Privacy policy at a glance

Episerver takes your privacy seriously and is committed to protecting your privacy rights. We want you to know why we collect your personal information, what we collect, how we use it, and for how long we store it. We also want you to know how you can access, amend, correct, and in some cases delete your information.

This is a high-level overview of our privacy policy. Please scroll down read the full privacy policy.

Who we are

When we speak of Episerver, we mean the Episerver group of companies which currently comprises the following legal entities:

Episerver AB, Episerver Inc., Episerver GmbH, Episerver UK Ltd., Episerver Research and Development Company Limited, Episerver Denmark Aps, Episerver Benelux BV, Episerver Finland OY and BV Networks, and together with its affiliates and Episerver-related entities (“Episerver”).

Episerver has achieved Privacy Shield certification. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.

Why we collect information

  • We collect personal information when you request our content marketing assets, in order to provide useful content and follow up on its effectiveness for marketing purposes.
  • We collect information when you contact us to respond to your request, question, or issue, and to follow up on the resolution.
  • Our advertising partners collect information about your behavior on our websites in order to deliver interest-based advertising on our behalf. We do not share any personal information with these partners.
  • We collect information when you buy and/or use our software or services. We do this to be able to deliver our services, to send you important operational information, for contractual reasons, to process financial transactions, and for legal and regulatory reasons.

Read more about why we collect information

What we collect

  • We collect name, email, phone, address, job title, company, and if you use Episerver products or services and what those are.
  • We may collect other data you have provided while contacting us, especially using the contact, download, or signup forms on our website.
  • We collect data that you have sent to us through an online survey, event attendance application, support ticket, or job application.
  • We collect anonymous information sent by your browser when you visit our websites, including IP address, operating system, and browser version. If you identify yourself by filling out a form, some data (such as what pages you view on our websites) will be connected to your personal information.

Read more about the information we and partners collect when you browse our websites

Read more about the information we collect when you fill out a form on our website

Read more about the information we collect if you attend an event or contact us at an industry event

How we use information

  • We never sell or rent your personal information to third parties. If you have given us your express permission, we may share your personal information to select partners that you decide. (Non-EU: We may share your personal information to select partners. We always make clear when we share that information.)
  • If you have requested a marketing asset or have participated in a marketing event, we use your personal information to follow up on the effectiveness of the marketing activity.
  • If you are an individual based in the EU and you have requested to be added to one of our newsletters, we may use your address to send you marketing communications. If you are a non-EU individual and have registered to access one of our content marketing assets or a webinar, me may use your address to send you marketing communications.
  • If you are a customer or a partner of ours, we may use your contact information to send you product or services updates and information that is relevant to your use of the products and services.
  • We may share information with vendors that act on our behalf, such as services we use to maintain our contact records. These vendors act on our instructions and adhere to the policies described in this document.
  • Episerver has employees and offices globally. This means that we may transfer information globally. Outside of the EU, we have offices in for example United States, Vietnam, Norway, Australia, and South Africa, but Episerver employees or sub-processors may access the information from other countries.

Read more about how we share information with data processors; vendors that act on our behalf

How long we keep information

  • We keep your information only for as long as it is warranted from to fulfill our commitments to you, or to adhere to legal or regulatory requirements.
  • If you are a customer or partner, we keep the information for the duration of our relationship. Certain information may be kept for longer though, for instance contracts will be archived even when terminated.
  • If you have requested to receive marketing communications, we will keep your personal information only for as long as you interact with us.
  • In most cases, we keep your personal information for no more than 12 months after the last contact or when your contract has expired, with the exception of information we have to keep for legal reasons, such as signed contracts.

Read more about how long we keep your information

Digital Experience Cloud and other products and services

  • We provide software and services to our customers. This software and these services allows our customers to build websites, ecommerce sites, and manage marketing campaigns, and it may be used to collect personal information.
  • In these cases, it is our customers that control the processing of personal information, and we act on their behalf as a processor.
  • If you have a question about how your information is processed, please contact the owner of the website or sender of the communication.

