Privacy Policy
EPIC is committed to securing the fundamental right to privacy in the digital age for all people. Part of that commitment is strictly limiting the collection and processing of your personal data, and to the best of our abilities we will work only with other entities who do the same. EPIC will never sell or monetize your data.
There are a few limited instances in which we need to collect limited personal information about you.
1. Information collected when you sign up for our mailing lists
You may choose to voluntarily share your e-mail address with us when you sign up for the EPIC Alert or our press list. We will not rent, lease, or sell your e-mail address to third parties. We do not include any trackers in our e-mails.
We will, by necessity, share your email address with our email service provider, EmailOctopus. You can view EmailOctopus’s privacy policy here.
2. Information collected when you browse epic.org
Our website uses Matomo to analyze traffic, but does so without using any cookies or collecting personal data. We chose Matomo because of its commitment to privacy. The data we collect may include information about the device and software you use to access our website (user-agent header), the time of your visit, and the domain you were visiting before arriving at our website (from the referrer header). We have all privacy settings in Matomo set to the most privacy-protective option, including fully anonymizing IP addresses. You can view Matomo’s privacy policy here.
We host our Website on Pantheon, whose privacy policy is here, and we use Cloudflare to protect our website from bot traffic. You can view Cloudflare’s privacy policy here.
3. Information collected when you donate to EPIC
We also collect data from donors when they donate to support our work. As with all other personal information, we do not share, loan, trade, rent, or sell donor information to third parties.
Our credit card processor is Stripe, whose privacy policy is here. In order to comply with credit card processing requirements, epic.org includes third-party javascript from Stripe that may contain other tracking. However, this content is only loaded upon visiting the “Donate” page. We also offer Apple Pay on Apple devices.
We maintain records of donor giving. This information is stored so that EPIC can properly acknowledge gifts pursuant to applicable tax regulations and is also used by EPIC to understand giving histories and keep in touch with donors. This applies to donations and donor information received both online and offline. We use Beacon to host our donor information, a service based in the U.K. that we chose because of its privacy practices. In Beacon, we store your name, e-mail address, and giving history.
The Fine Print: Our Full Privacy Notice
PRIVACY COMMITMENT
The Electronic Privacy Information Center (“EPIC,” “we,” “our,” or “us”) is strongly committed to protecting your privacy rights. As part of that commitment, we want to be as clear as possible how about we collect and process your personal information and any third-party services we use. We process as little of your personal data as possible.
EPIC does not sell or rent any personal data that we process about you. Certain actions, such as donating to us or signing up for a newsletter, require processing by third parties and any personal data that you submit for these purposes will redirect to them and be governed by their privacy policies. These are listed and described in the “Third Parties” section below. We conscientiously select and review authorized third parties when possible and review their privacy and security policies. These authorized third parties may be engaged in, among other things, the processing of donations, technology support, or email outreach carried out in connection with our mission. Limited members of EPIC staff or the staff working for these third parties may also access and otherwise process your personal data in connection with their job responsibilities or contractual obligations.
EPIC will challenge any subpoena or other legal process seeking access to personal data that we hold about our website visitors, donors, mailing list members, or petition/campaign participants.
CONTROLLERSHIP
EPIC is the controller for all personal data processed for the purposes below. This means that we determine the purposes for which the personal data will be processed and respond to any questions or requests you have about the personal data. In some cases, third parties may process your personal data in order to assist us in fulfilling the processing purposes. These cases are described below. Where this occurs, the third party acts as a data processor and EPIC remains the data controller. The third parties process the data only at our instructions and for the specific purposes listed.
PERSONAL DATA
Personal data means any information that identifies you as an individual. This includes your name, email address, pictures of you, personal device ID, location, and more. EPIC collects only personal data necessary to allow you to access our website, donate to us, participate in petitions or campaigns, or receive EPIC email alerts. Below, we tell you what precise personal data elements are collected in each instance, what the personal data is used for, and the processing basis. You always have a choice of whether to provide us with your personal data, but we may be unable to provide certain services to you without it (for example, we cannot send you email alerts without your email address).
