EpiAnalytics, Inc. (“EpiAnalytics”) is committed to protecting the privacy of all information we collect. This Privacy Statement covers all client and personal information that we collect or use in the course of conducting our business as well as from visitors using the EpiAnalytics Website. By using the EpiAnalytics website, you consent to the data practices described in this Privacy Statement.
This Privacy Statement has Three (3) main parts, PART I describes our data practices with respect to Personal Data (as defined below) that EpiAnalytics processes on behalf of its partners and clients; and PART II describes our data practices with respect to information we collect about our business contacts and other visitors to the EpiAnalytics website. The general provisions in PART III apply to our data practices in both PART I and PART II.
USERS OUTSIDE OF THE UNITED STATES
PART I: PERSONAL DATA PROCESSED ON BEHALF OF EPIANALYTICS CLIENTS
As a general description of our data processing services, EpiAnalytics analyzes (processes) open-ended requests and responses from our clients’ customers who consent to be contacted or who have pre-existing relationships with the EpiAnalytics client for which EpiAnalytics is providing analytics service. As described in this Part I, EpiAnalytics does not own the Personal Data that we process.
1. EPIANALYTICS IS A DATA PROCESSOR
EpiAnalytics processes, on behalf of its partners and clients (EpiAnalytics “Clients”), Personal Data that has been collected by or on behalf of those Clients. “Personal Data” is information relating to an identified or identifiable person. Under the Privacy Shield program (the “Privacy Shield”), EpiAnalytics acts as a Data Processor and each Client acts as a Data Controller. For the purposes of the Privacy Shield, U.S.-Swiss Safe Harbor, and this Privacy Statement: a “Data Processor” is an entity that processes Personal Data on behalf of a Data Controller; a “Data Controller” is an entity that determines the purposes for which Personal Data are processed. To “process” Personal Data means to carry out an operation or set of operations on such Personal Data, such as collecting, recording, storing, disclosing, or organizing it. The “Data Subject” means the person to whom a certain set of Personal Data relate; for example, the person who submits a support request, or responds to a survey.
2. CLIENT INSTRUCTIONS
As a Data Processor, EpiAnalytics will only process Personal Data pursuant to the instructions of the applicable Client. EpiAnalytics may use the services of third party Data Processors to process Personal Data in accordance with purposes identified for such Personal Data by the applicable Client. Subject to the foregoing sentence and Section 1 of Part III (”Security Measures”) below, EpiAnalytics will not transfer Personal Data to a Third Party (which, for purposes of this Privacy Statement, means an entity other than EpiAnalytics and its applicable Client) without instructions from the applicable Client. EpiAnalytics will not be responsible for determining the authenticity of any purported Data Subject’s request to access his or her Personal Data. In the absence of express instructions to do so from the applicable Client, EpiAnalytics will not provide a purported Data Subject with access to his or her Personal Data unless it is demonstrated to EpiAnalytics’ satisfaction that the applicable Data Controller has refused such access.
3. PERSONAL DATA COLLECTION
Customer comments and feedback are analyzed to improve the business processes and relationships between our Clients and their customers. Typically a Client’s customers provide the Client with certain information including their names, companies, job titles, phone numbers, comments, and email addresses and the Client may provide such information to EpiAnalytics to enable us to process and analyze data on behalf of the Client. In addition, commercial list services may provide EpiAnalytics with contact information for people who have opted to receive email (”opt-in lists”) on specific topics of interest.
PART II: BUSINESS CONTACT INFORMATION
In addition to the data we process on behalf of our Clients, EpiAnalytics also processes (on its own behalf) information about our Clients and the individuals who represent our Clients, as described in this Part II.
1. COLLECTION AND USE OF BUSINESS CONTACT DATA
The individuals who represent EpiAnalytics Clients or potential Clients (”Business Contacts”) may voluntarily provide their contact information and related data (collectively “Business Contact Data”) to EpiAnalytics by various means, including telephone, email, postal mail, the “contact us” or “download” page on the EpiAnalytics website, or other means. The Business Contact Data submitted to us is used to communicate with and provide services for Clients and potential Clients. EpiAnalytics will change, update or delete Business Contact Data when a request by the applicable Business Contact is requested. To send a request to our Privacy Department, you can email us at: firstname.lastname@example.org or mail us at EpiAnalytics, Inc. 7417 Magellan Street, Suite 100, Carlsbad, CA 92011 USA. We will use commercially reasonable efforts to promptly determine and remedy the problem and we will respond to your request for access within 30 days.
