Epilogix Privacy Notice

Purpose

This Privacy Notice explains how Epilogix LLC (hereafter “Epilogix”) processes information about Epilogix Clients, prospective Clients, Suppliers, Employees, prospective Employees, and visitors to our website (hereafter “Epilogix stakeholders” or “you”). Epilogix processes personal information in the process of marketing and delivering our Services. 

How can you reach us?

You may contact us with questions or concerns about this Privacy Notice, or to request deletion of your personal data, through the following channels:

Email: Via our Contact Form

Postal mail: 4938 Hampden Ln, Suite 152, Bethesda, MD 20814, USA

Telephone: +1 301 825 5331

Why do we publish this Privacy Notice?

We put together this Privacy Notice to inform Epilogix stakeholders about the information we collect from them and about them. Epilogix places great value on maintaining the privacy of the people and businesses with which it interacts. Epilogix maintains a comprehensive Privacy Policy that is part of our proprietary Quality Management System. This Privacy Notice is the public domain subset of that Privacy Policy, which includes content that is directly relevant to informing you and other Epilogix stakeholders of your rights with respect to our processing of your personal information.

External standards

Epilogix LLC is a United States legal entity. However, our Clients, Suppliers, and Employees are distributed worldwide. Therefore, we have structured this Privacy Notice considering the privacy rights and expectations of multiple global jurisdictions. For example, this Privacy Notice is informed by guidance from the European Union General Data Protection Regulation. Sections of this document were developed with the assistance of templates from the United Kingdom's Information Commissioner's Office. You may contact us to suggest additional privacy standards that are relevant to jurisdictions in which you live or work, if you believe that this Privacy Notice does not adequately meet those additional standards.

What information we collect, use, and why

We collect or use the following information to provide services and goods, including delivery:

We collect or use the following information for the operation of customer accounts and guarantees:

We collect or use the following information for service updates or marketing purposes:

We collect or use the following information for recruitment purposes:

How we use personal information

Epilogix is a business-to-business provider of strategy and analytics for health technology companies. We use the personal information of Epilogix employees, and the employees of our Clients and Suppliers, to deliver our Services and to communicate progress updates on Services not yet delivered. We use the personal information of employees of prospective Epilogix Clients to engage in discussions about Client needs and how they might be addressed by Epilogix Services. We use the personal information of prospective Epilogix employees to communicate status of recruitment activities, and, as required by law or Epilogix policies, we obtain prospective employee’s consent to use their personal information for pre-employment background or security checks.

Epilogix specifically avoids the use of two types of personal information:

Lawful bases

In addition to describing how we use your personal information, the European Union's General Data Protection Regulation requires applicable data processors to assert the lawful bases under which they collect personal information. This section refers to specific lawful bases recognized by those regulations for the types of personal information we collect.

Epilogix has conducted a “Legitimate Interest Analysis” for those areas in which we assert a legitimate interest as our lawful basis for collecting and processing personal information. We have summarized our specific legitimate interests in the applicable sections below.

Our lawful bases for collecting or using personal information to provide services and goods are:

Our lawful bases for collecting or using personal information for the operation of customer accounts and guarantees are:

Our lawful bases for collecting or using personal information for service updates or marketing purposes are:

Our lawful bases for collecting or using personal information for recruitment purposes are:

Where we get personal information from

Epilogix collects personal information from:

How long we keep your personal information

Epilogix has a proprietary Records Retention Policy that outlines our standards for retaining or destroying various forms of records, including your personal information. According to that policy, Epilogix keeps personal information from contracted or prospective Clients, Suppliers, and Employees for three years from our last recorded date of contact. You may contact us to request deletion of your personal information before the end of that three-year period, unless the personal information is part of other records that Epilogix is required to keep for longer periods, such as employment records subject to regulatory review.

How we may share your personal information

We may share your personal information in limited circumstances. These include:

Data processors

Epilogix uses the following data processors for managing your personal information:

Law enforcement or regulatory authorities

In extremely rare circumstances, the Services that Epilogix provides may require sharing your personal information in response to a subpoena, court order, or other governmental or regulatory request.

Epilogix may voluntarily disclose stakeholders' personal information to law enforcement or regulatory agencies if we believe in good faith that such disclosures are necessary to uphold Epilogix policies regarding anti-corruption, information security, or privacy protection.

As of the date this Privacy Notice was published, Epilogix has neither volunteered nor received requests to share personal information of Epilogix stakeholders to law enforcement or other regulatory authorities.

Sharing information across jurisdictions

Certain jurisdictions, including the United Kingdom and the European Union, restrict the transfer of citizens’ personal information across borders. Where necessary, we may transfer personal information of UK data subjects outside of the UK, and EU data subjects outside of the EU. When doing so, we comply with applicable GDPR requirements, making sure that appropriate safeguards are in place.

We make extensive use of Google cloud-based services to ensure that personal information data transfers outside of the UK or EU are consistent with applicable law. Epilogix has ensured that its service agreements with Google provide for data processing consistent with GDPR regulations for UK and EU data subjects.

Your data protection rights

UK and EU citizens covered by the GDPR have specific rights with respect to their personal information. Epilogix extends these rights to all of its stakeholders as a matter of policy, regardless of the jurisdiction in which they reside. These rights include:

You don’t usually need to pay a fee to exercise your rights. If you make a request, Epilogix has one calendar month to respond to you.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

Citizens covered under the UK’s version of GDPR may, if they remain unsatisfied with how Epilogix has used their data after responding to your complaint, may raise a complaint with the Information Commissioner’s Office (ICO).

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Citizens covered under GDPR in European Union countries may lodge a complaint with the Data Protection Authority (DPA) for their specific country. Please consult this directory of Data Protection Authorities for more information. 

Policy last updated

01 August 2024

Notice last formatted

05 August 2024