1. WHAT INFORMATION WE COLLECT
While it is perfectly possible to visit and browse the EpidAurus Website without disclosing any personal information, if you choose to proceed by registering or ordering anything on or from the Website, you will be asked to provide certain personal information such as your first name, last name and email address. For each visitor of our Website we expressly collect non-personally identifiable information from and about your computer like your IP address, web browser type, version and language, operating system type and version, pages viewed while browsing the site, page access times, referring website address etc. If you are accessing our Website through a mobile handheld device, we may request access or permission to certain system information including your mobile device ID number, model, manufacturer, etc. We may also collect information about you when you subscribe to our newsletter, request customer support, or otherwise communicate with us. If you wish to change any of the access permissions, you may do so in your device’s settings or write to us using the contact details given at the end of this page.
No part of our Website is directed towards children below 13 years of age and we do not knowingly collect personal information from anyone under the age of 13. If you are under 18 years of age, you may use the Website only with the permission of your parent or guardian. If we learn we have collected or received personal information from a child under 13 years without verification of parental consent, we will promptly delete that information from our database. If you believe we might have any information from or about a child under 13 years, please contact us as soon as possible.
2. HOW WE USE YOUR INFORMATION
We will securely process your personal information and use it for administration and operation of our Website, including but not limited to the following purposes:
To personalise user experiences
To assist with infrastructure monitoring and analytics
To enable third parties to carry out technical and logistical functions on our behalf
To develop and improve future versions of our Website and Services
To notify you about any changes to our Website and Services
To comply with other statutory or contractual requirements
Where you have provided us with consent to use your personal information, you have the right to withdraw this consent at any time by contacting us directly or following the ‘unsubscribe’ link provided in any electronic communications you receive from us.
Any personal information that we process will be stored on a secure server behind a firewall. We will not retain your personal information for longer than is necessary for the processing. Where you have registered and provided your consent to receive communications from us, then we will retain your personal information for this purpose until your consent is withdrawn.
3. DISCLOSURE OF YOUR INFORMATION
We may share information we have collected about you in certain situations as follows:
Third-Party Service Providers
We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
We may use third-party advertising companies to serve ads when you visit the EpidAurus Website. These companies may use information about your visits to our Website and other websites that are contained in web cookies in order to provide advertisements about goods and Websites that may be of interest to you.
With your informed consent (opt-in) we may share your information with third parties for marketing purposes, as permitted by law.
By Law or to Protect Rights
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.
We do not sell any personal information under any circumstances whatsoever. We disclose only that personal information that is necessary for the third party to deliver their specific service and we take all reasonable measures to ensure they keep your information fully secure and not use it for any purpose other than the one under which it was disclosed. All third parties are carefully screened so we can ensure that there are adequate controls in place in accordance with applicable laws.
5. INFORMATION STORAGE AND SECURITY
The personal information which we hold will be held securely in accordance with our internal security policy and the appropriate data protection laws as and where applicable. EpidAurus has implemented generally accepted standards of technology and operational security in order to protect personal information from loss, misuse, or unauthorized alteration or destruction. Unfortunately, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Whilst we strive to use all reasonable efforts to protect your personal information, we cannot guarantee its absolute security. We will notify you promptly in the event of any breach of your personal information which might expose you to serious risk. We will never collect sensitive information about you without your explicit and informed consent.
6. YOUR RIGHTS UNDER GDPR
Under the EU General Data Protection Regulation, you possess a number of rights in relation to your personal information. These rights include:
The right to be informed - You have the right to be informed about how and why your personal information is being collected or processed by us.
The right to access – You have the right to request a copy of your personal information currently being collected and/or stored by us.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate or incomplete.
The right to erasure – You have the right to request that we erase your personal information, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal information, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal information, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
We are committed to upholding these rights at all times. If you wish to exercise any of these rights, please send us a request that (a) provides sufficient detail to allow us to verify that you are the person about whom we have collected personal information, and (b) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it as soon as possible. Please note we cannot respond to requests that do not adequately meet the above criteria.
As per GDPR guidelines, EpidAurus has a “Data Protection Officer” (DPO) who is responsible for all matters relating to privacy and data protection and they can be reached at:
Attn: EpidAurus Data Protection Officer
You also have the right to complain to a supervisory authority according to Article 51 of GDPR where you feel that our processing of your personal information has infringed your rights.