Last Updated February 4, 2019
Purpose of this policy
At EPICA, we are committed to protecting your data. We also work very hard at being transparent about the information we hold about you and our clients. Using data allows us to develop a better understanding of how you and other users interact with our communications, and in turn to provide you with relevant and timely information about the work that we do. Data also helps us to engage with current and potential customers.
EPICA collects personal data in the course of our business. The definitions of personal data vary depending on the laws where you are located. For example, in the European Union (EU), personal data is defined broadly, and would include data that may used to contact or identify a person (e.g., email, telephone number) as well as pseudonymous data that is generally only able to identify a computer, browser or a mobile device. EPICA will explain the different types of personal data below, and will try to be clear when we're describing our use of each throughout this Policy.
- What information we collect and why we collect it
- How we use this information
- The choices we offer, including how to access, update and remove information
Effective as of February 04, 2019
European Union should be sure to read the important information provided HERE.
If you have any questions, please contact our Data Protection Officer using the contact details at the end of this policy.
EPICA Platform's Service, website, e-commerce platform and Client User Data
Customers of our Service ("Clients") use it to collect information about how their own users use Client websites, applications, services ("Client Services") and related third-party applications ("Client User Data"); more efficiently route their Client User Data to their own third party applications/services; and control the exchange of the Client User Data between their own third party applications/services.
EPICA allows our Clients to unify your customer data, clean it up, create anonymous customers and product profiles, and connect it anywhere to improve marketing performance, enhance analytics, and transform the customer experience.
Client User Data may include, without limitation, information about the identity of Client users (such as name, postal address, e-mail address, and IP address), as well as information about the features that they use, the pages that users visit and the actions that they take while using the Client Services.
Information We may Collect about you
We collect personal information about you in the following ways:
Information provided by you
If you are a Client using or considering using EPICA’s Service to predict customer behavior and site search with Smart product recommendations, if you use our customer service tools or otherwise affirmatively contact us, we will store the PII you give to us such:
- Identity information, such as your first name, last name, username or similar identifier, title, date of birth and gender;
- Contact information, such as your postal address, email address and telephone number;
- Profile information, such as your username and password, interests, preferences, feedback and survey responses;
- Feedback and correspondence, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with Service, receive customer support or otherwise correspond with us;
- Usage information, such as information about how you use the Service and interact with us;
- Marketing information, such your preferences for receiving marketing communications and details about how you engage with them.
We also may obtain this information directly from Shopify Inc. Finally, if you contact our support service or if we otherwise need to verify your account, we may ask for additional documentation to help us verify your identity and make sure that we maintain the security of your account. All of the information described in this paragraph is referred to as “Account Information.”
Additionally, if you are a Client that uses the Service (via prediction platform or app integration for e-commerce Platforms), or if you otherwise visit the EPICA website, we automatically collect information about your device, including your IP address and potentially other unique device identifiers (for example, if you are using a phone with iOS or Android installed), Internet browser type and language, information about any website that referred you, the date/time of your visit, and any search keywords. We refer to this information collectively as “Device Information.”
Information we get from others
We obtain additional information about you from third party sources to enrich your experience on the Epica website and prediction platform and provide you with more relevant information related to our service offerings.
Information automatically collected
Our site is primarily directed to our clients and prospective clients (our "Clients") which are generally businesses. We collect personal data via the Sites that can be used to identify or contact a unique person ("PII"). We generally will only collect PII via the Site when you provide it directly to us (we refer to this information as "Log Data").
You may provide PII such as an email address or a telephone number by sending us an email or filling out a form on the Site. In addition, Log Data may include information such as the Operating System running on your device, Internet Protocol address, access times, browser type and language, and the website you visited before visiting our Site.
Prospective employees may also send their resume that includes their postal address and other employment details. And our Clients may register via the Site with their email address and other contact details.
EPICA does not take action in response to "Do Not Track" browser signals from users visiting the Sites.
Sensitive personal information
Subject to the following paragraph, we ask that you not send or disclose to us any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or union membership) on or through the Service or otherwise.
However, If you fail to provide PII required...
Where we need to collect PII by law, or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with more information about an event). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Children under 13
We do not knowingly contact or collect information from children under 13. If you believe we have inadvertently collected such information, please contact us so we can promptly obtain parental consent or remove the information. If you are under 16, or the age of majority in the jurisdiction in which you reside, you may only use the EPICA Site and EPICA Services with the consent of your parent or legal guardian.
Changes to your personal information
It is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your relationship with us by updating your registration profile or emailing us at firstname.lastname@example.org.
