Ephesoft Privacy Policy

Last modified date: March 3, 2021

General

Ephesoft Inc including its group companies and affiliates (together “Ephesoft”, “we”, “us”), is committed to protecting and respecting your privacy. This Privacy Policy (together with our End User License Agreement, available at https://www.ephesoft.com/eula and any other documents referred to in it) describes how we collect, store, use and disclose personal data (defined below) from individuals who use our products, services and website located at ephesoft.com, and related subdomains (collectively the “Site”) (the Site and all other products and services provided by us together, the “Services”). In this Privacy Policy, the term “personal data” means information that relates to an identified or identifiable natural person. This Privacy Policy may be updated from time to time for any reason. We will notify you of any material changes to our Privacy Policy by posting the new Privacy Policy on our Site. You are advised to consult this Privacy Policy regularly for any changes. Your continued use of the Services following any changes to this Privacy Policy constitutes your acceptance of any such changes made. By using the Services you are consenting to the processing of your information as set forth in this Privacy Policy now and as amended by us. Please note that personal data about you may be processed and stored in the United States or other countries. You hereby consent to the transfer of any personal data to the United States or any other country outside of your country of residence where Ephesoft or its licensees, agents or service providers are providing services or processing or storing personal data in accordance with the terms of this Privacy Policy, which countries may provide a different level of data security than in your country of residence. Ephesoft does not represent or warrant that the Services, or any part thereof, are appropriate or available for use in any particular jurisdiction. When you choose to access the Services, you do so on your own initiative and at your own risk, and you are responsible for complying with all local laws, rules and regulations. We may limit the availability of the Services, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time and in our sole discretion. If you have any questions or comments about this Privacy Policy or our use of your personal data, please contact us at privacy@ephesoft.com.

Information We May Collect From You

The goal of Ephesoft in collecting personal data is to provide you with our Services, to communicate with you, and, when applicable, to manage your product license and subscription information. We may collect the following types of personal data about you: (i) Data You Provide to Us Directly: We collect information you provide directly to us. For example, we collect information upon your registration as a user of our Services or when you communicate with us. In particular, we may collect the following information from our users that may, in certain circumstances, constitute personal data:

  • Information Collected Upon Registration: If you wish to download and install Ephesoft software from the Site, you will be required to register, and to submit certain personal data to Ephesoft. This happens in a number of instances, such as when you register for a trial of our Services, or if you wish to receive marketing materials and information. Personal data that we may collect in such instances may include, without limitation, full user name, password, email address, city, time zone, telephone number, and other information that you decide to provide to us. We may also collect your IP address, as described below in Section 2 (ii);
  • Subscribing to Our Newsletter Mailing List: If you subscribe to our mailing list, we collect your email address. In this context, we may also collect data concerning your device (as further described below) to serve you with more personalized emails;
  • Communications: If you contact us, we may collect your contact details and other personal data you have provided to us. Moreover, a record of the correspondence may be kept.
  • We may also collect and process any other information you choose to provide to us or in the Services.

(ii) Data Collected Automatically The Services may automatically collect the following information from you that in certain circumstances may constitute personal data:

  • Log Information: When you visit the Site, our servers automatically record information that your browser sends whenever you visit a website. This information may include information such as your IP address, browser type or the domain from which you are visiting, the webpages you visit, the search terms you use, and any advertisements on which you click.
  • Cookies: Like many websites, we also use “cookie” technology to collect additional website usage data and to improve the Site and our Services. A cookie is a small data file that we transfer to your device’s hard disk. Ephesoft may use both session cookies and persistent cookies to better understand how you interact with the Site, to monitor aggregate usage by our users and web traffic on the Site, and to improve the Site and related Services. A session cookie enables certain features of the Site and is deleted from your device when you disconnect from or leave the Site. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Site. Persistent cookies can be removed by following your web browser help file directions. Most Internet browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.
  • Device Data: We may collect information about the device you use to access the Services, including for example the hardware model, operating system and version, unique device identifiers, MAC address, and IP Address;
  • Location Information: We may collect, use and share location information, including the real-time geographic location of your device, in connection with your use of the Services, for example using the IP address of your device. The location information may be used as part of certain features of the Services, as well as for the purposes of analyzing the use of the Services. By using the Services, you consent to the collection of your location information;
  • Google Analytics, Salesforce Pardot and Other Third Party Analytics Providers: We use Google Analytics for usage tracking. Google Analytics collects and stores data on your use of the Services, including without limitation time of visit, Site pages visited or opened and for how long are they used, the Internet Protocol (IP) address and information on the device used to access the Site. We may also use other third party data analytics service providers. These service providers may use cookies, web beacons and other technologies to collect information about your use of the Services. Analytics service providers enable us to collect, monitor and analyze data regarding the use of the Services, in order to understand how users use the Services and to increase the functionality and user-friendliness of the Services, as well as to better tailor the Services to users’ needs. Accordingly, some automatically collected data is shared with such third party service providers, who have their own privacy policies applicable to their operations. The current list of analytics service providers can be requested from us by contacting us at privacy@ephesoft.com.

