LAST UPDATED: June, 2019
NAME OF THE REGISTER
Customer and marketing register of Epiito A/S (the “Register”).
EPIITO AND YOU
SECTION 1. WHO WE ARE
We collect and use information about our Website visitors and those that interact with our Services in order to manage your relationship with Epiito and to better serve you by personalizing your experience and how you connect with us.
SECTION 2. HOW WE PROCESS AND HANDLE DATA
The information we collect from you depends on the nature of your relationship with us or your interaction with our Website, Services and marketing events and communications. The information we collect may include both Personal Data and Other Information, as detailed below.
You are not required to share the Personal Data that we request. However, if you choose not to share such information, in some cases we might not be able to provide you with the Services, allow you to access certain specialized features of the Services or be able to effectively respond to any queries you may have.
Epiito will never collect more of your Personal Data than is necessary for the intended purpose of processing that information. Some of the uses of Personal Data listed in sections 3, 4 and 5 may not be mandatory and can be controlled by you.
Please see the YOUR PRIVACY RIGHTS section below to learn more about how you can control the information Epiito processes about you.
SECTION 3: EPIITO WEBSITE AND SERVICES
Epiito maintains control of the data provided to, collected by or for, or processed in connection to the Epiito Website and Services. We gather information about visitors to both our password-protected Services and our publicly accessible Website.
A. What information we collect through our Website and Services and how we collect it
a. Information you provide to us
We collect information about you through our Website, Services, online forms and email, for example when you request a free trial or demo or contact us via our Website. This can include e.g. (i) first and last name; (ii) e-mail address, telephone number, address; (iii) payment information and transactional data. In addition, we may collect the following data arising from the customer relationship (i) information relating to maintaining the customer relationship; (ii) information on marketing permissions; and (iii) customer service data.
When you communicate with Epiito, we will store all communications we receive unless otherwise requested by you. If you are submitting information on behalf of another individual, you are responsible for obtaining appropriate consent, including consent to share and transfer any Personal Data across borders.
b. Information we collect automatically
Although we do not normally use automatically collected data to identify you as an individual, you can sometimes be recognized from it. In such situations, the automatically collected data can also be considered personal data under applicable laws.
Log data. As with most internet technology services, our servers automatically collect information when you access or use our Website and Services and record it in log files. This log may include IP address, usage data, browser type, the date and time the Site or Service were accessed, and language preferences cookies (if enabled).
Device Information. Epiito collects data about devices accessing the Website and Services, which may include the type of device, device settings, application IDs, and unique identifiers. Whether we collect any or all of this information will depend on the type of device used and how it has been configured by you.
Location Information. We receive data from you and other third parties that helps us to track an approximate device location. We may use, for example, an IP address detected by your browser or device to determine device location. We may also collect information from devices in accordance with the consent process provided by your device.
Third Parties. We use and permit selected third parties to use automatic data collection tools to collect information using website tracking technologies such as cookies, web beacons, embedded URS, pixels, widgets, buttons or other similar technologies. These can be disabled by you.
B. How we use that data
We may use the information collected for the following purposes:
- To be able to deliver our Services to you and meet our contractual obligations. Some of the functions and Services on this site are simply unable to work properly if we do not know who is using them.
- To improve the operation of the Website and Services;
- To engage in research and development of the Website and Services;
- To conduct ordinary business operations such as sales, marketing, support, education and training;
- To engage in corporate reporting and management; and
- To conduct market research.
- How we share that data
- Sharing with third party service providers. We retain third party service providers to manage or support certain aspects of our business. These third party service providers may be located globally and may provide services to us such as website hosting, data analysis, advertising and marketing services, data hosting, live-chat and helpdesk services, providing information technology infrastructure, customer service, email delivery, credit card processing, auditing and other similar services. Our third party service providers are contractually bound to safeguard any Personal Data they receive from us and they are prohibited from using such Personal Data for any purpose other than to perform the services as instructed by Epiito.
- Sharing with ad technology providers. We may provide information we collect to ad technology providers so that they may recognize your devices and deliver interest-based content to you. The information may include your name, postal address, email, device ID, or other identifier in encrypted form. The providers may process the information in hashed or anonymized form. These providers may collect additional information from you, such as your IP address and information about your browser or operating system; may combine information about you with information from other companies in data sharing cooperatives in which we participate; and may place or recognize their own unique cookie on your browser. These cookies may contain demographic or other data in an anonymized form.
- Complying with law / protecting legal rights. We may be required to disclose your information to comply with applicable laws (including laws outside of your country of residence), regulations, court orders, government and law enforcement requests, including national security or other law enforcement requirements. Additionally, if we reasonably believe that it is necessary or appropriate, we reserve the right to use or disclose your information to allow us to pursue available claims or remedies and protect our legal rights, property or the safety of our employees, users or others, to the extent allowed by applicable law. This includes exchanging information with companies and organizations for the purposes of fraud detection.
