Overview

Privacy at Epsilon

We believe in providing you with transparency around how we collect, use and share the personal data we collect from you. The following privacy statements are tailored for the different ways your personal data may be collected by Alliance Data FHC, Inc. trading as Epsilon International (“Epsilon,” “we,” “us,” or “our”).

The Epsilon Privacy Policy for Services addresses personal data we may collect and use through our services, including how we collect and use personal data for our email marketing services.
The Epsilon Privacy Policy addresses what data we may collect and use on our websites and from our clients.
The Careers Privacy Notice addresses information we may collect in connection with Epsilon’s employment recruiting efforts.

EPSILON PRIVACY POLICY FOR SERVICES

Last modified 17 May 2019

INTRODUCTION:

Alliance Data FHC, Inc., trading as Epsilon International (“Epsilon,” “we”, “us”, or “our”), is firmly committed to protecting the privacy and fostering confidence in our services and platforms (“Services”). This Privacy Policy only covers Epsilon’s Services that include its email service provider platform and its loyalty service provider platform.

WHAT DOES EPSILON DO?

Epsilon, as a Data Processor, provides its clients, the Data Controllers, with several agency services as well as an email platform and loyalty service platform. This Privacy Policy is primarily intended to provide a description of the ways in which we, the Data Processor, help our clients, the Data Controller, collect and use information for their email campaigns. The Data Controllers can schedule and manage their email campaigns. The Data Controllers may also use the loyalty platform to manage its purchase incentive programs.

If you have questions or concerns regarding this statement, please contact us by clicking here .

INFORMATION COLLECTION AND USE

Information Received or Collected by Epsilon

Epsilon receives and hosts personal data it receives from the Data Controllers. This includes identifiable Personal Data such as an individual’s name, address, email address and associated transactional information.

Epsilon also uses pixels and other technologies based in the Data Controller’s domain to collect Pseudonymous Personal Data including whether an individual received and/or opened an email. This personal data is only used for reporting purposes. Pixels are tiny graphics files that contain a unique identifier that enable Epsilon to recognise when an individual has opened an e-mail that a client has sent them. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.

Information Sharing by Epsilon

Epsilon only shares or discloses personal data to its Data Controller’s or its service providers per the Data Controller’s instructions. Epsilon may also share personal information (1) to comply with applicable laws and regulations or to respond to a subpoena, search warrant or other lawful request for information received by us, whether or not a response is required by applicable law; (2) to enforce our terms of use and other agreements or to protect our rights; and (3) to protect the safety of members of the public and users of the service.

While Epsilon strongly encourages its clients to adopt responsible approaches to its marketing practices, Epsilon is not responsible for the information practices of such clients.

INTERNATIONAL DATA TRANSFERS

Epsilon, its group companies, partners and service providers may transfer personal data to, and process personal data in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country and, in some cases, may not be as protective.

Specifically, Epsilon, its group companies or its service providers may process personal data in the United States, Canada and India. Epsilon has taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Policy. These measures include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies, which requires all group companies to protect the personal data from the European Economic Area that they process in accordance with European Union data protection law.

Our Standard Contractual Clauses can be provided on request. We have implemented similar appropriate safeguards with our third party service providers and partners and further details can be provided upon request.

SECURITY

The security of your information is important to us. We have implemented appropriate technical and organisational security measures to protect the information in our care, both during transmission and once we receive it. We take physical and technical security measures to protect our data from accidental or unlawful destruction, loss, or alteration, and from unauthorised disclosure or access.

No transmission of data over the Internet is guaranteed to be completely secure. While we strive to protect your data, it may be possible for third parties not under the control of Epsilon to unlawfully intercept or access transmissions or private communications. Unauthorised entry or use, hardware or software failure, and other factors may compromise data security. Epsilon cannot ensure or warrant the security of information you transmit to us. You acknowledge and assume this risk when communicating with Epsilon.

RETENTION

Epsilon retains the personal data per the Data Controller’s independent retention policy.