How We Use Your Personal Information
We will only use your information when the law allows us to. Most commonly, we will use your information in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you (e.g., where we process your email address in order to access our systems or for billing purposes);
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- Where we need to comply with a legal or regulatory obligation;
- Where we have your explicit consent before using information. However, generally we do not rely on consent as a legal basis for processing personal data and you have the right to withdraw consent to marketing at any time by contacting us. You will find the relevant contact details at the end of this policy.
Use of PI to provide the Service
We use the information we collect primarily to provide, maintain, protect and improve our current services, to develop new ones and to manage Client accounts and human resources functions.
We use PI for the general purpose it was provided.
For example, if you ask a question about our products and services, we may send you an email in response, and might even have a salesperson contact you to gauge your interest in learning more about our services.
In general, we may use your information to:
- Improve our services, Site and how we operate our business;
- Understand and enhance your experience using our Site, products and services;
- Provide and deliver products and services you request;
- Link or combine it with other information we get from third parties, to help understand your needs and provide you with better service;
- Send you related information, including confirmations, invoices, technical notices, updates, security alerts and support and administrative messages;
- Communicate with you about promotions, upcoming events and news about products and services offered by EPICA and our selected partners;
- Protect, investigate and deter against fraudulent, unauthorized or illegal activity.
Epica may store and process PI in the United States and other countries. By using our Platform as a Client, you consent to this transfer of your information into the U.S.
To communicate with you
If you request information from us, register for the Service or participate in our surveys, promotions or events, we may send you Epica-related marketing communications if permitted by law but will provide you with the ability to opt out. In general, we may use information to:
- Respond to your comments or questions and allow our Services team to provide service;
- Send you related information, including confirmations, invoices, technical notices, updates, security alerts and support and administrative messages;
- Communicate with you about promotions, upcoming events and news about products and services offered by Epica and our selected partners;
We use data that we have stored about you, such as contact preferences you may have told us about.
We use our legitimate organizational interest as the legal basis for communications by email and for the collection of PII in the context of our sales and marketing activities where we have evaluated that our interests are not overridden by your fundamental rights. We will give you an opportunity to opt out of receiving electronic communications. If you do not opt out, we will provide you with an option to unsubscribe or manage your preferences in every email that we send you subsequently. Alternatively, you can use the contact details at the end of this policy to update your contact preferences.
To comply with law
We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
With your consent
We may use or share your personal information with your consent, such as when you consent to let us post your testimonials or endorsements on our Site, you instruct us to take a specific action with respect to your personal information or you opt into third party marketing communications.
To create anonymous data for analytics
We may create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by excluding information that makes the data personally identifiable to you, and use that anonymous data for our lawful business purposes.
For compliance, fraud prevention and safety
We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern the Service; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity. In general, we may use information to:
- Protect, investigate and deter against fraudulent, unauthorized or illegal activity.
EPICA prediction Platform collection and how EPICA processes that information
Our Platform is designed to allow our Clients to better understand how their customers, prospective customer and other individuals (their "Users") utilize the products and services offered by our Clients. The platform provides our Clients with the ability to collect information based on User interaction with their mobile application(s), mobile website(s) or other digital properties where Clients have integrated with the Platform (collectively, "Client Digital Properties") and send communications to such Users.
Some information is automatically collected from or about Users when they use Client Digital Properties. The types of information collected via Client Digital Properties for the Platform includes: the date/time for a visit to a Client Digital Property, referrer information such as what search engine and search keywords Users may have used to get to a Client Digital Property, information about the browser or device your User is on such as their Operating System, as well as the city/country location of Users, and any pseudonymous tokens and mobile advertising IDs (e.g., IDFA in iOS). In addition, our Clients can choose what other User data they want to collect and store on the platform such as an IP address, location information, a User's age, user names, real names, email addresses and other custom data points as determined by each Client.
We contractually prohibit Clients from placing sensitive information (e.g., passwords, authentication credentials, credit cards, social security or driver's license numbers) or information that is deemed sensitive by applicable law or self-regulatory codes such as the Digital Advertising Alliance. EPICA functions strictly as the data processing agent of our Clients. As a data processor and agent of our Clients, EPICA processes data via the platform as directed by our clients and for no other purposes. Accordingly, other than those aforementioned restrictions, the data stored on the Platform is subject to the privacy policies of each Client.