SECTION 4: MARKETING ACTIVITIES
Epiito maintains control of the data provided to, or collected by or for, or processed in connection with certain marketing activities, such as email communications, webinars, conferences and events. We and our third party service providers may collect information in the following ways:
A. What data we collect through our marketing activities and how we collect it
a. Information you provide to us
In addition to information submitted to Epiito through our Website, for example when you register for a webinar, subscribe to our email newsletter or download content (such as a whitepaper), we may also collect information from you offline, such as when you attend our events in person or during phone calls with sales representatives.
b. Information we acquire from a third party
To enhance Epiito’s ability to provide relevant marketing, offers, and services to you, we may receive information about you from third parties, such as public databases, partners, lead generation services, and social media platforms. We also collect information from other sources to help us correct or supplement our records such as customer enrichment services, improve the quality or personalization of our Services to you and to verify your identification in instances of suspected fraud or identity theft. In each instance we will only accept information from third parties where those third parties can demonstrate they have received all necessary consents to share such information with us.
B. How we use that data
We may use information that is collected through our marketing activities in the same way we use information collected through our Website or Services, as well as for the following purposes:
- To verify your identity if required (for example, for payment of a ticket to a Epiito event);
- To tailor marketing to your interests, or to recommend Services that may be of interest to you;
- To contact you with business, marketing and sales communications that you have agreed to receive such as newsletters, announcements, and special offers, or to notify you of upcoming events;
- To update and improve Epiito’s Services;
- To engage in corporate reporting and management;
- To conduct market research; and
- To conduct other similar uses pertaining to the Epiito’s Marketing Activities.
- How we share that data
We may share information that is collected through our marketing activities in the same way we share information collected through our Website and Services, as well as for the following purposes:
- Communicating with you regarding a Epiito Event. We or our partners may communicate with you about events hosted or co-sponsored by Epiito or one or more of our partners. These communications may include information about the event’s content, logistics, payment, updates, or requests for additional information related to your event registration. After the event, Epiito may contact you about the event and our related services and may share information about your attendance with other third parties. Epiito may also share your information with designated event sponsors or partners who may then send you communications related to your event attendance.
Please note that, during events, our partners or conference sponsors may directly request that you provide them with information about you at their conference booths or presentations. You should review their privacy policies to learn how they use information they collect. Each event may include additional privacy protection practices and terms unique to that event, included in attendee guidebooks, the event website or sponsorship agreements.
SECTION 5: OUR CUSTOMER RELATIONSHIPS
When you use our Services, certain user data is processed by Epiito. The data is still controlled by you (the customer, partner, prospective customer), however, Epiito is a processor. Epiito collects, processes and stores information throughout these processes, as follows:
A. What data we collect and how we collect it
a. Information customers and certain users provide directly through password protected portals
We collect data as registration details from you when an account is set up. We will collect the data that you share with Epiito in the Service, as based on your organization’s configuration of the Epiito Service.
b. Information collected automatically
We may automatically collect information through our Services in the same way we automatically collect information through our Website. We will further collect user behavior in our Services, including actions, movements, notes, visualizations, 3D models etc. that will be connected to your login and shared with you when downloading or extracting information about your behavior within the Services.
c. Anonymized, aggregated data
In addition to the information you provide to us and which we collect automatically, Epiito also collects anonymous and aggregated information about how Epiito’s Services are used, to better design and operate our Service. As part of our operations we might also anonymize or pseudonymize your information for regulatory compliance, market analysis and other Epiito business purposes.
B. How we use that data
Epiito collects and uses customer information as necessary for the adequate performance of the contract between you as a customer and Epiito, and in accordance with any instructions received and the applicable contract terms. We use customer, partner and prospective customer information collected through our password-protected Services in a number of ways.
Using Account Generated Data. Epiito will use account generated data in furtherance of our legitimate interests in operating the Services. We may use information that is collected through our customer relationships in the same way we use information collected through our Website and Marketing Activities (cf. above), as well as for the following purposes:
- To verify your identity if required (for example, for security reasons to gain access to an account);
- To prevent fraudulent activities, such as fraudulent purchases;
- To provide customer support services, problem solution support and enhancing your customer experience – we use the data (which can include communications with Epiito employees) to investigate, respond to and resolve complaints and service issues;
- To monitor license compliance;
- To provide transaction support, including fulfilment of purchased licenses and to communicate with you about those requests;
- To provide notification of bug fixes and security patches;
- To review and respond to queries or feedback that you may provide to us;
- To monitor calls for training and providing support purposes; and
- To conduct other similar uses pertaining to our relationships with you.
- How we share that data
We may share information that is collected through our customer relationships in the same way we share information collected through our Website.
