Privacy Policy

Last updated: 04/09/2025

EPIC Conjoint Limited provides an advanced online survey platform for companies, research companies, and universities. The software is provided in an Application Service Provider (ASP) model, accessed using a modern browser via the Internet. EPIC’s products are self-service, whereby the end-users are responsible for what data to collect and from whom. Survey respondents may use mobile devices to complete a survey.

This Privacy Notice is provided to individuals whose Personal Information is processed by EPIC Conjoint Limited, registered at 39 Northumberland Road, Ballsbridge, Dublin 4, and any affiliates (collectively, “EPICConjoint”, “EPIC Conjoint”, “EPIC”, “Epic”, “we”, “us”, “our”). EPIC Conjoint is the owner of epicinsights.io and its subdomains and the controller of your personal information. This applies but is not limited to:

• Visitors to our public website epicinsights.io and all its subdomains,
• Users of EPIC software and related services,
• Individuals who interact with our posts, pages, or advertisements on LinkedIn or other third-party platforms, and
• Individuals who otherwise engage with EPIC online or offline in connection with our services.

References to “you” or “your” refers to users whose Personal Information is processed by EPIC Conjoint.

We want you to be familiar with how we collect, use and disclose personal information when you visit epicinsights.io (including its subdomains), interact with our LinkedIn posts or advertisements (or similar third-party platforms), or engage with us under a contractual agreement for one of our Services.

This Global Privacy Notice (“Notice”) is intended to comply with the relevant transparency requirements under the applicable privacy or data protection laws. This Notice describes our processing activities in connection with your relationship with us. The Notice applies to any personal information we may collect from you through our websites or applications, accessed using your device (e.g., mobile, computer), our LinkedIn pages, posts, or advertisements (as well as similar third-party services), and various other offline means, such as when you attend our events, or when you otherwise interact with us as described below. If you have any questions or would like to make any requests about your personal information such as opting out of marketing, please email privacy@epicinsights.io.

When we collect or process personal information about you, it’s important that you read this Notice in conjunction with any other Notice provided to you, so that you are fully aware of how and why we are using your data. This Notice supplements other notices and is not intended to override them. It should also be read in conjunction with any terms and conditions as may be applicable to you) and will form part of these.

Our website may include links to third-party websites, SDKs, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. When you leave our website, we encourage you to read the Notice of every website you visit, We don’t control these third-party websites and are not responsible for their privacy notices.

1) HOW WE USE PERSONAL INFORMATION

Information that you provide to us:
Categories of personal information we collect	Purposes of use (“Processing Purposes” described in more detail below)	Source of Information	Legal basis
EPIC Conjoint Customers and website visitors: Contact data (includes email, phone number and onboarding information where you sign up for our Services) Device Data Marketing and Communications data such as social media data or contact data	To open an account, and provide our Services To assist you with queries as to what our Services include When you use one of our Survey Methodologies or browse our website. To send manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting, managing our offices and other facilities. To send you marketing communications and service updates (by paper, electronic and social media channels and personalisation in authenticated instances) and to better understand how our website and services are used which enables us to improve user experience.	You where you are defined as a user and have signed up for our Services on our website You where you are defined as an EPIC Conjoint customer and have signed up for our Services You where you are defined as our website visitor and/or LinkedIn user and have filled in a form to receive marketing or sales materials from us (i.e. presentations, case studies, whitepapers, webinars, and others)	Performance of contract. Performance of Contract And Legitimate interests: ensuring that you’re provided with the best customer and website visitor Services we can offer, and validate entry to selected services Consent, and Legitimate interests: a) ensuring EPIC Conjoint customer records are up to date, promoting our services, receiving feedback, improving our services, identifying ways to expand our business, and b) reviewing how website visitors use our website, and what they think of, our services helping us to identify ways to improve and expand our business. Performance of a contract And Legitimate interests: a)ensuring we can manage payments, fees and charges and to collect and recover money owed to us, b) ensuring we can notify you about changes to our terms of business or this notice

 

Information that we collect for business-to-business relationships only:
Categories of personal information we collect	Purposes of use (“Processing Purposes” described in more detail below)	Source of Information	Legal basis
Vendor Data: Identification data Contact data Electronic Communications data Financial data Services data Professional information data	Build and manage business-to-business relationships To engage you or the organisation or entity you work for as a new supplier, including performing anti-money laundering, anti-terrorism, sanctions, fraud, and other background checks Where we provide you access to our systems we need to manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, and data hosting To manage payments, fees, and charges and to collect and recover money owed to us	Service Providers Third party vendors Advertising providers Analytics providers Marketers Partners Third party vendors Public records databases	Performance of a contract Legal or regulatory obligation Public interest Legitimate interests: ensuring we do not deal with proceeds of criminal activities or assist in any other unlawful or fraudulent activities for example terrorism Legitimate interests: ensuring the efficient and secure running of our business, including maintaining information technology services, network, and data security Legitimate interests: ensuring we can manage payments, fees, and charges; to collect and recover money owed to us
Due diligence and AML information (as permitted by law)	Compliance and risk management activities for business-to-business relationships.	Your response to our due diligence questions. Third party vendor risk compliance screening and data validation tools and databases.	Performance of a contract Legitimate interests Legal obligation

