PRIVACY POLICY - The Marker

PRIVACY POLICY AND DATA GOVERNANCE DIRECTIVE

Document Ref: TMPG-PP-2025-REV01 Last Revised: JULY, 10 2025

ARTICLE I: STATUTORY COMPLIANCE AND SCOPE

This Privacy Policy and Data Governance Directive (the “Policy”) establishes the comprehensive legal framework for the acquisition, systematic processing, storage, and cross-border transmission of Personal Data by The Marker Publishing Group, Inc., including its statutory divisions Orion Research Group and Story Book Nook Creators (collectively, the “Company”).

The Company operates in strict adherence to the Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada), the General Data Protection Regulation (GDPR) (EU/UK), and the California Privacy Rights Act (CPRA). This Policy constitutes an integral part of the Company’s Terms of Use and is legally binding upon any individual or entity (the “Data Subject”) interacting with the Company’s digital assets, including but not limited to https://tmpublisher.com and its associated sub-domains (the “Websites”).

ARTICLE II: DEFINITIONS AND DATA CLASSIFICATION

2.1. Personal Information (PI): Any information relating to an identified or identifiable natural person.
2.2. Processing: Any operation performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, or destruction.
2.3. Data Controller: The Company, as it determines the purposes and means of the processing of Personal Data.
2.4. Data Processor: Third-party entities (e.g., BookFunnel, Amazon, ESPs) that process data on behalf of the Company.

ARTICLE III: CATEGORIES OF DATA ACQUISITION

3.1. Voluntarily Provided Information

The Company collects identifiable data, including full legal names, electronic mail addresses, and User preferences, exclusively when voluntarily submitted through registration portals, Advance Review Copy (ARC) applications, or Newsletter subscriptions.

3.2. Automated Technical Metadata and Telemetry

Upon interaction with the Websites, our servers automatically log technical identifiers, including:

Internet Protocol (IP) addresses and geolocation data.
Device-specific telemetry (OS version, browser “user-agent” strings).
Temporal data and clickstream data (timestamp of access, duration of session, referring/exit pages).

3.3. Cookies and Tracking Technologies

The Company employs advanced “Cookies,” web beacons, and pixel tags to analyze traffic patterns and enhance User experience. Use of the Websites constitutes informed consent for such tracking.

3.4. Financial Data Exclusion

The Company does not store or process primary financial identifiers (Credit Card numbers, CVV). All financial transactions are handled exclusively by authorized PCI-DSS-compliant third-party clearinghouses.

ARTICLE IV: LEGAL BASIS FOR PROCESSING

Pursuant to Article 6 of the GDPR and Section 5 of PIPEDA, the Company processes data under the following legal frameworks:

Contractual Necessity: Necessary for the delivery of requested digital manuscripts (ARCs) and research materials.
Consent: For the dissemination of marketing materials and “Insider Updates.”
Legal Compliance: Necessary for adherence to Canadian federal tax and corporate record-keeping statutes.
Legitimate Interests: For the optimization of Website security, fraud prevention, and protection against unauthorized “Data Scraping” or AI ingestion.

ARTICLE V: THIRD-PARTY DATA DISSEMINATION

5.1. Operational Intermediaries

The Company collaborates with secure third-party processors, including BookFunnel and Amazon KDP (for digital delivery), and professional Email Service Providers (ESPs).

5.2. Limitation of Vicarious Liability

While the Company mandates high-security standards via Data Processing Agreements (DPA), the Company does not maintain direct architectural control over third-party servers. Consequently, the Data Subject hereby releases the Company from claims arising from security breaches or systemic failures occurring within third-party environments.

5.3. Mandatory Disclosures

The Company reserves the right to disclose Personal Information if required by a court order, subpoena, or lawful request by government authorities (e.g., RCMP, CBSA) to investigate illegal activity or protect proprietary assets.

ARTICLE VI: INTERNATIONAL DATA TRANSFERS

Personal Information may be transferred to, and maintained on, servers located outside of the User’s home jurisdiction, including Canada and the United States. For Data Subjects residing in the EEA, such transfers are conducted under Standard Contractual Clauses (SCCs) or on the basis of adequacy decisions by the European Commission, ensuring a high level of data protection.

ARTICLE VII: DATA RETENTION AND ARCHIVAL SECURITY

7.1. Retention Period

Personal Information is retained only for the duration necessary to fulfill the purposes outlined in Article IV, or as mandated by statutory archival requirements.

7.2. Cybersecurity Protocols

The Company utilizes Advanced Encryption Standard (AES-256) and Transport Layer Security (TLS) for the protection of data during transmission. Access to internal databases is restricted to authorized personnel under a “Need-to-Know” protocol.

ARTICLE VIII: RIGHTS OF THE DATA SUBJECT

Data Subjects possess the following statutory rights, subject to the Company’s identity verification protocols:

Right of Access and Portability: To receive a comprehensive, machine-readable report of the data held by the Company.
Right of Rectification: To correct inaccuracies in their Personal Information.
Right of Erasure (“Right to be Forgotten”): To demand the permanent deletion of data, provided it does not conflict with statutory retention requirements.
Right to Withdraw Consent: To opt-out of marketing communications at any time via the “Unsubscribe” mechanism.

ARTICLE IX: PROTECTIONS FOR MINORS (COPPA)

Notwithstanding the educational nature of Story Book Nook Creators, the Company does not intentionally solicit or collect data from individuals under the age of 13. In the event of inadvertent acquisition of such data without verifiable parental consent, the Company shall execute immediate remedial deletion protocols in accordance with the Children’s Online Privacy Protection Act (COPPA).

