Privacy and Security Advisory Publishing Policy

Privacy and Security Advisory Publishing Policy 2018

Introduction

Epar and its subsidiaries are committed to protecting your privacy. This Privacy and Security Advisory Publishing Policy describes the information we collect from you, either online or offline, and how that information will be used and protected. Please read this This Privacy and Security Advisory Publishing Policy carefully. Should you have any questions, please refer to the end of this Statement for information on how to contact us.

Scope of policy

This Privacy and Security Advisory Publishing Policy applies to the information that we obtain through your use of epar services via a “Device” or when you otherwise interact with epar. Epar services include our websites, downloadable products, or SaaS products.

Third party products

These are third party products or services that you may choose to integrate with epar product or services, such as third-party Add-Ons available in the epar marketplace. You should always review the policies of third party products and services to make sure you are comfortable with the ways in which they collect and use your information.

The information we collect

Personal information

You may visit our web site and not provide us with any information that can identify you. But if you decide to contact us to, for example, purchase a product from us, request information about our services, download certain software or service applications, inquire about products you may already own, request samples of certain products or provide a product review or other feedback, we may collect information such as your name, e-mail or postal address, phone number and credit card information (“Personal Information”).

How we use your personal information

The personal information we collect allows us to keep you posted on epar’s latest product announcements, software updates, and upcoming events. If you don’t want to be on our mailing list, you can opt out anytime by updating your preferences.

We also use personal information to help us create, develop, operate, deliver, and improve our products, services, content and advertising, and for loss prevention and anti-fraud purposes.

From time to time, we may use your personal information to send important notices, such as communications about purchases and changes to our terms, conditions, and policies. Because this information is important to your interaction with epar, you may not opt out of receiving these communications.

We may also use personal information for internal purposes such as auditing, data analysis, and research to improve epar products, services, and customer communications.

Financial information

We may use financial information or payment method to process payment for any purchases or sales made on our web site, to protect against or identify possible fraudulent transactions, and otherwise as needed to manage our business.

Information from or about friends and family

If you provide us with information about others, or if others give us your information, we may store that data, but it will only be used for the specific reason it was provided. Examples include providing a friend’s shipping address, e-mailing a newsletter or a product description to a friend or colleague.

With whom we share your information

Our customers are a critical component of our business and we are not in the business of selling or renting your personal information to third-parties. We are part of the e-par group of companies and may share your information with our parent company, subsidiaries, and affiliates. We also may share your information with other companies and individuals acting on our behalf to fulfill and/or ship an order, an award or rebate; to communicate with you; collect or process payments; provide data processing or data storage processes on our behalf; or to provide a product or service you have requested.

We also may share aggregated information we collect with third-parties, including service providers and marketing partners, for the purpose of conducting general business analysis. For example, we may tell our marketing team the number of visitors to our web site and the most popular features or services accessed. This information does not contain any personal information and may be used to develop web site content and services that we hope you will find of interest.

Finally, we also may share your personal information:

  • In response to a subpoena or similar investigative demand, a court order, or a request for cooperation from law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.
  • When we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our web site Terms and Conditions or other agreements or policies.
  • In connection with a substantial corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

Our commitment to children’s privacy

Protecting the privacy of the very young is especially important. For that reason, we never collect or maintain information from those we actually know are under 13, nor does epar target its web site to children under 13.

Your choices about collection and use of your information

If you no longer wish to receive communications from us you can do so by emailing admin@epar.com.au. If you wish to update your e-mail address in our records you can do so by emailing our admin@epar.com.au.

You can choose not to provide us with certain information, but that may result in you being unable to use certain features of our web site because such information may be required in order for you to register; purchase products or services; or initiate other transactions on our web site.

Cookies and other technologies

epar websites, online services, interactive applications, email messages, and advertisements may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help us better understand user behaviour, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches.

We treat information collected by cookies and other technologies as non-personal information. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal information by local law, we also treat these identifiers as personal information. Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as personal information for the purposes of this Privacy Policy.

epar also uses cookies and other technologies to remember personal information when you use our website, online services, and applications. Our goal in these cases is to make your experience with epar more convenient and personal. If you want to disable cookies you can block cookies on your own device. Please note that certain features of the epar website may not be available once cookies are disabled.

As is true of most internet services, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.

We use this information to understand and analyse trends, to administer the site, to learn about user behaviour on the site, to improve our product and services, and to gather demographic information about our user base as a whole. epar may use this information in our marketing and advertising services.

Third-party web sites

Links

There are a number of places on our web site where you may click on a link to access other web sites that do not operate under this Privacy Statement. For example, if you click on a link for legislative information or an environmental widget on our web site, you may be taken to a web site that we do not control. These third-party web sites may independently solicit and collect information, including personal information, from you. We recommend that you consult the privacy statements of all third-party web sites you visit by clicking on the “privacy” link typically located at the bottom of the web page you are visiting.

Job applicants

If you submit an application or resume online when applying for a position with our company, we may use third-party service providers to assist with the process of collection, maintenance and analysis of candidate submissions. We may retain your application for a period of time, but only for the purpose of considering your application for current or future available positions. Your applicant information may be shared with e-par affiliates and/or other Canon companies for the purpose of evaluating your qualifications for the particular position or other available positions.

User generated content

We provide areas on our web sites where you can, for example, download content (e.g. sustainability reporting, compliance and environmental and safety risk management documents). Such postings, are hosted on secure server networks. This information is password protected and is not in the public domain. The data may be used from time to time for sustainability benchmarking and reporting but your details will not be disclosed.