EPICA for e-commerce platforms
EPICA collects the following personal information from its customers (i.e., Client’s) and the shoppers using search on their websites:
- First name, last name, contact number and address (all optional)
- used for identifying a customer in our database and solely for the purpose of communication between EPICA and the Client
- Email address
- used as an account identifier
- used for billing and account related matters such as new features announcements, plugin upgrades and other notifications to which the Client has subscribed
- Business name, Billing address and their VAT/TAX number
- used for billing and invoicing purposes
- Payer’s email address and credit card details
- used for collecting payments but never stored in database or logs
Email addresses of additional users
- Configured by the Client for receiving daily and/or weekly analytics reports
Shoppers’ IP addresses
- To identify shoppers’ locations (i.e., country and local region) with a view to providing location based search insights to the Client
- To calculate transaction based EPICA-led conversions
- To provide personalised search experience to the store’s shoppers
Shoppers’ transaction data (optional)
- ID of the product bought, the price paid, the IP from which the product was bought. These data is collected to calculate EPICA-led conversions
Shoppers’ Email addresses
- used in conjunction with the DotMailer Email marketing tool. The collected email addresses are never exposed to anyone at EPICA as they are MD5 hashed, in the irreversible encrypted form.
- Used for storing category names, filters, product IDs and recently searched terms. All but the product IDs are often passed to the backend system as API parameters to obtain personalised product recommendations (for the shopper).
How We Share your Personal Information
Sharing of information, onward transfer
There are certain circumstances under which we may disclose your information to third parties. These are as follows:
- With third-party agents who work on our behalf as sub-processors, provided such third parties agree to adhere to the same privacy principles as EPICA;
- In an emergency, including protection of the personal safety of any person;
- For the purposes of a business deal (or negotiation of a business deal) involving sale or transfer of all or a part of our business or assets (business deals may include, for example, any merger, financing, acquisition, divestiture or bankruptcy transaction or proceeding);
- As required in response to a lawful request by public authorities, including meeting of national security or law enforcement requirements;
In cases of onward transfer to third parties of data of EU or Swiss resident received pursuant to the standard contractual Clauses, EPICA is potentially liable.
We do not sell PII collected via the Sites or collected pursuant to our sales and marketing activities to third parties for any purpose.
EPICA’s commitments as a data controller
EPICA may be classed as a data controller when we collect your data for billing and managing accounts receivable, for example. We are committed to:
- Limiting the data collected to what is strictly necessary and for the purpose for which it was collected.
- Storing personal data for a limited and appropriate time.
- Implementing technical and organisational measures to ensure a high degree of security.
Access, Update, Correct or Delete Your Information
All Epica account holders may review, update, correct or delete the personal information in the EPICA Platform. Epica's Clients may also contact us at email@example.com to accomplish the foregoing or if you have additional requests or questions. If you are a job applicant and have provided this kind of information, you can also contact us via e-mail to request to see the information we have in our systems.
Access to Data Controlled by our Clients
The individuals whose personal information is contained within the Client User Data processed by our Service may review, update, correct or delete the personal information in the EPICA Platform by sending a request from here. An individual who seeks access, or who seeks to correct, amend, or delete personal information provided by our Clients may also direct their request the Client. You may also contact us at firstname.lastname@example.org if you have additional questions or concerns.
If you are a California resident, you may ask us to refrain from sharing your personal information with certain of our affiliates and other third parties for their marketing purposes. Please tell us your preference by contacting us as specified below.
Tracking and Targeted Advertising
In some of our communications, we use tracking means, such as a "click-through URL" linked to content on the Site. We track this data to help us measure the effectiveness of our customer communications.
Choosing not to share your personal information
Where we need to collect your personal information by law, or to be able to provide the Service to you and you do not provide that information when requested (or you later ask to delete it), we may not be able to provide you with the Service and may need to cancel your service. We will tell you what information you must provide to receive the Service by designating it as required in the Service or through other appropriate means.
The security of your personal information important to us. We take a number of organizational, technical and physical measures designed to protect the personal information we collect, both during transmission and once we receive it.
We will ensure that any third parties we use for processing your information do the same and that they will only process your information on our instructions. The third parties will also be subject to a duty of confidentiality.
We take reasonable steps to help protect your information in an effort to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction.
It is your responsibility to protect your usernames and passwords to help prevent anyone from accessing or abusing your accounts and services. You should not use or reuse the same passwords you use with other accounts as your password for our services. We encrypt transmission of data on pages where you provide payment information or otherwise provide sensitive information. However, no security or encryption method can be guaranteed to protect information from hackers or human error. Information we collect may be stored or processed on computers located in any country where we do business. EPICA may store and process PII in the United States and the European Economic Area. By using our Platform as a Client, you consent to this transfer of your information into the U.S.
