VPN Instructions: Click Here to Begin
Microsoft OWA: https://owauk.ecicloud.com
Last Modified: March 16, 2021
ECI Websites, products, and services are not intended for children. ECI does not permit children to register as Customers on its Websites. Upon being made aware of any collection or receipt of Personal Information pertaining to a child under the legal age of consent in the country where the child is located, that was received without valid consent, ECI will delete from its records.
Attn: Data Privacy Manager
55 Church Street, Suite 520
Boston, MA 02108, USA
Should your inquiry or concern remain unresolved, please follow the dispute resolution procedure outlined in Section VII. For EU/EEA residents, including the United Kingdom, you have the right to make a complaint at any time to the Information Commissioners Office, the UK Supervisory Authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with us.
Finally, this website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal information but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your Personal Information so that it can directly or indirectly identify you, we treat the combined data as Personal Information which will be used in accordance with this privacy notice.
Special Categories of Data
ECI does not collect Special (or “sensitive”) Data (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, biometric and genetic information, and health or sex life) from its Visitors or Customers, and asks that its Visitors and Customers not provide their Special Data to ECI. To the extent a Customer collects such Special Data and makes it available to ECI as Customer Data, if any, ECI will process such data using appropriate safeguards and restrictions in accordance with the Customer’s Services Agreement.
WHAT CUSTOMER INFORMATION ECI COLLECTS AND PROCESSES
For certain products, ECI serves as a service provider to its Customers. In our capacity as a service provider, we will receive, store, and/or process Customer Data owned and/or controlled by our Customers. Customer Data is distinguishable from Customer Information because Customer Data is data and information that may reside on ECI, Customer or Third-Party servers, desktops, or systems to which ECI is provided access to perform its processing services. Customer Data may include Third-Party Personal Information about a Customer’s employees, clients, customers, partners, agents, suppliers, or other individuals (collectively “Customer’s Parties”). Customer Data may also be accessible to ECI and the associated Customer via the ECI Web Portal. ECI processes Customer Data according to its Services Agreement with Customer and treats Customer Data as confidential in accordance with the terms of the Services Agreement. ECI is provided access to such information under the direction of its Customers, serves solely in the capacity of a data processor, and has no direct relationship with individuals that are Customer’s Parties.
Cookies, Click-Throughs, Beacons, and other automated technologies or interaction.
As is common with most websites and applications, when you go on ECI Websites or interact with our digital properties, including by email, ECI may automatically receive and collect, or facilitate the collection of, your Personal Information on your interactions with us and the ECI Websites or emails, and about your equipment. For example, ECI may collect Personal Information by using first and third party cookies, Flash cookies, HTML5 local storage, server logs, web beacons, clear gifs, click-throughs, and other similar technologies. Personal Information that ECI Websites may automatically receive and collect include, but is not limited to:
Cookies are small files of letters and numbers stored on your browser or device that enable the cookie owner to recognize the device when it visits websites or uses online services. The website you visit may set cookies directly, known as first-party cookies, or may trigger cookies set by other domain names, known as third-party cookies. We may automatically use some cookies that are strictly necessary for the core functionality of the ECI Websites, providing the services you request, enabling communications, and providing a secure digital environment. We request your consent for all of our other cookie uses, which can include:
ECI may also make use of embedded URLs, pixels, widgets, buttons, web beacons, social media buttons, and tools on the ECI Websites and emails to link to ECI, as well as our service providers’, Marketing Partners’, and other third party websites, services, and platforms. Bear in mind that non-ECI websites and services are outside of ECI’s control. By clicking on the links or tools, you may be allowing a third-party to collect and/or share your Personal Information. When doing so, we may also collect Personal Information that you share with third party sites and platforms depending upon that third party’s privacy practices. We do not control these third party websites, platforms and applications collecting your Personal Information and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit or application you use when you use or enable these platforms and applications, or leave ECI Websites. Your interactions with these features are governed by the privacy notices of the companies that provide them.