ARTICLE X: AMENDMENTS AND RATIFICATION

The Company reserves the unilateral right to modify this Directive to reflect evolving regulatory requirements. Publication of the revised Policy on the Websites shall constitute constructive notice. Continued engagement with the Websites following such publication constitutes ratification and acceptance of the amended terms.

PRIVACY NOTICE AND DATA SOVEREIGNTY POLICY

1. PREAMBLE AND STATUTORY SCOPE

1.1. Absolute Commitment to Privacy. We at The Marker Publishing Group, Inc. (“The Company”, “we”, “us”, “our”), including our specialized divisions Orion Research Group and Story Book Nook Creators, as well as our global affiliates, recognize that your personal data is an asset of paramount importance. We are committed to the highest standards of transparency, security, and integrity in the processing of your personal information. This Privacy Notice (“Notice”) serves as a comprehensive disclosure of our practices regarding the lifecycle of data within our corporate infrastructure.

1.2. Regulatory Framework. This Notice is architected to comply with a multi-jurisdictional regulatory landscape, including but not limited to:

PIPEDA (Personal Information Protection and Electronic Documents Act, Canada);
GDPR (General Data Protection Regulation, EU & UK);
CCPA/CPRA (California Consumer Privacy Act/California Privacy Rights Act);
COPPA (Children’s Online Privacy Protection Act, USA).

1.3. Scope of Services. This Notice applies to all “Personal Consumer Data” harvested by the Company via our websites (https://tmpublisher.com, http://orionresearchgroup.org, https://storybooknookcreators.com), mobile applications, ARC distribution portals, and proprietary research interfaces (collectively, the “Services”). By interacting with the Services, you acknowledge the practices described herein.

2. CATEGORIES OF INFORMATION ACQUIRED

The Company obtains personal data through three primary vectors: Direct Provision, Third-Party Acquisition, and Systematic Automated Harvesting.

2.1. Data Provided Directly by the Data Subject. When you engage in high-level interactions, such as registering for subscribing to an “Insider” newsletter, or purchasing research manuscripts, we collect:

A. Primary Identifiers: Legal name, alias (if applicable), physical postal address (for physical fulfillment), primary and secondary email addresses, and telephonic/mobile identifiers.
B. Biographical and Psychographic Metadata: In order to refine the “Reading Experience” and “Research Accuracy,” we may collect date of birth, gender identity, educational background, professional credentials (specifically for Orion Research), and granular reading/genre preferences.
C. Financial Telemetry: While the Company utilizes third-party processors, we may retain records of transaction history, purchase frequency, and subscription status. Note: Full credit card numbers are handled via PCI-DSS compliant gateways and are not stored on Company-owned servers.
D. Credentials and Authentication: Encrypted usernames, passwords, and security challenge responses for access to restricted member portals.
E. User-Generated Content (UGC): Survey responses, critical reviews, manuscript feedback (ARC reports), and any correspondence directed to our “Submit a Request” or “Contact Us” channels.

2.2. Data Obtained via External and Commercial Sources. To provide the level of service expected from a global publishing house, we supplement internal data with information from:

A. Demographic Aggregators: Commercially available sources providing data on household income ranges, familial status (number of children), and educational attainment.
B. Marketplace Partners: Acquisition data from External Commerce Solutions (e.g., Amazon, Apple, Kobo) including purchase history and interaction with Company-branded advertisements.
C. Geo-Spatial Data: Information regarding your regional location to ensure compliance with territorial licensing and tax laws.
D. Social Graph Integration: If you utilize social media “Single Sign-On” (SSO), we may acquire data authorized by said platforms, including your social network identifiers and public profile metadata.

2.3. Data Collected by Automated Technical Means. Our digital infrastructure utilizes an array of monitoring technologies, including Web Server Logs, JavaScript, Web Beacons, Pixel Tags, and advanced “Cookies”, to harvest:

A. Network Identifiers: Internet Protocol (IP) addresses (including static and dynamic assignments).
B. Device Telemetry: Unique device identifiers (UID), mobile advertising identifiers (Apple’s IDFA or Google’s AAID), hardware model, operating system version, and browser configuration.
C. Connection Metadata: Means of internet connection (ISP, WiFi SSID), signal strength, and connection speed.
D. Temporal Data: Precise timestamps of access, duration of sessions, and frequency of return visits.
E. Clickstream and Behavioral Analytics: The specific URL path taken through our Services, search queries executed within Company databases, “Heatmap” data (where you click and scroll), and interaction rates with specific digital assets or advertisements.
F. Content Consumption Patterns: For video and audio assets, we track playback duration, quality of service (latency/buffering), and engagement with mid-roll or post-roll promotional content.

3. SYSTEMATIC UTILIZATION OF OBTAINED DATA

The Company, or authorized service providers acting under a strict Data Processing Agreement (DPA), utilizes the collected information for the following “Business Purposes”:

3.1. Transactional Fulfillment and Operational Integrity. To process orders, authorize digital downloads (via BookFunnel), manage ARC distributions, and maintain the operational continuity of user accounts.

3.2. Predictive Analytics and Suggestions. Utilizing the psychographic data from Orion Research Group and Story Book Nook Creators to generate algorithmic suggestions. This includes “Predictive Reading Models” designed to suggest content you are statistically likely to enjoy based on historical viewing behavior.

3.3. Advanced Communication and Marketing. Disseminating promotional materials, emergency offer alerts, and “Insider” updates. This includes the administration of text/SMS messaging programs for users who have provided express “Opt-In” consent.

