Privacy Policy

Introduction

Welcome to Epicoo’s Security and Privacy Policy. We value the security and privacy of our users’ personal data. This policy has been created to inform you about how we collect, use, store, and protect your personal information, as well as to explain your rights regarding this data. Our commitment is to ensure that your interactions with our Digital Experience Platform (DXP) are secure and transparent. We are dedicated to strictly complying with the European Union’s General Data Protection Regulation (GDPR), ensuring that all personal data processing practices are conducted responsibly and ethically. By using our services, you agree to the terms described in this policy. We recommend that you read it carefully to understand how we manage your information and how you can exercise your privacy rights.

Our Commitment to Data Protection

We are committed to ensuring the confidentiality, integrity, and availability of your information through comprehensive and effective security measures that protect your data against unauthorized access, disclosures, alterations, and destruction. We adopt a proactive approach to information security, which includes continuous evaluation of our systems and processes to identify and mitigate potential risks. Our employees are regularly trained on security and privacy practices, ensuring that everyone is aware of their responsibilities in protecting user data. Moreover, Epicoo is committed to maintaining transparency regarding our data protection practices, providing clear and accessible information about how your data is handled. We continuously work to improve our security protocols and adhere to industry standards and regulations to provide you with the peace of mind that your information is secure with us.

Data Collection and Use

This section details the types of data we collect and how these data are used to enhance your experience with our services.

What Personal Data We Collect

We collect different types of personal data to provide and improve our services, including but not limited to:

• Personal Identification Information: Name, email address, phone number, and other contact information.
• Interaction Data: Information about how you use our platform, including interactions with content and features.
• Technical Data: IP address, browser type, operating system, and information about the device used to access our services.
• User Preferences: Account settings, marketing preferences, and feedback.

How We Use Your Data

The collected data is used for the following purposes:

• Service Delivery: To operate and maintain the functionality of our Digital Experience Platform (DXP).
• Personalization: To tailor content and offers to your individual preferences, providing a more relevant and engaging experience.
• Communication: To send updates, newsletters, and other relevant information about our services and products.
• Security and Monitoring: To protect our systems, detect fraudulent activities, and ensure the security of your information.
• Service Improvement: To analyze and enhance the efficiency and effectiveness of our platform, based on user usage and feedback.

Legal Basis for Processing

Epicoo processes your personal data in compliance with the General Data Protection Regulation (GDPR), ensuring that all processing activities are based on clear and justifiable legal grounds. The main legal bases we use include:

• Consent: We process your personal data when you give us explicit consent, such as for sending marketing communications or personalizing your interactions with our platform. You have the right to withdraw your consent at any time, as described in our privacy policy.
• Contract Execution: When necessary for the execution of a contract to which you are a party, we process your data to provide and manage our services, as detailed in our terms of service. This includes creating and maintaining user accounts and delivering platform functionalities.
• Legal Obligation: In certain circumstances, we are required to process personal data to comply with legal obligations, such as maintaining financial records or responding to requests from regulatory authorities, aligning with practices described in the security and privacy documents of industry companies.
• Legitimate Interests: We process personal data based on our legitimate interests, which include improving our services, securing our platform, and communicating with our users. We ensure that these interests do not override your fundamental rights and freedoms, following standard industry security practices, such as using two-factor authentication and data encryption.

Data Retention

We adopt strict data retention practices to ensure that your personal information is retained only for as long as necessary to fulfill the purposes for which it was collected:

• Retention Periods: We retain your personal data for as long as necessary to meet the purposes described in our privacy policy, including providing our services, fulfilling legal obligations, resolving disputes, and enforcing our agreements.
• Retention Criteria: Specific retention periods are determined based on the nature of the data, the purpose of processing, and applicable legal requirements. Contact and transaction information may be retained as necessary for financial audits and regulatory compliance, following the security and audit practices described in the attached documents.
• Data Security and Disposal: We implement technical and organizational security measures to protect your data during storage and ensure secure disposal at the end of the retention period. This includes the use of encryption and secure deletion procedures, aligning with security standards such as the use of TLS1.2 for communications.
• User Rights: You have the right to request the deletion of your personal data before the end of the retention period, subject to certain legal conditions. We will respond to such requests in accordance with the provisions of the GDPR, ensuring that your rights are respected.

Your Rights

We are committed to ensuring that you have control over your personal data and to respecting all the rights granted to you under the General Data Protection Regulation (GDPR). Your rights include:

• Right of Access: You have the right to request access to the personal data we hold about you. This allows you to receive a copy of the information we have and check that we are processing it lawfully.
• Right to Rectification: If you identify any personal data we hold as incorrect or incomplete, you have the right to request the correction or update of that information.
• Right to Erasure: Also known as the “right to be forgotten,” you can request the deletion of your personal data when it is no longer needed for the purposes for which it was collected, or when you withdraw your consent (where applicable).
• Right to Restriction of Processing: You can request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
• Right to Data Portability: You have the right to request the transfer of your personal data to another organization or directly to you, in a structured, commonly used, and machine-readable format.
• Right to Object: You can object to the processing of your personal data when based on Epicoo’s legitimate interests or when used for direct marketing purposes.
• Right to Withdraw Consent: When the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time, without affecting the legality of processing carried out before the withdrawal.

To exercise any of these rights, please contact our Data Protection Officer (DPO) via email at dpo@epicoo.com. We will respond to all legitimate requests in compliance with applicable legal requirements, ensuring that your rights are respected.

Data Security Measures

We have implemented a variety of technical and organizational measures to protect your information against loss, misuse, unauthorized access, disclosure, alteration, and destruction.