Your consent for our collection and use of your Personal Information may be managed in a variety of ways at the operating system level of your device or equipment, through third-party platform extensions, or you can learn how else you can exercise your option not to accept these cookies by clicking here. However, cookies are very important for ECI Websites to properly function and disabling or limiting their use may limit or interfere with Visitors’ experiences or ability to access Website features, functions and customizations.
In compliance with California AB 370, Section 22575, ECI has a responsibility to inform you that ECI Websites do not take any specific automated action in response to browser “Do Not Track” signals or other similar mechanisms (collectively, “DNT Signals”). As specified above, there are certain actions that Visitors can take to restrict or eliminate the use of tracking technologies within the ECI Websites, however no actions are taken automatically in response to DNT Signals.
Some automatically collected information from a Visitor is not personally identifiable, but ECI or its Marketing Partners may aggregate or combine this information with information from other public and authorized non-public sources that, through the combination, could make otherwise anonymous information identifiable as Personal Information, or add to the Personal Information we already have, that we respect and protect.
What you Provide ECI.
ECI collects information a Visitor may make available, provide, and submit to us, if we have a legal reason to collect the information, or because you consented for us to do so for a specific purpose. For example, we may ask for your name, email address, additional contact information, and other Personal Information when you:
Information provided by Third Party Partners and Public Sources.
We may receive information about you from various third parties and public sources including, for example, business partners, subcontractors in technical, payment, and delivery services, advertising networks, analytics providers, search information providers, and (for example, if you are applying for a job) credit reference agencies and background checking agencies. We may receive information about you from them as part of the services we provide you or for legal reasons.
If You Are an ECI Customer.
Regardless of your jurisdiction, we will only use your Personal Information when the law allows us to. That said, if you are an individual from the EU/EEA, the United Kingdom, or other applicable jurisdictions, our legal basis for collecting and using the Personal Information will depend on the Personal Information concerned and the specific context in which we collect it. Generally we will not collect or access any Personal Information other than under the following circumstances:
What we mean by legitimate interests is the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. For example, Personal Information which may be necessary for the daily operation of ECI’s services, handling Customer inquiries, direct marketing of products and services, completing transactions, and making disclosures under the requirements of any applicable law and the provision of ECI’s services and products to its Customers and prospective Customers (and which may be further described in Section V below). Without such information, ECI may be unable to provide its services and products to its Customers. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at privacyshield@ECI.com.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need additional details about the specific legal ground we are relying on to process your personal data.
Where we rely upon your consent to process the Personal Information, you have the right to withdraw or decline your consent at any time. Generally we do not rely on consent as a legal basis for processing your Personal Information other than in relation to sending third party direct marketing communications to you via email. You may withdraw consent to marketing at any time by contacting us at privacyshield@ECI.com or by clicking the unsubscribe link in the marketing email. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.
ECI also maintains and processes Customer Data that may contain Third-Party Personal Information (“Customer’s Parties”) submitted by its Customers. ECI does not act as a controller with respect to Customer Data when a Customer transfers it to ECI servers or when Customers provide ECI access to the Customers’ servers, desktops or systems. In these instances ECI is acting under the direction of the Customer and solely as a data processor. ECI has no direct relationship with the data subjects whose personal information may be in the Customer Data.
ECI recognizes and respects that your privacy and Personal Information is important, and that under circumstances you can make decisions about the Personal Information collected by ECI. Please keep in mind, though, that if you decide to not provide Data required by ECI in order for us to provide a service or product, your use of the Websites or ECI Services may be limited or impossible to facilitate.
ECI uses and shares the Personal Information that it collects from its Visitors and Customers, unless otherwise restricted by law, for the following business purposes:
Except as otherwise provided herein, ECI discloses Personal Information only to Third Parties who reasonably need to know such data in order to provide the agreed services to the Customers, such as cloud hosts, archive centers and wireless telephone providers. Such recipients must agree to abide by confidentiality obligations, respect the security of your Personal Information, and treat in accordance with the law. When entering into an agreement to provide services to any financial institution we contractually agree that Customers’ Personal Information will not be sold. Nor will we share that information with any other party, including affiliates of ECI, for purposes that are not related to providing services to our institution partners or their customers.
