Epilogix Privacy Notice
Contents
Purpose
This Privacy Notice explains how Epilogix LLC (hereafter “Epilogix”) processes information about Epilogix Clients, prospective Clients, Suppliers, Employees, prospective Employees, and visitors to our website (hereafter “Epilogix stakeholders” or “you”). Epilogix processes personal information in the process of marketing and delivering our Services.
How can you reach us?
You may contact us with questions or concerns about this Privacy Notice, or to request deletion of your personal data, through the following channels:
Email: Via our Contact Form
Postal mail: 4938 Hampden Ln, Suite 152, Bethesda, MD 20814, USA
Telephone: +1 301 825 5331
Why do we publish this Privacy Notice?
We put together this Privacy Notice to inform Epilogix stakeholders about the information we collect from them and about them. Epilogix places great value on maintaining the privacy of the people and businesses with which it interacts. Epilogix maintains a comprehensive Privacy Policy that is part of our proprietary Quality Management System. This Privacy Notice is the public domain subset of that Privacy Policy, which includes content that is directly relevant to informing you and other Epilogix stakeholders of your rights with respect to our processing of your personal information.
External standards
Epilogix LLC is a United States legal entity. However, our Clients, Suppliers, and Employees are distributed worldwide. Therefore, we have structured this Privacy Notice considering the privacy rights and expectations of multiple global jurisdictions. For example, this Privacy Notice is informed by guidance from the European Union General Data Protection Regulation. Sections of this document were developed with the assistance of templates from the United Kingdom's Information Commissioner's Office. You may contact us to suggest additional privacy standards that are relevant to jurisdictions in which you live or work, if you believe that this Privacy Notice does not adequately meet those additional standards.
What information we collect, use, and why
We collect or use the following information to provide services and goods, including delivery:
Names and contact details
Addresses
Purchase or account history
Account information
Photographs or video recordings
Call recordings
Records of meetings and decisions
Information relating to compliments or complaints
We collect or use the following information for the operation of customer accounts and guarantees:
Names and contact details
Addresses
Purchase history
Account information, including registration details
Marketing preferences
We collect or use the following information for service updates or marketing purposes:
Names and contact details
Addresses
Marketing preferences
Location data
Recorded images, such as photos or videos
Purchase or viewing history
We collect or use the following information for recruitment purposes:
Contact details (eg name, address, telephone number or personal email address)
Employment history (eg job application, employment references or secondary employment)
Education history (eg qualifications)
Details of any criminal convictions
How we use personal information
Epilogix is a business-to-business provider of strategy and analytics for health technology companies. We use the personal information of Epilogix employees, and the employees of our Clients and Suppliers, to deliver our Services and to communicate progress updates on Services not yet delivered. We use the personal information of employees of prospective Epilogix Clients to engage in discussions about Client needs and how they might be addressed by Epilogix Services. We use the personal information of prospective Epilogix employees to communicate status of recruitment activities, and, as required by law or Epilogix policies, we obtain prospective employee’s consent to use their personal information for pre-employment background or security checks.
Epilogix specifically avoids the use of two types of personal information:
We use Google Sites to host this website, but we have explicitly not enabled analytics functions to monitor web traffic or specific users. We do not use “cookies” or other passive electronic means to collect your personal information, and therefore we do not maintain a separate Cookie Notice or Policy.
Epilogix Services often involve analyzing the healthcare experiences of de-identified research participants. Epilogix does not directly recruit research participants (neither on this website nor with any other Epilogix resources), and we do not store or process the personal information of any research participants as part of our Services. Epilogix contracts with Trusted Third Parties to store the identifiable personal information of research participants if it must be collected at any point in the delivery of our Services. We share our proprietary Privacy Policy, which details how we safeguard the privacy of de-identified research participants’ data, with Clients, prospective Clients, and Suppliers upon request.
Lawful bases
In addition to describing how we use your personal information, the European Union's General Data Protection Regulation requires applicable data processors to assert the lawful bases under which they collect personal information. This section refers to specific lawful bases recognized by those regulations for the types of personal information we collect.
Epilogix has conducted a “Legitimate Interest Analysis” for those areas in which we assert a legitimate interest as our lawful basis for collecting and processing personal information. We have summarized our specific legitimate interests in the applicable sections below.