The Purposes for Which We Use The Personal Data

(i) We use the personal data you provide to us directly for the following purposes:

  • To set up and maintain your registration;
  • To operate and manage the Services;
  • To provide features available in the Services;
  • To develop, improve, and protect the Services;
  • To communicate with you;
  • To prevent and investigate fraud and other misuses;
  • To protect our rights and/or our property;
  • For market research;
  • For electronic direct marketing, in compliance with applicable laws;
  • To audit and analyze the Services;
  • For customer services;
  • For professional services engagements and
  • To ensure the technical functionality and security of the Services.

(ii) We use the data collected automatically for the following purposes:

  • To improve customer service;
  • To personalize user experience;
  • To manage the Services;
  • To provide features available in the Services;
  • To develop, improve, and protect the Services;
  • For market research;
  • To audit and analyze the Services, including analyzing trends related to the use of the Services; and
  • To ensure the technical functionality and security of the Services.

 

How We Disclose Data

We do not disclose the personal data relating to our users to third parties unless otherwise stated below. The personal data collected in the Services may be disclosed in the following manner: (i) Personal data that you provide to us directly: We may disclose personal data you provide to us directly with the following categories of third parties:

  • To service providers: We engage certain trusted third parties to perform functions and provide services to us, including, without limitation, hosting and maintenance, customer relationship, database storage and management, and direct marketing campaigns. We will share your personal data with these third parties, but only to the extent necessary to perform these functions and provide such services, and only pursuant to binding contractual obligations requiring such third parties to maintain the privacy and security of your data;
  • To our business partners, such as advertising partners, in compliance with applicable laws;
  • To public authorities, such as law enforcement: Ephesoft cooperates with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims, legal process (including subpoenas), to protect the property and rights of Ephesoft or a third party, the safety of the public or any person, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law; and
  • To our subsidiaries and affiliates; or a subsequent owner, co-owner or operator of the Services and their advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization. Ephesoft may sell, transfer or otherwise share some or all of its assets, including your personal data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.

(ii) Data collected automatically: The data collected automatically in the Services may be disclosed to the following categories of third parties:

  • To service providers, such as data analysis companies;
  • To our business partners, such as advertising partners, in compliance with applicable laws;
  • To public authorities, such as law enforcement: Ephesoft cooperates with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims, legal process (including subpoenas), to protect the property and rights of Ephesoft or a third party, the safety of the public or any person, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law; and
  • To our subsidiaries and affiliates; or a subsequent owner, co-owner or operator of the Services and their advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization. Ephesoft may sell, transfer or otherwise share some or all of its assets, including your personal data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.

Moreover, we may disclose information to third parties in an aggregate and/or anonymized format that does not constitute personal data and does not allow the identification of individual users.

Your Rights

You have the following rights with respect to the personal data we hold about you:

  • The right to know what data we hold about you: If you would like to know what personal data we hold about you, please contact us by using the contact information provided below at the end of this Privacy Policy. We seek to swiftly respond to your inquiry.
  • The right to have incomplete, incorrect, outdated, or unnecessary personal data corrected, deleted, or updated. If you wish to make use of your rights stated above, or if you have additional questions regarding the correction, deletion, or updating of the personal data we hold about you, please contact us by using the contact information provided below at the end of this Privacy Policy.
  • The right to opt out of receiving electronic direct marketing communications from us: We may use your contact information to market to you, and provide you with information about, our products and services. If you decide at any time that you no longer wish to receive such information or communications from us, please follow the unsubscribe instructions provided in any of the communications. All electronic direct marketing communications that you may receive from us, such as e-mail messages and SMS-messages, give you an option of not receiving such communications from us in the future. If you have any additional questions about electronic direct marketing received from us, please contact us by using the contact information provided below at the end of this Privacy Policy.