Read more about Digital Experience Cloud and other products and services

Your choices and rights

  • You can choose to opt out of marketing communications at any time, regardless if you are a customer, partner, or none of the above.
  • You can request a copy of your personal information and you can update any incorrect information. (EU only.)
  • You can ask to have your personal information removed, or in some cases limit our processing of personal information. This does not apply when we need to keep your information for legal reasons. (EU only.)
  • Read more about your choices and rights
  • Learn how you can submit a complaint
  • Email: [email protected].
  • If you are based in the European Union, you can write to:

How to contact us

Episerver AB
c/o Legal Department
Box 7007
103 86 Stockholm
Sweden

Information for individuals not based in the EU

  • Generally, the same terms apply for you as for individuals based in the European Union.
  • Some provisions regarding your rights to access, delete, or limit the processing of data may be different.
  • If you download one of our content marketing assets by filling out a form on our website, we may send you marketing communications. You may unsubscribe at any time.
  • For residents in California, special privacy rights apply.

Read more about what applies to you as an individual not based in the EU.

 

 

Complete privacy policy

Who we are

When we speak of Epserver, we mean the Episerver group of companies which currently comprises the following legal entities:

  • Episerver AB
  • Episerver Inc.
  • Episerver GmbH
  • Episerver UK Ltd.
  • Episerver Research and Development Company Limited
  • Episerver Denmark Aps
  • Episerver Benelux BV
  • Episerver Finland OY
  • BV Networks

Episerver has achieved Privacy Shield certification. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.

Why we collect information

  • We collect personal information when you request our content marketing assets, in order to provide useful content and follow up on its effectiveness for marketing purposes.
  • We collect information when you contact us to respond to your request, question, or issue, and to follow up on the resolution.
  • Our advertising partners collect information about your behavior on our websites in order to deliver interest-based advertising on our behalf. We do not share any personal information with these partners, but you may have shared information with them if you have signed up for any of their services (such as Facebook or LinkedIn).
  • We collect information when you buy and/or use our software or services. We do this to be able to deliver our services, to send you important operational information, for contractual reasons, to process financial transactions, and for legal and regulatory reasons.
  • If you are an Episerver partner, we collect information to enable you to resell and provide services around our software and services, and to fulfil our contractual obligations to you as a partner.
  • We may also collect information to prevent and detect crime, fraud or corruption

What we collect

  • Most often, we collect name, email, phone, address, job title, company.
  • If you are an Episerver customer, we may collect which products and services you use.
  • If you sign a contract with Episerver, we may collect further details such as your signature or other proof of identity, the IP address (if signing a contract digitally).
  • We may collect other data you have provided while contacting us, especially using the contact, download, or signup forms on our website.
  • We collect data that you have sent to us through an online survey, event attendance application, support ticket, or job application.
  • We collect anonymous information sent by your browser when you visit our websites, including IP address, operating system, and browser version. If you identify yourself by filling out a form, some data (such as what pages you view on our websites) will be connected to your personal information.
  • We offer publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose any information through our public message boards, blogs, or forums, this information may be collected and used by others.
  • Information we and partners collect when you browse our website

    • On our websites, we include a number of scripts from third-party vendors. These scripts may gather data for web statistics, they may be used for interest-based advertising on other services (such as Google, Facebook, or LinkedIn), and they may offer additional functionality to the web sites (such as chat).
    • The websites and third-party scripts may use cookies or local storage. Cookies and local storage can be used to identify a returning visitor. Cookies and local storage in themselves to not identify you as an individual – but if you for instance are using Facebook, and subsequently visit our websites, Facebook may learn about your visit.
    • We cannot tell who you are unless you willingly identify yourself on our websites.
    • If you at some point have identified yourself by filling out a form on our websites, pages you view on our websites may be connected to your personal information. We do this to understand the effectiveness of our website.
    • For certain parts of our websites, for instance pages that require a login, cookies are required for the website to work properly. Otherwise, cookies are generally not required for the operation of the website.
    • We set a cookie and use local storage in your browser that contains information that we use to identify you between visits. In particular, we set an identifier that identifies you for the functional site features described below:
      • Marketo – see below
      • Drift – see below
      • Google Analytics – see below
      • Optimizely – see below
      • Load balancer tagging – we have multiple web servers, and this identifier make sure that you are served by the same web server between page views. 