WEBSITE
EPIC makes information on its website freely available to Internet users without storing any personal data. We do not enable any cookies other than those strictly necessary to process your information for requested services (for example, if you click on a link to donate to EPIC) or for website functionality. Any third-party cookies – such as those used to process a donation – are solely for completing the requested action. We do not allow any tracking or advertisement cookies on our website. You may be able to change your browser setup to limit or reject cookies as well. For more information, please visit https://www.aboutcookies.org/.
DONATIONS
Personal Data Elements: In order to process your donation, we will process financial information, billing address, email address, and name if submitted. (EPIC also allows anonymous donations using major cryptocurrencies.)
Purpose(s): EPIC only processes the personal information necessary to process donations to EPIC, to send updates and fundraising requests to our donors, and to comply with applicable laws.
Processing Basis: Your personal data is processed regarding EPIC’s donation list solely as is necessary for our legitimate interests and where not overridden by your data protection interests or fundamental rights and freedoms. Our legitimate interests include accepting and facilitating financial and personal support for the organization and completing the actions that you have requested by submitting information for a donation.
You can read more about EPIC’s work to defend donor privacy here.
EPIC EMAIL ALERTS
Personal Data Element(s): In order to send you our EPIC Alert newsletter or other email notifications that you sign up for, we will process your email address. Please note that we do not require the email address you provide to be linked to an actual identity.
Purpose(s): We collect your email address in order to send you the EPIC Alert newsletter or press updates, send notices about EPIC activities, and request support for EPIC’s work. We will only send you our newsletter when you sign up to receive it by submitting your email address. You can unsubscribe from this newsletter at any time by clicking the “Unsubscribe” link contained in the newsletter email. You can also read the EPIC Alert by visiting the EPIC Alert archive at our web site if you prefer not to provide an email address. We do not enhance (link to other databases) our mailing list or require your actual name.
Processing Basis: We only process data necessary to our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. Our legitimate interests include educating subscribers and the public about emerging privacy and civil liberties issues, promoting EPIC’s activities, supporting EPIC, and providing you with information that you have requested. We have also deactivated tracking features in EmailOctopus (our email list vendor) and require “double opt-in” for subscriptions. We include links to modify or cancel your subscription in every message to the EPIC Alert and press mailing lists.
PETITIONS, EVENTS, AND CAMPAIGNS
Personal Data Elements: When you sign on to petitions or campaigns or register for events, we will process your name (made public on these documents when you choose to provide them) and email address (not made public).
Purpose(s): We may use your email address to contact you for purposes related to the event, petition, or campaign. In the event that any information provided will be made public (such as when you sign a petition), we will notify you on the form prior to submission.
Processing Basis: Your personal data is processed regarding petitions, events, and campaigns solely as is necessary to our legitimate interests and where not overridden by your data protection interests or fundamental rights and freedoms. Our legitimate interests include facilitating your participation in the event or your support for the petition or campaign.
YOUR PERSONAL DATA RIGHTS
You have certain rights regarding your personal data, including the right to confirm whether or not we are processing your personal data. In the event you wish to view, receive a copy of, update, correct, or delete an email address, a donor record, or any other personal data in EPIC’s possession at any time for any reason, please contact privacy-contact [at] epic [dot] org to take those actions. If you feel that your rights are not being adequately respected or adhered to, you also have the right to lodge a complaint with your supervisory authority.
THIRD PARTIES
EPIC limits third party processing to the following, used only as strictly necessary to deliver the requested services:
Website visitors
- Pantheon.io, for website hosting and deliver
- Cloudflare, to protect our website against bot traffic
- Matomo, to analyze website traffic.
Donors and Event Registrants
- Stripe, for payment processing
- Apple Pay, for payment processing
- BeaconCRM, for event ticketing and maintaining donor records
- SendGrid, for e-mail delivery to donors
- Zapier, to automate delivery of e-mail receipts
- hcapatcha, for security on some donation forms
EPIC Alert and press list subscribers, Members
- EmailOctopus, for delivery of the EPIC Alert, press e-mails, and emails to EPIC Members