How we collect and use your personal information.
EPHY collects and uses personal information for various reasons. When we do so, we will use it in accordance with applicable laws.
Below, we describe (1) in what instances we collect your information, (2) the categories of information we collect in those instances, (3) our purposes for collection, and (4) the legal bases for collection. If we need to collect other personal information from you, we will explain which information we need and why at the time we collect it.
Information provided by you.
Sometimes, we may ask you to provide personal information voluntarily: for example, we may ask you to provide your contact details to create an account with us, to subscribe to marketing communications from us, and/or to submit inquiries to us. In some cases, we combine the information you provide.
• When you request information from us. When you fill out a contact form or otherwise contact us to express interest in obtaining information about or our services, we may ask you to provide us with your contact information such as name, business email, telephone number, company name, job level, functional role, and address.
Purpose and Legal Basis Under Data Protection Law: We process your personal information in reliance on our legitimate interests or your consent(where you have opted in to email marketing) to:
– Fulfill your request and communicate with you
– Provide you with information about our products, in accordance with your marketing preferences (including telemarketing calls and marketing emails)
• If you are our customer. If you are a representative of a company that has an account with EPHY, we collect your business contact information including your name, business email, telephone number, and company name. If you contact EPHY for support related to your organization’s use of our products, services, or events, we will also collect information about the reason for your inquiry and any other information you choose to provide to us.
Purpose and Legal Basis Under Data Protection Law: We process your personal information in reliance on our legitimate interests or your consent(where you have opted in to email marketing) to:
– Communicate with you and fulfill your request for EPHY support
– Manage your organization’s account, including invoicing and other account-related issues – Provide you with information about our products, in accordance with your marketing preferences (including telemarketing calls and marketing emails)
• If you are our supplier. If you are a representative of a company that provides EPHY with products or services, we collect your business contact information including your name, business email, telephone number, and company name.
Purpose and Legal Basis Under Data Protection Law: We process your personal information in reliance on our legitimate interests to:
– Manage your organization’s account, including invoicing and other account-related issues – Communicate with you and respond to your inquiries
• If you are an end user of a EPHY-owned account. Typically, when you use a EPHY product through your employer or another EPHY customer, your account is controlled and owned by that organization. In some circumstances, you may register for an account directly with EPHY rather than through your organization—for example, if you register for an account to access EPHY. In those cases, we collect the account registration information you give us (for example, your name and email) and your profile information (for example, your company name). In some cases, you may have the option to personalize your account with additional information such as a photo, a social media profile, or other personal information. For services that require it, we also will collect authentication information, such as mobile number, email address, or other unique verification identifiers. If you sign upfor a EPHY training or learning course covered by this Privacy Statement, we will collect the account registration information, as well as enrollment and attendance information (including when your registration is paid for by a EPHY customer or partner). If applicable, we may also collect payment information directly from you.
Purpose and Legal Basis Under Data Protection Law: We process your personal information to perform or enter contracts or terms of service with you, or if we do not have a contract directly with you, in reliance on our legitimate interests to:
– Manage your user account in accordance with the applicable terms of service
– Ensure that you can log in to use ourservices and access information you need securely and efficiently
– Deliver requested resources or services to you
• If you register for events and webinars. When you register for an event or webinar, we may ask you to provide us with your contact information such as your name, business email, telephone number, and company name; your health and safety information such as your emergency contact and your dietary preferences; and your billing information such as your billing name, billing address, and credit card number.If you use a EPHY event-related mobile application, we may also collect additional information from your device, such as your photos, contacts, or geolocation data, in accordance with your device’s privacy settings.
Purpose and Legal Basis Under Data Protection Law: We process your personal information with your consent (where you have opted in to email marketing), to perform or enter contracts or terms of service with you, or if we do not have a contract directly with you, in reliance on our legitimate interests to:
– Manage, plan, and host the event,including to send related communications
– Improve our future events and our mobile application
– Improve or enhance your (or your organization’s) experience interacting with EPHY
– Provide you with information about ourproducts, in accordance with your marketing preferences (including telemarketing calls and marketing emails)
• If you participate in research with us or otherwise provide us with feedback. When you participate in or register for a EPHY study, survey, panel, or panel pool, or voluntarily submit certain information to us such as providing EPHY with feedback about our products and services, we may ask for certain biographical or demographic information, such as your name, email address, contact information, time zone, location, company, employment status, tenure, role, job information, gender, age group, and other information relevant to the study. For certain studies, we may also take photos, videos, or audio recordings (with your permission and in accordance with applicable laws).
Purpose and Legal Basis Under Data Protection Law: Where you have entered into a contract with us, we will process your personal information for the performance of such contract. If we do not have a contract directly with you, or otherwise obtain your consent, we rely on our legitimate interests to:
– Fulfill the purpose set out in the study or survey
– Improve your (or your organization’s) experience interacting with EPHY
– Identify the EPHY research studies best suited to you based on your attributes and invite you to participate via email
– Identify potential product improvements or future product developments for the workforce
– Contextualize your feedback and experience with our products and services sothat we can improve them
– Improve how we conduct research
• If you participate in a sales callor online meeting with EPHY. We may record sales phone calls and online meetings (including audio and video content where applicable) for training, quality assurance, and administration purposes. This includes analyzing the content of such calls and online meetings using AI-powered tools to gain better insights into our interactions with our customers and prospects.We will always notify you before a call will be recorded and will obtain your consent where required under applicable law.