Our web sites may also include features that involve a shared platform with third-party services while you are on our web sites. For example, you can follow epar on a social networking service. If we offer or accommodate this kind of shared-platform or similar service, the information collected from you while you use our web site may be transmitted to the third-party that operates the service. Additionally, once that information is shared with the third-party, its use of information about you will be subject to that third-party’s privacy policy.

Finally, your activity on any social networking service pages that, for example, refer to epar, include the epar logo, or involve epar promotion, is guided by the general terms of the service operator or any specific terms for that promotion. You therefore should consult that third-party’s privacy policy to understand how your information may be used and shared by the third-party.

Information security

When you submit information to epar through our web sites, you should be aware that your information is transmitted across multiple computer systems on the Internet. Although we take reasonable security measures to protect your information, data security technologies constantly are evolving. Because no method of transmitting or storing electronic data on the Internet is ever completely secure, we cannot guarantee that such information will never be accessed, used, or released in a manner that is inconsistent with this Statement.

Right to change internet privacy statement

We reserve the right to change this Privacy Statement at any time. If we make any material changes to this Statement, we will notify you by posting the changes on our web site. Changes will be effective immediately upon posting on the web site. Your continued use of our web site following the postings of changes to these terms means you accept these changes.

Your California privacy rights

California Civil Code Section 1798.83 gives California residents the right to request, from a business with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third-parties for direct marketing purposes by such third-party, and the identities of the third-parties with whom the business has shared such information during the immediately preceding year. To request a copy of the information disclosure provided by epar pursuant to California Civil Code Section 1798.83, please contact us at admin@epar.com.au.

Security advisory publishing

We operate under the Australian Privacy Principles (APPs) and recognise our obligations to report eligible data breaches. The notifiable data breaches (NDB) scheme requires epar to notify particular individuals and the OAIC about ‘eligible data breaches’.

Our security and performance measures

We know that privacy is important to you. That’s why epar is committed to ensuring that our customers receive a high level of privacy protections of their personal data. Implemented with industry leader, AWS, epar software products are designed for optimal performance with redundancy and failover options around the world. With AWS, epar has the ability to quickly respond to increases in customer data and user load. This allows us to provide consistent and predictable performance, and scale in line with your business. epar software customers never have to worry about software or hardware updates. epar does the work for you and ensures that your software products are always up-to-date.

What we recognise as a ‘data breach’

The first step in deciding whether an eligible data breach has occurred involves considering whether there has been a data breach; that is, unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information.

Unauthorised access of personal information occurs when personal information that we hold is accessed by someone who is not permitted to have access. This includes unauthorised access by an employee of epar, or an independent contractor, as well as unauthorised access by an external third party (such as by hacking).

Unauthorised disclosure occurs when epar makes personal information accessible or visible to others outside of epar and releases that information from our effective control in a way that is not permitted by the Privacy Act. This includes an unauthorised disclosure by an epar employee.

Loss refers to the accidental or inadvertent loss of personal information held by epar, in circumstances where is it is likely to result in unauthorised access or disclosure. An example is where an employee of epar leaves personal information (including hard copy documents, unsecured computer equipment, or portable storage devices containing personal information) on public transport.

An eligible data breach

Under this Policy, an eligible data breach arises when the following three criteria are satisfied:

  1. there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that epar holds; and
  2. this is likely to result in serious harm to one or more individuals, and
  3. epar has not been able to prevent the likely risk of serious harm with remedial action.

Epar recognises that potential forms of serious harm could include physical, psychological, emotional, economic and financial harm as well as harm to reputation.

Our assessment following a breach

Epar will take all reasonable steps to ensure an assessment is completed within 30 days after the day epar became aware of the grounds that caused us to suspect an eligible data breach. Our response protocol detailed in our Data Breach Response Plan will be actioned following any breach and alleged breach.

If an eligible data breach is confirmed, as soon as practicable we will provide a statement to each of the individuals whose data was breached or who are at risk, including details of the breach and recommendations of the steps individuals should take. A copy of the statement will also be provided to the Office of the Australian Information Commissioner (OAIC).

At a minimum, our statement will contain:

Epar contact details;

  • The identity and contact details of any entity that jointly or simultaneously holds the same information in respect of which the eligible data breach has occurred;
  • a description of the data breach;
  • the kinds of information concerned; and
  • the steps epar recommends individuals take to mitigate the harm that may arise from the breach. While epar will make reasonable efforts to identify and include recommendations, we are not expected to identify every possible recommendation that could be made following a breach;
  • provide a copy of this statement to the OAIC; and
  • take such steps as are reasonable in the circumstances to notify affected or at-risk individuals of the contents of the statement.

Our notification will be via telephone, followed up by email and we will publish notification on our websites eparconnect.com and epar.com.au.

Exceptions to the notification obligation

Remedial action

There are a number of exceptions to the notification obligation, including importantly where epar is able to take effective remedial action to prevent unauthorised access to, or disclosure of, information when it is lost or to prevent any serious harm resulting from the data breach. Where such remedial action is taken by epar, an eligible data breach will not be taken to have occurred, and therefore we will not be required to notify affected individuals or the OAIC.

Suspicion of an eligible data breach

If epar merely suspects that an eligible data breach has occurred but there are no reasonable grounds to conclude that the relevant circumstances amount to an eligible data breach, epar will undertake a “reasonable and expeditious assessment” of whether there are in fact reasonable grounds to believe that an eligible data breach has occurred.

 

Epar may update this Policy from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated Privacy Policy.

 

COPYRIGHT © · All rights reserved · epar Group