 

Information that we collect from third parties:
Categories of personal information we collect	Purposes of use (“Processing Purposes” described in more detail below)	Source of Information	Legal basis
Vendor Data: Information from public and commercial sources Third Party Partners in Connection with providing our Services For example: contact information such as authentication information, account legitimacy, search requests, payment provision, log events and device identifiers such as IP addresses, device IDs or other unique identifiers.	Build and manage business-to-business relationships Provide our Services Personalise your experience Provide seamless experience across our website on all devices Obtain analytics to improve performance Safety and security	Advertising providers Analytics providers Marketers Partners Third party vendors Public records databases Content partners. Advertising providers Analytics providers Marketers Partners Third party vendors Public records databases Public records databases	Legitimate interests Performance of contract Legitimate interests Legal obligation
Due diligence information (where required and permitted by law)	To conduct due diligence checks on potential and existing customers, selling partners and suppliers and background and suitability checks on individuals. Compliance and risk management activities for business-to-business relationships Build and manage business-to-business relationships	You or your company’s responses to our due diligence questions Third party risk, compliance screening and data validation tools and databases,	Legal obligation Performance of contract Legitimate interests

Sensitive Data

Unless we request it, we ask that you do not provide or disclose any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership). We do not require this for the services.

2) HOW WE SHARE YOUR PERSONAL INFORMATION

We may disclose your personal information to third parties where necessary for the following reasons:

• To third parties where necessary to manage and operate our business, including management of contracts and providing the functionality of our Services.
• To service providers, website hosting service providers, information technology and related infrastructure service providers, analytics providers, email delivery service providers.
• For legal and compliance reasons, including responding to requests and legal demands from regulators or other authorities, pursuing legal rights and remedies and defending claims
• For fraud prevention and security, including ensuring the security and safety of our premises.
• To comply with applicable law and regulations
• We have a legitimate interest in disclosing or transferring your personal information to a third-party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). You will be notified of any such business transaction and of possible changes to the processing of your personal information in accordance with applicable law and the ‘Updates to This Notice’ section.

3) HOW LONG WE KEEP YOUR DATA

Generally, we will retain data for as long as you use our services or browse on our website. Where users have deactivated their accounts, we will retain data for 12 months before deleting same, unless required to retain it longer for regulatory or compliance reasons.

We will retain your personal information for the period necessary to fulfil the purposes outlined in this Notice unless a longer retention period is required or permitted by law, for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

The criteria used to determine our retention periods are set out in our retention policy and will vary depending on such factors as (i) the length of time we have an ongoing relationship with you and provide goods or services to you (for example, for as long as you have an account with us); (ii) whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of transactions for a certain period of time before we can delete them); or (iii) whether retention is advisable in light of our legal position (such as in regard to enforcement of our contractual terms, applicable statutes of limitations, litigation or regulatory investigations).

Retention Periods Based on Legal Obligations

• Where a legal obligation arises or retention is advisable in light of our legal position, in some circumstances, we will retain certain personal information, even after your account has been deleted and/or we no longer provide goods or services to you. Some examples are described below.
• To cooperate with law enforcement or public, regulatory and government authorities: If we receive a preservation order or search warrant, related to your account, we will preserve personal information subject to such order or warrant after you delete your account.
• To comply with legal provisions on tax and accounting: We may retain your personal information, such as financial and relationship history after you delete your account, as required by local tax law and to comply with bookkeeping requirements.
• To pursue or defend a legal action: We may retain relevant personal information in the event of a legal claim or complaint, including regulatory investigations or legal proceedings about a claim related to your personal information, or if we reasonably believe there is a prospect of litigation (whether in respect of our relationship with you or otherwise) for the amount of time appropriate to local limitation periods after the dispute has been settled or decided by a court or tribunal from which there is no further right of appeal.

Anonymisation Of Data

In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. By way of example, anonymisation techniques may include removing direct identifiers from a dataset or replacing point coordinates in geo-referenced data with non-disclosing features or variables, or other recognised techniques appropriate to the data in question.

4) HOW WE KEEP YOUR DATA SECURE

We seek to use reasonable organisational, technical and administrative measures to protect personal information within our organisation, such as encryption and multi factor authentication. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.

