ECI is a global company that provides various solutions and information technology data services to financial institutions and other business customers. ECI provides cloud platform, application hosting, cloud disaster recovery, cloud voice, global private network, outsourced IT, Cybersecurity and other network and technology services.
ECI does not overtly collect or access Personal Information other than to the extent necessary to achieve ECI’s legitimate business purposes. ECI will collect and retain Personal Information which may be necessary for the daily operation of ECI’s services, handling Customer inquiries, direct marketing of products and services, completing transactions, making disclosures under the requirements of any applicable law, and the provision of ECI’s services and products to its Customers and prospective Customers. Without such information, ECI may be unable to provide its services and products to its Customers.
ECI also maintains and processes its Customers’ Services Data that may contain Third-Party Personal Information submitted by its Customers (“Customer’s Parties”). ECI does not overtly collect or access Third-Party Personal Information when a Customer transfers their Services Data to ECI servers, or when Customers provide ECI access to the Customers’ servers, desktops or systems. In these instances ECI is acting under the direction of the Customer and solely as a data processor. ECI has no direct relationship with its Customer’s Parties.
ECI recognizes and respects that your privacy and Personal Information is important, and that you can make decisions about the Data collected by ECI. Please keep in mind, though, that if you decide to not provide Data required by ECI in order for us to provide a service or product, your use may be limited or impossible to facilitate.
III. COLLECTION OF PERSONAL DATA: WHAT INFORMATION ECI COLLECTS
The Personal Information or Personal Data (“Personal Information”) that we collect may vary based on your interaction with our website and requests for our services. Personal Information is information that identifies an individual or relates to an identifiable individual. Personal Information may include, but is not limited to, your name, physical addresses, telephone numbers, e-mail addresses, company affiliations and associated interests.
ECI may also make use of embedded URLs, pixels, widgets, buttons, web beacons, social media buttons, and tools on the ECI Website and emails to link to ECI and other companies’ websites and services. Some of this automatically collected information from a Visitor is not personally identifiable but ECI or its Marketing Partners may aggregate or combine this information with information from other public and authorized non-public sources that, through the combination, could make otherwise anonymous information identifiable as Personal Information, or add to the Personal Information we already have.
ECI collects information a Visitor may make available, provide, and submit to us. For example where you register to download or receive ECI whitepapers through a web form, newsletters, publications, request support/assistance, register for events, and other communications we may ask for your name, email address and other contact information. You may also elect to “opt out” of receiving direct marketing or being included in market research information. You may do so by either not selecting the sign-up feature when prompted or by emailing us at privacyshield@ECI.com. If you are an ECI Customer, you will continue to receive information and communications pertaining to your ECI Account even where you have opted out of these marketing communications. You can review, correct, edit, or delete the information that you provided to us by contactingprivacyshield@ECI.com. Please note that we may need to verify your identity before acting on your request. ECI will try to comply with any request pertaining to your Personal Information in accordance with applicable law. ECI, however, may not be able to fulfill requests pertaining to information that has already been shared with third parties. Additionally, ECI may retain some information in its systems for record-keeping and legal compliance purposes, as well as some remaining digital information that cannot be removed or modified.
SERVICES DATA PRIVACY TERMS – WHAT INFORMATION ECI COLLECTS
For certain products, ECI serves as a service provider to its Customers. In our capacity as a service provider, we will receive, store, and/or process Services Data owned and/or controlled by our Customers. In such cases, we are acting as a data processor and will process the personal information on behalf of and under the direction of each particular Customer.
In contrast, Services Data is distinguishable from Customer Data, because it is data and information that may reside on ECI, Customer or Third-Party servers, desktops, or systems to which ECI is provided access to perform its processing services. Services Data may include Third-Party Personal Information about a Customer’s employees, clients, customers, partners, agents, suppliers, or other individuals (collectively “Customer’s Parties”). ECI treats Services Data according to its Services Data Privacy Terms (“Services Privacy Terms”), and treats Services Data as confidential in accordance with the terms of the Customer’s contract. ECI is provided access to such information under the direction of its Customers, serves solely in the capacity of a data processor, and has no direct relationship with individuals that are Customer’s Parties.
ECI Websites, products, and services are not intended for children. ECI does not permit children to register as Customers on its Websites. Upon being made aware of any collection or receipt of Personal Information pertaining to a child under the legal age of consent in the country where the child is located, that was received without valid consent, ECI will delete from its records.
ECI does not collect Sensitive (or “special”) Data (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and health or sex life) from its Visitors or Customers. However, some of its Customers may collect such Sensitive Data, and therefore some may be made available to ECI. For more details, see Section IV on ECI’s Services Data Use.