3.4. Business Evaluation and Improvements. Performing rigorous statistical analytics to enhance our Services, managing corporate communications, auditing accounting records, and reviewing employment applications for Company vacancies.

3.5. Security and Fraud Prophylaxis. Monitoring for “Scraping” activity, unauthorized AI bot access, and fraudulent transaction patterns to protect the Company’s intellectual property and the safety of our Data Subjects.

4. ALGORITHMIC AND INTEREST-BASED ADVERTISING (IBA)

4.1. Behavioral Tracking and Targeted Outreach. As stipulated in this Notice and our supplemental Cookie Directive, the Company, alongside its elite third-party service providers, monitors your online trajectory to facilitate “Interest-Based Advertising.” This process involves the acquisition of metadata regarding your activities across non-affiliated websites, applications, and digital ecosystems.

4.2. Engagement of Advertising Networks. The Company leverages global advertising networks to execute “Contextual” and “Interest-Based” messaging. Through these networks, we perform systematic tracking of your digital footprint, including:

A. Cross-App Attribution: Identifying your interactions with our advertisements on third-party platforms (e.g., Meta, Google, TikTok).
B. Conversion Analytics: Measuring the effectiveness of marketing funnels by linking ad-views to subsequent acquisitions on External Commerce Solutions (e.g., Amazon).
C. Ingestion of Automated Data: These networks utilize the automated means described in Section 2.3 to calibrate the relevance of the advertisements shown to you within our Services.

4.3. Informed Consent for IBA. To the extent mandated by the GDPR or PIPEDA, the Company shall obtain explicit, granular consent before utilizing your personal data for interest-based advertising. You maintain the absolute right to modify these preferences as outlined in Section 6 (“Your Choices and Rights”).

5. SMS/MMS ADVERTISING AND TELEPHONIC COMMUNICATIONS

5.1. Consent to Automated Dialing Systems. By voluntarily submitting your mobile telephony number to the Company, you grant express, written consent to receive recurring text message alerts (SMS/MMS) containing literary updates, promotional offers, and event notifications. These messages may be disseminated utilizing Automated Telephone Dialing Systems (ATDS) or other advanced programmatic technologies.

5.2. Non-Contingency of Purchase. Your consent to receive Text Messages is not a condition of purchase for any goods or services. You are strictly prohibited from providing a mobile number that is not registered in your legal name or for which you do not possess primary authority.

5.3. Financial Obligations and Carrier Protocols. While the Company does not levy a specific fee for participation in our messaging programs, you acknowledge that Standard Message and Data Rates applied by your mobile service provider (e.g., Rogers, Bell, Telus, AT&T, Verizon, T-Mobile) shall apply. The Company is not responsible for any surcharges or overages incurred on your telecommunications bill.

5.4. Frequency and Revocation (Opt-Out).

A. Message Frequency: You may receive approximately 8 to 12 recurring Text Messages per calendar month, subject to Company launch cycles.
B. Revocation: You may terminate your participation at any time by transmitting the keyword “STOP” to our designated short-code. Upon receipt of a “STOP” command, the Company will transmit a final confirmation message and cease all telephonic outreach to that specific number.
C. Assistance: For technical support regarding Company communications, transmit the keyword “HELP” or contact the Data Protection Officer as described in Section 10.

6. GRANULAR DISCLOSURE OF DATA SHARING (THIRD-PARTY PROTOCOLS)

The Company does not “sell” personal data in the traditional sense; however, we share data with selected third parties to ensure the operational excellence of The Marker Publishing Group.

6.1. Intra-Corporate Dissemination. We share Personal Information with our subsidiaries (e.g., Orion Research Group) and affiliated business units. These entities utilize the data in a manner consistent with this Notice for internal marketing, research, and cross-promotional purposes.

6.2. Strategic Marketing and Co-Branding Partners. We may disclose your information to elite partners whose offerings align with your demonstrated literary or research interests.

A. Co-Branded Initiatives: In instances of co-sponsored sweepstakes or collaborative research projects, your data may be shared with the co-sponsor, subject to their independent privacy policies.
B. List Rental Services: Consistent with industry standards, the Company may share anonymized or pseudonymized data with list rental services for targeted commercial outreach.

6.3. Legal Mandates and Protective Disclosures. The Company reserves the absolute right to disclose your Personal Data to law enforcement, regulatory bodies, or government officials (e.g., RCMP, DOJ) under the following conditions:

A. Statutory Compliance: To satisfy subpoenas, warrants, or court orders.
B. Investigation of Malfeasance: When we have a good-faith belief that disclosure is necessary to investigate, prevent, or take action regarding suspected fraudulent or illegal activity.
C. Protection of Assets: To defend the intellectual property, safety, and legal interests of the Company, its employees, and its user base.

6.4. Corporate Structural Evolution (Business Transfers). In the event of a merger, acquisition, reorganization, consolidation, bankruptcy, or the sale of substantially all Company assets, Personal Data held by the Company may be among the assets transferred to the acquiring entity. You acknowledge that such a successor will continue to possess the rights and obligations regarding your data as outlined in this Notice.

6.5. Online Advertisers and Network Infrastructure. As discussed in the IBA section, data is shared with online advertisers and ad networks through tracking technologies. Furthermore, we share information with:

A. Internet Service Providers (ISPs): To ensure optimized delivery of Services.
B. Operating System and Platform Providers: Sharing metadata with companies that power your devices (e.g., Apple, Google) to ensure cross-platform compatibility.
C. Social Networks: Sharing data with social networking services for commercial “Mirror Audience” or “Lookalike” marketing purposes.