DATA SUBJECT RIGHTS

When providing its Services, Epsilon processes your personal data in the role of a Data Processor. This means that Epsilon processes your personal data on behalf of its clients, the Data Controllers. As a Data Processor, Epsilon may only process the personal data upon instruction from the respective Data Controller.

If your personal data has been submitted to us by one of our clients, and you wish to exercise any rights you may have under applicable data protection laws, we ask you to inquire directly with the client. If you do wish to make your request directly to us, please provide the name of the Epsilon client that your request refers to. We will refer your request to that client and will support them as needed in responding to your request within a reasonable timeframe.

CONTACT INFORMATION

If you have a question on something not addressed or if you have a complaint, please contact us by using the Feedback form located here.

Our Data Protection Officer Fieldfisher LLP (Riverbank House, 2 Swan Lane, London, EC4R 3TT) is tasked with ensuring our data protection program is operating effectively and in accordance with law. If you need to contact our Data Protection Officer, you may email DPOfficer AT epsilon.com. However, we respectfully request that you only email our Data Protection Officer regarding urgent matters. Otherwise, for all other inquiries, please click on the contact form.

As an EU resident, you have a right to report a concern to your country’s Data Protection Authority. For example, UK residents can report a concern to the United Kingdom Data Protection Authority at this website – https://ico.org.uk/concerns/ . However, we respectfully request that you contact us so that we can assist you.

MODIFICATIONS TO THIS PRIVACY POLICY

We may occasionally make changes to this Privacy Policy. If we do, we will update the “Last Modified” date above. If we make a material change, such as the ways in which we use Personal Data, we will notify you via a prominent notice on our Site and, if required by data protection law, seek your consent.

WEBSITE PRIVACY POLICY

Last modified 17 May 2019

This privacy policy applies solely to information collected on our corporate websites, such as https://emea.epsilon.com/, and other affiliate sites that display or link directly to this policy (collectively, “Sites”). Please read this policy before using, or submitting information to, these Sites.

This privacy policy is designed to help ensure that visitors to our Sites understand what data is collected on our Sites and how this data is used or disclosed. This privacy policy also applies only to information collected on our Sites.

This privacy policy does not apply to data collected through our Services. For more information about our privacy policy for our Services, please visit our Epsilon Privacy Policy for Services.

This privacy policy also does not apply to personal collected during our recruiting process. For more information about our data protection practices for recruiting purposes, please visit Careers Privacy Notice.

This Site is not intended for children and we do not knowingly collect data relating to children.

WHAT INFORMATION DO WE COLLECT/RECEIVE?

We may collect, store and use the information you voluntarily provide to us through our Sites.

For instance, we may collect your contact information if you provide it to us through the “contact us” form, or through other forms available on our Sites. These registration forms may ask for such information as your name, the company you work for, business title, postal address, email address, telephone number and other information. You must be 18 years of age or older to submit this registration information to our Sites.
In addition, if you choose to correspond with us through email, we may retain the content of your email messages together with your email address and the resulting correspondence with you.
You may also disclose certain information about yourself on message boards, chat, profile pages and blogs and other services to which you are able to post information and materials. Please note that any information you post or disclose through these services will become public information and may be available to visitors to our Sites and to the general public. We urge you to be very careful when deciding to disclose your personal information, or any other information, on our Sites.

Further, our servers may automatically collect certain information from your browser when you visit our Sites. This information may include the type of web browser you are using and its version, your IP address and the pages you visited on our Sites. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, and to improve marketing, analytics or site functionality.

We may also collect your information when you attend one of our marketing events. Finally, we may receive your information from partners who have collected information you have posted publicly.

To exercise your choice around receiving marketing email or other direct marketing from us, see the “DATA SUBJECT RIGHTS” below.

HOW DO WE COLLECT DATA?

Outside of you providing us with your contact information as outlined above, we, or our service providers, may also collect information about your browser or device through various technologies, some of which are outlined below.

