Privacy Policy

Eptura, Inc. (collectively, “we,” “us,” “our,” or “Company”) also refers any of our corporate affiliates or subsidiaries, respect the privacy of our customers and individuals who use our services. This SaaS Privacy Notice (“Notice”) is made available to you to describe how we collect, use, and share personal data we process on behalf of our Customers when you use our hosted software applications (“Services”). It also describes your choices regarding the use, access and correction of your Personal Information that we process in the course of fulfilling our obligations as a service provider according to the Eptura Services Agreement (“Services Agreement”) executed between Eptura and our customer (“Customer”). Customer may be your employer, or if you are an independent contractor, they may be the entity that has engaged you to provide your services to them. This Notice does not cover any information or data collected by Eptura for other purposes, such as information collected for marketing purposes. Please see the Website Privacy Policy for more information. 2. About Eptura and the Personal Information We Collect Eptura is a global worktech company that provides software solutions for people, workplaces and assets to enable everyone to reach their full potential. While using our Services, Customers and their authorized users input or transfer electronic data into the Eptura systems (“Customer Data”). Customer Data may include an individual’s name, email address, unique identifier(s), phone number(s), company position, business unit, cost center and location within Customer’s workplace (“Personal Information”). 3. Retention of Personal Information Eptura will retain Personal Information we process on behalf of our Customers for as long as necessary to provide Services to our Customer and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. 4. Transfers of Personal Information Eptura is responsible for the processing of Personal Information it receives from Customers and any onward transfers to third parties acting on our behalf in compliance with applicable law, including but not limited to, the Australian Privacy Act 1988; California Consumer Privacy Act of 2018 (“CCPA”); the EU General Data Protection Regulation 2016/679 (“GDPR”) and its respective national implementing legislations; the Swiss Federal Act on Data Protection; the United Kingdom General Data Protection Regulation (“UK GDPR”); and the United Kingdom Data Protection Act 2018 (in each case, as amended, adopted, or superseded from time to time). Eptura Services and sites are primarily provided and hosted from the United States; however, we may transfer, and process, your personal data outside of the country in which you are resident to a country that may not have equivalent privacy and data protection laws (and, in some cases, may not be as protective). Any such transfers will be performed consistent with the Service Agreement between Eptura and our Customers. When transferring data across borders, we will make sure that an appropriate transfer agreement is in place to protect Personal Information Certain recipients (our service providers and other companies) who process Personal Information on our behalf may also transfer personal data outside the country in which you are resident. Where such transfers occur, we will make sure that an appropriate transfer agreement is put in place to protect Personal Information. If you are a resident of the EEA, the UK or Switzerland, we will protect Personal Information when it is transferred outside of the EEA, the UK or Switzerland by processing it in a territory which the European Commission has determined provides an adequate level of protection for personal data or we will rely on the Standard Contractual Clauses approved by the European Commission. 5. How We Collect Personal Information 5.1 From Customers Eptura processes Customer Data under the direction of Customers and has no direct control or ownership of the Personal Information it receives or processes. If you are an authorized user of one of our Customers and would no longer like to be contacted by one of our Customers that use our Service, please contact the Customer that you interact with directly. Customers are responsible for complying with regulations or laws that require providing notice, disclosure and/or obtaining consent prior to transferring the data to Eptura for processing purposes 5.2 From You Eptura may collect Personal Information directly from you. This information may be collected when: you register to use the Services you use the Services, or another application that the Services are embedded in (eg. as a mobile application provided by Eptura’s Customer) you contact the Eptura Support team you use your work PC to access the Services you pass through a security checkpoint at one of our Customer’s premises. you access our website 5.3 Passive Collection As is true of most websites and web applications, we gather certain information automatically. This information may include Internet Protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the features viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, usage, change history, and/or clickstream data to analyze trends in the aggregate and administer the site. 6. You May Request Access, Changes and/or Removal to/of Your Personal Information Eptura acknowledges that you have the right to access your personal information. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate Personal Information should first direct your query to Eptura’s Customer (the data controller), or second by emailing your request to privacy@eptura.com Eptura will process your request as soon as reasonably practicable, or within a reasonable timeframe, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet your request, we will let you know why. For example, it may be necessary for us to deny your request if it would have an unreasonable impact on the privacy or affairs of other individuals, or if it is not reasonable and practicable for us to process your request in the manner you have requested. In some circumstances, it may be necessary for us to seek to arrange access to your personal information through a mutually agreed intermediary (for example, our Customer). 7. Customer Obligations Around Personal Information Through our Customer’s use of the Services, Eptura may collect information about our Customer’s personnel from our Customer. Similarly, through your use of the Services, Eptura may also collect information from you about someone else. In either case, if you or our Customer (each an “Information Provider”) provide Eptura with Personal Information about someone else, the Information Provider must ensure that they are authorized to disclose that information to Eptura and that, without Eptura taking any further steps required by applicable data protection or privacy laws, Eptura may collect, use and disclose such information for the purposes described in this Notice. This means that if required by applicable law, the Information Provider must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Notice, including the fact that their Personal Information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, Eptura’s identity, and how to contact Eptura. Where requested to do so by Eptura, the Information Provider must also assist Eptura with any requests by the individual to access or update the Personal Information it has collected from them and entered into the Service. It is your responsibility to ensure that the Personal Information provided to us is accurate, complete, and up to date.