Security

Ephesoft is very concerned about safeguarding the confidentiality of your personal data. We employ administrative, physical and electronic measures designed to protect your information from unauthorized access. Despite these efforts to store personal data collected in and through the Services in a secure operating environment that is not available to the public, we cannot guarantee the security of personal data during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of personal data, we cannot guarantee that our security measures will prevent third-parties such as so-called hackers from illegally obtaining access to personal data. We do not warrant or represent that personal data about you will be protected against, loss, misuse, or alteration by third parties. We will make any legally-required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored personal data to you via email or conspicuous posting on the Site in the most expedient time possible and without unreasonable delay, consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

Where We Store and Process Personal Data

Personal data collected by Ephesoft may be stored and processed in your region, in the United States or in any other country where Ephesoft or its affiliates, subsidiaries, or service providers maintain facilities. Ephesoft uses data centers of Microsoft Azure, Amazon Web Services (AWS), Google Cloud, and Hetzner AG maintaining major data centers in countries like Australia, Austria, Brazil, Canada, Finland, France, Germany, Hong Kong, India, Ireland, Japan, Korea, Malaysia, the Netherlands, Singapore, the United Kingdom and the United States. Typically, the primary storage location is in the customer’s region or in the United States, often with a backup to a data center in another region based upon the agreements setup. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps to ensure that the data we collect under this privacy statement is processed according to the provisions of this statement and the requirements of applicable law wherever the data is located. We transfer personal data from the European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections travel with your data.

Privacy Shield

Ephesoft Inc complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Ephesoft Inc has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If third-party agents process personal data on our behalf in a manner inconsistent with the principles of either Privacy Shield framework, we remain liable unless we prove we are not responsible for the event giving rise to the damage. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov. Ephesoft is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Questions or Complaints

If you have a question or complaint related to this privacy policy or Ephesoft’s participation in the EU-U.S. or Swiss-U.S. Privacy Shield, we encourage you to contact us via email at privacy@ephesoft.com. For any complaints related to the Privacy Shield frameworks that cannot be resolved with Ephesoft directly, we have committed to refer such complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint.  The services of JAMS are provided at no cost to you. Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Links to Other Websites

Our Site contains links to other websites. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal data from you. This Privacy Policy applies to personal data that we process when you use the Services. It does not apply to any links to third parties’ websites and/or services that you may encounter when you use the Services. Other sites follow different rules regarding the use or disclosure of the personally identifiable information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit. Please be aware that we are not responsible for the privacy practices of any third parties.

International Transfers of Personal Data

Some elements of the Services may be hosted on servers located in countries outside your own country. In particular, the Services are hosted on servers located in the United States. The laws applicable to the protection of personal data in such countries may be different and less stringent from those applicable in your home country. In particular, if you are located within the European Union, please note that personal data collected by us is transferred outside the European Union / European Economic Area. You consent to personal data about you being transferred outside your own country and, where applicable, outside the European Union.

California Residents

Under California law, California residents who have who have established a business relationship with Ephesoft may choose to opt out of Ephesoft’s disclosure of personal information about them to third parties for direct marketing purposes. If you choose to opt-out at any time after granting approval e-mail privacy@ephesoft.com.

Children’s Privacy

The Services are not directed to children under 13. We do not intend to collect personal data from children under 13. If you are under 13, please do not use the Services and do not send any information about yourself to us.

Contact

If you have any questions, comments or concerns regarding this Privacy Policy, your privacy as it relates to the use of the Services, or the protection of the personal data we hold about you, please contact us via e-mail at privacy@ephesoft.com or by mail at Ephesoft Inc, 8707 Research Drive, Irvine, California 92618 USA. We seek to promptly resolve any concerns you may have.