EDAA Trust Seal

EPSILON

PRIVACY POLICY FOR WEBSITE & BUSINESS-TO-BUSINESS

Last Modified: 28/07/2023

Epsilon, formerly also known as Conversant, is an advertising company. We are part of the Publicis Groupe, headquartered in France but with operations around the world. Our services help online businesses find customers and keep the internet free. We encourage you to read the whole notice but if you wish to jump to a certain subject, please use the table below.

Throughout this Privacy Policy we use several capitalised terms. You can find the definitions for these here.

Privacy commitment and scope of this Privacy Policy

This Privacy Policy (“Privacy Policy”) describes how Personal Data is collected and used by Epsilon on our corporate websites in EU and the United Kingdom, such as this and other sites that display or link directly to this policy (collectively “Websites”). It also describes how we collect and use Personal Data as part of our business-to-business relationships with our clients and prospects.

We care about your privacy and we want you to understand how we process Personal Data and what choices you have with regards to it. We have taken steps to provide you with this information as clear and easy as possible, but if you have any questions you can always Contact us.

Use of Cookies and device access

Cookies allow us to recognise your device and store information about your preferences or past actions. Cookies are widely used by website owners in order to make their websites work, operate more efficiently, provide reporting information and store things like personalisation details or user preferences. Cookies can also be used to improve your experience when seeing web and mobile advertisements and ensure that when you click on an advertisement, you are sent to the correct click-through destination. Cookies are generally divided into the following categories:

  • Essential cookies. These Cookies are strictly necessary for our Websites to function properly and to use some of its features, such as access to secure areas.
  • Performance and functionality cookies. These Cookies are used to enhance the performance and functionality of our Websites but are non-essential to their use. However, without these Cookies, certain functionality may become unavailable.
  • Analytics and customisation cookies. These Cookies collect information that is used either in aggregate form to help us understand how our Websites are being used, how effective our marketing campaigns are, or to help us customise our Websites for you.
  • Advertising cookies. These Cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same advertisement from continuously reappearing, ensuring that advertisements are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

Cookies set by the website owner (in this case, Epsilon) are called "first-party Cookies". Cookies set by parties other than the website owner are called "third-party Cookies". Third-party Cookies enable third party features or functionality to be provided on or through our Website and elsewhere (e.g. like advertising, interactive content and analytics). The parties that set these third-party Cookies can recognise your device both when you visit our Website and also when you visit certain other websites. The specific types of first- and third-party Cookies used during the delivery of our Websites are described here. Please note that the specific Cookies may vary depending on the specific Website you visit.

We will only use Cookies or otherwise access your device if we have been provided with consent to do so, as required by the ePrivacy Directive and/or the UK Privacy and Electronic Communications Regulations (PECR). However, certain essential Cookies do not require consent. This includes Cookies that are essential to comply with the GDPR’s security principle as well as Cookies that help ensure that content of a page loads quickly and effectively by distributing the workload across numerous computers.

What Personal Data do we collect?

Epsilon collects the following categories of Personal Data:

Contact information such as name, email address, telephone number, company you work for, business title, postal address and other similar types of information. You must be 18 years of age or older to submit this type of information to us. This type of Personal Data is collected when:

    • You provide it us, for example through your participation in surveys, our sign-up forms and other forms available on our Websites.
    • You attend or register for our marketing events, trade shows and webinars. We sometimes arrange these types of activities together with third parties.
    • You use functionalities and features of our Websites and Services and, such as our Client Access Portal. In some cases, we will also collect and retain your username and password.
    • You correspond with us through email. In these cases, we will also retain the content of your email messages together with the resulting correspondence.
    • You choose to disclose this type of Personal Data on message boards, chats, profile pages, social media posts or comments, blogs and other features on our Websites or our Services which allows you to this. Please note that any information you post or disclose through these features will become public and may be available to visitors to our Websites and to the general public. We urge you to be very careful when deciding to disclose your Personal Data, or any other information.

We may also collect this type of Personal Data from publicly available sources, such as LinkedIn, or receive it from our partners who have collected it therefrom.

Browser and device information. We and our partners use Cookies to collect certain information about the browser and device you are using. This information may include the type of web browser you are using and its version, your IP address and what parts of our Websites you visited. This type of Personal Data is processed whenever you visit our Websites and open emails from us.

We ask that you not send or disclose any sensitive or special categories of Personal Data (for example information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership) to us through our Websites or otherwise. Also, our Websites and Services are not intended for children under the age of 16. We ask that children not provide any Personal Data through our Websites or Services.

