Privacy Policy

Effective: 7 May 2019

This Privacy Policy describes our commitment to protect your privacy.

In a nutshell:

  • Our website does not collect or share personal data.
  • If you contact us, you might give us personal data.

Data controllers and data processors

Epiarc.org is provided by the Epiarc organisation.

If you send personal data to us, we will be your data controller under EU law.

We may outsource some of our activities to third parties (data processors), who may also use your personal data when acting on our behalf. You can see our third party processors here.

Our legal basis for processing

We only collect and process personal information where:

  • It is Necessary in order to provide you with services.
  • It satisfies a Legitimate Interest (which is not overridden by your data protection interests).
  • You give us Consent to do so for a specific purpose.
  • We need it to comply with a Legal Obligation.

Data collection

Communications. When you contact us you may decide to share personal data with us. It is solely your decision to share data with us during these communications, so our processing of such data will be based on your consent.

Data usage

Communications (Necessary | Legitimate Interest | Consent). When you contact us with an enquiry, we may use personal data that you give us to resolve your enquiry.

Security (Legitimate Interest | Legal Obligation). We may use information that you give us to monitor suspicious activity on our website.

Protecting our legitimate interests and legal rights (Legitimate Interest | Legal Obligation). Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we may use personal data in connection with legal claims, compliance, regulatory, and audit functions, or disclosures related to the acquisition, merger or sale of a business.

Development (Legitimate Interest). We may use information that you give us to help us understand and improve the quality of our website.

Data sharing

Third-party service providers. We may share personal data with our third-party providers for certain operations in accordance with this policy. We will never sell your personal data to third parties.

Complying with legal requirements. We may share personal data if the applicable legal provisions so require, or when such action is necessary to comply with any laws, including to meet national security or law enforcement requirements. We may also need to share personal data for the protection of our rights and interests, to protect your safety or the safety of others or to investigate fraud, in accordance with applicable laws.

Other purposes. We may also process your data for any other purposes for which we obtain your consent where necessary or otherwise in accordance with applicable law and this policy.

Data transfers

We primarily store personal data within the EU. We may also transfer your personal data to countries outside of the EU. All such personal data transfers are done in accordance with applicable laws.

Data protection

Access control. We take appropriate technical and organizational measures to ensure that only authorized personnel can access our systems.

Data minimization. We only collect the minimum amount of data necessary.

Third party processors. When we transfer your personal data to our third party processors, they will protect it using their own techniques.

Data retention

We will retain your personal data as long as it is needed to fulfill the purposes specified in this policy, unless a longer retention period is required or permitted by law. When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it as soon as it is technically possible.

Your rights

Right to information. You have the right to request details of the personal information that we hold about you.

Right to access. You have the right to obtain access to the personal data that we hold about you.

Right to data portability. You have the right to receive your personal data in a machine-readable format, and send it to another data controller.

Right to correct. You have the right to request that we correct incorrect, inaccurate or incomplete personal data that we hold about you.

Right to erasure. You have the right to request that we erase your personal data where it is no longer necessary for the purposes for which it was originally collected, or if continued processing of it would be unlawful. (Please note that we may need to retain certain information for record keeping purposes, or to comply with legal obligations.)

Right to object. You have the right to request that we stop processing your personal data in certain circumstances.

Right to restrict. You have the right to request the restriction of the processing of your personal data in certain circumstances.

If you would like to exercise your rights, please contact us. We will respond to your request within 30 days. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may ask you to verify your identity before complying with the request. You also have the right to contact a regulatory body or data protection authority about your request.

Third party content

Our website may embed or link to the websites or services of third parties. This policy does not extend to those third parties, so please refer to their privacy policies.

Policy updates

We reserve the right to update this policy at any time. Please periodically review this policy to see the updates.

Your continued use of our website constitutes your agreement to be bound by such updates to this policy. If you do not accept the terms of this policy, your only recourse is to discontinue use of our website.