 

  • Required site features – vendors that may collect Personal Data on our behalf:
    • Drift: We use Drift to provide a website chat bot and to allow you to book a meeting with a sales representative. As part of your conversation with the chat bot, you may enter personal information such as your email address. This information is stored by Drift, and automatically transferred to us to enable the booking of your meeting and to notify a sales representative. Read Drift’s privacy policy here.
    • Marketo: We use Marketo to manage registrations on our websites, to collect and store consent, and to send consent-based email communications. We also use Marketo to track web visits if you have registered on our website. Read Marketo’s privacy policy here.
    • Qualaroo: We use Qualaroo to provide quick surveys on our website. In most cases they are completely anonymous, but we may have surveys where you may have the option to enter details which may identity you. It is completely voluntary to respond to a survey. Read Qualaroo’s privacy policy here.

 

  • Functional site features – vendors that may collect anonymous data on our behalf:
    • Clearbit: We use Clearbit to resolve a company name from your IP address when possible. The company name and details may then be processed for analytical purposes as well as to gauge interest in our products and services from at a company level. Clearbit does not set any cookies and does not identify you as an individual, and we do not share any date with Clearbit. Read Clearbit’s privacy policy here.
    • Google Analytics: We use Google Analytics to analyze the performance of our websites and follow up on the effectiveness of ou marketing efforts. Google Analytics allow us to analyze data in aggregate, we do not collect or store any personal information in Google Analytics. Read Google’s privacy policy here.
    • Hotjar: We use Hotjar to improve the user experience on our websites. Hotjar collects anonymous usage information from our website, including the pages you visit. Hotjar does not collect form submissions or any personal information. Read Hotjar’s privacy policy here.
    • Leadlander: We use Leadlander to find out the names of companies visit our websites and what pages visitors from those companies have viewed. Leadlander does not collect any personal information on our websites, but you may have provided them with information on other websites that also use Leadlander, and that information may then be connected to your visit on our websites. Read Leadlander’s privacy policy here.
    • Optimizely: We use Optimizely to perform A/B testing on our website to improve its usability and effectiveness. Optimizely uses cookies to anonymously identify visitors, to enable them to show the same variant to you over several visits, and to collect statistics and the performance of each variant. Read Optimizely’s privacy policy here.
    • New Relic: We use New Relic to monitor the status of our website. New Relic sets an anonymous cookie to measure the time it takes to load a webpage. Read New Relic’s privacy policy here.
    • Wistia: We use Wistia to store videos that we show on our website. Wistia uses a cookie to collect anonymous viewing information that we use to find out how videos are being viewed. Read Wistia’s privacy policy here.

 

Also see the section on opting out of marketing and web tracking – including a page to opt out of interest-based advertising in general.

  • Information we collect when you fill out a form on our websites

    • When you submit a form on our websites, we collect the information that is listed in the form – typically your name, email address, company name, phone number, and survey questions about the nature of your company. If you are based in a country within the European Union, you also get the option to opt in to our email newsletter. If you are a non-EU individual, you will receive our newsletter if you sign up for an asset, demo, or webinar.
    • By submitting a form on our websites, you confirm that you have you have read and accept this privacy policy, and that you understand that data will be collected and processed for the purposes outlined in this policy.
    • If you have filled out a form on our websites, we may collect the URLs of any pages viewed or links clicked on our websites and connect them to your profile. We do this to better understand your needs.
    • If you open or click a link in an email we have sent you in response to you filling out a form, including email newsletter, that information will be connected to your profile. We may do this to either verify your email address to prevent spam and misuse, or to follow up on the usefulness of our email marketing.
    • If you use any of our discussion forums (such as the one on Episerver World), the information you enter will be stored for the purpose of publishing it to the discussion forum.
  • Information we collect when you participate at an Episerver event

    • When you register for an event, we may direct you to the website of our event registration vendor. In that case, the information you enter in the form is shared with us for managing and following up on the event.
    • Even if you sign up on an external website (such as that of our event management vendor, for example Eventbrite), your data will be processed by us for the purpose of managing the event and for following up on your participation. You may also have the option to opt in to our newsletter or other marketing communication.
  • Information we collect when you register with us at a trade show or industry event

    • If you meet us at a trade show or industry event, you may leave your contact details in order for us to follow up with you, to enter a competition or a game, or to subscribe to our newsletter. We will collect the information that is available on e.g. a business card, or in a form we may provide to you.
    • Please note that when you register for an industry event, you might have consented to sharing your personal information with us when signing up for the event.