Cookies

Cookies are small text files that store data using your web browser to make your browsing experience easier and faster. We, and our third-party service providers who assist with managing our Sites, may use cookies and similar technologies on our Sites. We use performance and functionality cookies, as described below, to improve the performance of our Sites and to make our Sites more user-friendly.

The European Union Directive 2009/136/EC, amending Directive 2002/58/EC on Privacy and Electronic Communications (otherwise known as the e-Privacy or Cookie Directive), and laws in EU countries implementing such directive, require user consent before a site may place cookies and other similar technologies on your browser.

Types of Cookies used on our Sites

Performance cookies: These cookies collect information about how visitors use our Sites for web analytics purposes. For instance, we may use cookies to analyze which pages visitors go to most often and if they receive any error messages. These cookies are used to help improve our Sites and your experience on our Sites. By using our Sites, you agree that we can place these types of cookies on your browser. If you do not wish to accept cookies in connection with your use of this Web site, you must stop using our site.

Functionality cookies: These cookies allow our Sites to remember choices you make (such as remembering your username and password, language preference or the region you are in) and provide enhanced, more personalized features. These cookies may also be used to remember changes you have made to text size, fonts and other personalization’s. They may also be used to provide services you have requested, such as keeping you logged in to your account as you browse the internet. These cookies do not collect information about your browsing activity on other websites. By using our Sites, or by signing up for an account with us, you agree that we can place these types of cookies on your browser. If you do not wish to accept cookies in connection with your use of this Web site, you must stop using our site.

Interest-Based Advertising cookies: For information on cookies that are used for interest-based advertising, please see below under Interest-Based Advertising or Cross-App Advertising.

Other tracking technologies: We, and our service providers, may use other technologies, such as beacons, tags and scripts, on our Sites for analytics and administrative purposes. These technologies may be used in analyzing trends, administering the Site, recording users’ movements around the Site and gathering demographic information about our visitor base as a whole. We may receive reports based on the use of these technologies by these companies on an aggregated basis.

We may partner with third parties who provide certain features on our Sites, or to display advertising, based upon your web browsing activity using local storage objects (LSOs) such as Flash to collect and store information. Various browsers may offer their own management tools for removing Flash LSOs. To manage Flash LSOs, please click here .

If you have a question on something not addressed or have a complaint? Please use the Feedback form located here . You may also reach our Data Protection officer at DPOfficer AT epsilon.com.

HOW DO WE USE THE INFORMATION WE COLLECT?

Lawful basis

We may use the information you provided to us in the forms on our Sites or through email correspondence with us to market to you per the preferences you specified when you registered on our Sites. Our marketing efforts include business-to-business direct marketing and promotional information related to our marketing services. We collect this information through a consent mechanism available when you provide us with your information.

We may also use the information we collect to fulfill requests you have made to us, such as to communicate with you, respond to your inquiries and provide newsletters or updates. We may use the information to inform you of service and product updates, white papers, new products, market research opportunities and other related information from us. We rely on legitimate interests as a lawful basis of processing for the purpose of operating our business, obtaining new clients, retaining existing customers and responding to your questions/inquiries.

We may use the information we automatically collect from your browser to analyse trends, administer our Sites, note users’ activities on our Sites, help us understand the parts of our Sites visited most often and gather broad demographic information for aggregate use in improving our Sites. We, and our digital partners, rely on consent to drop the cookies and legitimate interests to process the information we collect thereafter. We rely on legitimate interests as a lawful basis of processing for the purpose of operating our business, obtaining new clients, retaining existing customers and responding to your questions/inquiries.

Interest-Based Advertising or Cross-App Advertising

As you browse the internet or go across mobile apps, you may see advertisements on the web pages or the apps you visit. Some of these ads may be more relevant to you based on a variety of factors, such as the previous websites or apps you have visited, your perceived interests and your demographic information. This practice is called Interest-Based Advertising. To learn more about this practice, please visit the Interactive Advertising Bureau EU .

We may work with our advertising partners to enable the delivery of relevant messages to the right consumers while protecting consumer privacy and offering choices about participating in such activities. Our third-party partners may use technologies, such as cookies, to gather information about your activities on this Site and other sites in order to provide you with relevant advertising. Relevant advertising does not result in more ads, but rather the relevancy of the ads you see.

