EFFECTIVE DATE: JANUARY 01, 2023
Eptura, Inc. (collectively, “we,” “us,” “our,” or “Company”) also refers any of our corporate affiliates or subsidiaries, respect the privacy of our customers and individuals who use our services. This SaaS Privacy Notice (“Notice”) is made available to you to describe how we collect, use, and share personal data we process on behalf of our Customers when you use our hosted software applications (“Services”). It also describes your choices regarding the use, access and correction of your Personal Information that we process in the course of fulfilling our obligations as a service provider according to the Eptura Services Agreement (“Services Agreement”) executed between Eptura and our customer (“Customer”). Customer may be your employer, or if you are an independent contractor, they may be the entity that has engaged you to provide your services to them.
2. About Eptura and the Personal Information We Collect
Eptura is a global worktech company that provides software solutions for people, workplaces and assets to enable everyone to reach their full potential. While using our Services, Customers and their authorized users input or transfer electronic data into the Eptura systems (“Customer Data”). Customer Data may include an individual’s name, email address, unique identifier(s), phone number(s), company position, business unit, cost center and location within Customer’s workplace (“Personal Information”).
3. Retention of Personal Information
Eptura will retain Personal Information we process on behalf of our Customers for as long as needed to provide Services to our Customer and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
4. Transfers of Personal Information
Eptura is responsible for the processing of Personal Information it receives from Customers and any onward transfers to third parties acting on our behalf in compliance with applicable law, including but not limited to, the Australian Privacy Act 1988; California Consumer Privacy Act of 2018 (“CCPA”); the EU General Data Protection Regulation 2016/679 (“GDPR”) and its respective national implementing legislations; the Swiss Federal Act on Data Protection; the United Kingdom General Data Protection Regulation (“UK GDPR”); and the United Kingdom Data Protection Act 2018 (in each case, as amended, adopted, or superseded from time to time).
Eptura Services and sites are primarily provided and hosted from the United States; however, we may transfer, and process, your personal data outside of the country in which you are resident to a country that may not have equivalent privacy and data protection laws (and, in some cases, may not be as protective). Any such transfers will be performed consistent with the Service Agreement between Eptura and our Customers. When transferring data across borders, we will make sure that an appropriate transfer agreement is in place to protect Personal Information
Certain recipients (our service providers and other companies) who process Personal Information on our behalf may also transfer personal data outside the country in which you are resident. Where such transfers occur, we will make sure that an appropriate transfer agreement is put in place to protect Personal Information.
If you are a resident of the EEA, the UK or Switzerland, we will protect Personal Information when it is transferred outside of the EEA, the UK or Switzerland by processing it in a territory which the European Commission has determined provides an adequate level of protection for personal data or we will rely on the Standard Contractual Clauses approved by the European Commission.
5. How We Collect Personal Information
5.1 From Customers
Eptura processes Customer Data under the direction of Customers and has no direct control or ownership of the Personal Information it receives or processes. If you are an authorized user of one of our Customers and would no longer like to be contacted by one of our Customers that use our Service, please contact the Customer that you interact with directly. Customers are responsible for complying with regulations or laws that require providing notice, disclosure and/or obtaining consent prior to transferring the data to Eptura for processing purposes
5.2 From You
Eptura may collect Personal Information directly from you. This information may be collected when:
- you register to use the Services
- you use the Services, or another application that the Services are embedded in (eg. as a mobile application provided by Eptura’s Customer)
- you contact the Eptura Support team
- you use your work PC to access the Services
- you pass through a security checkpoint at one of our Customer’s premises.
- you access our website
5.3 Passive Collection
As is true of most websites and web applications, we gather certain information automatically. This information may include Internet Protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the features viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, usage, change history, and/or clickstream data to analyze trends in the aggregate and administer the site.
6. You May Request Access, Changes and/or Removal to/of Your Personal Information
Eptura acknowledges that you have the right to access your personal information. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate Personal Information should first direct your query to Eptura’s Customer (the data controller), or second by emailing your request to [email protected]
Eptura will process your request as soon as reasonably practicable, or within a reasonable timeframe, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet your request, we will let you know why. For example, it may be necessary for us to deny your request if it would have an unreasonable impact on the privacy or affairs of other individuals, or if it is not reasonable and practicable for us to process your request in the manner you have requested. In some circumstances, it may be necessary for us to seek to arrange access to your personal information through a mutually agreed intermediary (for example, our Customer).
7. Customer Obligations Around Personal Information
Through our Customer’s use of the Services, Eptura may collect information about our Customer’s personnel from our Customer. Similarly, through your use of the Services, Eptura may also collect information from you about someone else.
In either case, if you or our Customer (each an “Information Provider”) provide Eptura with Personal Information about someone else, the Information Provider must ensure that they are authorized to disclose that information to Eptura and that, without Eptura taking any further steps required by applicable data protection or privacy laws, Eptura may collect, use and disclose such information for the purposes described in this Notice.
This means that if required by applicable law, the Information Provider must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Notice, including the fact that their Personal Information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, Eptura’s identity, and how to contact Eptura.
Where requested to do so by Eptura, the Information Provider must also assist Eptura with any requests by the individual to access or update the Personal Information it has collected from them and entered into the Service.
It is your responsibility to ensure that the Personal Information provided to us is accurate, complete, and up to date.
