At EPICA, we are committed to protecting your data. We also work very hard at being transparent about the information we hold about you and our clients. Using data allows us to develop a better understanding of how you and other users interact with our communications, and in turn to provide you with relevant and timely information about the work that we do. Data also helps us to engage with current and potential customers.
EPICA collects personal data in the course of our business. The definitions of personal data vary depending on the laws where you are located. For example, in the European Union (EU), personal data is defined broadly, and would include data that may used to contact or identify a person (e.g., email, telephone number) as well as pseudonymous data that is generally only able to identify a computer, browser or a mobile device. EPICA will explain the different types of personal data below, and will try to be clear when we’re describing our use of each throughout this Policy.
1) What information we collect and why we collect it
2) How we use this information
3) The choices we offer, including how to access, update and remove information
Effective as of September 26, 2018
European Union should be sure to read the important information provided HERE.
If you have any questions, please contact our Data Protection Officer using the contact details at the end of this policy.
Customers of our Service (“Clients”) use it to collect information about how their own users use Client websites, applications, services (“Client Services”) and related third-party applications (“Client User Data”); more efficiently route their Client User Data to their own third party applications/services; and control the exchange of the Client User Data between their own third party applications/services.
EPICA allows our Clients to unify your customer data and connect it anywhere to improve marketing performance, enhance analytics, and transform the customer experience.
Client User Data may include, without limitation, information about the identity of Client users (such as name, postal address, e-mail address, and IP address), as well as information about the features that they use, the pages that users visit and the actions that they take while using the Client Services.
We collect personal information about you in the following ways:
When you sign up to our newsletters, request marketing materials, register for an event or sign into the platform, we will store the PII you give to us such:
We obtain additional information about you from third party sources to enrich your experience on the Epica website and provide you with more relevant information related to our service offerings.
Our site is primarily directed to our clients and prospective clients (our “Clients”) which are generally businesses. We collect personal data via the Sites that can be used to identify or contact a unique person (“PII”). We generally will only collect PII via the Site when you provide it directly to us (we refer to this information as “Log Data”).
You may provide PII such as an email address or a telephone number by sending us an email or filling out a form on the Site. In addition, Log Data may include information such as the Operating System running on your device, Internet Protocol address, access times, browser type and language, and the website you visited before visiting our Site.
Prospective employees may also send their resume that includes their postal address and other employment details. And our Clients may register via the Site with their email address and other contact details.
EPICA does not take action in response to “Do Not Track” browser signals from users visiting the Sites.
Subject to the following paragraph, we ask that you not send or disclose to us any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or union membership) on or through the Service or otherwise.
However, If you fail to provide PII required…
Where we need to collect PII by law, or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with more information about an event). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We do not knowingly contact or collect information from children under 13. If you believe we have inadvertently collected such information, please contact us so we can promptly obtain parental consent or remove the information. If you are under 16, or the age of majority in the jurisdiction in which you reside, you may only use the EPICA Site and EPICA Services with the consent of your parent or legal guardian.
It is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your relationship with us by updating your registration profile or emailing us at email@example.com.
We will only use your information when the law allows us to. Most commonly, we will use your information in the following circumstances:
We use the information we collect primarily to provide, maintain, protect and improve our current services, to develop new ones and to manage Client accounts and human resources functions.
For example, if you ask a question about our products and services, we may send you an email in response, and might even have a salesperson contact you to gauge your interest in learning more about our services.
In general, we may use your information to:
Epica may store and process PI in the United States and other countries. By using our Platform as a Client, you consent to this transfer of your information into the U.S.
If you request information from us, register for the Service or participate in our surveys, promotions or events, we may send you Epica-related marketing communications if permitted by law but will provide you with the ability to opt out. In general, we may use information to:
We use data that we have stored about you, such as contact preferences you may have told us about.
We use our legitimate organizational interest as the legal basis for communications by email and for the collection of PII in the context of our sales and marketing activities where we have evaluated that our interests are not overridden by your fundamental rights. We will give you an opportunity to opt out of receiving electronic communications. If you do not opt out, we will provide you with an option to unsubscribe or manage your preferences in every email that we send you subsequently. Alternatively, you can use the contact details at the end of this policy to update your contact preferences.