How we use information

  • We never sell or rent your personal information to third parties. If you are an individual based in the EU individual and have given us your express permission, we may share your personal information to select partners that you decide. If you are an individual not based in the EU, we may share your personal information to select partners that are clearly labelled when you sign up. We always make clear when we share that information – as an example when we provide an event or an asset in collaboration with a partner of ours.
  • If you have requested a marketing asset or have participated in a marketing event, we use your personal information to follow up on the effectiveness of the marketing activity.
  • If your are an individual based in the EU and you have requested to be added to one of our newsletters, we may use your address to send you marketing communications. If you are an individual not based in the EU and you have registered to access one of our content marketing assets or a webinar, me may use your address to send you marketing communications.
  • If you are a customer or a partner of ours, we may use your contact information to send you product or services updates and information that is relevant to your use of the products and services.
  • Your information may be processed by vendors that act on our behalf, such as services we use to maintain our contact records, provide webinar services, or provide back office services such as email. These vendors are under a data processing agreement with us, act on our instructions and adhere to the policies described in this document.
  • Episerver has employees and offices globally. This means that we may transfer information globally. Outside of the EU, we have offices in for example United States, Vietnam, Norway, Australia, and South Africa, but Episerver employees or subprocessors may access the information from other countries.

 

  • Protection of your information
    • We take care to protect your personal data against abuse or loss. As an example, we store it in secure environments. We also provide training to our employees on data protection best practices and require them to enter into a confidentiality agreement.
    • We cannot guarantee absolute security though. If you would like to learn more about what we do to protect your data, please contact us at [email protected].

 

  • Information shared with vendors and service providers
    • In order to deliver our services, we rely on a number of different vendors. This covers everything from the software we use in our finance department to the infrastructure we use to run Digital Experience Cloud and other services. These vendors act as data processors on our behalf.
    • We hold our vendors and service providers to the same high privacy standards as we hold ourselves to. In all cases where we share your information with anyone outside of the Episerver group of companies, we explicitly require the them to acknowledge and adhere to our privacy and customer data handling policies through a data processing agreement.
    • Some vendors and service providers are based outside the European Union, including the United States.

How long we keep information

  • We keep your information only for as long as it is warranted from to fulfill our commitments to you, or to adhere to legal or regulatory requirements.
  • If you are a customer or partner, we keep the information for the duration of our relationship. Certain information may be kept for longer though, for instance contracts will be archived even when terminated.
  • If you have requested to receive marketing communications, we will keep your personal information only for as long as you interact with us.
  • In most cases, we keep your personal information for no more than 12 months after the last contact or when your contract has expired, with the exception of information we have to keep for legal reasons, such as signed contracts.
  • If you are an Episerver customer or partner
    • If you are an Episerver customer or partner, we may keep your personal information for the duration of our contract between your organization and us. If not required by law or regulation to keep your information beyond that term, we will remove it within 12 months of the contract ending.
    • If you have signed or entered into a contract with us, me typically archive and store that contract for an extended period of time, typically seven years or longer, depending on jurisdiction. Other items such as invoices may also be kept for longer than 12 months.
    • If you have asked to receive one of our newsletters or other marketing communications from us, we will keep your personal information to maintain your subscription, even if you would no longer be a customer or partner of ours.
    • If you have signed up to take part in our developer community or discussion forums, your personal information will remain unless you explicitly tell us to remove it.
  • If you are not an Episerver customer or partner
    • If you have opted into any of our content marketing initiatives or have opted in to our newsletters, your personal information will be kept for us long as you seem to be an active subscriber.
    • If we haven’t seen any activity on your part for 12 months, we will remove your personal information or anonymize it.
    • If you have been in touch with us with a question, demo request, asked for a quote, or have engaged with a sales representative, your information will be stored for up to 12 months after the last recorded activity, and will then be removed or anonymized.
    • If you have signed up to take part in our developer community or discussion forums, your personal information will remain unless you explicitly tell us to remove it.
    • If you have submitted a valid GDPR data subject access request to exercise your right to be forgotten we will delete your data within 30 days of the request.

Digital Experience Cloud and other products and services

  • We provide software and services to our customers. This software and these services allows our customers to build websites, ecommerce sites, and manage marketing campaigns, and it may be used to collect personal information.
  • In these cases, it is our customers that control the processing of personal information, and we act on their behalf as a data processor.
  • If you have a question about how your information is processed or have any other requests relating to your data, please contact the owner of the website or sender of the communication.
  • Information processed in Digital Experience Cloud and other products and services
    • Our customers use the Digital Experience Cloud and other products and services from Episerver to build webpages and ecommerce sites that people can visit to learn more about their business and/or make online transactions, and campaign management services to help them create online marketing campaigns.
    • We do not control the content of these webpages, emails or other messages, or the types of information that our customers may choose to collect or manage using our services.
    • Information that is collected using our services on behalf of our customers belongs to them and is used, disclosed and protected by them according to their privacy policies and is not subject to this Privacy Policy.

