[Last Updated: July 23 2023]
This Privacy Policy sets out how EPR Systems, Inc. (“EPR” or “we”), collects, uses, transfers, processes, and discloses your data, as a visitor of our website (“you” and “website”). As part of that, this Privacy Policy provides visitors who are California, Virginia, Connecticut, and Colorado residents (“Covered States”), with the mandatory disclosure under their applicable state privacy laws, including, to the extent applicable – the California Consumer Privacy Act of 2018 as amended and revised by the California Privacy Rights Act of 2020 (“CPRA” and collectively “CCPA“), the Virginia Consumer Data Protection Act (“VCDPA”), the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”), or the Colorado Consumer Protection Act (“CPA”) (collectively “Data Protection Law(s)“). Further, this Privacy Policy contains below a designated disclosure to Nevada residents.
This Privacy Policy does not pertain to personal data relating to our employees, contractors and other staff or job applicants.
Any capitalized terms not defined herein shall have the meaning ascribed to it under the Data Protection Laws.
California Residents: the general details included in this Privacy Policy apply to California residents as well. However, please refer to the Special Privacy disclosures for California residents at the bottom of this Privacy Policy that contains additional and specific data relevant for you.
PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE ACCESSING AND USING OUR WEBSITE. BY ACCESSING OR USING OUR WEBSITE YOU ARE ACCEPTING THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY. IF YOU DISAGREE TO ANY TERM PROVIDED HEREIN, YOU MAY NOT ACCESS OR USE THE SERVICES.
Part I: A Comprehensive Description of our Privacy Practices:
-
- Categories of Personal Information We Collect
We collect Personal Information which is defined under the Data Protection Laws as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device, all as detailed in the table below. We are the “Controller” or “Business” of any Personal Information collected from our website’s visitors.
Personal Information definition under Data Protection Laws may include certain types of Sensitive Personal Information (“SPI”) or Sensitive Data. However, Data Protection Laws exclude certain types of data, including any health, medical or clinical trial related data subject to specific laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA). In addition, this Privacy Policy does not cover the processing of personal information as part of our products on behalf of our customers. In such cases, our customer is the “Controller” or “Business”, obligated under the Data Protection Laws to provide disclosure about its privacy practices, while we merely process such data as its “Service Provider” or “Processor”. Therefore, for example, Patient’s data collected during the use of our applications and services is excluded from the scope of this Privacy Policy.
Within the last twelve (12) months, we may have collected the following categories of personal information from our website visitors:
| Category | Example | Collection Context |
| Identifiers. | A real name, email, phone, address, online identifier, Internet Protocol address, email address, or other similar identifiers as detailed in the contact forms available at the website. | As part of our communications with you as a visitor, e.g., through a “Contact Us” form in our website, we may collect -Basic contact info including full name, email and in certain cases phone number. |
| Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | As part of our automatic monitoring, analytics and online advertising activities, including through Cookies as further elaborated below, we may collect information on a consumer’s interaction with a website, application, or advertisement. |
| Geolocation data. | Physical location, approximate location derived from IP address or movements. | As part of our analytics or online marketing activities, we may collect your approximate location derived from your IP address. Also, we may collect your country and state as part of our “Contact Us” form if you decide to approach us. |
We do not collect any “Sensitive” information or data from our website visitors as such term is defined under the Data Protection Laws.
-
- Methods for Collecting Personal Information
When you browse our website, we collect the Personal Information as follows:
-
- Provided by you voluntarily – we will collect information if and when you choose to provide us with the information, such as in order to contact us (e.g., Contact Us form).
-
- Automatically – through our third-party website providers – for example, in order to collect visitors’ IP address. As part of that, we may use cookies and similar tracking technologies such as pixels or web-beacons when you access to, interact with, or use our website. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, enable automatic activation of certain features (e.g., shopping cart), for statistical purposes, as well as for advertising purposes. You can find more information about cookies here: www.allaboutcookies.org.
-
- From publicly available sources – such as through social media platforms where you open an Account through such platforms, credit bureaus, all to the extent permitted under applicable law.