If you have a question on something not addressed or have a complaint? Please email us at marketingrequests AT epsilon.com. You may also reach our Data Protection officer at DPOfficer AT epsilon.com.

WHO DO WE SHARE YOUR DATA WITH?

We may share or disclose the information we collect or receive through this Site:

With our affiliate companies who may be able to address or respond to your inquiries.
With our service providers who perform services on our behalf, including our email service providers, our customer data base provider and analytics providers.
To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
As we believe to be necessary or appropriate: (a) under applicable law; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

LINKS TO THIRD-PARTY SITES

Our Sites contain links to unaffiliated third-party sites. We do not endorse or make any representations about any third-party sites (or any information, software or other products or materials found there) to which our sites might link. This privacy policy does not apply to the information collection and use practices of third-party sites. We encourage you to review the privacy policies of these unaffiliated third-party sites to understand their data collection and use practices.

CONTENT SHARING FEATURES

Our sites include social media sharing features, such as LinkedIn, Google+, Facebook and Twitter buttons. It may set a cookie to enable the feature to function properly. These features may collect your IP address and which page you are visiting on our Sites. Social media features are governed by that social media company’s privacy policy.

We also give users the option to share our stories about us on social networks such as LinkedIn, Google+, Facebook and Twitter buttons.

We may also allow you to email useful information from our Sites to a friend or colleague. If you choose to do so, we may ask you to provide your full name and email address, as well as your friend’s complete email address. We will send your friend a one-time email inviting him or her to visit the site, except where prohibited by law. Your friend or colleague may unsubscribe from these emails via the unsubscribe link in the email or by contacting us at marketingrequests AT epsilon.com.

DATA TRANSFER

We may transfer your personal information from your country of residence to the United States, Canada and/or India. We rely on standard contractual clauses if we or our vendors transfer your data to such countries.

DATA SUBJECT RIGHTS

By contacting us via for example marketingrequests AT epsilon.com, you may:

request access to and rectification or erasure of your personal data; or
request restriction of processing concerning your personal data; or
object to processing of your personal data; or
request a copy of your personal data you have provided to us be transferred to another organization (as outlined under the right to data portability).

If we have relied on consent to obtain your personal information, such as on our registration page, then you have the right to withdraw consent at any time. You may either unsubscribe from our emails or you may opt-out of our cookies (see below). You may also contact our Data Protection Officer to exercise your choices at DPOfficer AT epsilon.com.
You have the right to lodge a complaint with a supervisory authority.
We may process some of your personal data based on contractual requirements, such sending you transactional emails, or as a requirement necessary to enter into a contract.

CHOICES AND ACCESS

Client/prospect opt-out

We maintain contact lists to communicate with our clients and prospects. Individuals must affirmatively ask to join one or more of our email lists or postal mailing lists by registering on our Sites and/or through one of our conferences. All email messages sent to these lists include an opportunity to unsubscribe or opt out of future email messages via a hyperlink in the email.

You may request to be removed from future email messages by contacting us via the Feedback form located here or by email marketingrequests AT epsilon.com. You may also reach our Data Protection officer DPOfficer AT epsilon.com.

We also maintain a postal mailing list to communicate with our clients and prospects. You can request to be removed from our mailing list by sending your name and postal address to us via the Feedback form located here or by emailing marketingrequests AT epsilon.com. You may also reach our Data Protection officer DPOfficer AT epsilon.com.

RETENTION

Epsilon retains the personal data it collects from its Sites and for or through its direct marketing efforts for a period of 4 (four) years.

PARTICIPATION IN ONLINE FORUMS

Our Sites may provide you with the opportunity to participate in various online forums. If you contribute any content to an online forum, you retain your rights to any content you post. However, by posting content on or through an online forum, you grant us a worldwide, nonexclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute your content in any and all media or distribution methods (now known or later developed) for any and all purposes.

