Privacy Policy

Last Updated: 21 May 2018

Our Approach to Privacy

Echobox Limited ("Echobox", "we", "our", or "us") is committed to protecting your privacy. This privacy policy sets out how we collect, store, process, transfer, share and use data that identifies or is associated with you ("personal information") and information regarding our use of cookies and similar technologies.

Echobox operates a platform via our website (our "Website") located at www.echobox.com (the "Exchobox Service").

This privacy policy applies to the Echobox Service.

Before accessing or using the Echobox Service, please ensure that you have read and understood our collection, storage, use and disclosure of your personal information as described in this privacy policy.

Echobox is the data controller of the personal information we hold about you.

Personal Information we collect about you and how we use it

We collect personal information about you when you voluntarily submit information directly to us when you access or use the Echobox Service. This can include information you provide to us when you register for an account, fill in a form, correspond with us via the Echobox Service, phone, email or otherwise, subscribe to our mailing lists, newsletters or other forms of marketing communications, respond to surveys or use some other feature of the Echobox Service as available from time to time.

If you choose not to provide personal information, we may not be able to provide the Echobox Service to you or respond to your other requests.

The table at ANNEX 1 sets out the categories of personal information we collect about you and how we use that information. The table also lists the legal basis which we rely on to process the personal information and information as to how we determine applicable retention periods.

We also automatically collect personal information about you indirectly about how you access and use the Echobox Service and information about the device you use to access the Echobox Service.

The table at ANNEX 2 sets out the categories of personal information we collect about you automatically and how we use that information. The table also lists the legal basis which we rely on to process the personal information and information as to how we determine applicable retention periods.

We may link or combine the personal information we collect about you and the information we collect automatically. This allows us to provide you with a personalised experience regardless of how you interact with us.

We may anonymise and aggregate any of the personal information we collect (so that it does not identify you). We may use anonymised information for purposes (including commercial purposes) such as, among others, testing our IT systems, research, data analysis, improving the Echobox Service and developing new products and features. We may also make public, sell or share such anonymised information with others.

Disclosure of your Personal Information

As required in accordance with how we use it (as set out in the Annexes), we will share your personal information with the following categories of recipients:

  1. Service providers and advisors. Third party vendors and other service providers that perform services for us, on our behalf, which may include providing mailing or email services, recruitment services, tax and accounting services, payments processing, data enhancement services, fraud prevention, web hosting, or providing analytics services.
  2. Purchasers and third parties in connection with a business transaction. Personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
  3. Law enforcement, regulators and other parties for legal reasons. Third parties as required by law or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) enforce our Terms of Use or to protect the security or integrity of our Website; and/or (c) exercise or protect the rights, property, or personal safety of Echobox, our customers or others.

Marketing and Advertising

If you sign up for our newsletter on our Website, we will send your emails from time to time with relevant information about the Echobox Service. For some messages, we may use personal information we collect about you to help us determine the most relevant information to share with you.

If you do not want to receive such messages from us, you can change your marketing preferences by clicking on the unsubscribe link at the bottom of our emails.

Storing and transferring your Personal Information

Security. We implement appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored on secure servers.

Where you register for an account on the Echobox Service, you are responsible for maintaining your account’s security as more specifically explained in the Terms of Service.

International Transfers of your Personal Information. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third party service providers have operations. If you are located in the European Union ("EU"), your personal information may be processed outside of the EU including in the United States; these international transfers of your personal information will be made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission. If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of this privacy policy.

Retaining your Information

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of our legitimate business interests and satisfying any legal or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and the applicable legal requirements.

Your Rights in respect of your Personal Information

In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:

  1. Right of access and portability. The right to obtain access to your personal information along with certain information, and to receive that personal information in a commonly used format and to have it ported to another data controller.
  2. Right to rectification. The right to obtain rectification of your personal information without undue delay where that personal information is inaccurate or incomplete.
  3. Right to erasure. The right to obtain the erasure of your personal information without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.
  4. Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal information in certain circumstances, such as where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information.
  5. Right to object. The right to object, on grounds relating to your particular situation, to the processing of your personal information, and to object to processing of your personal information for direct marketing purposes, to the extent it is related to such direct marketing.

If you wish to exercise one of these rights, please contact us using the contact details at the end of this privacy policy.