IV. HOW ECI USES AND SHARES THE INFORMATION COLLECTED
ECI uses and shares the Personal Information that it collects from its Visitors and Customers for the following business purposes:
- Provide Services/Products. ECI may use Personal Information to maintain and support its products, deliver and provide the requested products/services, and comply with its contractual obligations. This includes, for example, managing transactions, reporting, invoices, renewals, and other operations related to providing services to a Customer. This may also include notifications of new products, services, updates or other similar operational communications.
- Inquiry/Request Response. ECI may use Personal Information when a Customer or Visitor contacts ECI for information or support for its Website, Services, Products, or other information.
- Processing of Orders. ECI may use Personal Information when a Customer is submitting an order or other transaction through the Website or by other means, such as over the phone.
- Monitor Website Usage, Trends, Experience. ECI may use Personal Information to improve its Website, services, and products. Personal Information and other information may be used to remember information a Visitor entered on the ECI Website, track page views and click-through links, or provide information a Visitor requested on our Website. It may also use Personal Information to tailor interactions with its Website when a Visitor is logged in as a Customer.
- Customer Testimonials/Reviews/Exemplars. Occasionally a customer testimonial or exemplar will be posted on the ECI Website. While ECI Customers are primarily businesses, a testimonial may contain Personal Information. ECI will obtain the Customer’s explicit consent to post any personal information (such as their name) along with the testimonial/exemplar prior to such posting.
- Marketing Research/Statistics. ECI may use or share with Marketing Partners, Personal Information, or information that if re-associated in the aggregate may become identifiable, to help ECI and its Marketing Partners communicate with you regarding ECI produces and services, or to develop new products, services, updates, or the like. These nonaffiliated companies perform services on our behalf and at our direction to help us communicate with Customers, or to help provide Customers with products or services in connection with their business.
- Government Reporting/Audit/Requests Requirements. ECI may use or share Personal Information in order to satisfy governmental reporting, tax, and other requirements (e.g., import/export), as required by law. This may include having to meet U.S. national security or law enforcement requirements.
- To verify and/or authenticate an identity, access rights, privileges, etc. For example, ECI may use Personal Information to authenticate and permit online access to Customer Account information.
- ECI may use or share Personal Information as requested or directed by the Customer. For example, if a business Customer is merging with a Third-Party business and expressly permits the sharing of information, or if a Customer has a Third-Party vendor or agent authorized to access the information.
- For other business-related purposes permitted or required under applicable local law and regulation.
- As otherwise required by law. For example, subpoena or similar legal process compliance, or if ECI has a good faith belief the disclosure is legally necessary for the protection of rights, safety, or fraud investigations.
SERVICES DATA PRIVACY TERMS – HOW ECI USES THE SERVICES DATA
ECI may process (access, use, collect, retain, and/or transfer) Services Data for the following business purposes, the scope and access of which depends upon ECI’s role/responsibility under the service and/or product contracted by the Customer:
- To manage transactions, operations, provide services and products, and/or address issues with service or product. For example, ECI may be a service provider for a Customer, and the Customer has transferred their data to ECI servers. Or, a Customer provides ECI access to their servers, desktops or systems in order for a product patch to be applied, or ECI is helping to resolve a performance issue or question.
- For reporting, invoicing, or renewals related to providing services or products to the Customer.
- As otherwise requested by the Customer,
- As otherwise required by law.
ECI will only use the services data as stated above or as agreed upon in the Customer’s contract. ECI processes the services data but will not control its collection or use practices. It is the Customer’s obligation to provide any notice and/or obtain any consents necessary for ECI to access, use, collect, retain, and/or transfer Services Data, including potentially Sensitive Data. ECI has no direct relationship with its Customer’s Parties.
V. CHOICE, RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA
Choice. ECI enables its Visitors and Customers the ability to choose to opt-out or -in on certain privacy preferences that can serve to modify the Personal Information collected. This includes e-mail marketing preferences, browser cookies, and do-not-track preferences. However, cookies are very important for ECI Websites to properly function and disabling or limiting their use may limit or interfere with Visitors’ experiences or ability to access Website features, functions and customizations, particularly Customer Accounts.
Right to Access.
- A Person who has provided his or her Personal Information directly to ECI can have access to their Personal Information in order to review, correct, edit, or delete it. ECI is committed to having reliable databases that are accurate, complete, current and relevant for the purposes for which ECI collected the Personal Information. Upon reasonable request and as required by the Privacy Shield principles, you may review your own Personal Information stored in the ECI databases and correct, erase, or block any data that is incorrect, as permitted by applicable law. Please note that we may need to verify your identity before acting on your request.