ECI also may disclose Personal Information for other purposes or to other Third Parties when a Data Subject has freely provided specific and informed consent to or requested such disclosure. Although consent to such a disclosure or processing may be revoked by the Data Subject, there may be instances where an additional legal basis permits ECI to continue to process and/or disclose the Personal Information.
ECI may be forced to disclose an individual's Personal Information when lawfully compelled by a request made by a recognized public authority or where required to meet national security and or law enforcement requirements.
Your California Privacy Rights
The California Consumer Privacy Act of 2018 (CCPA) is in effect as of January 1, 2020. The Act grants “consumers” (any California resident regardless of whether there is a customer or any other relationship with the covered business) five new rights respecting their personal information:
1. The right to request disclosure of a ECI’s data collection and sales practices in connection with the requesting consumer, including the categories of personal information we have collected, the source of the information, the use of the information and, if the information was disclosed or sold to third parties, the categories of personal information disclosed or sold to third parties and the categories of third parties to whom such information was disclosed or sold;
2. The right to request a copy of the specific personal information collected about you during the 12 months before the request (together with right #1, a “personal information request”);
3. The right to have such information deleted (with exceptions);
4. The right to request that your personal information not be sold to third parties, if applicable; and [ECI does not sell personal information to third parties]
5. The right not to be discriminated against because they exercised any of the new rights.
You may request the information in writing at:
Attn: General Counsel
55 Church Street, Suite 520
Boston, MA 02108, USA
HOW ECI USES CUSTOMER DATA
ECI also processes Customer Data which may contain Personal Information as agreed upon in the Customer’s contract or otherwise legally obligated under applicable law. ECI processes the Customer Data but will not control its collection or use practices. It is the Customer’s obligation to provide any notice and/or obtain any consents necessary for ECI to access, use, collect, retain, and/or transfer Customer Data, including potential Special Categories or Sensitive Data.
If you are an individual who interacts with a Customer using our services, then you will be directed to contact our Customer or any inquiries or requests regarding your Personal Information. We receive Customer Data under the direction of our Customers, and have no direct relationship with individuals whose Personal Information we process in connection with our Customer’s use of our services.
ECI is headquartered in the United States but provides a global platform for its business Customers and partners that are located around the world. Thus ECI takes a global approach to its data privacy and security commitments.
For operational and other legitimate interest reasons, we may process, store, and transfer Personal Information, including that which is in Customer Data, in a country which may be outside of your own, such as the United States, the United Kingdom, Singapore, and/or Hong Kong, with different privacy laws that may or may not be as comprehensive as your own. We may also transfer your Personal Information to third parties described in Section V, which may be located in a different country to you. Where we do so, and where we are required to do so under local law, we will rely on and put in place lawful measures and mechanisms to ensure your Personal Information receives an adequate level of protection whenever it is processed, such as the US-EU Privacy Shield Framework or EU Standard Contractual Clauses.
EU-US PRIVACY SHIELD FRAMEWORK
As to Personal Information that ECI receives or transfers pursuant to the Privacy Shield, ECI subjects itself to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
All ECI employees who handle Personal Information from EU/EAA member states are required to comply with the Principles and this Policy.
ECI will renew its Privacy Shield certification annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.
Any (non-EU/EEA; UK) Customers with questions or concerns about the use of their Personal Information should first contact us at privacyshield@ECI.com. Upon receipt of the question or concern we will begin an investigation and attempt to achieve a resolution as soon as reasonably possible. If that Customer's question or concern cannot be satisfied through this process, Customers may bring a complaint before the JAMS ADR service https://www.jamsadr.com/eu-us-privacy-shield.