2. DISCLOSURE OF BUSINESS CONTACT DATA
Generally, EpiAnalytics does not provide Business Contact Data or other data to third parties. EpiAnalytics may provide Business Contact Data or other data to third parties to the extent such third parties provide operational assistance (i.e., outsourced or third party services) to EpiAnalytics and then only for that purpose. EpiAnalytics may share Business Contact Data or other data with its corporate family, including its parent company, subsidiaries, or other companies under common control with EpiAnalytics for the same operational assistance.
The EpiAnalytics website may use "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize EpiAnalytics pages, or register with EpiAnalytics site or services, a cookie helps EpiAnalytics to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same EpiAnalytics Website, the information you previously provided can be retrieved, so you can easily use the EpiAnalytics features that you customized.
You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the EpiAnalytics services or Websites you visit.
PART III: GENERAL
1. SECURITY MEASURES
EpiAnalytics uses industry-standard security measures to protect the integrity and confidentiality of Business Contact Data as well as Personal Data it processes on behalf of Clients, including, in appropriate circumstances, the use of firewalls, restricted access, and encrypted transmissions. EpiAnalytics limits access to Business Contact Data or Personal Data to those persons in EpiAnalytics organization who have a business need to process such Business Contact Data or Personal Data. However, no company, including EpiAnalytics, can fully eliminate the security risks associated with such Business Contact Data or Personal Data.
Due to factors beyond EpiAnalytics control, EpiAnalytics cannot ensure that Business Contact Data or Personal Data will not be disclosed to third parties. For example, EpiAnalytics may become legally obligated to disclose such data, or, despite precautions, third parties may circumvent security measures to intercept or access such data.
EpiAnalytics may also collect information about your computer hardware and software. This information can include: your IP address, browser type, domain names, access times and referring Website addresses and is used by EpiAnalytics to maintain quality of the service, and to provide general statistics regarding use of the EpiAnalytics Website.
2. USE OF YOUR PERSONAL INFORMATION
EpiAnalytics does not sell, rent or lease its customer lists to third parties. EpiAnalytics may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) is not transferred to the third party. In addition, EpiAnalytics may share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support. All such third parties are prohibited from using your personal information except to provide these services to EpiAnalytics, and they are required to maintain the confidentiality of your information.
EpiAnalytics does not use or disclose sensitive personal information, such as race, religion, or political affiliations, without your explicit consent.
EpiAnalytics will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on EpiAnalytics or the site; (b) protect and defend the rights or property of EpiAnalytics; or (c) act under exigent circumstances to protect the personal safety of users of EpiAnalytics, or the public. You may request deletion of your Personal Data, but please note that we analyze data provided by our clients and we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives.
Our promises to you:
1. Notice. When we collect your personal information, we’ll give you timely and appropriate notice describing what personal information we’re collecting, how we’ll use it, and the types of third parties with whom we may share it.
2. Choice. We’ll give you choices about the ways we use and share your personal information, and we’ll respect the choices you make.
3. Relevance. We’ll collect only as much personal information as we need for specific, identified purposes, and we won’t use it for other purposes without obtaining your consent.
4. Retention. We’ll keep your personal information only as long as we need it for the purposes for which we collected it, or as permitted by law.
5. Accuracy. We’ll take appropriate steps to make sure the personal information in our records is accurate.
6. Access. We’ll provide ways for you to access your personal information, as required by law, so you can correct inaccuracies.
7. Security. We’ll take appropriate physical, technical, and organizational measures to protect your personal information from loss, misuse, unauthorized access or disclosure, alteration, and destruction.
8. Sharing. Except as described in this Privacy Statement, we won’t share your personal information with third parties without your consent.
9. International Transfer. If we transfer your personal information to another country, we’ll take appropriate measures to protect your privacy and the personal information we transfer.
10. Enforcement. We’ll regularly review how we’re meeting these privacy promises, and we’ll provide an independent way to resolve complaints about our privacy practices.
Privacy Department, EpiAnalytics, Inc.
7417 Magellan Street, Suite 100
Carlsbad, CA 92011
(858) 381-5700 / email@example.com
EpiAnalytics has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield and US-Swiss Safe Harbor Principles to ICDR/AAA as our independent recourse mechanism. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit: http://info.adr.org/safeharbor.
We self-certify compliance with EU-US Privacy Shield and US-Swiss Safe Harbor.
CHANGES TO THIS STATEMENT
EpiAnalytics will occasionally update this Statement of Privacy to reflect company and customer feedback. EpiAnalytics encourages you to periodically review this Statement to be informed of how EpiAnalytics is protecting your information.
Effective Date: August 2016