We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
We may use or share your personal information with your consent, such as when you consent to let us post your testimonials or endorsements on our Site, you instruct us to take a specific action with respect to your personal information or you opt into third party marketing communications.
We may create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by excluding information that makes the data personally identifiable to you, and use that anonymous data for our lawful business purposes.
We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern the Service; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity. In general, we may use information to:
Our Platform is designed to allow our Clients to better understand how their customers, prospective customer and other individuals (their “Users”) utilize the products and services offered by our Clients. The platform provides our Clients with the ability to collect information based on User interaction with their mobile application(s), mobile website(s) or other digital properties where Clients have integrated with the Platform (collectively, “Client Digital Properties”) and send communications to such Users.
Some information is automatically collected from or about Users when they use Client Digital Properties. The types of information collected via Client Digital Properties for the Platform includes: the date/time for a visit to a Client Digital Property, referrer information such as what search engine and search keywords Users may have used to get to a Client Digital Property, information about the browser or device your User is on such as their Operating System, as well as the city/country location of Users, and any pseudonymous tokens and mobile advertising IDs (e.g., IDFA in iOS). In addition, our Clients can choose what other User data they want to collect and store on the platform such as an IP address, location information, a User’s age, user names, real names, email addresses and other custom data points as determined by each Client.
We contractually prohibit Clients from placing sensitive information (e.g., passwords, authentication credentials, credit cards, social security or driver’s license numbers) or information that is deemed sensitive by applicable law or self-regulatory codes such as the Digital Advertising Alliance. EPICA functions strictly as the data processing agent of our Clients. As a data processor and agent of our Clients, EPICA processes data via the platform as directed by our clients and for no other purposes. Accordingly, other than those aforementioned restrictions, the data stored on the Platform is subject to the privacy policies of each Client.
There are certain circumstances under which we may disclose your information to third parties. These are as follows:
In cases of onward transfer to third parties of data of EU or Swiss resident received pursuant to the standard contractual Clauses, EPICA is potentially liable.
We do not sell PII collected via the Sites or collected pursuant to our sales and marketing activities to third parties for any purpose.
All Epica account holders may review, update, correct or delete the personal information in the EPICA Platform. Epica’s Clients may also contact us at firstname.lastname@example.org to accomplish the foregoing or if you have additional requests or questions. If you are a job applicant and have provided this kind of information, you can also contact us via e-mail to request to see the information we have in our systems.
The individuals whose personal information is contained within the Client User Data processed by our Service may review, update, correct or delete the personal information in the EPICA Platform by sending a request from here. An individual who seeks access, or who seeks to correct, amend, or delete personal information provided by our Clients may also direct their request the Client. You may also contact us at email@example.com if you have additional questions or concerns.
If you are a California resident, you may ask us to refrain from sharing your personal information with certain of our affiliates and other third parties for their marketing purposes. Please tell us your preference by contacting us as specified below.
In some of our communications, we use tracking means, such as a “click-through URL” linked to content on the Site. We track this data to help us measure the effectiveness of our customer communications.
Where we need to collect your personal information by law, or to be able to provide the Service to you and you do not provide that information when requested (or you later ask to delete it), we may not be able to provide you with the Service and may need to cancel your service. We will tell you what information you must provide to receive the Service by designating it as required in the Service or through other appropriate means.
The security of your personal information important to us. We take a number of organizational, technical and physical measures designed to protect the personal information we collect, both during transmission and once we receive it.
We will ensure that any third parties we use for processing your information do the same and that they will only process your information on our instructions. The third parties will also be subject to a duty of confidentiality.
We take reasonable steps to help protect your information in an effort to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction.
It is your responsibility to protect your usernames and passwords to help prevent anyone from accessing or abusing your accounts and services. You should not use or reuse the same passwords you use with other accounts as your password for our services. We encrypt transmission of data on pages where you provide payment information or otherwise provide sensitive information. However, no security or encryption method can be guaranteed to protect information from hackers or human error. Information we collect may be stored or processed on computers located in any country where we do business. EPICA may store and process PII in the United States and the European Economic Area. By using our Platform as a Client, you consent to this transfer of your information into the U.S.
Epica is headquartered in the United States and has affiliates and service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.
European Union users should read the important information provided here about transfer of personal information outside of the European Economic Area.
The Service may contain links to other websites and services. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.
Or if you are feeling old fashioned, use snail mail:
33 Irving Place, 3rd floor
New York, New York, 10003 USA
Attention: Data Protection Officer – General Counsel
If you are located in Latin America, please write to:
Cra. 11B Nº 96-54, Suite 201, Bogotá
Attention: Data Protection Officer – General Counsel
If you are located in Europe, please write to:
Sepapaja tn 6 15551, Tallinn, Estonia
Attention: Data Protection Officer – General Counsel
In addition, if you reside in the European Economic Area, you may identify the relevant data controller for your personal information in accordance with the section “Relevant Data Controller” in the EEA Addendum below.
Epica is the processor of your personal information for purposes of European data protection legislation. Our Data Protection Officer can be reached at firstname.lastname@example.org
We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below. If you have questions about the legal basis of how we process your personal information, contact us at email@example.com.
|Processing purpose||Legal Basis|
|To provide the Service||Processing is necessary to perform the contract governing our provision of the Service or to take steps that you request prior to signing up for the Service|
|To communicate with you|
To create anonymous data for analytics
For compliance, fraud prevention and safety
|These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).|
|To comply with law||Processing is necessary to comply with our legal obligations|
|With your consent||Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at firstname.lastname@example.org.|
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
EPICA retains Client data for so long as you remain as a Client and will delete Client’s information within 12 months of either party’s termination of applicable Client agreement upon written request.
We retain User level data on the Platform as directed by our Clients and for a reasonable time thereafter for audit purposes and as otherwise required by law.
European data protection laws give you certain rights regarding your personal information. EPICA acknowledges that EU and Swiss individuals have certain legal rights including the right to complain to en EU supervisory authority and the right to access the personal data that we maintain about them. An EU or Swiss individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to mailto:email@example.com If requested to remove data, we will respond within 30 days. Please note that EPICA is a processor of the data contained on the Platform. If you seek to exercise data subject access rights for data processed via the Platform, we ask that you reach out to EPICA’s Clients.
Under these circumstances, you have rights under data protection laws in relation to your personal data, as follows:
Withdraw - Opt-out. You have the right to withdraw your consent at any time In circumstances where we are relying on your consent to process your personal data. We will stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
Access. Provide you with information about our processing of your personal information and give you access to your personal information. You have a right to request a copy of the personal data that we hold about you. Please use the contact details at the end of this policy if you would like to exercise this right, or any of the rights listed below. If you are a European resident and consider our use of your personal data to be unlawful, you have the right to lodge a complaint with the relevant supervisory authority
Correct. We may update or correct inaccuracies in your personal information. You have the right to request that we correct the personal data we hold about you .
Delete. Delete your personal information. You have the right to request that we delete or remove personal data where there is no good reason for us continuing to process it. Please note that we may not always be able to comply with your request for erasure if there are specific legal reasons- which will be notified to you at the time of your request.
Transfer. You have the right to request that the personal data we hold about you is transferred to you or to a third party. We will provide a machine-readable copy of your personal information to you or a third party of your choice. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Restrict. Restrict the processing of your personal information. You have the right to request that we suspend the processing of your personal data in the following situations: (a) When the data’s accuracy wants to be established by you; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Please note that EPICA is a processor of the data contained on the Platform. If you seek to exercise data subject access rights for data processed via the Platform, we ask that you reach out to EPICA’s Clients.
You can submit these requests by email to firstname.lastname@example.org or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at email@example.com or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you are an EPICA Client, you can sign into your account to see any PII we have stored, such as your name, email, address or phone number. You can also contact us by email to request to see this information.
If you are a job applicant and have provided this kind of information, you can also contact us via e-mail to request to see the information we have in our systems.
Whenever we transfer your personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on one of the following safeguards recognized by the European Commission as providing adequate protection for personal information, where required by EU data protection legislation:
Please Contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.