Dispute Resolution (EU/EEA; UK Only)
If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact our third party dispute resolution provider JAMS. You can visit https://www.jamsadr.com/adr-spectrum/ for more information or to file a complaint. The services of JAMS are provided at no cost to you. Finally, under certain circumstances explained in more detail at https://www.privacyshield.gov, binding arbitration may be invoked in pursuit of satisfaction of claims brought under this agreement.
Finally, you have the right to make a complaint at any time to the Information Commissioners Office, the UK Supervisory Authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
ECI uses reasonable efforts to maintain the accuracy and integrity of Personal Information and to update it as appropriate. While no security is impenetrable, ECI implements and maintains commercially appropriate technical, physical, administrative and organizational measures to ensure a level of security appropriate to the risk for ECI’s Processing of the Personal Data, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing. For that Personal Information of EU/EEA and UK residents, ECI also takes into account the risk of varying likelihood and severity for the rights and freedoms of natural persons. ECI maintains, monitors, tests, and upgrades information security policies, practices, and systems to assist in protecting the Personal Information that it knowingly collects from you, and to maintain the ongoing confidentiality, integrity, availability and resilience of ECI’s systems and services. ECI personnel receive training, as applicable, to effectively implement ECI privacy policies. ECI also employs access restrictions, limiting the scope of employees who have access to Personal Information and are subject to a duty of confidentiality. Only employees who need the information to perform a specific job are granted access to personally identifiable information and/or Personal Information.
ECI has implemented physical and technical safeguards, online and offline, to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored Personal Information is stored on a secure network with firewall protection, and access to ECI's electronic information systems requires user authentication via password or similar means. Moreover, the servers on which Personal Information is stored are kept in secure environments. Further, ECI uses secure encryption technology to protect certain categories of Personal Information. For example, Secure Socket Layer encryption is employed on secure pages, such as order forms.
Despite these precautions, no data security safeguards guarantee 100% security all of the time. We have put in place procedures to deal with any suspected personal information breach and will notify you and/or any applicable regulator of a breach where we are legally required to do so.
To determine the appropriate retention period of Personal Information, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and applicable legal requirements. In some circumstances, you can ask us to delete your data: see REQUEST ERASURE below for further information. When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it, or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible. For Personal Information that we process on behalf of our Customers, we retain such Personal Information in accordance with the Services Agreement with them, subject to applicable laws.
In some circumstances we may anonymize your Personal Information (so it can no longer be associated with you) for research, product or services improvement, or statistical purposes in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, you have rights under applicable data protection laws with respect to Personal Information we knowingly collected. Please click on the links below to expand and find out more about those rights.
ECI will try to comply with any of these requests pertaining to your Personal Information in accordance with applicable law. Please recognize that ECI may in certain circumstances be unable to provide the access or information sought, or correction or deletion requested. For example, ECI may be unable to fulfil a request if it requires ECI to release commercial confidential information, the disclosure of Personal Information relating to another person that is not the requestor, or would result in impracticability, excessive redundancy, and/or an undue burden or expense to ECI. We may need to verify your identity before acting on your request. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
CUSTOMER'S PARTY RIGHT TO ACCESS
ECI’S ACCESS TO CUSTOMER DATA IS PRESCRIBED BY THE CUSTOMER ACTING AS THE DATA CONTROLLER, AND LIMITED TO ECI’S ROLE AS A DATA PROCESSOR. AS SUCH, IF ECI RECEIVES A REQUEST FOR HIS/HER/ITS PERSONAL INFORMATION FROM A CUSTOMER'S PARTY, THEN, UNLESS OTHERWISE REQUIRED UNDER LAW OR BY CONTRACT WITH SUCH CUSTOMER, ECI WILL REFER SUCH THE CUSTOMER’S PARTY TO CUSTOMER. PERSONS THAT HAVE SUBMITTED THEIR PERSONAL INFORMATION TO AN ECI CUSTOMER SHOULD CONTACT THE CUSTOMER IN THE FIRST INSTANCE TO UPDATE THEIR DATA AND INFORMATION.
