Epar and its subsidiaries are committed to protecting your privacy. This Privacy and Security Advisory Publishing Policy describes the information we collect from you, either online or offline, and how that information will be used and protected. Please read this This Privacy and Security Advisory Publishing Policy carefully. Should you have any questions, please refer to the end of this Statement for information on how to contact us.
This Privacy and Security Advisory Publishing Policy applies to the information that we obtain through your use of epar services via a “Device” or when you otherwise interact with epar. Epar services include our websites, downloadable products, or SaaS products.
These are third party products or services that you may choose to integrate with epar product or services, such as third-party Add-Ons available in the epar marketplace. You should always review the policies of third party products and services to make sure you are comfortable with the ways in which they collect and use your information.
You may visit our web site and not provide us with any information that can identify you. But if you decide to contact us to, for example, purchase a product from us, request information about our services, download certain software or service applications, inquire about products you may already own, request samples of certain products or provide a product review or other feedback, we may collect information such as your name, e-mail or postal address, phone number and credit card information (“Personal Information”).
The personal information we collect allows us to keep you posted on epar’s latest product announcements, software updates, and upcoming events. If you don’t want to be on our mailing list, you can opt out anytime by updating your preferences.
We also use personal information to help us create, develop, operate, deliver, and improve our products, services, content and advertising, and for loss prevention and anti-fraud purposes.
From time to time, we may use your personal information to send important notices, such as communications about purchases and changes to our terms, conditions, and policies. Because this information is important to your interaction with epar, you may not opt out of receiving these communications.
We may also use personal information for internal purposes such as auditing, data analysis, and research to improve epar products, services, and customer communications.
We may use financial information or payment method to process payment for any purchases or sales made on our web site, to protect against or identify possible fraudulent transactions, and otherwise as needed to manage our business.
If you provide us with information about others, or if others give us your information, we may store that data, but it will only be used for the specific reason it was provided. Examples include providing a friend’s shipping address, e-mailing a newsletter or a product description to a friend or colleague.
Our customers are a critical component of our business and we are not in the business of selling or renting your personal information to third-parties. We are part of the e-par group of companies and may share your information with our parent company, subsidiaries, and affiliates. We also may share your information with other companies and individuals acting on our behalf to fulfill and/or ship an order, an award or rebate; to communicate with you; collect or process payments; provide data processing or data storage processes on our behalf; or to provide a product or service you have requested.
We also may share aggregated information we collect with third-parties, including service providers and marketing partners, for the purpose of conducting general business analysis. For example, we may tell our marketing team the number of visitors to our web site and the most popular features or services accessed. This information does not contain any personal information and may be used to develop web site content and services that we hope you will find of interest.
Finally, we also may share your personal information:
Protecting the privacy of the very young is especially important. For that reason, we never collect or maintain information from those we actually know are under 13, nor does epar target its web site to children under 13.
If you no longer wish to receive communications from us you can do so by emailing firstname.lastname@example.org. If you wish to update your e-mail address in our records you can do so by emailing our email@example.com.
You can choose not to provide us with certain information, but that may result in you being unable to use certain features of our web site because such information may be required in order for you to register; purchase products or services; or initiate other transactions on our web site.
epar websites, online services, interactive applications, email messages, and advertisements may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help us better understand user behaviour, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches.
As is true of most internet services, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.
We use this information to understand and analyse trends, to administer the site, to learn about user behaviour on the site, to improve our product and services, and to gather demographic information about our user base as a whole. epar may use this information in our marketing and advertising services.
There are a number of places on our web site where you may click on a link to access other web sites that do not operate under this Privacy Statement. For example, if you click on a link for legislative information or an environmental widget on our web site, you may be taken to a web site that we do not control. These third-party web sites may independently solicit and collect information, including personal information, from you. We recommend that you consult the privacy statements of all third-party web sites you visit by clicking on the “privacy” link typically located at the bottom of the web page you are visiting.
If you submit an application or resume online when applying for a position with our company, we may use third-party service providers to assist with the process of collection, maintenance and analysis of candidate submissions. We may retain your application for a period of time, but only for the purpose of considering your application for current or future available positions. Your applicant information may be shared with e-par affiliates and/or other Canon companies for the purpose of evaluating your qualifications for the particular position or other available positions.
