Last update: March 22, 2018
This policy is concerned with the protection of personal information only. Personal information includes any data that can be used to identify someone as an individual, including their name, income, personal opinion, interests, home contact information, identification numbers, user IDs, passwords, ethnic origin, and age. Under Canadian law, in a business context, personal information does not include the name, job title, business address, or business telephone number of any employee in an organization.
This policy describes the following practices:
Sharing personal information
Maintaining personal information
NOTE: EPOCH services are not intended for children under the age of 18. We do not knowingly collect or maintain any personal information or non-personally-identifiable information from anyone under the age of 18 nor is any part of our website or service directed to children under the age of 18. We will close any accounts used exclusively by such children and will remove and/or delete any personal information we believe was submitted by any child under the age of 18. Our customers are to be solely responsible for any data that they transmit or input to our services concerning children, and for complying with all applicable laws respecting the protection of children and their information.
We collect information in the following ways:
As part of customers’ use of EPOCH’s services
We will require our customers’ name, address, telephone number and certain financial account or credit card information, for billing and payment purposes. This information is kept confidential and stored securely by EPOCH and/or its payment provider.
The services also may entail the collection of certain information of customers’ employees and contractors, as such individuals may create profiles about themselves, their interests and their skills in order to be matched with volunteer opportunities. Such information may be considered to be personal information, particularly if correlated with other information about the individuals within customers’ or third parties’ possession. This information is kept confidential and stored securely by EPOCH; however, customers retain the sole responsibility to obtain such individuals’ consent to the disclosure of their personal information to EPOCH for use in accordance with the EPOCH services used and accessed by the customer, its employees and contractors.
EPOCH also reserves the right to monitor data posted through the services, in order to ensure that the use of the services is appropriate, lawful, and in accordance with EPOCH’s user agreement.
Automatically by EPOCH’s software and services
EPOCH’s software and services contain features that automatically collect information from users, such as usage statistics and other tracking information. Although this information does not identify individuals personally, it nevertheless provides certain information that may be considered personal information if used in conjunction with other information, and we therefore treat it as being confidential. Additionally, use of EPOCH’s website and/or software may result in the collection of technical information such as a computer's IP address, operating system, browser name/version, the referring web page, requested page, date/time, and sometimes a "cookie" (which can be disabled using browser preferences); such information is used to help us understand the overall usage pattern of our website and software.
As part of the use of EPOCH’s website
Individuals may have the ability to post information on EPOCH’s website, such as comments and opinions. Please be advised that any personal information that is voluntarily posted to any public forum or to any area where third parties may legally access it, will NOT be considered confidential in any way, and EPOCH will not have any obligation to protect it in a secured system or obtain consent to its disclosure, as the person will have made the decision to publicly post it. However, at the applicable individual’s request, EPOCH will be happy to change it, remove it, or restrict access to it (subject to technical feasibility) in order to protect the integrity of the personal information.
Direct contact of EPOCH
Customers and business partners often contact us directly. When an individual contacts any EPOCH employee by telephone, e-mail, in person, or through our website, they will be asked to provide consent to the collection of personal information if their personal information will help us deliver the information, products, or services required.
Response to communications from EPOCH
From time to time, EPOCH may invite individuals or customers to provide us with information for specific purposes. We may ask for this information through feedback features on our website or software; we may send out e-mail inviting feedback or offering products and services; or we may ask individuals or customers directly for information concerning support of our products or services. Any personal information provided as part of the response shall be used only for the specific purposes identified.
Information obtained through a third party
Occasionally, EPOCH will obtain information about individuals from third parties, such as third party volunteer organizations, mailing list providers, third party service providers, ISPs, or third party application or account providers. Third-party providers are responsible for obtaining consent for the release of personal information to us from those individuals identified on mailing lists, surveys, or through other collection methods.
Sharing personal information
Subject to any exceptions stated above in the collection of information section, should EPOCH collect any personal information, we will follow these practices regarding the distribution of that information.
Personal information protection
EPOCH uses reasonable precautions to protect personal information and store it securely. Access to personal information is restricted to those persons who need it for the purposes for which the information was provided (such as the provision of services), and EPOCH takes reasonable steps to prevent the unauthorized use or disclosure of personal information.