Any content you post to an online forum may be publically viewed and used by anyone on the internet. You are responsible for any content you post, and for any consequences thereof, including the use of your content by other users. To protect your privacy, we remind you and ask you to not submit personal information in a public forum.

By posting, you agree not to post any content that (i) is unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libelous, invasive of another’s privacy, hateful, or racially, ethnically or otherwise objectionable; (ii) you do not have a right to make available under any law or under contractual or fiduciary relationships; (iii) infringes any patent, trademark, trade secret, copyright or other proprietary rights of any party; or (iv) contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment.

We may prescreen, refuse or remove any content that you post. We may also modify or adapt your content in order to transmit, display or distribute it.

We do not control the content posted by public users to our Sites and, as such, do not guarantee the accuracy, integrity or quality of such content. Under no circumstances will we be liable in any way for any user-contributed content, including, but not limited to, any errors or omissions in any content, or any loss or damage of any kind incurred as a result of the use of any user-contributed content.

To request removal of your personal information from our online forums, or to notify us of a posting that violates our rules for posting in Epsilon’s online forums described above, please contact us via the Feedback form located here . If we are unable to remove your personal information, we will let you know that we are unable to do so and why.

SENSITIVE INFORMATION

We ask that you not send or disclose any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership) to us through our Sites or otherwise.

USE OF THE SITES BY CHILDREN

Our Sites are not intended for children under the age of thirteen (13). We ask that children not provide personal information through our Sites. If we become aware that we have collected personal information from a child under the age of 13, we will delete that information from our records.

SECURITY

We use physical, electronic and administrative safeguards designed to protect your personal information against loss, misuse or alteration. All information is stored securely and may only be accessed by employees with a legitimate business need to access the information. No method of transmission over the internet, or method of electronic storage, is 100 percent secure, and we cannot guarantee its absolute security.

CONTACT INFORMATION

Controller

Alliance Data FHC, Inc. (trading as Epsilon International) is the controller of the personal data we process. If have a question on something not addressed or if you have a complaint, please contact us by using the Feedback form located here or at marketingrequests AT epsilon.com.

Data Protection Officer

Our Data Protection Officer (Fieldfisher LLP (Riverbank House, 2 Swan Lane, London, EC4R 3TT) is tasked with ensuring our data protection program is operating effectively and in accordance with law. If you have need to contact our Data Protection Officer, you may email DPOfficer AT epsilon.com. However, we respectfully request that you only email our Data Protection Officer regarding urgent matters. Otherwise, for all other inquiries, please click on the contact form.

MODIFICATIONS TO THIS PRIVACY POLICY

CAREERS PRIVACY NOTICE

Last modified 17 May 2019

Please read this Careers Privacy Notice carefully. By submitting application information through the Career website , or by emailing our recruiters, you, the applicant, consent to Alliance Data FHC, Inc., trading as Epsilon International (“Epsilon,” “we,” “us”) collection and use of Applicant Data as described below.

This Careers Privacy Policy applies to personal data collected or received by Epsilon during its recruiting process.

DATA COLLECTED AND PURPOSE

User Provided Data. You may voluntarily provide personal data to Epsilon through Taleo, OnGig, and third party recruiters. Taleo and OnGig are application tracking software or recruiting programs. You can register and create a profile, providing:

Your name
Your social media sign-in information (through LinkedIn, Facebook, Twitter and others)
Your email address
Your postal address
Your phone number
Your picture
Jobs you show interest in (e.g. ones you apply for, follow, comment on, etc.)
The date you first looked at a job
Educational Level
Your phone number
Resume/CV

Personal data that we receive from you or others in connection with your application is referred to in this Privacy Notice as “Applicant Data.” If Epsilon considers your application or extends an offer of employment, Epsilon may collect certain additional data either directly from you or from third parties such as background checks, where allowed by local law, with your consent. Epsilon relies on your consent when collecting this data.

Epsilon may also collect and retain Applicant Data manually or electronically (e.g., if you send us an email). Epsilon relies on Legitimate Interest when collecting and using such personal data.