5) THIRD-PARTY SERVICES

This Notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third-party operating any website or service to which our products or services link. The inclusion of a link via any of our services does not imply endorsement of the linked site or service by us or by our affiliates.

6) CHILDREN

Our Services are not intended for children. We will only collect or process information belonging to children under very limited circumstances. We might need to collect personal information belonging to children as part of our Service if, for example, the personal information is required as part of an experience-related reservation. We will only collect personal information belonging to children if it is provided by and with consent of a parent or guardian. If we become aware that we have processed the personal information of a child without the valid consent of a parent or guardian, we will delete the personal information.

7) INTERNATIONAL TRANSFERS

EPIC Conjoint has its headquarters in Ireland. We may transfer your information to service providers, and other third parties located outside of your country of residence. Where we do so, this is necessary to provide our Services and for the purposes outlined in this Notice. Data privacy laws vary from country to country and may not be equivalent to, or as protective as, the laws in your home country. We take steps to ensure that reasonable safeguards are in place with the aim to ensure an appropriate level of protection for your information, in accordance with applicable law. These measures include data transfer agreements. By providing us with your information, you acknowledge any such transfer, storage or use.

8) YOUR RIGHTS

You will be able to exercise certain privacy rights. The rights available to you depend on our reason for processing your personal information and the requirements of applicable law (i.e., your rights will vary depending on whether you are located in. Specifically, you may have the following rights:

• The right to confirmation on the existence of processing and to access the data: You may have the right to obtain from us confirmation as to whether personal information processed, and, where that is the case, to request access to the personal information. Depending on where you are located, you may also have the right to information about public and private entities with which the controller has disclosed personal information.
• The right to correct incomplete, inaccurate, or out-of-date data: You may have the right to request that we correct any personal information about you that is inaccurate. Depending on the purpose of the processing, you also have the right to request that we complete the personal information we hold about you where you believe it is incomplete, including by means of providing a supplementary statement.
• The right to the portability of data: You may have the right to request that we transfer the personal information we have collected about you to another organisation, or directly to you, in a structured, commonly used, and machine-readable format, under certain conditions.
• The right to request anonymisation, blocking, or deletion of personal information: You have the right to request the deletion of your personal information we have collected from you, subject to certain conditions and limitations under the law.
• The right to revoke consent: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time with future effect. Depending on where you are located, you may also have the right to request deletion of personal information that was processed based on your consent, or the right to know the consequences of revoking your consent. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
• The right to object to processing: You may have the right to object to our processing of your personal information, under certain conditions, and we can be required to no longer process your personal information. Such right to object may especially apply if we collect and process your personal information through automated decision making, such as profiling, to better understand your interests in our products and services or for direct marketing. If you have a right to object and you exercise this right, your personal information will no longer be processed by us for such purposes. Such a right to object may, in particular, not exist if the processing of your personal information is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
• The right to opt-out of the sale or sharing of personal information: We do not sell your personal information in exchange for monetary consideration. In the event that we disclose your personal information to third parties for their marketing purposes, you may have the right to opt out of that disclosure. You may also have the right to request further information about the disclosure of your personal information for those third parties’ marketing purposes, such as the contact information of those parties, once per calendar year.
• The right to limit the use and disclosure of sensitive personal information: We will only use sensitive or special personal information as needed for the purposes for which it was collected or with your consent. We do not currently process sensitive personal information for purposes that may be limited under applicable law. If this changes, we will notify you, and you may have the right to restrict such additional uses.
• The right to non-discrimination for exercising a privacy right: We will not discriminate against you for exercising any rights.

Exercising Your Rights

To exercise any of your rights as set out above, please contact us by submitting a request using this form Please note that you will need to verify your identity before we can fulfil your request. Your request must: (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorised representative of that person; and (ii) describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We will respond to your verifiable request within any prescribed timelines. In some regions, there may be limitations on how often a request relating to personal information may be submitted.

Marketing and Your Rights

Marketing and exercising your right to opt-out of marketing emails and personalisation

In certain jurisdictions, you will need to expressly consent to receive marketing emails. If you are an authenticated user on our website or user of our software and Services, we may provide you with a personalised experience based on your user behaviour.

In all jurisdictions, you can choose not to receive such communications at any time by clicking on marketing opt-out links in any electronic marketing materials we send you, by making a request to using the contact details set out in the “Contacting Us” section of this Notice, or, in relation to certain third party advertisements, by exercising your rights related to cookies as explained in our Cookie Notice.

Third-party marketing/sale of Personal Information

We do not share or sell your personal information to third parties for the third party to use for their own marketing or other purposes.

9) UPDATES TO THIS NOTICE

The “LAST UPDATED” legend at the top of this Notice indicates when this Notice was last revised. Any changes will become effective when we post the revised Notice.