- You may edit or update your Personal Information by contacting ECI by phone (617-217-3006) or email (privacyshield@ECI.com). In making modifications to your Personal Data, you must provide only truthful, complete, and accurate information. In your request, please be as clear as possible what Personal Information you have provided to ECI and what Personal Information you would like edited and/or updated.
- If a Customer seeks to request erasure of Personal Information, Customers should submit a written request to their ECI office. If you are not a Customer but know or have a reasonable belief that you provided Personal Information to ECI that you would like deleted, contact ECI by phone (617 217 3006) or email (privacyshield@ECI.com).
- If ECI receives a request for access to his/her Personal Information from a Customer's Party, then, unless otherwise required under law or by contract with such Customer, ECI will refer such the Customer’s Party to Customer. Persons that have submitted their Personal Information to an ECI Customer should contact the Customer in the first instance to update their data and information.
Requests for Personal Information. ECI will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise: (a) legally binding request for disclosure of the Personal Information by a law enforcement authority unless prohibited by law or regulation; or (b) requests received from the Data Subject. If ECI receives a request for access to his/her Personal Information from a Customer's Party, then, unless otherwise required under law or by contract with such Customer, ECI will refer such Customer’s Party to Customer.
Satisfying Requests for Access, Modifications, and Corrections. ECI will endeavor to respond in a timely manner to all reasonable written requests to view, modify, correct, or delete Personal Information. Please recognize that ECI may in certain circumstances be unable to provide the access or information sought, or correction or deletion requested. For example, ECI may be unable to fulfil a request if it requires ECI to release commercial confidential information, the disclosure of Personal Information relating to another person that is not the requestor, or would result in impracticability, excessive redundancy, and/or an undue burden or expense to ECI.
Limiting Use of Personal Data. You may request that we limit our use of your Personal Information specified in this agreement by contacting us at privacyshield@ECI.com. If you wish to limit the use of your Personal Information by our Customer, you must contact the Customer.
SERVICES DATA PRIVACY TERMS - RIGHT TO ACCESS
ECI’s access to Services Data is prescribed by the Customer acting as the data controller, and limited to ECI’s role as a data processor. As such, if ECI receives a request for access to his/her Personal Information from a Customer's Party, then, unless otherwise required under law or by contract with such Customer, ECI will refer such the Customer’s Party to Customer. Persons that have submitted their Personal Information to an ECI Customer should contact the Customer in the first instance to update their data and information.
VI. MINIMIZATION, RETENTION, AND DELETION OF PERSONAL INFORMATION
VII. DATA INTEGRITY AND SECURITY
ECI uses reasonable efforts to maintain the accuracy and integrity of Personal Information and to update it as appropriate. ECI maintains, monitors, tests, and upgrades information security policies, practices, and systems to assist in protecting the Personal Information that it receives. ECI personnel receive training, as applicable, to effectively implement ECI privacy policies.
ECI has implemented physical and technical safeguards, online and offline, to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored Personal Information is stored on a secure network with firewall protection, and access to ECI's electronic information systems requires user authentication via password or similar means. Moreover, the servers on which Personal Information is stored are kept in secure environments. ECI also employs access restrictions, limiting the scope of employees who have access to Personal Information. Only employees who need the information to perform a specific job are granted access to personally identifiable information and/or Personal Information. Further, ECI uses secure encryption technology to protect certain categories of Personal Information. For example, Secure Socket Layer encryption is employed on secure pages, such as order forms.
Despite these precautions, no data security safeguards guarantee 100% security all of the time.
VIII. RIGHTS OF EUROPEAN DATA SUBJECTS UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR)
Until the General Data Protection Regulation (GDPR) officially comes into effect in May 2018, if you are in one of the EU/EAA member states your privacy rights are established under applicable national legislation and the EU Data Protection Directive (Directive 95/46/EC).
IX. DISCLOSURES AND ONWARD TRANSFERS
Except as otherwise provided herein, ECI discloses Personal Information only to Third Parties who reasonably need to know such data in order to provide the agreed services to the Customers, such as cloud hosts, archive centers and wireless telephone providers. Such recipients must agree to abide by confidentiality obligations. All Third Parties receiving personal information must have a written confidentiality agreement in place with the Customer and with ECI that meets or exceeds Privacy Shield standards.
ECI also may disclose Personal Information for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure.
ECI may be forced to disclose an individual's Personal Information when lawfully compelled by a request made by a recognized public authority or where required to meet national security and or law enforcement requirements.