We provide areas on our web sites where you can, for example, download content (e.g. sustainability reporting, compliance and environmental and safety risk management documents). Such postings, are hosted on secure server networks. This information is password protected and is not in the public domain. The data may be used from time to time for sustainability benchmarking and reporting but your details will not be disclosed.
When you submit information to epar through our web sites, you should be aware that your information is transmitted across multiple computer systems on the Internet. Although we take reasonable security measures to protect your information, data security technologies constantly are evolving. Because no method of transmitting or storing electronic data on the Internet is ever completely secure, we cannot guarantee that such information will never be accessed, used, or released in a manner that is inconsistent with this Statement.
We reserve the right to change this Privacy Statement at any time. If we make any material changes to this Statement, we will notify you by posting the changes on our web site. Changes will be effective immediately upon posting on the web site. Your continued use of our web site following the postings of changes to these terms means you accept these changes.
California Civil Code Section 1798.83 gives California residents the right to request, from a business with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third-parties for direct marketing purposes by such third-party, and the identities of the third-parties with whom the business has shared such information during the immediately preceding year. To request a copy of the information disclosure provided by epar pursuant to California Civil Code Section 1798.83, please contact us at firstname.lastname@example.org.
We operate under the Australian Privacy Principles (APPs) and recognise our obligations to report eligible data breaches. The notifiable data breaches (NDB) scheme requires epar to notify particular individuals and the OAIC about ‘eligible data breaches’.
We know that privacy is important to you. That’s why epar is committed to ensuring that our customers receive a high level of privacy protections of their personal data. Implemented with industry leader, AWS, epar software products are designed for optimal performance with redundancy and failover options around the world. With AWS, epar has the ability to quickly respond to increases in customer data and user load. This allows us to provide consistent and predictable performance, and scale in line with your business. epar software customers never have to worry about software or hardware updates. epar does the work for you and ensures that your software products are always up-to-date.
The first step in deciding whether an eligible data breach has occurred involves considering whether there has been a data breach; that is, unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information.
Unauthorised access of personal information occurs when personal information that we hold is accessed by someone who is not permitted to have access. This includes unauthorised access by an employee of epar, or an independent contractor, as well as unauthorised access by an external third party (such as by hacking).
Unauthorised disclosure occurs when epar makes personal information accessible or visible to others outside of epar and releases that information from our effective control in a way that is not permitted by the Privacy Act. This includes an unauthorised disclosure by an epar employee.
Loss refers to the accidental or inadvertent loss of personal information held by epar, in circumstances where is it is likely to result in unauthorised access or disclosure. An example is where an employee of epar leaves personal information (including hard copy documents, unsecured computer equipment, or portable storage devices containing personal information) on public transport.
Under this Policy, an eligible data breach arises when the following three criteria are satisfied:
Epar recognises that potential forms of serious harm could include physical, psychological, emotional, economic and financial harm as well as harm to reputation.
Epar will take all reasonable steps to ensure an assessment is completed within 30 days after the day epar became aware of the grounds that caused us to suspect an eligible data breach. Our response protocol detailed in our Data Breach Response Plan will be actioned following any breach and alleged breach.
If an eligible data breach is confirmed, as soon as practicable we will provide a statement to each of the individuals whose data was breached or who are at risk, including details of the breach and recommendations of the steps individuals should take. A copy of the statement will also be provided to the Office of the Australian Information Commissioner (OAIC).
At a minimum, our statement will contain:
Epar contact details;
There are a number of exceptions to the notification obligation, including importantly where epar is able to take effective remedial action to prevent unauthorised access to, or disclosure of, information when it is lost or to prevent any serious harm resulting from the data breach. Where such remedial action is taken by epar, an eligible data breach will not be taken to have occurred, and therefore we will not be required to notify affected individuals or the OAIC.
If epar merely suspects that an eligible data breach has occurred but there are no reasonable grounds to conclude that the relevant circumstances amount to an eligible data breach, epar will undertake a “reasonable and expeditious assessment” of whether there are in fact reasonable grounds to believe that an eligible data breach has occurred.