7. COMPREHENSIVE DATA SUBJECT RIGHTS (GDPR/PIPEDA/CPRA)

The Company provides a centralized Data Subject Request (DSR) Portal to facilitate the exercise of your statutory rights. We implement a “Privacy by Design” philosophy.

7.1. The Right of Access and Transparency (The “Right to Know”). You possess the right to demand a comprehensive disclosure of the categories and specific pieces of Personal Data the Company has consolidated over the preceding 12-month period. This includes the right to understand the “Logic of Processing”, the algorithmic basis upon which content suggestions (specifically within Orion Research) are generated.

7.2. The Right to Rectification and Data Integrity. Accuracy is a cornerstone of our research and publishing divisions. You have the absolute right to mandate the correction of inaccurate, obsolete, or incomplete personal data. If you maintain an account with The Marker, you may perform self-rectification through the “Profile Governance” settings, or submit a formal request for backend database adjustments.

7.3. The Right to Erasure (The “Right to be Forgotten”). Under specific legal thresholds, you may demand the permanent deletion of your Personal Data.

A. Scope of Deletion: This involves the scrubbing of data from active production databases and the “De-identification” of data within cold-storage backups.
B. Statutory Exceptions: The Company reserves the right to retain specific data elements if mandated by Canadian tax laws, anti-fraud statutes, or to maintain the integrity of “Suppression Lists” (to ensure you are not contacted after opting out).
C. Impact on Services: Acknowledgment is required that the exercise of this right will result in the immediate termination of ARC memberships and access to proprietary Company portals.

7.4. The Right to Data Portability. You may request a copy of your Personal Data in a structured, commonly used, and machine-readable format (e.g., JSON or CSV). This right facilitates the seamless transmission of your data to another Data Controller without hindrance from the Company, subject to technical feasibility.

7.5. The Right to Object and Restrict Processing. You may exercise your right to “Restrict Processing” in instances where the accuracy of the data is contested. During the verification period, the Company shall suspend all processing activities related to the disputed data, save for storage and legal defense purposes.

8. GEOGRAPHICAL DISPERSION AND CROSS-BORDER DATA TRANSFERS

8.1. Canadian and U.S. Hosting Infrastructure. The primary digital assets of The Marker Publishing Group are hosted on secure server clusters located within Canada and the United States. By engaging with our Services, you acknowledge that your data will be subject to the laws of these jurisdictions, which may permit judicial or national security authorities (e.g., CSIS or the FBI) access to Personal Data under valid warrants.

8.2. International Adequacy and Standard Contractual Clauses (SCCs). For our European and International Data Subjects, the Company utilizes Standard Contractual Clauses (SCCs) as ratified by the European Commission to ensure a level of data protection equivalent to that of the EEA.

A. Transatlantic Data Flows: We operate under the framework of the Data Privacy Framework (DPF) where applicable, ensuring that our U.S.-based processors (such as Amazon AWS and Shopify) maintain rigorous compliance certifications.
B. Sub-Processor Auditing: The Company performs annual risk assessments on all “Sub-Processors” to ensure they do not dilute the security posture defined in this Notice.

9. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS

9.1. Encryption Protocols. The Company mandates the use of Transport Layer Security (TLS 1.3) for all data in transit. Data at rest within Company-controlled databases is protected utilizing Advanced Encryption Standard (AES-256).

9.2. Access Control Governance. We implement the “Principle of Least Privilege” (PoLP). Access to Personal Data is restricted to a predefined cohort of authorized personnel (e.g., Global Privacy Attorney, Senior Systems Engineers) whose roles necessitate such access. Multi-factor Authentication (MFA) is mandatory for all administrative entry points.

9.3. Vulnerability Management. The Company conducts periodic “Penetration Testing” and vulnerability scans to identify and remediate potential security vectors.

A. Incident Response: In the event of a “Material Data Breach,” the Company maintains an Incident Response Plan (IRP) designed to provide notification to affected Data Subjects and relevant Regulatory Authorities within 72 hours of discovery, as mandated by the GDPR and PIPEDA.
B. No Guarantee of Absolute Security: Notwithstanding our rigorous safeguards, you acknowledge that no transmission over the internet or electronic storage system is 100% impenetrable.

10. JURISDICTION-SPECIFIC ADDENDA

10.1. Canadian Privacy Rights (PIPEDA/OPC). For residents of Canada, the Company’s practices are overseen by the Office of the Privacy Commissioner of Canada (OPC). You have the right to challenge our compliance with the ten fair information principles of PIPEDA.

10.2. California Privacy Rights (CCPA/CPRA). California residents possess the “Right to Opt-Out of the Sale or Sharing of Personal Information.” The Company provides a “Do Not Sell or Share My Personal Information” link on all relevant digital interfaces.

10.3. Children’s Privacy (COPPA). While Story Book Nook Creators provides content for families, our Services are not directed at children under 13. We do not knowingly collect personal data from minors. If such data is discovered to have been harvested without verifiable parental consent, it will be subject to immediate “Expungement Protocols.”

11. DYNAMICS OF POLICY MODIFICATION

11.1. Unilateral Right to Amend. The Company reserves the absolute and unilateral right to modify, amend, or restate this Privacy Notice at any time to reflect shifts in regulatory mandates, technological advancements, or changes in Our business operations.