Complies with the HIPAA Administrative Safeguards by:
Complies with the HIPAA Technical Safeguards by:
Complies with the HIPAA Physical Safeguards by:
ECI does not collect or store ePHI of Covered Entities on any ECI corporate systems.
ECI employees do not interact with individual patient records without the supervision of the Covered Entity. Any patient ePHI requests should be directed to the Covered Entity and ECI will assist the Covered Entity as necessary.
You may contact ECI with questions or complaints concerning this Policy at the following address privacyshield@ECI.com or at:
Eze-Castle Integration, Inc.
Attention: General Counsel
100 High Street 16th Floor
Boston, MA 02110, USA
"Customer" means a prospective, current, or former customer, or client of ECI. The term also shall include any individual agent, employee, representative, customer, or client of an ECI Customer where ECI has obtained his or her Personal Information from such Customer as part of its business relationship with the Customer.
“Customer Data” is data and information that may reside on ECI, Customer or Third-Party servers, desktops, or systems to which ECI is provided access to perform its processing services. Customer Data may include Third-Party Personal Information about a Customer’s Parties.
“Customer Information” is information that ECI may collect from a Customer’s online and offline interactions with ECI in or related to the Customer’s use of ECI Websites, services and products. Examples of such information include a Customer’s name, address, billing information, employee contact information, Website visits, or other such account information. ECI may also associate an IP address, cookie, or other automatic personalization mechanism with a specific Customer.
“Customer’s Party” – Third Parties that are Customer’s employees, clients, customers, partners, agents, suppliers, or other individuals that are unaffiliated with and have no direct relationship to ECI. Customer’s Party data and information may be included in Services Data.
"Data Subject" means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics. For Customers residing in Switzerland, a Data Subject also may include a legal entity.
"Employee" means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of ECI or any of its affiliates or subsidiaries, who is also a resident of a country within the European Economic Area.
“ECI Web Portal” means the Customer web portal provided to certain Customers as part of their products and/or services.
“ECI Website” or “Website” means www.eci.com or any of its inside or inner pages, including but not limited to the ECI Web Portal.
"EU/EEA" refers to any country or member state currently in the European Union (EU) and/or the European Economic Area (EEA).
“Marketing Partner” means trusted Third Parties that conduct joint marketing activities with ECI or provide ECI with services and data for marketing purposes.
“Personal Information” or "Personal Information" (as interchangeable terms) is any information relating to an identified or identifiable natural person. This is any information, recorded in any form, relating to a living person who can be identified, directly or indirectly, by reference to that information. It includes, but is not limited to, an individual's name, country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password, and/or identification numbers. Personal Information does not include data that is de-identified, anonymous, or publicly available. For Switzerland, the term "person" includes both a natural person and a legal entity, regardless of the form of the legal entity.
For California residents, the data elements listed in section 140(o)(1)(A)-(K) of the CCPA, if any such data element identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular individual or household are also considered to be personal information.
“Specific Categories” or "Sensitive Data" or “Sensitive Information” (as interchangeable terms) means Personal Information that discloses a Data Subject's medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, genetic or biometric information, or trade union membership.
"Third Party" can mean any individual or entity that is neither ECI nor an ECI employee. For example, it may be an agent, contractor, vendor, partner or representative. The term may also mean any individual or entity that is not associated with the individual or entity with which it is being used in conjunction. For example, if another person is requesting a change to your personal information, that other person would be a considered Third Party (in relationship to you).
“Visitor” is an individual that may or may not be a Customer, who goes on the ECI Website.
Additionally, you can download ECI's Anti-Slavery Statement here.
Microsoft OWA: https://owauk.ecicloud.com
Microsoft OWA: https://owaapac.ecicloud.com
We're committed to your privacy. ECI uses the information you provide to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Page.