How Personal Data is used and lawful basis

We use Personal Data for the following purposes:

  • Direct marketing in accordance with your preferences via email, phone or other channels, including features of our Services. Such marketing could include newsletters, white papers, market research opportunities and similar.
  • To fulfil requests you have made to us, including communicate with you, respond to your inquiries and provide updates on our products and Services,
  • To analyse and report on trends and activities on our Websites and our marketing efforts, such as understand the parts of our Websites visited most often.
  • To improve our Services, Websites and marketing communications, which includes improving the user experience of such.
  • Administer our Services and Websites.

We rely on legitimate interests for most of the above processing activities, which include providing our Services, operating our business, obtaining new clients, retaining existing clients and responding to questions and inquiries. Further information can be provided upon request.

To administer our Services and Websites and to fulfil requests you have made to us, such as to communicate with you, respond to your inquiries and provide updates on our products and Services we process some of your Personal Data to deliver a contractual service to you, or to do something before entering into a contract with you (for example provide you with a quote).

Social media

We sometimes engage social media platforms to display direct marketing to you on their platform. We use “list-based” and “look-a-like” tools to do this. Using list-based tools involves the uploading of Personal Data to the social media platform in question (such as a list of email addresses). The platform then matches the uploaded Personal Data with its own user base. Any user that matches the uploaded list is added into a group that will be sent the selected marketing message. Look-a-like tools offer the ability to build other audiences based on the characteristics of an original audience that was created using a list-based tool. These audiences generally comprise of users that have not previously engaged, but who look like the list-based audience (i.e. they are users with similar interests, behaviours, or characteristics). When creating this sort of audience, the social media platform uses Personal Data it has about other users of its platform to find users who match the interests and behaviours of users that are current customers. Examples include Facebook Custom Audiences or LinkedIn Contact Targeting. We have contractual controls in place to ensure that the social media platform can only use the Personal Data we share to enable the provision of the service they are providing to us. We are not responsible for the data practices of social media platforms and recommend you read their own privacy policies.

Content sharing features

Our Websites include social media sharing features, such as LinkedIn, Facebook and Twitter buttons. A Cookie might be set to enable such features to function properly. These features may collect information about your browser and your device, including your IP address as well as which part of our Websites you are visiting.

We also have other content sharing features embedded on our Websites, such as YouTube, SoundCloud and Wistia, which lets us share content with you directly (e.g. videos, podcasts, tracks and playlists). The providers of these content sharing features might collect information about you (including Personal Data), such as what part of our Website you visited. They do this to be able to recognise you, and in some cases show you personalised content. We are not responsible for the data practices of these providers and recommend you read their own privacy policies.

Some features might allow you to email useful information from our Websites to a friend or colleague. If you choose to do so, we may ask you to provide your full name and email address, as well as your friend’s complete email address. We will send your friend a one-time email inviting them to visit our Website, except where prohibited by law.

Participation in online forums

Our Websites may provide you with the opportunity to participate in various online forums. If you contribute any content to an online forum, you retain your rights to any content you post. However, by posting content on or through an online forum, you grant us a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute your content in any and all media or distribution methods (now known or later developed) for any and all purposes.

Any content you post to an online forum may be publicly viewed and used by anyone on the Internet. You are responsible for any content you post, and for any consequences thereof, including the use of your content by other users. To protect your privacy, we remind you and ask you to not submit Personal Data in a public forum.

By posting, you agree not to post any content that (i) is unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libellous, invasive of another individual’s privacy, hateful, or racially, ethnically or otherwise objectionable; (ii) you do not have a right to make available under any law or under contractual or fiduciary relationships; (iii) infringes any patent, trademark, trade secret, copyright or other proprietary rights of any party; or (iv) contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment.

We may pre-screen, refuse or remove any content that you post. We may also modify or adapt your content in order to transmit, display or distribute it.

We do not control the content you or others can publicly post on our Websites and through online forums and as such, we do not guarantee the accuracy, integrity or quality of such content. Under no circumstances will we be liable in any way for any user-contributed content, including, but not limited to, any errors or omissions in any content, or any loss or damage of any kind incurred as a result of the use of any user-contributed content.

Links to third-party websites

Our Websites contain links to third-party websites that we are not affiliated with. We do not endorse or make any representations about any such third-party websites (or any information, software or other products or materials found there), and this Privacy Policy does not apply to the data protection practices of such. We encourage you to review the privacy policies of such unaffiliated third-party websites to understand their data protection practices.