11.2. Notification of Material Changes.

A. Temporal Transparency: The “Last Modified Date” at the apex of this document serves as the authoritative marker of the current version. Changes become effective immediately upon posting.
B. Prominent Notice: For “Material Changes”, defined as modifications that substantially alter the nature of data processing or diminish User protections, the Company will provide a prominent notification via our primary Services or through direct electronic communication to registered Users.
C. Continued Use as Acceptance: Your continued interaction with the Services following the posting of an updated Notice signifies your irrevocable acceptance of the revised practices.

12. INTERACTION WITH THIRD-PARTY ECOSYSTEMS

12.1. External Jurisdictions. Our Services frequently integrate with, or provide links to, third-party sites, applications, and services (e.g., Amazon, BookFunnel, social media platforms). These entities operate independently of The Marker Publishing Group.

12.2. Disclaimer of Third-Party Liability. The Company does not exercise control over, and assumes no responsibility for, the privacy architectures, cookie policies, or data harvesting practices of non-affiliated third parties. We strongly exhort You to review the individual privacy notices of any external service prior to disclosing Personal Data. Your navigation to an external site is performed at your own discretion and risk.

13. DATA RETENTION AND DISPOSAL GOVERNANCE

13.1. Retention Criteria. The Company retains Personal Data only for the duration necessary to fulfill the “Business Purposes” outlined in Section 3, or as mandated by statutory retention periods (e.g., Canadian tax records must be maintained for a minimum of six years).

13.2. Secure Disposal Protocols. Upon the expiration of the retention period, or upon a valid request for erasure (subject to Section 7.3), the Company employs industry-standard data destruction methods:

A. Digital Shredding: Utilizing cryptographic erasure or multi-pass overwriting for digital assets.
B. De-identification: Transforming personal data into “Aggregated Metadata” in such a manner that the Data Subject can no longer be re-identified by any reasonable means.

14. CORPORATE PRIVACY GOVERNANCE AND CONTACT PROTOCOLS

14.1. Designation of Privacy Officer. In accordance with PIPEDA (Canada) and GDPR (EU), the Company has designated a formal Privacy Officer (Data Protection Officer) to oversee the integrity of our data governance framework.

14.2. Inquiries and Dispute Resolution. If you have inquiries regarding this Notice, wish to exercise your statutory rights, or believe your data has been handled in a manner inconsistent with this policy, you are directed to contact our legal department via the following channels:

By Primary Electronic Mail: privacy@tmpublisher.com
By Formal Correspondence: Legal Department / Data Protection Officer
The Marker Publishing Group, Inc. [Add Your Canadian Corporate Address Here]
Toronto, Ontario, Canada

14.3. Specific Contact for Canadian Residents. Pursuant to Canadian law, residents may specifically direct inquiries regarding compliance to our Privacy Official at the address above or via the specialized Canadian privacy alias: privacy-canada@tmpublisher.com

15. RATIFICATION AND LEGAL EFFECT

This Privacy Notice is incorporated by reference into the Terms of Use and Terms of Sale of The Marker Publishing Group, Inc. In the event of a conflict between this Notice and any other Company policy regarding data processing, the terms of this Privacy Notice shall prevail to the extent of the conflict.

DATA STEWARDSHIP & PRIVACY ESSENTIALS

1. EXECUTIVE SUMMARY AND CORPORATE PHILOSOPHY

1.1. Integrity of the Data Relationship. The Marker Publishing Group, Inc. (“The Company”, “We”, “Us”), encompassing Orion Research Group and Story Book Nook Creators, operates on a foundational mandate of data transparency. We recognize that in the modern literary and research landscape, your personal data is a proprietary asset. These Essentials serve as a condensed legal interface to our full Privacy Notice, designed to provide you with an immediate, sophisticated understanding of how your information is harvested, utilized, and shielded within our global infrastructure.

1.2. Mandate of Disclosure. We strongly exhort you to review the Full Privacy Notice to comprehend the granular legalities governing our relationship. However, these Essentials constitute an integral part of your binding agreement with the Company. By engaging with our digital platforms, manuscript portals, or research interfaces, you acknowledge the systematic data protocols described herein.

2. COMPREHENSIVE PRIVACY NOTICE SCOPE

2.1. Jurisdiction of the Services. The Company owns, architects, and provides access to an expansive ecosystem of websites, mobile applications, ARC (Advance Review Copy) distribution systems, and proprietary research databases (collectively, the “Services”).

2.2. Universal Application. The Company’s privacy practices are not limited to traditional web browsing. This Notice extends to:

Interactive Metadata: Information generated during the consumption of our digital content.
Research Participation: Data acquired through Orion Research surveys and academic feedback loops.
Family Ecosystems: Non-identifying behavioral data harvested via Story Book Nook Creators to improve child-safe literary interfaces.
Third-Party Integrations: The intersection of Company Services with external marketplaces (e.g., Amazon, Apple Books, Kobo) and fulfillment partners (e.g., BookFunnel).

3. STRATEGIC CATEGORIZATION OF DATA COLLECTION

The Company utilizes a multi-vector approach to information acquisition to ensure the precision of our publishing and research mandates.

3.1. Direct Infusion of Data (User-Provided). We collect information that you actively and voluntarily transmit to the Services. This includes:

Identification Telemetry: Formal names, aliases, and legal signatures associated with ARC agreements and research participation.
Communication Vectors: Primary and secondary email addresses, mobile telephony numbers, and physical coordinates for logistical fulfillment.
Psychographic and Literary Profiles: Reading habits, genre affinities, academic interests, and professional affiliations (specifically within the Orion Research framework).

