use by Facebook by changing your cookie settings before visiting the Facebook fan page. Most browsers offer an option for restricting or completely blocking the cookie storage. Please note that the use and the user comfort might however be limited without cookies. You can also activate the “do not track” setting in your web browser, deactivate script code in your browser or use a so-called script blocker.

You can obtain more information in Facebook’s Privacy Guideline under and read about advertisement settings in the Data Protection Information under


While no online service is 100% secure, we work very hard to protect information about you against unauthorised access, use, alteration, or destruction, and take reasonable measures to do so.

Other Things You Should Know (Keep Reading!)

Transferring Information to other countries

NetGalley is a worldwide service. By accessing or using the Services or otherwise providing information to us, you consent to the processing, transfer, and storage of information in and to the U.S. and other countries, which may have rights and protections that are different from those in your home country.

What if you decide to Leave Us?

If you decide that it is time for you to leave our services, there are tools in the application that allow you to delete your account. If you have a problem with this, please don’t hesitate to contact our DPO. According to the EU GDPR, you have a right to be forgotten.

Once you leave, we will after a period of 60 days, eliminate any reference to your name or other personal details. We will also eliminate the link between your identity and any System Activity Data. We will hold on to your System Activity Data indefinitely. System Activity Data, are site statistics such as your requests, downloads, and feedback. This data (without anything that links back to you), are necessary elements in the ongoing operations of the service.