Who do we share Personal Data with?

We share your Personal Data:

  • With companies within the Publicis Groupe for the purposes above,
  • With our processors such as email service providers, customer database providers and analytics providers,
  • With social media platforms and providers of content sharing features as described above,
  • Third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stocks (including in connection with any bankruptcy or similar proceedings); and
  • As we believe necessary and appropriate: (a) under applicable law; (b) to comply with legal processes and obligations; (c) to respond to requests from public and governmental authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect our rights, privacy, safety or property; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

How long do we keep Personal Data?

We retain all Personal Data in accordance with our data retention policy which abides by applicable law. The retention period depends on the type of data. For example, we retain Personal Data we collect from our Websites and through our direct marketing efforts and business-to-business relationships for up to four (4) years.

Your rights

All direct marketing messages will include an opportunity to unsubscribe or opt-out of future messages. For example, via an unsubscribe link in the bottom of an email. You can change your preferences at any time by clicking on that link.

In situations when we rely on consent to process your Personal Data you have the right to withdraw your consent at any time. To withdraw your consent to the Cookies used on our Websites please click on “Review Consent Preferences” in the footer of our website and make your choices.

If you wish to exercise any other rights you might have under Data Protection Laws (including access, deletion, rectification, portability and restriction), please contact us using the contact details provided below.

International transfers

In order to provide our Services and make our Websites available, we transfer Personal Data to, and Process Personal Data in, countries outside the European Union (EU), the European Economic Area (EEA) and the United Kingdom. More specifically our servers are located in the United States, and our processors operate around the world including the United States and India.

We have taken appropriate and suitable safeguards to ensure that your Personal Data will remain protected when transferred outside EU/EEA and the United Kingdom. This includes implementing Standard Contractual Clauses for transfers of Personal Data adopted by the European Commission and/or the United Kingdom. Further information about our international transfers as well as the safeguards in place can be provided upon request.

Security

We have implemented appropriate technical and organisational security measures to protect the Personal Data in our care, both during transmission and once we receive it. This includes physical and technical security measures to protect our Personal Data from accidental or unlawful destruction, loss, or alteration, and from unauthorised disclosure or access. Although please note that no method of transmitting information over the Internet or storing information is completely secure.

Contact Us

Epsilon International UK is the controller of the Personal Data that we process as described in this Privacy Policy. If you have any question about the processing, please contact us here.

Our Data Protection Officer is tasked with informing and advising us on the obligations that apply to us under Data Protection Laws, as well as monitoring our compliance with the same. If you need to contact our Data Protection Officer, please email us here. However, we respectfully ask that you only contact our Data Protection Officer regarding urgent matters relating to data protection.

As an EU resident, you have the right to report a concern to your country’s Data Protection Authority.  UK residents can report a concern to the Information Commissioner’s Office. However, we respectfully request that you contact us first so that we can assist you.

Changes to this Privacy Policy

We may occasionally make changes to this Privacy Policy. If we do, we will take appropriate measures to inform you, consistent with the significance of the changes we make, and update the “Last Modified” date above.

Definitions used in this Privacy Policy

Cookies” are small text files that are downloaded and stored onto your device (e.g. a computer or smartphone). Cookies allow us to recognise your device and store information about your preferences or past actions. In this Privacy Policy the definition of “Cookies” includes similar technologies that can write or read information on your device such as “Local Shared Objects” (sometimes called Flash Cookies), pixels and web-beacons. Click here for more details on the Cookies we set.

Data Protection Laws” means (i) EU Regulation 2016/679 and the UK General Data Protection Regulation (UK GDPR) as tailored by the UK Data Protection Act 2018 (together “GDPR”); (ii) EU Directive 2002/58/EC (ePrivacy Directive); (iii) the UK Privacy and Electronic Communications (EC Directive) Regulations 2003; and (iv) any and all applicable national data protection laws made under or pursuant to (i) or (iii); in each case as may be amended or superseded from time to time.

Epsilon” means Epsilon International UK Ltd registered in England and Wales with company number 03610044, with registered address 1st Floor 2 Television Centre, 101 Wood Lane, London, United Kingdom, W12 7FR.

Personal Data” means any information relating to an identified or identifiable natural person. Information such as name, identification number, location data and an online identifier is considered Personal Data.

Services” means the adverting services that we provide to our clients, including services referred to as “Discovery”, “Prospect”, “Digital Media Solutions”, “Customer”, “Messaging” and “Loyalty”.