EPOCH only uses and discloses personal information if it helps us facilitate the needs of our customers or the individuals to whom the information belongs, improve our products and services, meet legal and regulatory requirements, or — to the limited extent possible — manage our internal business operations. Additionally, if there are any disclosure or use restrictions in the consent to the collection of an individual’s personal information, EPOCH will abide by those restrictions (subject to the consent exceptions listed below). For example, credit card or financial information provided by a customer will only be used to bill that customer for the services that it has authorized or used, and individual profile information will only be used to match the individual up with the opportunities that are requested.
EPOCH may combine portions of personal information (including information obtained through the services) with other information into an aggregate form, so that the resulting information no longer personally identifies any individual. We use this information to obtain an overall picture of EPOCH’s products, services, customer sectors and/or usage patterns, and may disclose this aggregate information to third parties.
We obtain consent
EPOCH provides personal information to third parties only for purposes to which the applicable individual has consented (for example, we may ask to provide contact information to a third party so that they can resolve issues directly with the affected individual), and we require such third parties to keep such information confidential.
In a few situations, EPOCH may be required to disclose personal information without the applicable individual’s prior consent. For example, EPOCH may disclose personal information if we are required to do so by law, or if we believe in good faith that such disclosure is necessary to:
Additionally, the nature of the services provided requires the routine use of certain personal information in the provision of the services. Such personal information will only be used to the limited extent necessary to provide the services that the applicable customer has requested, and may include the following uses:
to allow third party suppliers, vendors, contractors and other parties to provide products and services to us or to the customer, or to act on our behalf (this may include, without limitation, our authorization of such third parties to email our users regarding updates, surveys and other inquiries regarding their experience with our service); and
to allow for audits and surveys to, among other things, validate the size and composition of the users of EPOCH’s services, and understand their experience with EPOCH’s service.
Maintaining personal information
EPOCH has established the following practices regarding the maintenance of personal information.
Individuals can request access to their personal information at any time
If, for any reason, an individual wishes to review their personal information that EPOCH has in its possession, they can contact our Privacy Officer, who will be pleased to provide them with all their personal information that EPOCH has on file, subject to verification of the identity of the individual to verify that they have the right to make such request and obtain such information.
Individuals can request changes to their personal information at any time
Sometimes, it will be necessary for individuals to update their personal information EPOCH has on file. For example, if a customer moves or changes credit cards, they must update their information in order to keep receiving the services provided by EPOCH.
If a customer wishes to make any changes or corrections to their personal information that cannot be done through their account, they may contact our Privacy Officer who will implement the changes. This will help us ensure our records are always up-to-date. Other individuals may also contact our Privacy Officer for assistance. Due to the nature of the EPOCH services, certain information cannot be deleted or removed (such as information affecting the count of people at a given location on a given date and time), but EPOCH will make all reasonable efforts to ensure that such information cannot be used to identify a specific individual.
Individuals can opt out of communications at any time
Individuals always have the choice of whether they wish to receive information – such as e-mail updates – from EPOCH. However, customers need to be aware that if they do choose to opt out of communications respecting products and services provided by EPOCH, they may not obtain all the benefits we could otherwise provide, such as updates or warnings. EPOCH will not have any liability for loss of those benefits or any negative effects respecting customers’ use of EPOCH’s products or services after such opting out of communications.
Individuals can request that personal information be destroyed at any time
A situation may arise where an individual desires to have all of their personal information that is contained in EPOCH’s records deleted or destroyed. In such an event, please contact our Privacy Officer, who will take care of removing the applicable personal information from all of EPOCH’s records. However, there may be situations where we are obligated to retain one archival copy of the information to allow us to comply with laws or respond to legal processes, and there are certain situations where information cannot be deleted or removed (such as information affecting the count of people at a given location on a given date and time). We will inform the affected individual of all such situations, make reasonable efforts to anonymize such information without affecting our legal obligations, and will only use any retained personal information to the limited extent necessary to comply with such laws or respond to legal processes.
Contacting our Privacy Officer
Please contact our Privacy Officer at: