Effective Date: August 2018
EpiAnalytics, Inc. (“EpiAnalytics,” also referred to as “we,” “us,” and “our”) is committed to protecting the privacy of all information we collect. This Privacy Statement covers all client and personal information that we collect or use in the course of conducting our business as well as from visitors using the EpiAnalytics website (the “Website”). By using the Website, you consent to the data practices described in this Privacy Statement.
This Privacy Statement has three (3) main parts. PART I describes our data practices with respect to Personal Data (as defined below) that EpiAnalytics processes on behalf of its partners and clients. PART II describes our data practices with respect to information we collect about our business contacts and other visitors to the Website. The general provisions in PART III apply to our data practices in both PART I and PART II.
USERS OUTSIDE OF THE UNITED STATES
Your personal data may be processed in the country in which it was collected and in other countries, including the United States, where laws regarding processing of personal data may be less stringent than the laws in your country.
For information on our partners’ and clients’ participation with the Privacy Shield program, please review their respective privacy policies.
PART I: PERSONAL DATA PROCESSED ON BEHALF OF EPIANALYTICS CLIENTS
As a general description of our data processing services, EpiAnalytics analyzes (processes) open-ended requests and responses from our clients’ customers who consent to be contacted by or who have pre-existing relationships with the EpiAnalytics client for which EpiAnalytics is providing analytics service. As described in this Part I, EpiAnalytics does not own the Personal Data that we process.
1. EPIANALYTICS IS A DATA PROCESSOR
EpiAnalytics processes, on behalf of its partners and clients (EpiAnalytics “Clients”), Personal Data that has been collected by or on behalf of those Clients. “Personal Data” is information relating to an identified or identifiable person. Under the Privacy Shield program (the “Privacy Shield”) and the EU General Data Protection Regulation (“GDPR”), EpiAnalytics acts as a Data Processor and each Client acts as a Data Controller. For the purposes of the EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield, GDPR, and this Privacy Statement: a “Data Processor” is an entity that processes Personal Data on behalf of a Data Controller; a “Data Controller” is an entity that determines the purposes for which Personal Data are processed. To “process” Personal Data means to carry out an operation or set of operations on such Personal Data, such as collecting, recording, storing, disclosing, or organizing it. The “Data Subject” means the person to whom a certain set of Personal Data relate; for example, the person who submits a support request, or responds to a survey.
2. CLIENT INSTRUCTIONS
As a Data Processor, EpiAnalytics will only process Personal Data pursuant to the instructions of the applicable Client. EpiAnalytics may use the services of third party Data Processors to process Personal Data in accordance with purposes identified for such Personal Data by the applicable Client. Subject to the foregoing sentence and Section 1 of Part III (”Security Measures”) below, EpiAnalytics will not transfer Personal Data to a Third Party (which, for purposes of this Privacy Statement, means an entity other than EpiAnalytics and its applicable Client) without instructions from the applicable Client. EpiAnalytics will not be responsible for determining the authenticity of any purported Data Subject’s request to access his or her Personal Data. In the absence of express instructions to do so from the applicable Client, EpiAnalytics will not provide a purported Data Subject with access to his or her Personal Data unless it is demonstrated to EpiAnalytics’ satisfaction that the applicable Data Controller has refused such access.
3. PERSONAL DATA COLLECTION
Customer comments and feedback are analyzed to improve the business processes and relationships between our Clients and their customers. Typically, a Client’s customers provide the Client with certain information including their names, companies, job titles, phone numbers, comments, and email addresses and the Client may provide such information to EpiAnalytics to enable us to process and analyze data on behalf of the Client. In addition, commercial list services may provide EpiAnalytics with contact information for people who have opted to receive email (”opt-in lists”) on specific topics of interest.
PART II: BUSINESS CONTACT INFORMATION
In addition to the data we process on behalf of our Clients, EpiAnalytics also processes (on its own behalf) information about our Clients and the individuals who represent our Clients, as described in this Part II.
1. COLLECTION AND USE OF BUSINESS CONTACT DATA
The individuals who represent EpiAnalytics Clients or potential Clients (”Business Contacts”) may voluntarily provide their contact information and related data (collectively “Business Contact Data”) to EpiAnalytics by various means, including telephone, email, postal mail, the “contact us” or “download” page on the Website, or other means. The Business Contact Data submitted to us is used to communicate with and provide services for Clients and potential Clients. EpiAnalytics will change, update or delete Business Contact Data when a request by the applicable Business Contact is requested. To send a request to our Privacy Department, you can email us at: email@example.com or mail us at EpiAnalytics, Inc. 7417 Magellan Street, Suite 100, Carlsbad, CA 92011 USA. We will use commercially reasonable efforts to promptly determine and remedy the problem and we will respond to your request for access within 30 days.
2. DISCLOSURE OF BUSINESS CONTACT DATA
Generally, EpiAnalytics does not provide Business Contact Data or other data to third parties. EpiAnalytics may provide Business Contact Data or other data to third parties to the extent such third parties provide operational assistance (i.e., outsourced or third-party services) to EpiAnalytics and then only for that purpose. EpiAnalytics may share Business Contact Data or other data with its corporate family, including its parent company, subsidiaries, or other companies under common control with EpiAnalytics for the same operational assistance.
The Website may use "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize EpiAnalytics pages, or register with EpiAnalytics (either on the Website or via the services offered through the Website), a cookie helps EpiAnalytics to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same Website, the information you previously provided can be retrieved, so you can easily use the EpiAnalytics features that you customized.
You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the EpiAnalytics services or the Website.
PART III: GENERAL
1. SECURITY MEASURES
EpiAnalytics uses industry-standard security measures to protect the integrity and confidentiality of Business Contact Data as well as Personal Data it processes on behalf of Clients, including, in appropriate circumstances, the use of firewalls, restricted access, and encrypted transmissions. EpiAnalytics limits access to Business Contact Data or Personal Data to those persons in EpiAnalytics organization who have a business need to process such Business Contact Data or Personal Data. However, no company, including EpiAnalytics, can fully eliminate the security risks associated with such Business Contact Data or Personal Data.
Due to factors beyond EpiAnalytics’ control, EpiAnalytics cannot ensure that Business Contact Data or Personal Data will not be disclosed to third parties. For example, EpiAnalytics may become legally obligated to disclose such data, or, despite precautions, third parties may circumvent security measures to intercept or access such data.
EpiAnalytics may also collect information about your computer hardware and software. This information can include: your IP address, browser type, domain names, access times and referring website addresses and is used by EpiAnalytics to maintain quality of the service, and to provide general statistics regarding use of the Website.
2. USE OF YOUR PERSONAL INFORMATION
EpiAnalytics does not sell, rent or lease its Client list to third parties. EpiAnalytics may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) is not transferred to the third party. In addition, EpiAnalytics may share data with trusted partners to help us perform statistical analysis, send you email or postal mail and/or provide customer support. All such third parties are prohibited from using your personal information except to provide these services to EpiAnalytics, and they are required to maintain the confidentiality of your information.
EpiAnalytics will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on EpiAnalytics or the site; (b) protect and defend the rights or property of EpiAnalytics; or (c) act under exigent circumstances to protect the personal safety of users of EpiAnalytics, or the public. You may request deletion of your Personal Data, but please note that we analyze data provided by our clients and we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives.
Our promises to you:
1. Notice. When we collect your personal information, we’ll give you timely and appropriate notice describing what personal information we’re collecting, how we’ll use it, and the types of third parties with whom we may share it.
2. Choice. We’ll give you choices about the ways we use and share your personal information, and we’ll respect the choices you make. EpiAnalytics offers individuals the opportunity to choose (opt out) whether their personal data is (i) to be disclosed to a third party (other than our service providers performing tasks on EpiAnalytics’ behalf pursuant to a contract or a customer on whose behalf we are processing it) or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals.
For sensitive information (i.e., personal data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information specifying the sex life of the individual or information designated by the transferring organization as sensitive), EpiAnalytics obtains (directly or through a third party, such as our customer) affirmative express consent (opt-in) from individuals, with certain exceptions permitted by the Privacy Shield program, if such information is to be (i) disclosed to a third party or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice.
We are committed to providing individuals with clear, conspicuous, and readily available mechanisms to exercise choice. Therefore, in addition to any other mechanisms that may be provided in particular cases, individuals may opt out by contacting EpiAnalytics using the points of contact in the "Contact Us" section below.
3. Relevance. We’ll collect only as much personal information as we need for specific, identified purposes, and we won’t use it for other purposes without obtaining your consent.
4. Retention. We’ll keep your personal information only as long as we need it for the purposes for which we collected it, or as permitted by law.
5. Accuracy. We’ll take appropriate steps to make sure the personal information in our records is accurate.
6. Access. We’ll provide ways for you to access your personal information, as required by law, so you can correct inaccuracies. Should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to access this information, rectify it or request to have it deleted.
7. Security. We’ll take appropriate physical, technical, and organizational measures to protect your personal information from loss, misuse, unauthorized access or disclosure, alteration, and destruction.
8. Sharing. Except as described in this Privacy Statement, we won’t share your personal information with third parties without your consent.
9. International Transfer. If we transfer your personal information to another country, we’ll take appropriate measures to protect your privacy and the personal information we transfer.
10. Enforcement. We’ll regularly review how we’re meeting these privacy promises, and we’ll provide an independent way to resolve complaints about our privacy practices.
11. Dispute resolution. Individuals also may be able to invoke binding arbitration, under certain circumstances where permitted by the Privacy Shield program, if the individual believes there has been a violation of Privacy Shield requirements that has not been appropriately addressed by EpiAnalytics.
12. Liability. EpiAnalytics’ compliance with its Privacy Shield obligations also is subject to investigation and enforcement by the U.S. Federal Trade Commission. EpiAnalytics complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
13. Disclosure. EpiAnalytics may disclose personal data that it collects to its customers for employment screening, due diligence, or similar purposes. EpiAnalytics may disclose personal data to its service providers. EpiAnalytics also may be required to disclose personal data in response to lawful requests by public authorities, including disclosures to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, EpiAnalytics commits to resolve complaints about our collection or use of your personal information. EpiAnalytics is currently in the process of self-certifying to the Privacy Shield. During this process, as well as once EpiAnalytics has been approved as being compliant with Privacy Shield, EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact EpiAnalytics at:
7417 Magellan Street, Suite 100
Carlsbad, CA 92011
EpiAnalytics has further committed to refer unresolved Privacy Shield complaints to the ICDR-AAA Privacy Shield Program, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of ICDR-AAA Privacy Shield Program are provided at no cost to you.
California Privacy Rights
California Civil Code Section 1798.83 permits our Website visitors who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org. Please make sure to state that you are a California Resident.
Children Under the Age of 13
Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features, register on the Website, make any purchases through the Website, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact via email at email@example.com.
In compliance with GDPR, we may rely upon one or more legal bases defined in the GDPR to collect, use, share and otherwise process the personal information of individual located in the EU, including where:
• Necessary to perform a contract we have with you, such as our terms of engagement, and to provide services;
• You have consented to the processing (in which case you may revoke your consent at any time);
• Necessary for us to comply with a legal obligation, or to establish, exercise or defend legal claims;
• Necessary to protect your vital interests or those of others;
• Necessary in the public interest; and
• Necessary for the purposes of EpiAnalytics or a third party’s legitimate interests, such as those of clients, partners, staff or others, provided that those interests are not overridden by your interests or fundamental rights and freedoms.
Where we collect, use, disclose and otherwise process your information based on legitimate interests, we may rely on the following interests:
• Provision of services: We use your information to provide services to you and others.
• Keeping our services safe and secure: We use your information in certain instances as necessary to pursue our and your legitimate interests of keeping some of our services, such as our domains, websites, apps, offices and events, safe and secure. For example, we collect IP addresses and process log files to ensure our Website and apps are not subject to fraudulent access.
• Marketing our services: We use your information as necessary to pursue our legitimate interests in marketing our services.
• Providing, improving and developing services: We use your information as necessary to pursue our legitimate interests in tailoring and improving our services. For example, if you are a customer, we may send you a survey or questionnaire to understand your experience in obtaining services from EpiAnalytics.
• Providing seamless services with affiliates of EpiAnalytics: In some cases, the services require the engagement of, or sharing of your information with, other companies affiliated with EpiAnalytics.
If you are located in the EU, under certain circumstances, you may have certain legal rights under the GDPR, including:
• To access the personal data we maintain about you
• To receive information about how we process your personal data
• To correct your personal data
• To have your personal data erased
• To object to or restrict how we process your personal data
• To request your personal data be transferred to a third party
• To withdraw any consent you may have given us to process your personal data
If you are an EU resident, you have the right to object to our processing that is based on legitimate interests by contacting us at the address or number below. If you are located in the EU and you believe that EpiAnalytics has infringed your rights under the GDPR, please contact us by sending an email to firstname.lastname@example.org.
You have the right to lodge a complaint with a supervisory authority, in particular in your applicable Member State.
CHANGES TO THIS STATEMENT
EpiAnalytics will occasionally update this Privacy Statement to reflect company and customer feedback. EpiAnalytics encourages you to periodically review this Statement to be informed of how EpiAnalytics is protecting your information.