Purpose and Legal Basis Under Data Protection Law: We process your personal information with your consent where required under applicable law orin reliance on our legitimate interests to:
– Maintain high-quality sales calls and engagements with prospects and customers
– Provide training and coaching to our sales teams
– Generate automated call transcripts
– Keep our records up to date (for example, in relation to follow-up meetings, sales opportunities, and updating customer contact details)
– Improve our sales processes and makeour sales calls more impactful
Information collected automatically.
We also collect certain information related to your use of our websites. In some jurisdictions in the United States and countries in the EEA, the UK, and Switzerland, this information may be considered personal data under applicable data protection laws. We may combine this information with personal information provided by you. In particular, we collect the following personal information from you automatically:
• When you access our websites or content. When you visit our websites, we collect information about your device and your usage. The information collected may include your IP address, device type, unique device identification numbers, browser type, broad geographic location (for example, country or city-level location based on your public IP address), performance, and other usage and technical information. We also collect information about how you interact with our websites (for example, referring web page, pages visited, features used), emails, content, or other features (for example, when you open a marketing email or click on an embedded link, or if you watch videos on our site, or interact with/message using our chat function). Some of this information may be collected using cookies and similar tracking technology, as further explained in our Cookie Notice. We do not collect “sensitive personal information” as the term is defined by California law beyond what is necessary to provide your requested services. Accordingly, we do not provide a mechanism for you to request that we limit our use of sensitive personal information.
Purpose and Legal Basis Under Data Protection Law: We process your personal information in reliance on our legitimate interests to:
– Better understand the visitors who come to our websites, where they come from, and what content on our website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our websites to our visitors.
– Provide, operate, and maintain our websites, including providing access to content you have requested and displaying country-specific information.
– Protect the security and prevent misuse of our websites and services by tracking use of our websites and services, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies.
• If you are an end user of a EPHY product through a EPHY customer. When you use our products and services through your employer or another EPHY customer (for example, when using a EPHY enterprise), we log certain systems usage information automatically. This information may include system-generated identifiers such as IP address, operating system type and version, whether service tasks and notifications complete, date and timestamps, and details about which of our products you are using. We do not identify you from this systems usage information unless your organization first provides us with instructions to do so, and provides us with certain information about your end-user account. This may happen in the context of a customer support request (e.g., when you or your organization ask us to help you resolve an issue you are having with our products and services).
Purpose and Legal Basis Under Data Protection Law: To the extent oursystems usage information is treated as “personal information” under applicable data protection laws, we process this personal information in reliance on our legitimate interests to:
– Provide and maintain the functionality of services and products you and/or your organization request
– Assess and analyze your (and your organization’s) experience interacting with EPHY’s services
– Undertake research and development in light of this assessment in order to improve performance of the services
– Protect the security and prevent misuse of our services by investigating suspicious activity and enforcing our terms and policies
Information obtained from other sources.
We also collect information about you from other sources including third parties, individuals at your organization, or publicly available sources. We may combine this information with personal information provided by you. Specifically, we collect personal information from the following other sources:
• From third-party providers of business contact information. EPHY may collect business contact information about you from other sources including the co-sponsors of events attended by EPHY, third parties from whom we have purchased business contact information, and from publicly accessible websites, such as your company’s website, professional network services, or press releases. Business contact information may include: first name, last name, business email, telephone number, company name, job level, functional role, business street address, and online identifier, as well as previous employers and roles.
Purpose and Legal Basis Under Data Protection Law: We process your personal information in reliance on our legitimate interests or with your consent (where you have opted in to email marketing) to:
– Provide you with information about our products, in accordance with your marketing preferences (including telemarketing calls and marketing emails)
– Understand our market and identify potential customer opportunities
• From your organization. We also may receive information about you from your organization for the purposes of obtaining or providing services or to recommend individuals to participate in our research studies. For example, another individual at your organization may provide us with your business contact information so that we can give you access to training materials purchased by your organization, or to grant you certain administrative privileges. If your organization is a HR Copilot supplier, your organization may also provide us with your name and email address so that we can contact you about the services your organization supplies to us.
Purpose and Legal Basis Under Data Protection Law: We process your personal information in reliance on our legitimate interests to:
– Communicate with you about the goods and services provided
– Manage your (or your company’s) account and provide the requested services toyou or your company
Disclosing your personal information.
EPHY may share or make accessible your personal information to third parties as follows:
• EPHY Affiliates. EPHY may disclose any of the categories of personal information described above to affiliates within the EPHY group where necessary to fulfill a request you have submitted or for customer support, marketing, technical operations, event registration, and accountmanagement purposes.