Applicant Data from this Site. When you visit our site, your browser automatically sends us an Internet Protocol address and certain other data, including the type of browser you use. Our cookies on this site are used solely to facilitate your online experience, and are not used to make employment-related decisions. Please visit Epsilon Privacy Policy to learn more about what data we collect when you visit our Sites.

USE OF APPLICANT DATA

Epsilon may use Applicant Data to communicate with you in writing or by telephone or online, to evaluate your application, to analyse Epsilon staffing needs and practices, or otherwise to efficiently manage the Epsilon hiring process and employee administration. We may combine Applicant Data with research tools and data from other sources. Epsilon collects and uses this Applicant Data for hiring purposes.

DATA DISCLOSURES

Applicant Data is controlled primarily (but not exclusively) by Epsilon’s human resources department staff, and may be stored electronically or in hard copy. Other staff involved in hiring or information management also may have access to some or all Applicant Data, as may senior management, including hiring associates outside of the European Economic Area, including Canada, Hong Kong, India and United States. To achieve the objectives described above, and because we are part of a larger group of companies operating internationally, we may from time to time make Applicant Data available to other companies within the Epsilon family of companies, including Epsilon Data Management, LLC. Also, we may from time to time make Applicant Data available to legal and regulatory authorities (such as labour and tax authorities), to our accountants, auditors, solicitors, lawyers and other outside professional advisers, and to parties providing products or services to us (such as IT systems suppliers, and human resources consultants). Notwithstanding any other provision of this Privacy Policy, Epsilon may also disclose Applicant Data to any third party when disclosure is required by law, or desirable to permit us to exercise our legal rights or take action regarding illegal activities, or to protect the safety of any person. If all or part of our company is sold, merged, or otherwise transferred to another entity, we may transfer Applicant Data as part of that transaction.

RETENTION, TRANSFERS AND SECURITY OF APPLICANT DATA

We may store Applicant Data for as long as needed for the purposes indicated in this Privacy Statement, but in any event not longer than permitted by local law from the date of collection unless you become employed by Epsilon, in which case a different retention period may apply. Records not specifically designated as Applicant Data may have different retention periods (e.g., email server records of emails received or sent). As stated above, Applicant Data are processed in and thereafter stored on local servers in the United States. Conversant has certain security measures to protect the confidentiality of Applicant Data (such as firewalls to protect servers), but the storage and communication of personal data cannot always be completely secure.

The servers for Taleo and Ongig are located within the United States and are participates in the EU-US Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework. Epsilon transfers Applicant Data to its Affiliates listed above under a standard contractual clause. We may transfer your personal data from your country of residence to the United States, Canada, Singapore, Hong Kong and/or India. We rely on standard contractual clauses if we or our vendors transfer your data to such countries.

DATA SUBJECT RIGHTS AND YOUR CHOICES

You may access and rectify your Applicant Data by logging into Taleo and updating your Applicant Data.

You can also contact us at recruitingrequests AT epsilon.com to receive more detailed information about the data gathered about you, the categories and purposes of processing of your data and to whom your data has been transmitted. You may also withdraw your consent to or restrict our processing of your Applicant Data or by writing our Data Protection Officer via email at DPOfficer AT epsilon.com.

MINORS

We do not knowingly collect application information from children under age 16.

CONTACT INFORMATION

Controller

Alliance Data FHC, Inc., trading as Epsilon International is the controller of the personal data we collect or receive when you apply for a job on our Career site. If have a question on something not addressed or have a complaint, please contact us at recruitingrequests AT epsilon.com.

Data Protection Officer

Our Data Protection Officer Fieldfisher LLP (Riverbank House, 2 Swan Lane, London, EC4R 3TT) is tasked with ensuring our data protection program is operating effectively and in accordance with law. If you have need to contact our Data Protection Officer, you may email DPOfficer AT epsilon.com. However, we respectfully request that you only email our Data Protection Officer regarding urgent matters. Otherwise, for all other inquiries, please email us at recruitingrequests AT epsilon.com.