Our lawful bases for collecting or using personal information to provide services and goods are:
Contract
Legitimate interest:
Our legitimate interests for collecting personal information of Epilogix Clients include providing updates on the progress of Epilogix Service delivery and transmitting deliverables associated with those Services. We give our individual Epilogix Client contacts control over their perceived risks of Epilogix personal information processing by asking them about their communication preferences for receiving Epilogix Service deliverables.
Our lawful bases for collecting or using personal information for the operation of customer accounts and guarantees are:
Contract
Our lawful bases for collecting or using personal information for service updates or marketing purposes are:
Contract
Legitimate interest:
Our legitimate interests for collecting personal information of Epilogix Clients and prospective Clients also include identifying the needs of these stakeholders, or the Client companies for whom they work, that may be addressed by Epilogix Services. Although we believe that our processing of personal data for these interests involves minimal risk to those from whom we collect information, we offer stakeholders the opportunity to request that their personal information be deleted or forgotten to mitigate any unwanted risks that those stakeholders might perceive.
Our lawful bases for collecting or using personal information for recruitment purposes are:
Consent
Contract
Legal obligation
Where we get personal information from
Epilogix collects personal information from:
The people with whom we interact directly in the course of our normal business,
Publicly available sources, and
The following third parties:
We collect information obtained from social media engagement with Epilogix company and Employee accounts on social media sites such as LinkedIn. Epilogix may add company accounts on other social media sites and communications networks in the future, such as Instagram, Skype, or WhatsApp.
How long we keep your personal information
Epilogix has a proprietary Records Retention Policy that outlines our standards for retaining or destroying various forms of records, including your personal information. According to that policy, Epilogix keeps personal information from contracted or prospective Clients, Suppliers, and Employees for three years from our last recorded date of contact. You may contact us to request deletion of your personal information before the end of that three-year period, unless the personal information is part of other records that Epilogix is required to keep for longer periods, such as employment records subject to regulatory review.
How we may share your personal information
We may share your personal information in limited circumstances. These include:
Data processors
Epilogix uses the following data processors for managing your personal information:
Google: Epilogix uses Google Workspace accounts for cloud-based email and contact management and stores Client Confidential Information on shared, cloud-based Google Drive folders. Epilogix does not request that Google perform any further data processing of your personal information beyond cloud-based storage.
Law enforcement or regulatory authorities
In extremely rare circumstances, the Services that Epilogix provides may require sharing your personal information in response to a subpoena, court order, or other governmental or regulatory request.
Epilogix may voluntarily disclose stakeholders' personal information to law enforcement or regulatory agencies if we believe in good faith that such disclosures are necessary to uphold Epilogix policies regarding anti-corruption, information security, or privacy protection.
As of the date this Privacy Notice was published, Epilogix has neither volunteered nor received requests to share personal information of Epilogix stakeholders to law enforcement or other regulatory authorities.
Sharing information across jurisdictions
Certain jurisdictions, including the United Kingdom and the European Union, restrict the transfer of citizens’ personal information across borders. Where necessary, we may transfer personal information of UK data subjects outside of the UK, and EU data subjects outside of the EU. When doing so, we comply with applicable GDPR requirements, making sure that appropriate safeguards are in place.
We make extensive use of Google cloud-based services to ensure that personal information data transfers outside of the UK or EU are consistent with applicable law. Epilogix has ensured that its service agreements with Google provide for data processing consistent with GDPR regulations for UK and EU data subjects.
Your data protection rights
UK and EU citizens covered by the GDPR have specific rights with respect to their personal information. Epilogix extends these rights to all of its stakeholders as a matter of policy, regardless of the jurisdiction in which they reside. These rights include:
Your right of access - You have the right to ask us for copies of your personal data.
Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.
You don’t usually need to pay a fee to exercise your rights. If you make a request, Epilogix has one calendar month to respond to you.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
Citizens covered under the UK’s version of GDPR may, if they remain unsatisfied with how Epilogix has used their data after responding to your complaint, may raise a complaint with the Information Commissioner’s Office (ICO).
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
Citizens covered under GDPR in European Union countries may lodge a complaint with the Data Protection Authority (DPA) for their specific country. Please consult this directory of Data Protection Authorities for more information.
Policy last updated
01 August 2024
Notice last formatted
05 August 2024