• Encryption: We use advanced encryption, such as TLS1.2 for communications, ensuring that your information is protected during transmission and storage.
• Access Control: Access to personal data is restricted to employees, contractors, and agents who need that information to operate, develop, or improve our services. All are subject to confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
• Two-Factor Authentication (2FA): We have implemented two-factor authentication to access critical systems, adding an extra layer of security to protect against unauthorized access.
• Monitoring and Auditing: We conduct continuous monitoring and regular audits of our systems and networks to identify and mitigate vulnerabilities. This includes monthly vulnerability scans and third-party audits to ensure the robustness of our security posture.
• Incident Response Plan: We have established procedures to handle suspected data breaches. In the event of a security incident, we will notify you and the relevant authorities as required by law.
• Security Training: Our employees receive regular training on security and data protection practices to ensure they are aware of their responsibilities in protecting user information.

International Data Transfers

As part of our operations, it may be necessary to transfer your personal data outside the European Economic Area (EEA). In these circumstances, we take appropriate steps to ensure that your information receives the same level of protection that it would within the EEA.

• Standard Contractual Clauses: We use standard contractual clauses approved by the European Commission to ensure that your personal data are protected when transferred to countries outside the EEA.
• Certification Mechanisms: Where applicable, we may rely on certification mechanisms, such as the Privacy Shield, for transfers to the United States, ensuring that data recipients comply with recognized data protection standards.
• Data Processing Agreements: All of our third-party data processors, who may be located outside the EEA, are required to adhere to data processing agreements that ensure the adequate protection of your personal information.
• Transfer Impact Assessment: We conduct data transfer impact assessments to identify and mitigate risks associated with international transfers, ensuring that any risks are properly managed.
• Transparency and Information: You will be informed about any international transfer of your personal data and the applicable protection measures, as required by data protection legislation.

Our commitment is to ensure that your personal information is handled securely and in accordance with this privacy policy, regardless of where it is processed.

Third-Party Processors

We work with a network of trusted third-party processors to assist in the provision of our services. These third parties are essential for operations such as data hosting, data analysis, marketing services, and customer support. We ensure that all data processors we work with comply with applicable data protection standards.

• Contractual Agreements: All of our third-party processors are bound by contracts requiring them to implement appropriate security measures to protect your personal data. These contracts also ensure that data are processed only in accordance with our instructions and for the specified purposes.
• Confidentiality and Security: We require all third-party processors to maintain data confidentiality and implement robust security measures to protect your information against unauthorized access, loss, or destruction.
• Audits and Assessments: We conduct regular audits and assessments of our third-party processors to ensure they are meeting their contractual obligations and maintaining appropriate security standards.
• International Transfers: When our third-party processors are located outside the EEA, we ensure that data transfers are protected by appropriate legal mechanisms, such as standard contractual clauses or recognized certifications.
• Processor List: You can request a list of the third-party processors we work with by contacting us. We are committed to maintaining transparency about with whom we share your data and the protection measures applied.

Cookies and Similar Technologies

Epicoo uses cookies and similar technologies to enhance your experience on our platform, personalize content and ads, provide social media features, and analyze traffic. This section explains how we use these technologies and how you can manage your preferences.

• What are Cookies? Cookies are small text files stored on your device when you visit our site. They allow us to recognize your device and store some information about your preferences or past actions.
• Types of Cookies We Use:
  • Necessary Cookies: Essential for the functioning of our site, enabling navigation and use of its features.
  • Performance Cookies: Collect information about how visitors use our site, helping us improve functionality and user experience.
  • Functionality Cookies: Allow the site to remember your choices (such as username, language, or region) to provide a more personalized experience.
  • Advertising Cookies: Used to deliver ads more relevant to you and your interests, as well as to limit the number of times you see an ad.
• Managing Cookies: You can control and manage cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our site.
• Similar Technologies: Besides cookies, we may use other tracking technologies, such as web beacons and pixels, to collect information about the use of our site and measure the effectiveness of our campaigns.
• Consent and Preferences: By using our site, you agree to the use of cookies as described in this policy. We offer tools for you to manage your cookie preferences directly on our site.

Changes to This Policy

Epicoo reserves the right to update or modify this privacy policy at any time to reflect changes in our practices or legal requirements. We will keep you informed about any significant changes through the following means:

• Direct Notifications: When we make substantial changes to this policy, we will notify you by email or through a prominent notice on our site before the changes take effect. This ensures that you are always aware of how your information is being protected and used.
• Effective Date: Each version of this privacy policy will be identified by the effective date at the top of the document, allowing you to know when the last update was made.
• Access to Previous Versions: We will keep previous versions of this policy available for consultation if you wish to review the changes made over time.
• Feedback and Questions: We encourage you to periodically review this policy to stay informed about how we are protecting your information. If you have any questions or concerns about any changes, please contact us through the provided communication channels.

By continuing to use our services after the changes take effect, you agree to be bound by the revised policy. We recommend that you regularly review this policy to stay updated on our privacy practices.

Contact Information

If you have any questions, concerns, or requests related to this privacy policy or the processing of your personal data, please do not hesitate to contact us. We are here to help and ensure that your privacy rights are respected.

• Data Protection Officer (DPO): Our Data Protection Officer is available to answer any questions related to data protection and privacy. You can contact them at the following email: dpo@epicoo.com.
• Feedback and Complaints: We value your feedback and are committed to resolving any concerns you may have. If you believe we have not satisfactorily addressed your issue, you have the right to file a complaint with the relevant data protection supervisory authority.

We are committed to protecting your privacy and ensuring that your personal information is handled with care and respect. Do not hesitate to contact us for any privacy-related questions.