Episto.uk Chat Privacy Policy

How useful is this policy?

We attach great importance to the protection and confidentiality of your personal data, which we consider to be a guarantee of reliability and trust.

The data privacy policy specifically reflects our commitment to enforce compliance with applicable data protection rules, including the General Data Protection Regulation ("GDPR").

In particular, the privacy policy aims to inform you about how and why we process your data in connection with the services we provide.

Who is this policy for?

The policy applies to you, regardless of where you live, as long as you are of legal digital age in your country of residence (e.g., 15 years old for France, 16 years old for Germany, 13 years old for Belgium, etc.) and you respond to an Episto Chat survey. If you are unsure of the legal digital age in your country of residence, you can ask us at dpo@episto.fr.

If you are under the legal digital age in your country of residence, you are not permitted to use a survey without the prior express consent of one of your parents, which must be sent in writing to dpo@episto.fr. If you believe that we may have information about an older child of yours who is under the legal digital age in your country of residence without your consent, you may request that we delete that information at dpo@episto.fr.

Why do we process your data?

As part of the services offered, we may need to process your personal data for the following reasons and purposes:

• To respond to surveys and polls that we offer based on our terms and conditions.
• To guarantee and reinforce the security and quality of our services on a daily basis (e.g. statistics, data security, etc.) on the basis of the legal obligations incumbent on us, our general terms and conditions of sale and our legitimate interest in ensuring the proper functioning of our services.

Your data is collected directly from you when you use our platform and we undertake to process your data only for the purposes described above. In particular, we undertake never to send commercial prospecting about us to people who respond to surveys and campaigns.

Furthermore, we guarantee that none of your data will ever be sold to a partner or a third party. On the other hand, when you voluntarily post content on the pages we publish on social networks, you acknowledge that you are fully responsible for any personal information you may transmit, regardless of the nature and origin of the information provided.

What data do we process and for how long?

We have summarised the categories of personal data we collect and their respective retention periods.

• By default, your data is anonymized unless you choose to provide identifying information in the questionnaire (e.g., last name, first name and email address). This choice, when it exists, is always optional. If you provide identifying information, your data will no longer be anonymized and will be kept only for the duration of the survey.

IMPORTANT: The surveys ordered by our clients may involve the collection of various data (e.g.: personal life, hobbies, tastes, etc.) but also the collection of sensitive data (e.g.: sexual orientation, political sensitivity, sexual preference, etc.). This data, like the previous ones, remains anonymous unless you decide to provide identifying data in the chat. However, your consent will always be requested before answering these questions and the data will only be kept for the duration of the survey.

• Connection data (e.g. logs, IP address, etc.) kept for a period of 1 year.

If you would like to know more about the retention periods applicable to your data, you can contact us at: dpo@episto.fr. In any case, all your data is deleted when you request the deletion of your account with a maximum of 30 days.

The deletion of your personal data is irreversible and we will no longer be able to communicate them to you after this period. At most, we can only keep anonymous data for statistical purposes.

Please also note that in the event of litigation, we are obliged to keep all data concerning you for the entire duration of the processing of the case, even after the expiry of the retention periods described above.

What rights do you have to control the use of your data?

The applicable data protection regulations give you specific rights that you can exercise, at any time and free of charge, to control the use we make of your data.

• Right ofaccess and copy of your personal data as long as this request is not in contradiction with business secrecy, confidentiality, or the secrecy of correspondence.
• Right to rectify personal data that are erroneous, obsolete or incomplete.
• Right to request the deletion ("right to be forgotten") of your personal data that are not essential to the proper functioning of our services.
• Right to limit your personal data which allows you to photograph the use of your data in case of a dispute about the legitimacy of a processing.
• The right to data portability, which allows you to retrieve part of your personal data in order to store it or transmit it easily from one information system to another.
• The right to give instructions on what to do with your data in the event of your death, either through you or through a trusted third party or successor.

For a request to be taken into account, it is imperative that it be made directly by you at dpo@episto.fr. Any request that is not made this way cannot be processed.

Requests cannot be made by anyone other than you. Therefore, we may ask you to provide proof of identity if there is any doubt about the identity of the applicant.

We will respond to your request as soon as possible, within three months of receipt, if the request is technically complex or if we receive many requests at the same time.

Please note that we can always refuse to respond to any excessive or unfounded request, especially if it is repetitive.

Who can access your data?

We will only share your data with those persons who have been authorized to use it to carry out our surveys.

Please note that your personal data may be communicated, only with your explicit consent, to commercial partners to benefit from their offers and services.

How do we protect your data?

We implement all the technical and organizational means required to guarantee the security of your data on a daily basis and, in particular, to fight against any risk of destruction, loss, alteration, or disclosure of your data that would not be authorized (e.g.: training, access control, antivirus, etc.).

Can your data be transferred outside the European Union?

Unless strictly necessary and on an exceptional basis, we never transfer your data outside the European Union and your data is always hosted in the European Union. In addition, we make every effort to hire only service providers who host your data within the European Union.

Should our service providers nevertheless transfer your personal data outside the European Union, we take great care to ensure that they implement appropriate safeguards to ensure the confidentiality and protection of your data.

Who can you contact for more information?

Our Data Protection Officer ("DPO") is always available to explain in more detail how we process your data and to answer any questions you may have on the subject at the following address: dpo@episto.fr.

How can you contact the CNIL (the French equivalent of the ICO - Information Commissioner Office)?

You may at any time contact the French data protection supervisory authority (the French equivalent of the ICO - Information Commissioner Office - the "Commission Nationale de l'informatique et des libertés" or "CNIL") at the following address CNIL Complaints Department, 3 place de Fontenoy - TSA 80751, 75334 Paris Cedex 07 or by calling at 00331.53.73.22.22.

Can the policy be changed?

We may change our privacy policy at any time to adapt it to new legal requirements and to new processing operations that we may implement in the future. You will of course be informed of any changes to this policy.

Certified by Dipeeo ®.

‍