3.2. Intra-Corporate and Affiliate Synergy. Information regarding your interactions is shared between the Company’s divisions. Data acquired by Story Book Nook Creators regarding familial reading trends may be utilized by the Company’s central strategic unit to refine global publishing catalogs.

3.3. Third-Party Data Augmentation. The Company supplements its internal records with data from:

Public and Commercial Aggregators: To validate demographic trends and ensure our research remains statistically significant.
External Marketplace Analytics: Data regarding your purchasing behavior and interaction with Company-branded intellectual property on platforms like Amazon and IngramSpark.

3.4. Systematic Automated Harvesting (Technical Metadata). Utilizing Cookies, Web Beacons, and proprietary tracking scripts, we harvest:

Device Characteristics: Unique Device Identifiers (UDID), hardware configurations, and browser kernels.
Network Logs: IP addresses, ISP identifiers, and geographic triangulation (at the city/region level).
Behavioral Clickstream: High-resolution tracking of link engagement, session duration, and “Exit Pages” to optimize the User Interface (UI).

PRIVACY NOTICE HIGHLIGHTS – STRATEGIC UTILIZATION PROTOCOLS

4. ADVANCED UTILIZATION OF PERSONAL DATA

4.1. Dynamic Product Provisioning. The primary purpose of data processing is the seamless execution of Our publishing and research mandates. This includes:

Fulfillment Logistics: Utilizing your identification telemetry to authorize digital downloads through BookFunnel and manage physical distribution via IngramSpark.
Transactional Integrity: Processing subscription access for Orion Research Group portals and ensuring the secure delivery of ARC (Advance Review Copy) materials to verified reviewers.

4.2. Algorithmic Experience Enhancement. We utilize behavioral and psychographic data to engineer a “High-Resolution” user experience. By analyzing your interaction with Story Book Nook Creators or Orion publications, our systems:

Predictive Content Modeling: Identify literary trends and suggest specific manuscripts or research papers that align with your statistically demonstrated interests.
Interface Optimization: Adjust the digital architecture of Our Services based on device telemetry to ensure maximum readability and functionality across all hardware kernels.

4.3. Strategic Research and Trend Analysis. Information acquired through Orion Research Group is subjected to rigorous analytical processing.

Aggregate Reporting: We anonymize and de-identify personal information to produce high-level research reports for internal use and authorized third-party stakeholders.
Literary Development: Your feedback on ARC manuscripts is utilized as critical data points in the editorial refinement process, helping to shape the final intellectual property of the Company.

5. COMMUNICATION AND MARKETING GOVERNANCE

5.1. Direct Engagement and Response Protocols. The Company utilizes your contact vectors to maintain a direct line of communication. This involves:

Inquiry Management: Responding to specific queries, technical support tickets, and legal notices submitted through Our “Contact Us” infrastructure.
Systemic Alerts: Disseminating critical service announcements, such as modifications to Our Terms of Sale or security updates.

5.2. Proactive Commercial Outreach. Where you have provided express consent (or where permitted under the “Existing Business Relationship” provisions of CASL – Canada’s Anti-Spam Legislation), we utilize your data to:

“Insider” Newsletters: Transmit exclusive updates on upcoming launches, author interviews, and research breakthroughs.
Targeted Promotional Alerts: Deploy messaging regarding limited-time offers and “Early Bird” access to new intellectual property.
Multichannel Connectivity: Coordinate communications across email, SMS/MMS, and social media retargeting.

5.3. Consent-Based Customization. In certain instances, the Company may notify you at the specific point of collection regarding unique data uses. In such cases, your affirmative action (e.g., ticking a checkbox) constitutes a specific grant of authority for that localized processing activity, which supplements the general authorizations found in these Essentials.

6. CORPORATE EVALUATION AND LEGAL DEFENSE

6.1. Operational Auditing. Data is utilized for internal accounting, auditing, and compliance checks to ensure that The Marker Publishing Group operates within the strictures of Canadian and international corporate law.

6.2. Fraud Prophylaxis and IP Protection. We employ systematic monitoring of IP addresses and device identifiers to identify “Scraping” attempts, unauthorized redistribution of copyrighted material, and fraudulent ARC registration. Information may be used to initiate legal proceedings or to cooperate with law enforcement agencies in the defense of Our intellectual property.

PRIVACY NOTICE HIGHLIGHTS – JURISDICTIONAL RIGHTS & CHOICE ARCHITECTURE

7. DYNAMIC CHOICE MECHANISMS AND OPT-OUT PROTOCOLS

The Company provides a sophisticated framework for the exercise of User autonomy. These mechanisms are architected to satisfy the rigorous requirements of PIPEDA, GDPR, and the CPRA.

7.1. Commercial Communication Revocation. You maintain the absolute right to terminate your participation in the Company’s promotional funnels.

A. Granular Email De-registration: Every commercial electronic message (CEM) disseminated by the Company or its divisions (Orion, Story Book Nook) includes a functional, “One-Click” Unsubscribe mechanism. Upon activation, the Company will finalize the suppression of your contact vector from the specific mailing list within ten (10) business days, as mandated by CASL.
B. Persistence of Service Alerts: You acknowledge that opting out of commercial outreach does not preclude the Company from transmitting “Transactional Notices,” such as order confirmations, security breach notifications, or material updates to these Terms.