• Service providers. EPHY may disclose both personal information and the categories of personal information described above to third-party service providers or vendors contracted to provide services on our behalf (for example, IT and hosting, data analytics, event services, customer support, call recording, data enrichment, email fulfillment, and payment services). These third-party service providers may use personal information we provide to them only as instructed by EPHY
• EPHY partners. When you participate in webinars, events, and other activities where EPHY collaborates with third parties, we may disclose the information described under “if you register for events and webinars” above, such as your contact information and interests in these offerings or services to these approved third parties to communicate with you.
• Your organization. Where your organization is a customer or potential customer of EPHY, we may disclose your personal information to relevant people within your organization. For example, we may share a list of individuals attending a EPHY event, or disclose inquiries from end users that should be addressed directly by the organization rather than EPHY.
• Advertising. When you visit our website, we may enable third parties to use cookies and other trackers to show you ads on third-party websites that are more relevant to you. Under some data protection laws, our disclosure of this information with third parties through cookies and other trackers for targeted advertising may be considered a “sale” or “share” of personal information. Please see our Cookie Notice for more information about the typesof cookies we use or click “Cookie Preferences” (link located in the footer of our Website) to set your preferences and opt-out of the sale or sharing (for targeted advertising) of your data. EPHY does not have actual knowledge that it “sells” or “shares” the personal information of individuals under 16years of age.
• Additional disclosures: EPHY may disclose data if we have a good-faith belief that such action is necessary to (a) conform to legal requirements or comply with legal processes; (b) protect and defend our rights or property; (c) enforce our website Terms and Conditions; and/or (d) act to protect the interests of our customers, users, or others. If EPHY goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of our assets, your personal information may be among the assets transferred, provided that we inform the actual or potential buyer (or its agents and advisors) that it must use your personal information only for the purposes disclosed in this Privacy Statement. EPHY may also ask for your consent to disclose your information to other unaffiliated third parties that are not described elsewhere in this statement.
Protecting your personal information.
We use technical and organizational measures that provide a level of security appropriate to the nature of the personal information and the risks that are presented by processing your personal information. However, the security of information transmitted through the internet can never be guaranteed. You are responsible for maintaining the security of your password or other forms of authentication involved in accessing password-protected or secured resources.
Transferring your personal information internationally.
EPHY operates as a global business and complies with applicable legal requirements when we need to transfer, store, or process your personal information in a country outside your jurisdiction.
We take appropriate safeguards to protect your privacy, your fundamental rights and freedoms, and the ability to exercise your rights. For example, if we transfer personal information from the EEA, the UK, or Switzerland to another country such as the United States, we will implement an appropriate datatransfer solution such as entering into “standard contractual clauses” approved by the European Commission or competent governmental authority (as applicable)with the data importer. Following the adequacy decision by the EuropeanCommission, EPHY currently relies on the EU-U.S. Data Privacy Framework as a legal basis for transfers of personal information from the EU to the United States.
Retaining your personal information.
We retain your personal information for as long as we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).
The criteria used to determine appropriate retention periods for personal information include:
• The length of time we have an ongoing business relationship with you
• The amount, nature, and sensitivity ofthe personal information we process
• Whether we have a legal obligation to retain personal information or whether retaining personal information is necessary to resolve disputes, including the establishment, exercise, or defense of legal claims
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible(for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Your privacy rights.
Depending on where you are located and how you interact with EPHY, you may have certain legal rights over the personal information we hold about you, subject to local privacy laws. These may include the right, depending on your jurisdiction, to:
• Obtain access to your personal information that is being processed byus.
• Correct inaccurate personal information.
• Request the deletion of your personal information.
• Opt out of the sale or sharing of personal information for targeted advertising. Although this is a right in certain jurisdictions, EPHY does not sell your personal information.
• Object to the processing of your personal information carried out on the basis of our legitimate interests in the EEA, UK, and Switzerland, and askus to restrict the processing of your personal information.
• Request the portability of your personal information in a structured,commonly used, and machine-readable format.
• Withdraw your consent at any time, if we have collected and processed your personal information with your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
• Opt out of marketing communications sent by EPHY.
Lodging a complaint.
You may lodge a complaint with a data protection authority such as the supervisory authority of your usual place of residence
Exercising your Privacy Rights. EPHY will not discriminate against you for exercising your rights. EPHY does not make decisions based solely on automated processing that produces legal or similarly significant effects as part of the processing activities covered by this Privacy Statement. If your personal information has been submitted to us by or on behalf of a EPHY customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly. To exercise your rights with respect to information covered by this Privacy Statement, please contact us using the contact details at the bottom of this Privacy Statement. EPHY will take steps to verify your identity, including validating your name and the email you use when interacting with EPHY. You may also authorize another person or third party to submit a request to exercise your rights by providing written permission in conjunction with the submission of the requested information or by giving the third party your power of attorney. We will acknowledge your request and provide a follow-up substantive response within a time period permitted by applicable law. In the event that EPHY needs an extension to fulfill a request, we will notify you. If we deny your request, we will provide reasons for that denial. Contact us
HR Copilotis the controller for your personal information.
EPHY
Seattle
support@ephy.io