Privacy Policy

We are Epsilon Global Communications Pte Ltd. Our registered address is New Tech Park, 151 Lorong Chuan, #06-01A Lobby A, Singapore 556741. Our organisation is made up of several different group companies. A list of Epsilon’s group companies is available at https://www.epsilontel.com/epsilon-group/. This privacy policy is issued on behalf of the Epsilon group, so when we refer to Epsilon”, “we”, “us” or “our” we mean the relevant company or companies in the group.

Epsilon delivers global connectivity and communications services through and to multiple segments and channels on-demand via automation, portals and APIs to simplify the way you connect.

At Epsilon, we are committed to protecting the privacy of our customers and partners. We want to provide a safe and secure service where we deal with personal data.

“Personal data” means information that identifies you such as name, photo or contact details or data that can be linked with such information in order to identify you. It does not include data where your identity has been removed, known as anonymous data.

This privacy policy explains how we protect privacy and describes our practices in relation to personal data.

We may collect, use, store and transfer different kinds of personal data. We have grouped these together as follows:

• Identity Information includes name, maiden name, username or similar identifier, marital status, title, date of birth, gender, photograph, identification card number, driver’s licence number, tax reference number and/or passport details.
• Contact Information includes billing address, delivery address, email address, telephone numbers, fax numbers, car plate number (in limited situations such as when you visit Epsilon or our partners’ locations) and job title.
• Financial Information includes bank account and payment card details.
• Transaction Information includes details about payments and orders to and from you and other details of products and services you have purchased from or supplied to us.
• Technical Information includes internet protocol (IP) address, your login data, your location, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, platform and traffic data relating to telecommunications services provided by us and used by you.
• Profile Information includes username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
• Usage Information includes information about how you use our websites, platforms and services. It might also include a note or recording of support calls you make to us, live chats or similar interactions.
• Marketing and Communications Information includes your preferences in receiving marketing materials from us and our third parties and your communication preferences, as well as your preferences for particular products, services or activities.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific service feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not typically collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data), nor do we typically collect any information about criminal convictions and offences. There is one very limited exception – we might (with your consent) collect certain Special Categories of Personal Data (such as details about your race) in connection with your application for an employment position with Epsilon.

We collect personal data as follows:

• Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you do any of the following (whether on your own behalf or on behalf of an organisation):
  • enter into a contract with us or purchase our services;
  • apply for or enquire about our websites, platforms or services;
  • create an account on our websites, platforms or services;
  • use our websites, platforms or services;
  • subscribe to our newsletters or alerts;
  • request marketing materials to be sent to you;
  • enter a prize draw, competition, promotion or survey, or participate in an event or other marketing campaign organised by us; or
  • contact us – for example, if you get in touch to give us some feedback.
• Automated technologies or interactions.
  • As you interact with our websites, platforms or services, we may automatically collect Technical Data about your equipment, browsing actions, patterns and other interactions. We may also collect information about the level of service that you receive – for example, network or service faults and other events that may affect our network services or other services.
  • We may collect this personal data by using website cookies.
  • As part of providing telecommunications services, we may have access to traffic data, such as the data we see as part of providing connectivity – for example, the numbers you call, the time and duration of the call or how you are using data. We do not keep a record of the contents of calls or messages that travel over our networks, except with your consent or as otherwise required by applicable law.
  • If you visit one of our locations, including an office location or a data centre, we may use CCTV for security purposes.
• Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as follows:
  • Technical Data from the following parties:
    • analytics providers such as Google based inside or outside the EU;
    • advertising networks based inside or outside the EU; and
      social media platforms such as LinkedIn, Twitter and Facebook based inside or outside the EU.
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services based inside or outside the EU.
  • Identity and Contact Data from publicly available sources such as company registries, fraud-prevention agencies, credit check reference / vetting agencies or directory listings such as Cloudscene.com, PeeringDB.com and Datacenterhawk, based inside or outside the EU.

General overview of how we use personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you (or your organisation, as applicable).
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.
• Where we have your consent to do so (for example, if we obtain your consent for marketing communications).

What this means in practice

In practice, this means that we will use your personal data:

• To register you as a new customer.
• To process and deliver your order and account, including managing payments, fees and charges and collecting and recovering money owed to us.
• To manage our relationship with you.
• To enable you to partake in a prize draw, competition, promotion, complete a survey, or participate in an event or other marketing campaign organised by us.
• To administer, operate, provide, maintain and protect our business and our websites, platforms and services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
• To deliver relevant content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
• To use data analytics to improve our website, platforms, services, marketing, customer relationships and experiences.
• To make suggestions and recommendations to you about products or services that may be of interest to you.
• To send you relevant information about our events, news announcements or promotions.
• To contact you in relation to the above.
• Where we have to use your personal data for another purpose as required by law or regulation – for example, to respond to administrative, judicial or law enforcement requests or to comply with applicable laws and regulations.