-
- Purpose of Personal Information Processing
We may use, or disclose the Personal Information we collect for one or more of the following business purposes:
-
- For the reason you provided the Personal Information. For example, if you contact us with an inquiry and share your name and contact information, we will use that Personal Information to respond to your inquiry;
-
- Security and fraud detection purposes, monitoring and to maintain the safety, security, and integrity of our website;
-
- Customer Support and Communication with you as a visitor, user of our services or interested customer;
-
- Improving our business operation, which includes but not limited to, analyze which types of content should be provided as part of the website or its usage;
-
- Market, advertise, and promote our services;
-
- Complying with legal and regulatory obligations, and to establish, enforce, and otherwise exercise our rights and defend against claims.
We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice. Please note that if eventually you will become a user of our services or an employee of the Company, other privacy disclosures and policies may apply to you.
-
- Disclosures of Personal Information for a Business Purpose
We may disclose your Personal Information to a contractor or service provider for our business purposes. When we do so, we enter a contract that describes the relevant purposes, and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract. We further restrict the recipient from selling or sharing your Personal Information.
In the preceding twelve (12) months, the Company has disclosed the following categories of Personal Information for a business purpose:
| Category of Recipient | Shared Information (in accordance with the table above) | Purpose of Sharing |
| General Service providers. | All types of Personal Information. | We employ other companies and individuals to perform functions on our behalf. Examples include: sending communications, analyzing data, providing marketing and sales assistance (including advertising and event management), cloud hosting and computing, identifying errors and crashes, conducting customer relationship, etc. |
| Security and Fraud Detection Providers. | Internet or other similar network activity. Geolocation data. | We may disclose personal information to entities that detect, protect against, and respond to security incidents or other malicious, deceptive, illegal or fraudulent activity or actual or potential threats to the safety or well-being of any person. |
| Our Lawyers, Consultants and any other party related to Enforcement of our rights. | All types of Personal Information. | We may disclose Personal Data to enforce our policies and agreements, as well as defend our rights, including the investigation of potential violations thereof, alleged illegal activity or any other activity that may expose us, you, or other users to legal liability, and solely to the extent required. |
| Parties related to any Merger and Acquisition Activity. | All types of Personal Information. | We may disclose your personal information to third parties in connection with the proposed or actual financing, insuring, sale, securitization, assignment, or other disposal of all or part of our business or assets (including accounts) for the purposes of evaluating and performing the proposed transaction. |
| Law Enforcement and Authorities. | As per such law enforcement authority request. | In certain cases, laws and regulations may require us to disclose personal information with these entities. |
| Our affiliated companies. | All types of Personal Information. | We may share Personal Information internally within our affiliates for the same purposes described in this Privacy Policy. |
-
- Disclosures for Cross-Context Behavioral and Targeted Advertising Purposes
In the preceding twelve (12) months, we “sell” or “share” the following categories of Personal Information for a business purpose:
| Category of Recipient | Shared Information | Purpose of Sharing |
| Marketing and Advertising Firms and Networks. | All types of Personal Information. For the avoidance of doubt, we never share any sensitive information for such purposes. | We may disclose personal information to entities that perform marketing, advertising or market research on our behalf or help us determine the effectiveness of our marketing. |
Our services are not designated for children under the age of 16 and we do not knowingly collect information from children under the age of 16.
In general, we retain the Personal Information we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to optout, where applicable.
The retention periods are determined according to the following criteria:
-
- For as long as it remains necessary in order to achieve the purpose for which the Personal Information was initially processed. For example, if you contacted us, we would retain your contact information at least until we will address your inquiry.
-
- To comply with our regulatory obligations. For example, transactional data will be usually retained for seven years as of termination of engagement (or even more under certain circumstances) for compliance with our bookkeeping obligations purposes.
-
- To resolve any dispute we might have with you, including any legal proceeding between us, until such dispute will be resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods.
Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.
-
- Information Security:
Securing your Personal Information is of high priority. We design our systems with your security and privacy in mind. For that, we have implemented in our website physical, technical, and administrative security measures that comply with applicable laws and industry standards.
Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.
-
- Where Do We Store Your Information:
In general, we maintain Personal Information that we collect from you in secured cloud storage environments provisioned by third party cloud providers in the United States. Nevertheless, any such information will be maintained and processed by us and our authorized affiliates and service providers which are located in various locations around the world, including, without limitation, the United States and in our facilities in Israel. Any transfer of your personal information is always done only after ensuring that the importing country provides sufficient data protection measures, and subject to contractual terms ensuring the recipient commitment to such practices.
PART II: YOUR RIGHTS UNDER THE DATA PROTECTION LAWS
-
- THE RIGHTS AND EXECRISING THEM
If you are a resident of a Covered State, and subject to certain limitations at law you may be able to exercise the following rights as a visitor of our website (Nevada specific rights are separately detailed below):
| Privacy Right | Details |
| Right to Know. | You may have right to know what Personal Information we have collected about you as a visitor of our website, including the categories of personal information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information we have collected about you. That right is being provided to you through our Privacy Policy and that Privacy Policy. |
| Right to Access Personal Information. | You may have the right to obtain access to the personal data we have collected about you and, where required by law, the right to obtain a copy of the personal data in a portable and. |
| The Right to Correct Personal Information. | You may have the right to request that we correct inaccurate personal information that we maintain about you. |
| Right to delete personal information. | You may have the right to request that we delete the personal information we have collected about you. |
| Non-Discrimination Right. | You may have the right not to receive discriminatory treatment for the exercise of privacy rights, including (where relevant) an employee’s, applicants, or independent contractor’s right not to be retaliated against for the exercise of their rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your Personal Information. |
| Data Portability Right | You may have the right, where feasible, to obtain a copy of the Personal Information you provided to us in a portable format. |
| Opt-Out of Sharing for Cross-Contextual Behavioral Advertising or from selling, where applicable. | You have the right to opt-out of the “sharing” of your personal information for “cross-contextual behavioral advertising,” often referred to as “interest-based advertising” or “targeted advertising.”, you may opt out through the “do not sell or share my personal information” button available within the Websites’ footer. You may opt out through device settings (opt-out from tracking AAID, ADID, please see the following for information applicable to all devices: https://thenai.org/opt-out/mobile-opt-out/). Further, you can opt-out from interest-based advertising, CCBA, by using Self-Regulatory Program for Online Behavioral Advertising such as: Digital Advertising Alliance’s (“DAA”): https://www.aboutads.info/choices and https://www.aboutads.info/appchoices, and the Network Advertising Initiative (“NAI”): https://www.networkadvertising.org/choices. Last, you can join Global Privacy Control (“GCP”) for opting out generally through your browser: https://globalprivacycontrol.org/. Our Consent Management Platform (“CMP”) will know to read all of these signals and ensure compliance with your request. In any event, please keep in mind: Opt-out tools are limited to the browser or device you use because they work off your browser ID and device ID. If you’re not signed-in to your customer account or don’t have a customer account, you will need to opt-out on each browser and device you use.Your browser may save some information in its cookies and cache to maintain your privacy preferences. Clearing these may remove opt-out preferences, requiring you to opt-out again.If you opt-out, you will still see ads online, but these ads will not be based on your inferred interests.Some automated means may still be used to collect information about your interactions with our online services for the other purposes such as to remember user preferences or enable specific functionality.We use necessary cookies to make our properties work. Necessary cookies enable core functionality such as security, network management, and accessibility. You cannot disable those. |
| Right to opt out from Profiling | We do not profile you, thus we do not provide an opt-out mechanism in this regard. |
If you want to exercise your rights, please fill in this DSR form to and sending it to us by mail: privacy@eprsys.com. Before processing your request, we will need to verify your identity and confirm you are a resident of a state that offers the requested right(s). In order to verify your identity, we may require you to provide additional personal information, including, but not limited to, your name, email address, mailing address, date of your last interaction with us, and the general nature of your interactions with us. If we are able to verify your identity, we will respond to your request or provide an explanation as to why we are unable to comply with your request.