SECTION 6. PROCESSING YOUR PERSONAL DATA
Epiito relies on the following reasons for processing Personal Data:
- Consent (where you have given consent)
We process certain Personal Data based on the consent you provided when you submitted your information. Where we rely on your consent, you have the right to withdraw or decline your consent at any time, such as consenting to receive marketing communications.
- Contract (where processing is necessary for the performance of a contract with you, i.e. to deliver the Services you or your organization have purchased).
When information is processed under contract, you are able to terminate the contract at any time and request that information be returned to you and/or deleted.
- Legitimate interests of Epiito or any third parties.
Legitimate interests include enabling us to conduct internal business services, such as audits, mergers and acquisitions, reporting, and improving our Services. Personal Data will only be processed on these grounds when doing so does not outweigh your rights.
Where we rely on legitimate interests, you have the right to object at any time.
- Compliance with laws (where we are required to process information to comply with applicable laws)
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as the possible consequences if you do not provide your information).
SECTION 7. HOW WE KEEP YOUR INFORMATION SECURE
At Epiito, we understand the importance of information, and the need to keep Personal Data secure. We have implemented and maintain technical, administrative and physical security measures designed to protect your information from unauthorized access, disclosure, misuse, alteration, accidental loss or destruction.
We regularly review our security procedures to maintain the confidentiality, integrity, availability and resilience of all data both online and offline. These security procedures and measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology but include firewalls, data encryption, physical access controls and information access authorization controls. Epiito has implemented an incident response plan, with a company protocol we follow in the event of any data breach. We take steps to regularly monitor our systems for vulnerabilities and to ensure that we only share information with those who need to know it.
However, no website or internet transmission is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur, and we cannot warrant the security of any information that you provide to us. You are responsible for securing and maintaining the privacy of any password(s) and account registration information uses with Epiito, and verifying that the information we maintain about you is accurate and current. We are not responsible for protecting any information that we share with a third party based on an account connection that you have authorized.
We require that our third party service providers and partners agree to keep the information we share with them confidential and to use the information only to perform their obligations in the agreements we have in place with them. Epiito has implemented internal policies to ensure that such parties are required under contract to maintain privacy and security protections which are at least as consistent with our own policies and practices.
We maintain a list of our current sub-processors of Personal Data.
SECTION 8. STORAGE AND RETENTION OF YOUR INFORMATION
Epiito is a global company and your information is stored on regional servers depending on your location and the locations of the servers of the companies we hire to provide services to us based on contractual requirements.
SECTION 9. WHAT IS NOT COVERED IN THIS POLICY
Epiito Partners who provide implementation and other solution services may also gather information and you should consult those other parties’ privacy policies as appropriate as they may be applicable to you. Please also note that in using our Website, we may provide links to other websites. Any interactions you have with these websites are beyond the control of Epiito.
SECTION 10. YOUR PRIVACY RIGHTS
We provide you the ability to exercise certain controls and choices regarding our collection, use and sharing of your information.
Please be aware that, if you do not allow us to collect your information from you, we may not be able to deliver certain products and services to you, and some of the Epiito services may not be able to take account of your interests and preferences.
Your choices. In accordance with applicable law, you may be entitled to exercise your rights and choices as follows:
- Account settings. You may update your profile, your account and any related information at any time to ensure that information is up to date or delete inaccuracies.
- Devices and browsers. Some of our mobile services useyour device’s location information. You can adjust the setting of your mobile device at any time to control whether your device communicates this location information.
- Data Access. You may request access to the Personal Data we hold about you and request that we edit or delete them.
- Data Portability. You are entitled to request copies of Personal Data that you have provided to us in a structured, commonly used and machine-readable format and/or request that this information be transmitted to another service provider (where technically feasible).
- Deletion. You may be able to have your Personal Data deleted or erased.
- Correcting inaccurate or incomplete information. We maintain a process to help you confirm that your personal details remain correct and up-to-date.
- Manage your Information. You may choose whether or not you wish to receive material from us or some of our partners. Please let us know by contacting us.
- Withdrawing consent. If the processing of your Personal Data is based on your consent, you may withdraw your consent at any time as to future processing.
- Objecting to or restricting use of Personal Data. You can ask us to stop using all or some of your Personal Data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your Personal Data is inaccurate or unlawfully held).
SECTION 11. UPDATES AND HOW TO CONTACT US
UPDATES TO THIS PRIVACY STATEMENT
Written inquiries may be addressed to CTO Jesper Bendix at:
Strandslodvej 6B, 3.
2300 Copenhagen S
PHONE: +45 70 215 215
If you feel that you have not received a timely or satisfactory response from us to your question or complaint, please contact the applicable independent recourse below: EU Data Protection Authorities (DPAs)