In cases of onward transfer to Third Parties of Personal Information of EU individuals received pursuant to the EU-US Privacy Shield, ECI is potentially liable if the Third Party processes such Personal Information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage. ECI's liability under this agreement may be governed by the contract in place between the Customer (“data controller”) and ECI (“data processer”).
X. CROSS-BORDER TRANSFERS
ECI is headquartered in the United States but provides a global platform for its business Customers and partners that are located around the world. Thus ECI takes a global approach to its data privacy and security commitments.
To facilitate storage and processing of data, including Services Data, ECI may use, store and process Personal Data in computer databases and servers located in the United States, United Kingdom, Singapore, and/or Hong Kong, which may be outside of a Data Subject’s country of origin.
EU-US PRIVACY SHIELD FRAMEWORK
As to Personal Information that ECI receives or transfers pursuant to the Privacy Shield, ECI subjects itself to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
All ECI employees who handle Personal Information from EU/EAA member states are required to comply with the Principles and this Policy.
ECI will renew its Privacy Shield certification annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.
XI. DISPUTE RESOLUTION
Any (non-EU/EEA) Customers with questions or concerns about the use of their Personal Information should first contact us at privacyshield@ECI.com. Upon receipt of the question or concern we will begin an investigation and attempt to achieve a resolution as soon as reasonably possible. If that Customer's question or concern cannot be satisfied through this process, Customers may bring a complaint before the JAMS ADR service https://www.jamsadr.com/eu-us-privacy-shield:
Privacy Shield Dispute Resolution
If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact our third party dispute resolution provider JAMS. You can visit https://www.jamsadr.com/adr-spectrum/ for more information or to file a complaint. The services of JAMS are provided at no cost to you. Finally, under certain circumstances explained in more detail at https://www.privacyshield.gov, binding arbitration may be invoked in pursuit of satisfaction of claims brought under this agreement.
XII. CHANGES TO THIS POLICY
XIII. QUESTIONS OR COMPLAINTS
You may contact ECI with questions or complaints concerning this Policy at the following address privacyshield@ECI.com.
"Customer" means a prospective, current, or former customer, or client of ECI. The term also shall include any individual agent, employee, representative, customer, or client of an ECI Customer where ECI has obtained his or her Personal Data from such Customer as part of its business relationship with the Customer.
“Customer Data” is information that ECI may collect from a Customer’s online and offline interactions with ECI in or related to the Customer’s use of ECI Websites, services and products. Examples of such information include a Customer’s name, address, billing information, employee contact information, Website visits, or other such account information. ECI may also associate an IP address, cookie, or other tracking mechanism with a specific Customer.
“Customer’s Party” – Third Parties that are Customer’s employees, clients, customers, partners, agents, suppliers, or other individuals that are unaffiliated with and have no direct relationship to ECI. Customer’s Party data and information may be included in Services Data.
"Data Subject" means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics. For Customers residing in Switzerland, a Data Subject also may include a legal entity.
"Employee" means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of ECI or any of its affiliates or subsidiaries, who is also a resident of a country within the European Economic Area.
“ECI Website” or “Website” means www.eci.com or any of its inside or inner pages.
"EU/EEA" refers to any country or member state currently in the European Union (EU) and/or the European Economic Area (EEA).
“Marketing Partner” means trusted Third Parties that conduct joint marketing activities with ECI or provide ECI with services and data for marketing purposes.
“Personal Information” or "Personal Data" (as interchangeable terms) is any personal information or personally identifiable information. This is any information, recorded in any form, relating to a living person who can be identified, directly or indirectly, by reference to that information. As defined under the European Union Directive 95/46/EC, includes an individual's name in combination with country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password, and/or identification numbers. Personal Information does not include data that is de-identified, anonymous, or publicly available. For Switzerland, the term "person" includes both a natural person and a legal entity, regardless of the form of the legal entity.
"Sensitive Data" or “Sensitive Information” (as interchangeable terms) means Personal Data that discloses a Data Subject's medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership.
“Services Data” is data and information that may reside on ECI, Customer or Third-Party servers, desktops, or systems to which ECI is provided access to perform its processing services. Services Data may include Third-Party Personal Information about a Customer’s Parties.
"Third Party" can mean any individual or entity that is neither ECI nor an ECI employee. For example, it may be an agent, contractor, vendor, partner or representative. The term may also mean any individual or entity that is not associated with the individual or entity with which it is being used in conjunction. For example, if another person is requesting a change to your personal information, that other person would be a considered Third Party (in relationship to you).
“Visitor” is an individual that may or may not be a Customer, who goes on the ECI Website.