Epica is headquartered in the United States and has affiliates and service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.
European Union users should read the important information provided here about transfer of personal information outside of the European Economic Area.
Other Sites and Services
The Service may contain links to other websites and services. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.
Social Media Widgets
Or if you are feeling old fashioned, use snail mail:
PODERIO, Inc. 609 Greenwich St, 4th floor New York, New York, 10014 USA Attention: Data Protection Officer -- General Counsel
If you are located in Latin America, please write to:
PODERIO, SAS. Cra. 11B Nº 96-54, Suite 201, Bogotá Attention: Data Protection Officer -- General Counsel
If you are located in Europe, please write to:
EPICA Sepapaja tn 6 15551, Tallinn, Estonia Attention: Data Protection Officer -- General Counsel
Additional information for the European Union
In addition, if you reside in the European Economic Area, you may identify the relevant data controller for your personal information in accordance with the section "Relevant Data Controller" in the EEA Addendum below.
Epica is the processor of your personal information for purposes of European data protection legislation. Our Data Protection Officer can be reached at email@example.com
Legal basis for processing
We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below. If you have questions about the legal basis of how we process your personal information, contact us at firstname.lastname@example.org.
|Processing purpose||Legal Basis|
|To provide the Service||Processing is necessary to perform the contract governing our provision of the Service or to take steps that you request prior to signing up for the Service|
|To communicate with you |
To create anonymous data for analytics
For compliance, fraud prevention and safety
|These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).|
|To comply with law||Processing is necessary to comply with our legal obligations|
|With your consent||Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at email@example.com.|
Use for new purposes
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
- For our platform:
EPICA retains Client data for so long as you remain as a Client and will delete Client's information within 12 months of either party's termination of applicable Client agreement upon written request.
We retain User level data on the Platform as directed by our Clients and for a reasonable time thereafter for audit purposes and as otherwise required by law.
European data protection laws give you certain rights regarding your personal information. EPICA acknowledges that EU and Swiss individuals have certain legal rights including the right to complain to en EU supervisory authority and the right to access the personal data that we maintain about them. An EU or Swiss individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to mailto:firstname.lastname@example.org If requested to remove data, we will respond within 30 days. Please note that EPICA is a processor of the data contained on the Platform. If you seek to exercise data subject access rights for data processed via the Platform, we ask that you reach out to EPICA's Clients.
Under these circumstances, you have rights under data protection laws in relation to your personal data, as follows:
Withdraw - Opt-out. You have the right to withdraw your consent at any time In circumstances where we are relying on your consent to process your personal data. We will stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
Access. Provide you with information about our processing of your personal information and give you access to your personal information. You have a right to request a copy of the personal data that we hold about you. Please use the contact details at the end of this policy if you would like to exercise this right, or any of the rights listed below. If you are a European resident and consider our use of your personal data to be unlawful, you have the right to lodge a complaint with the relevant supervisory authority
Correct. We may update or correct inaccuracies in your personal information. You have the right to request that we correct the personal data we hold about you .
Delete. Delete your personal information. You have the right to request that we delete or remove personal data where there is no good reason for us continuing to process it. Please note that we may not always be able to comply with your request for erasure if there are specific legal reasons- which will be notified to you at the time of your request.
Transfer. You have the right to request that the personal data we hold about you is transferred to you or to a third party. We will provide a machine-readable copy of your personal information to you or a third party of your choice. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Restrict. Restrict the processing of your personal information. You have the right to request that we suspend the processing of your personal data in the following situations: (a) When the data's accuracy wants to be established by you; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Please note that EPICA is a processor of the data contained on the Platform. If you seek to exercise data subject access rights for data processed via the Platform, we ask that you reach out to EPICA's Clients.
You can submit these requests by email to email@example.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at firstname.lastname@example.org or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Access to your personal data
If you are an EPICA Client, you can sign into your account to see any PII we have stored, such as your name, email, address or phone number. You can also contact us by email to request to see this information.
If you are a job applicant and have provided this kind of information, you can also contact us via e-mail to request to see the information we have in our systems.
Cross-Border Data Transfer From EEA
Whenever we transfer your personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on one of the following safeguards recognized by the European Commission as providing adequate protection for personal information, where required by EU data protection legislation:
- Contracts approved by the European Commission, which impose data protection obligations on the parties to the transfer. For further details, see European Commission Model contracts for the transfer of personal information to third countries.
- For transfers to third parties in the United States, ensuring they participate in the E.U.-U.S. Privacy Shield Framework
Please Contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.