Privacy

At Episerver, we are proud to be trusted with our customers’ data in over 30 countries worldwide.

Data privacy is important to all our customers, but even more so for certain industries such as banking & financial services, healthcare, pharmaceuticals, and public sector. Knowing we are trusted with our customers’ information, we understand the critical need for consistently operating in a highly secure manner.

At the core of Episerver’s solutions, customers are empowered with the control of their digital information. You can manage your data in a way that offers full control, including any of our customers’ potential personal data. Whether you are concerned about data transmission, data-at-rest, or accessibility, we provide customers with control of their data to support requirements for data privacy and compliance.

Episerver provides services and applications that enable customers to manage, store, and utilize their digital materials. As such, Episerver has limited access to data we process on behalf of our customers in connection with our services. Episerver does not access customer data for reasons not related to operating and maintaining services for our solutions.

The level of trust from our customers comes from our parallel commitment to maintaining and continuously improving our controls and abilities to support our customers. Episerver’s policies regarding data privacy and security are backed by some of our key commitments to our customers, including:

Security

Episerver will take all reasonable and appropriate organizational and technical measures to protect personal data from loss, misuse, unauthorized and unlawful access, disclosure, alteration and destruction. We consider the risks involved in the processing and the nature of the personal data.

Monitoring

Global risk assessments for privacy and security of customer data are performed annually. Our assessments involve review and monitoring of information from management and leadership responsible for ensure that the relevant policies and procedures are being trained, followed, and tested.

Compliance

Episerver conducts regular compliance audits of its relevant privacy practices to verify adherence to our Privacy Policy, as well as our plan and progress to become fully compliant to the upcoming EU General Data Protection Regulation (GDPR). 

Frequently Asked Questions

What is Episerver’s Privacy Policy and what does it cover?


Episerver’s Privacy Policy applies to all personal data received by Episerver in the United States from the European Union in any tangible and/or electronic medium.

Where is Episerver’s Privacy Policy located?


It can be accessed on our web site, at www.episerver.com/legal/privacy-statement

Will the Episerver Privacy Policy change?


Episerver’s Privacy Policy may be amended from time to time. We will give appropriate public notice when we make such changes, and any policy changes will be posted on our website.

Who can I contact for questions?


Please contact us at legal@episerver.com, or write to:

Episerver Inc.
c/o Legal Department
542 Amherst Ave
Nashua, NH 03063, USA

Who owns the personal data on my site?


The customer owns the data that is transmitted, managed, stored, and accessed using Episerver services. Episerver’s customers determine the types of data they submit to the platform when using Episerver services. We have no direct relationship with the individuals whose information we receive from our customers or business partners.  We do not control such information, we do not select or determine the specific types of data that we process, and we do not determine the purpose for which it is processed. 

Where is my personal data stored?


When using the Episerver Digital Experience Cloud Service, the customer’s data storage is based on the customer’s geographic location. Episerver uses Microsoft Azure data centers and currently offers support for the following base geographic locations.

  • West US
  • East US
  • Europe
  • APAC (Australia)

For customers hosting Episerver themselves, the location of data is solely managed by the customer.

Who is responsible for securing personal data?


Episerver provides the service and applications for customers to manage their data including any data categorized as personal data. The customer is ultimately responsible for managing their personal data. Episerver is responsible for the security of the systems and infrastructure to ensure that the data is handled in a secure manner.

What is Privacy Shield?


Privacy Shield is a data privacy framework designed by US Department of Commerce and European Commission. The purpose is to meet data protection requirements regarding the transfer of personal data to the United States from the European Union. This new transatlantic framework is also intended to replace the old Safe Harbor agreement.

For more information please visit the Privacy Shield site.

Is Episerver Privacy Shield Certified?


Episerver’s privacy policy is Privacy Shield certified. Episerver’s Privacy Policy is based on and governed by the Privacy Shield framework which sets forth the principles that Episerver adheres to with respect to transfers of Personal Data from the European Union to the United States.

What is Episerver doing about GDPR?


Episerver has a Compliance, Security and Data Protection Board in place to drive on-going training and reviews to march towards our ISO certification and accelerate our GDPR journey. More information could be found here.