In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.
-
- Authorized Agents
“Authorized Agents” may submit opt out requests on a consumer’s behalf. If you have elected to use an authorized agent, or if you were an authorized agent who would like to submit requests on behalf of a consumer, the following procedures will be required prior to acceptance of any requests by an authorized agent on behalf of a California consumer. Usually, we will accept requests from qualified third parties on behalf of other consumers, regardless of either the consumer or the authorized agent’s state of residence, provided that the third party successfully completes the following qualification procedures:
-
- When a consumer uses an authorized agent to submit a request to know or a request to delete, a business may require that the consumer do the following:
-
- Provide the authorized agent signed permission to do so or power of attorney.
-
- Verify their own identity directly with the business.
-
- Directly confirm with the business that they provided the authorized agent permission to submit the request.
-
- A business may deny a request from an authorized agent that does not submit proof that they have been authorized by the consumer to act on their behalf.
-
- Response Time and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require additional time (up to an additional forty-five (45) days), we will inform you of the reason and extension period in writing by mail or electronically, at your option. If we determine that the request warrants a fee, we will tell you why we made such decision and provide you with a cost estimate before completing your request.
Appeal Right for Connecticut, Colorado and Virginia Residents: If we denied a request, you may appeal our decision, and within the time frame set by applicable law we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.
If the appeal is denied, you may submit a complaint to your state of residency’s Attorney General:
-
- Virginia at https://www.oag.state.va.us/consumercomplaintform.
-
- Colorado at https://coag.gov/file-complaint/.
-
- Connecticut at https://portal.ct.gov/AG/Common/Complaint-Form-Landing-page.
Nevada Residents Rights:Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and we will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to privacy@eprsys.com.
Specific Disclosure for California Residents under the CCPA
The general disclosure required under the CCPA is outlined in this Privacy Policy, including the types of data we collect, how we use it, disclosures and sharing of data with third parties, etc. Specifically, the following disclosures only apply to residents of the State of California:
-
-
- Category F – Internet or other similar network activity – Information on a consumer’s interaction with a website, application, or advertisement. Categories of collected Personal Information under the CCPA
- Category A – Identifiers – Basic contact info including full name, email and in certain cases phone number.
- Category B – Additional Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) – Name, Place of Employment.
-
- Category G – Geolocation data – approximate, derived from IP.
- Category F – Internet or other similar network activity – Information on a consumer’s interaction with a website, application, or advertisement. Categories of collected Personal Information under the CCPA
-
-
- Disclosures of Personal Data to third parties
In the preceding 12 months, we have disclosed for a business purpose and “Sold” or “Shared” the categories of personal data about California residents as detailed above under section 4 and 5 above.
-
- California Residents Rights under the CCPA
California residents have the following rights regarding their collected Personal Information as further elaborated under Part II above:
-
-
- Right to Limit the Use and Disclosure of Sensitive Personal Information;Right to Know or Access;
- Right to Deletion;
- Right to Data Portability;
- Right to Non-Discrimination;
- Right to Rectification;
-
- Opt-Out of the Use of Automated Decision Making.
- Right to Limit the Use and Disclosure of Sensitive Personal Information;Right to Know or Access;
-
You can learn more about the specific California residents’ privacy right through the following link: https://oag.ca.gov/privacy/ccpa. You can always exercise your rights as explained above under Part II.
-
- Notice Of Financial Incentive
We do not offer financial incentives to consumers for providing Personal Information.
-
- Do Not Track Settings and Shine the Light Law for California Residents
Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we do not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit: www.donottrack.us.
CONTACT US:
EPR Systems USA, Inc.
Email: privacy@eprsys.com.
Post address: 1016 Lasalle Street, Jacksonville, FL 32207, US
Phone: (941) 328-3239.
AMENDMENTS AND UPDATES:
We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of this Privacy Policy will always be posted on the Website or App and the update date will be reflected in the “Last Updated” heading. Any amendments to the Privacy Policy will become effective immediately, unless we notify otherwise. We will update this Privacy Policy at least every 12 months.
