PRIVACY POLICY
- Identity Information includes name, maiden name, username or similar identifier, marital status, title, date of birth, gender, photograph, identification card number, driver’s licence number, tax reference number and/or passport details.
- Contact Information includes billing address, delivery address, email address, telephone numbers, fax numbers, car plate number (in limited situations such as when you visit Epsilon or our partners’ locations) and job title.
- Financial Information includes bank account and payment card details.
- Transaction Information includes details about payments and orders to and from you and other details of products and services you have purchased from or supplied to us.
- Technical Information includes internet protocol (IP) address, your login data, your location, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, platform and traffic data relating to telecommunications services provided by us and used by you.
- Profile Information includes username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Information includes information about how you use our websites, platforms and services. It might also include a note or recording of support calls you make to us, live chats or similar interactions.
- Marketing and Communications Information includes your preferences in receiving marketing materials from us and our third parties and your communication preferences, as well as your preferences for particular products, services or activities.
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you do any of the following (whether on your own behalf or on behalf of an organisation):
- enter into a contract with us or purchase our services;
- apply for or enquire about our websites, platforms or services;
- create an account on our websites, platforms or services;
- use our websites, platforms or services;
- subscribe to our newsletters or alerts;
- request marketing materials to be sent to you;
- enter a prize draw, competition, promotion or survey, or participate in an event or other marketing campaign organised by us; or
- contact us – for example, if you get in touch to give us some feedback.
- Automated technologies or interactions.
- As you interact with our websites, platforms or services, we may automatically collect Technical Data about your equipment, browsing actions, patterns and other interactions. We may also collect information about the level of service that you receive – for example, network or service faults and other events that may affect our network services or other services.
- We may collect this personal data by using website cookies.
- As part of providing telecommunications services, we may have access to traffic data, such as the data we see as part of providing connectivity – for example, the numbers you call, the time and duration of the call or how you are using data. We do not keep a record of the contents of calls or messages that travel over our networks, except with your consent or as otherwise required by applicable law.
- If you visit one of our locations, including an office location or a data centre, we may use CCTV for security purposes.
- Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as follows:
- Technical Data from the following parties:
- analytics providers such as Google based inside or outside the EU;
- advertising networks based inside or outside the EU; and
- social media platforms such as LinkedIn, Twitter and Facebook based inside or outside the EU.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services based inside or outside the EU.
- Identity and Contact Data from publicly available sources such as company registries, fraud-prevention agencies, credit check reference / vetting agencies or directory listings such as Cloudscene.com, PeeringDB.com and Datacenterhawk, based inside or outside the EU.
- Where we need to perform the contract we are about to enter into or have entered into with you (or your organisation, as applicable).
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- Where we have your consent to do so (for example, if we obtain your consent for marketing communications).
- To register you as a new customer.
- To process and deliver your order and account, including managing payments, fees and charges and collecting and recovering money owed to us.
- To manage our relationship with you.
- To enable you to partake in a prize draw, competition, promotion, complete a survey, or participate in an event or other marketing campaign organised by us.
- To administer, operate, provide, maintain and protect our business and our websites, platforms and services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
- To deliver relevant content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
- To use data analytics to improve our website, platforms, services, marketing, customer relationships and experiences.
- To make suggestions and recommendations to you about products or services that may be of interest to you.
- To send you relevant information about our events, news announcements or promotions.
- To contact you in relation to the above.
- Where we have to use your personal data for another purpose as required by law or regulation – for example, to respond to administrative, judicial or law enforcement requests or to comply with applicable laws and regulations.
(a) our contractual obligations and rights in relation to the information involved;(b) legal obligation(s) under applicable law to retain data for a certain period of time;(c) our legitimate interest where we have carried out a balancing test;(d) statute of limitations under applicable law(s);(e) (potential) disputes;(f) if you have made a request to have your information deleted; and(g) guidelines issued by relevant data protection authorities.
- The Philippines;
- Hong Kong;
- Singapore;
- The United States of America;
- Countries in the Middle East, including the United Arab Emirates; and
- Countries in Africa.
- The right to object to processing - You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
- The right to be informed - You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this privacy policy.
- The right of access - You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this privacy policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law.
- The right to rectification - You are entitled to have your information corrected if it’s inaccurate or incomplete.
- The right to erasure - This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions – for example, this does not apply if processing of data is necessary for Epsilon to comply with legal obligations or handle legal claims.
- The right to restrict processing - You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
- The right to data portability - You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
- The right to lodge a complaint - You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
- The right to withdraw consent - If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.
- baseless or excessive/repeated requests, or
- further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request. Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.