With regards to the Digital Experience Cloud and other products and services we provide, we collect information under the direction of our customers and have no direct relationship with the individuals whose Personal Information we process.

  • How to opt out form markmeting communications from Digital Epxerience Cloud Customers
    • Our customers are solely responsible for their own marketing emails and other communications and we cannot unsubscribe you from their communications.
    • You can unsubscribe from our customers' marketing communications by clicking on the "unsubscribe" link located on the bottom of their emails, or by contacting them directly.
    • If you believe any of our customers has engaged in unsolicited sending of mass email (or SPAM) and that they are using Episerver products or services to do so, please contact us at [email protected].

Your choices and rights

  • You can choose to opt out of marketing communications at any time, regardless if you are a customer, partner, or none of the above.
  • If you are an individual based in the EU you can request a copy of your personal information and you can update any incorrect information.
  • If you are an individual based in the EU, you can ask to have your personal information removed, or in some cases limit our processing of personal information. This does not apply when we need to keep your information for legal reasons.
  • How you can opt out of marketing
    • If you don’t want to receive marketing communications from us, you can at any time use the “Unsubscribe” link present in all marketing emails from us, or go to our unsubscribe page.
    • Please note that opting out of email marketing typically doesn’t mean that you won’t see ads from us – please see the section below on how you can opt out of web tracking, although it doesn’t mean that you will opt out of ads altogether.
  • How you can opt out of web tracking
    • There are several ways to opt out of web tracking:
      • Most browsers allow you to block third-party cookies or prevent cross-domain tracking. This will limit the cookies that can be set by third-party scripts. This will not completely eliminate tracking by some third-party services though as they may use first-party cookies.
      • Most browsers also allow you ask not to be tracked (it sends the “Do Not Track” request header). If you have enabled this feature, we will not track the pages you visit in a way that enables us to connect them to your personal information. Your page views may still be collected anonymously though. Many of the third-party services we use for collecting anonymous data also respect the Do Not Track setting.
      • You can opt out of interest-based advertising on these two pages: NAI consumer opt-out page and DAA opt-out page. This will not remove ads, but will for example remove the possibility for us to display ads to people that have visited our website. Note that these services in themselves requires cookies.
      • You can also opt out from the individual services we use:
      • AdRoll: You can turn off interest-based ads on AdRoll’s opt-out page.
      • Facebook: You can turn off interest-based ads in your Facebook settings – please see this page: https://www.facebook.com/help/568137493302217
      • Google ads, including Google AdWords and Doubleclick: You can turn of personalization for Google’s display and search ads – please see this page: You can edit your settings for ad personalization here. There is more information on ad personalization on Google and through their ad networks here.
      • Google Analytics: You can use Google’s opt-out browser add-on to prevent tracking in Google Analytics, see https://tools.google.com/dlpage/gaoptout.
      • Hotjar: You can turn off Hotjar recording by following the steps on this page: https://www.hotjar.com/opt-out
      • Microsoft (including Bing): You can turn off interest-based ads here: https://choice.microsoft.com/
      • Optimizely: If you want to opt out of Optimizely experiments (such as A/B-testing), please follow the instructions on this page.
  • Your rights as an individual based in the EU
    • Access to your information: You have the right to request a copy of the personal information we hold about you.
    • Correcting your information: We want to have accurate data. Please contact us if you think the data we hold is not up to date or correct.
    • Deletion of your information: You have the right to ask us to delete Personal Data about you if it no longer is required for the purpose it was collected, you have withdrawn your consent, you have a valid objection to us using your Personal Data, or our use of your Personal Data is contrary to law or our other legal obligations.
    • Objecting to how we may use your information: You have the right at any time to require us to stop using your Personal Data for direct marketing purposes.  In addition, where we use your Personal Data to perform tasks carried out in the public interest then, if you ask us to, we will stop using that Personal Data unless there are overriding legitimate grounds to continue.
    • Restricting how we may use your information: In some cases, you may ask us to restrict how we use your Personal Data.  This right might apply, for example, where we are checking the accuracy of Personal Data about you that we hold or assessing the validity of any objection you have made to our use of your information.  The right might also apply where this is no longer a basis for using your Personal Data but you don't want us to delete the data.  Where this right to validly exercised, we may only use the relevant Personal Data with your consent, for legal claims or where there are other public interest grounds to do so.
    • Automated processing: If we use your Personal Data on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision.  This right only applies where we use your information with your consent or as part of a contractual relationship with you
    • Withdrawing consent using your information: Where we use your Personal Data with your consent you may withdraw that consent at any time and we will stop using your Personal Data for the purpose(s) for which consent was given.
    • Please contact if you wish to exercise any of these rights. You can find the contact details below.
  • If you want to submit a complaint
    • We have appointed a Data Protection Officer. If you are a European Union (“EU”) resident who requires assistance in exercising your privacy rights, please write to Data Protection Officer at [email protected].
    • We always want to resolve directly all complaints about how we handle Personal Data. If you are a EU resident, you also have the right to lodge a complaint with the Swedish Data Protection Authority (Datainspektionen).
    • You can reach Datainspektion using one of the following methods:

Datainspektionen
Box 8114
SE-104 20 Stockholm

Office address:
Drottninggatan 29, 5th floor
Stockholm

E-mail: [email protected]

Telephone: +46 8 657 61 00

How to contact us

Episerver AB
c/o Legal Department
Box 7007
103 86 Stockholm
Sweden

  • If you are based outside of the European Union, you can write to:

Episerver Inc.
c/o Legal Department
542 Amherst Street
Nashua, NH 03063
USA

Individuals not based in the EU

The following terms apply, in addition to the privacy policy described above:

  • COMPELLED DISCLOSURE: Episerver may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • DISPUTE RESOLUTION: Any questions or concerns regarding the use or disclosure of Personal Data should be directed to the notices address specified in Contact Information below. Episerver will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this Policy. For complaints that cannot be resolved between Episerver and the complainant, Episerver has agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities to resolve disputes pursuant to the Privacy Shield Principles. Under certain conditions, as more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How‐to‐Submit‐a‐Complaint, individuals may be able to invoke binding arbitration before the Privacy Shield Panel jointly created by the U.S. Department of Commerce and the European Commission. 
  • YOUR CALIFORNIA PRIVACY RIGHTS: California’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt in to, or opt out of, this type of sharing.
  • Episerver may share Personal Data as defined by California’s “Shine the Light” law with third parties and/or affiliates for such third parties’ and affiliates. If you are a California resident and wish to obtain information about our compliance with this law, please e‐mail or write to us at the addresses specified in “Contact Information” below. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that Episerver is not required to respond to requests made by means other than through the provided e‐mail address or mail address.
  • ENFORCEMENT AND COMPLIANCE: Episerver will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that Episerver determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment. Episerver will respond promptly to inquiries and requests by the Department of Commerce for information relating to the Privacy Shield and/or to complaints regarding compliance with the Principles referred by EU Member State authorities through the Department. Episerver is subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to its compliance with the EU‐U.S. Privacy Shield Framework. If Episerver becomes subject to an FTC or court order based on non‐compliance, Episerver will make public any relevant Privacy Shield‐related sections of any compliance or assessment report submitted to the FTC, to the extent consistent with confidentiality requirements. Episerver may be required to disclose Personal Data in response to a lawful request by public authorities, including to meet national security or law enforcement requests.
  • ONWARD TRANSFER: If a third‐party processes Personal Data on behalf of Episerver in a manner inconsistent with the General Data Protection Regulation and applicable law, Episerver could be liable unless Episerver can prove that it is not responsible for the event giving rise to any damage.  If Episerver transfers data to a third party agent, Episerver will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the Personal Data transferred in a manner consistent with Episerver’s obligations under the Principles; (iv) require the agent to notify Episerver if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department of Commerce upon request.

 

Changes to this privacy policy

  • We keep this privacy policy under regular review and will place any updates on this website.
  • The privacy policy was last updated March 27, 2018.

Revision history of this privacy policy:

Version

Date

Summary of Changes

1.0

January 17, 2017

Effective Date of Notice

1.1

June 15, 2017

Provisions modified/added for Privacy Shield registration

1.2

June 30, 2017

Updated effective date to date of submission

1.3

March 27, 2018

Provisions modified/added for compliance with GDPR