7.2. Algorithmic and Behavioral Advertising Controls. The Company utilizes third-party tracking technologies for “Targeted Advertising” and “Profiling.” We provide You with rigorous tools to restrict these activities:

A. Cookie Governance: Through our centralized Consent Management Platform (CMP), You may exercise granular control over “Non-Essential” cookies, including those categorized as “Analytical,” “Performance,” or “Targeting.”
B. Global Privacy Control (GPC): Our Services are engineered to recognize and honor GPC signals transmitted by your browser kernel as a valid request to opt-out of the “Sale or Sharing” of personal information for cross-context behavioral advertising.
C. Network-Level Opt-Out: We provide direct links to the NAI (Network Advertising Initiative) and DAA (Digital Advertising Alliance) consumer choice pages, allowing You to perform a centralized opt-out from interest-based advertising across our entire network of ad-tech partners.

8. STATUTORY DATA SUBJECT RIGHTS (DSR)

Subject to jurisdictional thresholds and applicable law, You possess the following proprietary rights regarding your Personal Data:

8.1. The Right of Absolute Rectification and Access. You have the right to demand a formal Data Subject Access Request (DSAR) report. This report will detail the categories of data collected, the specific sources of acquisition, and the “Business Purpose” for which the data was processed. Should any data be found inaccurate or obsolete, the Company is under a legal mandate to rectify such discrepancies upon verified request.

8.2. The Right to Deletion (The “Right to be Forgotten”). You may mandate the permanent expungement of your Personal Data from our active production environments.

A. Verification Protocol: To protect against “Identity Hijacking,” the Company implements a multi-factor verification process before executing a deletion mandate.
B. Statutory Retention Overrides: You acknowledge that the Company may decline a deletion request, or perform only partial deletion, where the data is essential for: (i) Completing a transaction; (ii) Detecting security incidents; (iii) Complying with the Canadian Income Tax Act or other federal/provincial statutes.

8.3. The Right to Restrict Data “Sale” or “Sharing”. Under the CCPA/CPRA and emerging U.S. state privacy laws, the Company recognizes your right to prohibit the “Sale” (transfer for valuable consideration) or “Sharing” (transfer for cross-context behavioral advertising) of your information. THE COMPANY PROVIDES A PROMINENT “DO NOT SELL OR SHARE MY PERSONAL INFORMATION” INTERFACE TO FACILITATE THIS RIGHT.

9. GEOGRAPHICAL ADDENDA: CANADIAN AND GLOBAL PROTECTIONS

9.1. PIPEDA (Canada) Compliance. As a Canadian-managed entity, the Company adheres to the Ten Fair Information Principles. This includes the designation of a Privacy Official to whom You may appeal any data grievance.

9.2. U.S. State-Specific Protections. Residents of Colorado, Connecticut, Virginia, and other compliant states are granted specialized rights, including the Right to Appeal a Company’s refusal to act on a DSR, and the Right to Opt-Out of Profiling in furtherance of decisions that produce legal or similarly significant effects.

PRIVACY NOTICE HIGHLIGHTS – DISSEMINATION, SECURITY, AND GOVERNANCE

10. SYSTEMIC SHARING OF PERSONAL INFORMATION

The Company does not disseminate your Personal Data indiscriminately. Sharing is conducted under strict “Data Processing Agreements” (DPAs) and only in the following delineated circumstances:

10.1. Consent-Driven Dissemination (Video & Social). Where you have provided explicit, affirmative consent, specifically regarding video content consumption or social networking integrations, the Company may share your interaction data as described in our specialized Video Services Notice and Social Networking Directive.

10.2. Intra-Corporate Synergy. Information is shared with Our subsidiaries and global affiliates to ensure brand consistency and cross-promotional efficiency. This includes sharing psychographic data between Orion Research and our central marketing intelligence unit to refine Our global intellectual property portfolio.

10.3. Third-Party Service Providers (Operational Proxies). We engage specialized third-party vendors to perform essential business functions, including:

Logistical Fulfillment: Sharing address telemetry with carriers (e.g., Canada Post, UPS).
Digital Infrastructure: Utilizing cloud-computing leaders (e.g., AWS, Microsoft Azure) for data storage and processing.
Financial Integrity: Directing payment data to PCI-DSS compliant processors. These providers are contractually prohibited from utilizing your data for any purpose other than providing services to the Company.

10.4. Legal Mandates and Protective Disclosures. The Company will disclose Personal Data to law enforcement, judicial authorities, or regulatory bodies if mandated by a valid subpoena, warrant, or court order. We also reserve the right to share information to:

Defend Corporate Rights: Protect the Company’s intellectual property from infringement.
Safety Protocols: Prevent physical harm, financial loss, or to investigate suspected fraudulent activities.

10.5. Corporate Structural Evolution. In the event of a merger, divestiture, or acquisition, the Company’s database, including your Personal Data, constitutes a corporate asset and may be transferred to the successor entity, provided they adhere to the protections established in this Notice.

11. ADMINISTRATIVE AND TECHNICAL SAFEGUARDS

11.1. The “100% Security” Disclaimer. The Company maintains rigorous administrative, technical, and physical safeguards. This includes AES-256 encryption at rest and TLS 1.3 encryption in transit. HOWEVER, YOU ACKNOWLEDGE THAT NO ARCHITECTURE OVER THE PUBLIC INTERNET CAN BE GUARANTEED TO BE 100% IMPENETRABLE. YOUR USE OF THE SERVICES CONSTITUTES AN ACKNOWLEDGMENT OF THIS INHERENT SYSTEMIC RISK.

11.2. Continuous Vulnerability Assessment. The Company performs periodic audits of its security posture to identify and remediate emerging cyber-threats. Access to Personal Data is strictly governed by the “Principle of Least Privilege” (PoLP).