8. Eptura Collects, Holds and Uses Your Personal Information for Limited Purposes
8.1 To Provide the Services
The use of Personal Information collected through the Services is limited to the purpose of providing the Service in the Service Agreement. Eptura uses your information to provide the Services to you, including to verify your identity when you log in, communicate with you about the Service, prevent or address service or technical problems, respond to support issues, provide transaction histories, produce de-identified industry trends/benchmarks, or otherwise operate, maintain, and improve the Services. We may also use your information when responding to Customer’s instructions or as may be required by law in accordance with the Services Agreement.
We analyze information about how people use our services, such as information about your use of facilities, statistics about general room utilization by type, and other activity germane to the work environment and office and facilities management, to identify trends, usage, activity patterns, and to develop new products, features, and technologies that benefit our users. With user consent as a user where required, we also test and analyze certain new features with some Customers before rolling the feature out to all Customers.
To provide certain features in the Services, we may create aggregated, de-identified data from Customer Data by removing, obfuscating, or otherwise anonymizing data components (such as your name, email address, or linkable tracking ID) that make the data personally identifiable. Our use of anonymized data is not subject to this Notice.
For example, we may use aggregated data to produce de-identified industry trends/benchmarks that allow users to benchmark their utilization of the Services against how others use our Services. When aggregate data is used or displayed to our users, we leverage analytics techniques that hash, filter, or otherwise scrub the information to exclude information that might identify you as an individual or your organization.
8.2 To Secure the Services
We use information about you and your use of the Services to verify accounts and activity, to detect, prevent, and respond to potential or actual security incidents and to monitor and protect against other malicious, deceptive, fraudulent, or illegal activity, including violations of service policies.
8.3 To Protect our Legitimate Interests and Legal Rights
Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, including our Customers, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
We process this information about you only where we have a legal basis for doing so. This means we process your information only when:
We need it to provide you the Services, including to operate the Services, provide customer support and personalized features, and to protect the safety and security of the Services;
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to secure the Services, or to protect our legal rights and interests;
You give us consent to do so for a specific purpose (limited to specific Services); or
We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
9. What does Eptura’s Customer do with the Information?
How Eptura’s Customer uses your Personal Information will be subject to the Customer’s internal policies, which will indicate how it uses the information including any disclosure to third parties.
10. Can I Withhold My Personal Details?
If you do not consent to us collecting, using, and storing your Personal Information we may be unable to provide the Services to our Customer.
In limited circumstances, you may be able to use a pseudonym. Please direct any such requests to the Eptura Customer.
11. Eptura Takes Steps to Protect Your Personal Information
Eptura is committed to protecting the security of your Personal Information and we take all reasonable precautions to protect it from unauthorized access, modification or disclosure. We maintain a comprehensive, written information security program that contains industry standard, administrative, technical, and physical safeguards designed to prevent unauthorized access to our Customer’s Data. We also use appropriate industry-standard security technology as agreed with our Customer to ensure that your information is protected. When we no longer need your Personal Information, we will take all reasonable steps required to de-identify or destroy it.
12. Eptura only Discloses Personal Information in Limited Circumstances
Your Personal Information may be shared with our authorized Affiliates and sub-contractors (“Personnel”) as necessary and appropriate to facilitate the purpose for which your Personal Information was collected pursuant to this Notice. They are only authorized to use Personal Information as necessary to provide services to us. These services include cloud computing infrastructure.
All Eptura Personnel who have access to Personal Information are legally bound not to disclose it and may only use it for the purposes incidental to undertaking their duties to Eptura.
Eptura will not otherwise disclose your Personal Information to a third party outside of our Affiliates without your express consent. However, you should be aware that Eptura may be required to disclose your Personal Information without your consent in order to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities if such disclosure is required by law. Where possible and appropriate, to protect your rights, protect your safety or the safety of others, investigate fraud, or respond to a government request we will notify you if we are required by law to disclose your Personal Information.
If Eptura is involved in a merger, acquisition, or sale of all or a portion of its assets, our Customer will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We may also disclose your personal information to any other third party with our Customer’s prior consent.
The third parties who host our servers do not control and are not permitted to access or use your Personal Information except for the limited purpose of storing the information.
In the Services, we use essential cookies for authentication and session management. These technologies may provide us with personal data, information about devices and networks you utilize to access our Services, and other information regarding your interactions with our Services. We may combine the information we receive from cookies with personal data we have otherwise collected.
Additional information is available at http://www.aboutads.info/choices/ and http://www.youronlinechoices.com. Please note, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms. You will continue to receive ads on the websites you visit, but the ad networks from which you have opted out will no longer target ads to you based upon your activities on other sites.
Do Not Track. Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish for your online activities to be tracked. Currently, our systems do not recognize browser DNT requests. In the meantime, you can use the “help” portion of the toolbar on most browsers to learn how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether as explained above.
14. Eptura has a Privacy Complaints Process
Eptura commits to resolve complaints about our collection or use of your Personal Information. For questions regarding this Notice, please contact us by emailing [email protected] or by mailing Eptura at the following address: Eptura, Attention Privacy, 950 E Paces Ferry Rd, NE, Suite 800, Atlanta, GA 30360.
15. Our Privacy Officer will endeavor to:
- provide an initial response to your query or complaint within 15 Business Days, and
- investigate and attempt to resolve your query or complaint within 45 Business Days or such longer period as is necessary and notified to you by our Privacy Officer.
Changes to This Policy
From time to time, we may update this Notice to reflect the changes to our information practices. We encourage you to periodically review this page for the latest information on our privacy practices.