Promotional offers and marketing

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

You will receive marketing communications from us if you have requested information from us, purchased services from us or otherwise had a business relationship with us and you have not opted out of receiving that marketing. In all other cases, we will obtain your consent before contacting you for marketing purposes.

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time at marketing@epsilontel.com. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a service purchase, warranty registration, service experience or other transactions.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our websites, platforms or services may become inaccessible or not function properly.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at dpo@epsilontel.com. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We only retain your information for as long as is necessary for us to use your information as described above, where it is in our legitimate interest, or to comply with our legal obligations. However, please be advised that we may retain some of your information after you cease to use our services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.

When determining the relevant retention periods, we will take into account factors including:

• our contractual obligations and rights in relation to the information involved;
• legal obligation(s) under applicable law to retain data for a certain period of time;
• our legitimate interest where we have carried out a balancing test;
• statute of limitations under applicable law(s);
• (potential) disputes;
• if you have made a request to have your information deleted; and
• guidelines issued by relevant data protection authorities.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

We only share your personal data for the purposes set out above. We do not share it for any other purpose.

External third parties

We share your personal data with our business partners; and third parties who perform functions on our behalf and who also provide services to us, including IT service providers, internet exchange providers, cloud service providers, data storage providers, professional advisors, IT consultants carrying out testing and development work on our business technology systems, and service providers that we use to serve you marketing or advertising online.

We may share your personal data with third parties to comply with a legal obligation; when we believe in good faith that an applicable law requires it; at the request of governmental authorities conducting an investigation; to verify or enforce our contractual rights or other applicable policies; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of third parties, visitors to the our website, our business or the public.

Internal third parties

We also share your personal data with other Epsilon group companies for internal reasons, primarily for business and operational purposes. For example, our finance team in Singapore may help to support sales contracts entered into by our group company in the UK, or vice versa.

As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us your personal data will be disclosed to such entity. Also, if any bankruptcy or reorganisation proceeding is brought by or against us, all such information will be considered an asset of ours and as such it is possible they will be sold or transferred to third parties.

How do we ensure it is protected?

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

If you do not provide the personal data necessary, or withdraw your consent for the processing of your personal data, where this information is necessary for us to provide services to you, we will not be able to provide these services to you.

In circumstances where it is not necessary for us to provide services to you, there will be no impact on the services if you do not provide the personal data or withdraw your consent.

We do not envisage that any decisions will be made about you using automated means. However, we will notify you if this position changes.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Yes. We may need to transfer information to other Epsilon group companies, service providers or business partners in countries outside of your country.

From within the EEA to outside the EEA

The EEA (or European Economic Area) means countries in the European Union, as well as Iceland, Liechtenstein and Norway. We may need to transfer personal data outside of the EEA, including to:

• The Philippines;
• Hong Kong;
• Singapore;
• The United States of America;
• Countries in the Middle East, including the United Arab Emirates; and
• Countries in Africa.

When we send your information to a country that is not in the EEA, we will make sure that your information is properly protected. We will always ensure that there is a proper legal agreement that covers the data transfer. If a country is not considered to have laws that are equivalent to EU data protection standards, we will ask the third party service provider to enter into a legal agreement that reflects those standards.

From within another country (not in the EEA) to outside of that country

We may need to transfer personal data outside of a country. When we send your information from a country (not in the EEA) outside of that country, we will make sure that your information is protected to at least the same standard as that which is required in the originating country. For example, we will always ensure that there is a proper legal agreement that covers the data transfer.

By law, you have a number of rights when it comes to your personal data. Please contact us at dpo@epsilontel.com to exercise any of your rights. Further information and advice about your rights can be obtained from the data protection regulator in your country.

• The right to object to processing – You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
• The right to be informed – You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this privacy policy.
• The right of access – You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this privacy policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law.
• The right to rectification – You are entitled to have your information corrected if it’s inaccurate or incomplete.
• The right to erasure – This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions – for example, this does not apply if processing of data is necessary for Epsilon to comply with legal obligations or handle legal claims.
• The right to restrict processing – You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
• The right to data portability – You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
• The right to lodge a complaint – You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
• The right to withdraw consent – If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

• baseless or excessive/repeated requests, or
• further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request. Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

We may contact you by phone, email, post, social media or other contact details provided by you.

We have appointed a Data Protection Officer (known as a “DPO”). If you have any questions about our privacy policy, you can direct your question to our DPO at dpo@epsilontel.com. You have the right to make a complaint to data protection authorities in relation to privacy issues. We would, however, appreciate the chance to deal with your concerns before you approach data protection authorities so please contact us in the first instance.