12. GLOBAL PRIVACY GOVERNANCE & CONTACT PROTOCOLS

12.1. Dedicated Privacy Advocacy. The Company has appointed a Global Privacy Attorney and a Data Protection Officer (DPO) to oversee compliance with international data laws.

12.2. Official Communication Channels. Should You have questions, grievances, or wish to exercise your statutory rights, You are directed to utilize the following official conduits:

Telephonic Inquiries: 1-833-711-0841 (Toll-Free).
Legal Department Address: The Marker Publishing Group, Inc. / Legal Dept. [Insert Your Corporate Address]
Toronto, Ontario, Canada

12.3. Specialized Canadian Liaison. Canadian residents may contact our Privacy Official specifically regarding PIPEDA compliance via:

Email: privacy-canada@tmpublisher.com
Physical Mail: Bay Adelaide Centre, East Tower, 22 Adelaide St. W, 41st Floor, Toronto, Ontario M5H 4E3 (Attn: Privacy Officer).

13. JURISDICTIONAL MANDATES (CALIFORNIA & BEYOND)

13.1. California “Shine the Light” & CPRA. The Company provides specific disclosures for California residents regarding the types of personal information shared with third parties for their direct marketing purposes. You may request this disclosure once per calendar year.

13.2. International Adequacy. By accessing the Services from outside Canada or the United States, you consent to the transfer of your data to these jurisdictions, acknowledging that their data protection laws may differ from those of your home country.

VULNERABILITY DISCLOSURE POLICY (VDP)

THE MARKER PUBLISHING GROUP, INC. – CYBER-GOVERNANCE DIVISION

1. DEFINITION OF A SECURITY VULNERABILITY

For the purposes of this Program, a “Security Vulnerability” is defined as any systemic weakness, software defect, or configuration error identified within the Company’s digital ecosystem, including Orion Research databases, Story Book Nook portals, and corporate API endpoints, that possesses the potential to be exploited by a threat actor to compromise the Confidentiality, Integrity, or Availability (CIA) of our Information Assets.

2. PHILOSOPHY OF COLLABORATIVE DEFENSE

The Marker Publishing Group recognizes that the global information security research community is a critical partner in the defense of intellectual property. We value the efforts of security researchers who utilize their skills to identify emerging threats.

We encourage the responsible and coordinated disclosure of potential vulnerabilities. The Company is committed to:

A. Investigation: Reviewing every substantiated report with technical rigor.
B. Mitigation: Addressing identified vulnerabilities within a timeframe commensurate with the risk level.
C. Safe Harbor: Providing a “Safe Harbor” (legal immunity) for researchers who adhere to the protocols established in this Policy.

3. SCOPE OF ELIGIBILITY

This Policy applies to all digital assets owned or operated by The Marker Publishing Group, Inc., including:

Domain Infrastructure: *.tmpublisher.com, *.orionresearchgroup.org, *.storybooknookcreators.com.
Application Interfaces: Mobile applications and proprietary ARC distribution frameworks.
Cloud Environments: Public-facing production instances hosted via AWS and Microsoft Azure.

Out of Scope

Social engineering (phishing) of Company employees, physical security breaches, and Denial of Service (DoS/DDoS) attacks are strictly prohibited and do not constitute responsible disclosure.

4. PROTOCOL FOR REPORTING (VULNERABILITY INTAKE)

The Company’s Vulnerability Disclosure Program is managed through a centralized intake system to ensure structured remediation.

4.1. Submission Procedure

If you have identified a potential security vulnerability, please transmit a detailed technical report to: vdp@tmpublisher.com

4.2. Required Documentation

To facilitate a rapid response, your report should include:

A. Technical Description: A clear explanation of the vulnerability and its potential impact.
B. Proof of Concept (PoC): Step-by-step instructions (including scripts or screenshots) to reproduce the issue.
C. Remediation Suggestion: (Optional) Your recommendation for a tactical fix.

5. EXTERNAL MANAGEMENT (PLATFORM PARTNERSHIPS)

Consistent with elite industry standards, the Company may leverage third-party bug-bounty platforms (such as Bugcrowd or HackerOne) to manage vetting and triage.

All submissions are subject to the Standard Disclosure Terms of our selected partner platform. Upon receipt of your email, our security team will evaluate the finding and, if validated, may migrate the report to our dedicated platform portal for tracked remediation.

6. THE PRINCIPLE OF COORDINATED DISCLOSURE

6.1. Prohibition of Public Disclosure

In order to safeguard our Consumers, Authors, and Researchers, the Company mandates that You do not post, leak, or share any information regarding a potential vulnerability in a public setting (social media, blogs, or forums) until the Company has:

Researched the vulnerability.
Validated the impact.
Successfully implemented and verified a remedial patch.

6.2. Mutual Timeline

We aim to provide an initial acknowledgment of Your report within 72 business hours and will provide periodic updates throughout the remediation lifecycle.

7. LEGAL SAFE HARBOR AND RECOGNITION

7.1. Protection Against Litigation

The Company will not initiate legal action against researchers who:

Engage in “Good Faith” testing without intent to cause harm.
Do not access, modify, or delete any User Data or Intellectual Property.
Comply with the “Public Notification” protocols in Section 6.

7.2. Hall of Fame:

While the Company does not currently operate a “Public Bounty” program (monetary rewards) for all assets, we may provide “Hall of Fame” recognition or letters of commendation to researchers who identify critical vulnerabilities that significantly enhance the security of The Marker ecosystem.