You also have the right to lodge a complaint to your local data protection authority. If you are based in the EU, information about how to contact your local data protection authority is available at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html

Cookies and similar Technologies

We and our third party service providers automatically collect information about you when you use our Website. The table at ANNEX 2 sets out the categories of personal information collected about you automatically and how we use that information. We typically collect this information through tracking technologies including cookies, pixels and embedded scripts (collectively “Cookies”).

We use the following types of Cookies:

  1. Strictly necessary cookies. These are cookies that are required for the essential operation of our Website such as to authenticate users and prevent fraudulent use.
  2. Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
  3. Functionality cookies. These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  4. Targeting cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

In particular, we utilise the Facebook Pixel, a Cookie placed by Facebook that enables us to see how you move between devices when accessing the Website and Facebook to improve the effectiveness of our advertising.

The Cookies we use are designed to help you get the most from the website but if you do not wish to receive cookies, most browsers allow you to change your cookie settings. Please note that if you choose to refuse cookies you may not be able to use the full functionality of our Website. These settings will typically be found in the “options” or “preferences” menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the “Help” option in your browser for more details.

  1. Cookie settings in Chrome
  2. Cookie settings in Firefox
  3. Cookie settings in Safari and iOS
  4. Cookie settings in Internet Explorer

If you only want to limit third party advertising cookies, you can turn such cookies off by visiting the following links (please bear in mind that there are many more companies listed on these sites than those that drop cookies via our Website):

  1. Your Online Choices (http://www.youronlinechoices.com/)
  2. Network Advertising Initiative (http://www.networkadvertising.org/)
  3. Digital Advertising Alliance (http://www.aboutads.info/consumers)

Links to Third Party Sites

The Echobox Service may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.

Our Policy towards Children

The Echobox Service is not directed at persons under 18 and we do not knowingly collect personal information from children. If you become aware that your child has provided us with personal information, without your consent, then please contact us using the details below so that we can take steps to remove such information and terminate any account your child has created with us.

Changes to this Policy

We may update this privacy policy from time to time and so you should review this page periodically. When we change this privacy policy in a material way, we will update the "last modified" date at the end of this privacy policy. Changes to this privacy policy are effective when they are posted on this page.

Notice to You

If we need to provide you with information about something, whether for legal, marketing or other business related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our Website. The fact that we may send notices to you will not stop you from being able to opt out of certain types of contact as described in this privacy policy.

Contacting Us

Questions, comments and requests regarding this privacy policy are welcome and should be addressed to privacy@echobox.com.

This privacy policy was last modified on 21 May 2018.



Annex 1: Personal Information we collect

Category of personal information How we use it Legal basis for the processing
Contact information and basic personal details. Such as your name, phone number, location (country), work email, profile photos, company name and your role, Website URL. We use this information to communicate with you, including sending statements, news, alerts and marketing communications. The processing is necessary for our legitimate interests, namely for marketing purposes, and for communicating with you effectively and responding to your queries.
We use this information to deal with enquiries and other requests made by or about you, including customer service issues, relating to the Echobox Service.
We use this information to verify your identity on sign-up (as an employee of your employer). The processing is necessary for our legitimate interests, namely verifying your identity.
We use this information to operate, maintain and provide to you the features and functionality of the Echobox Service. The processing is necessary for the performance of a contract and to take steps prior to entering into a contract (namely our Terms of Service).
Correspondence and comments. When you contact us directly, e.g. by email, phone, mail, or when you interact with customer service, we will record your comments and opinions. To address your questions, issues and concerns and resolve your customer service issues. The processing is necessary for our legitimate interests, namely communicating with you effectively for the purposes of resolving your issues.
Payment information. Details such as your credit card or other financial information. We use this information to facilitate payment for use of the Echobox Service. The processing is necessary for the performance of our contract with you (namely our Terms of Service).
We use this information to detect and prevent fraud. The processing is necessary for our legitimate interests, namely the detection and prevention of fraud.
Recruiting details. Professional details and employment information such as resume, references, LinkedIn profile. We use this information to facilitate recruiting. The processing is necessary for our legitimate interests, namely assessing your suitability for a role with Echobox.
Location information. Other than information you choose to provide to us, we do not collect information about your precise location. Your device’s IP address (which we collect automatically; see ANNEX 2 below) may help us determine an approximate location. We may use an approximate location to ensure content on the Echobox Service is relevant to the city or country you are using your device in. The processing is necessary for our legitimate interests, namely to tailor the Echobox Service to you and to improve the Echobox Service generally.
All personal information set out above. We will use all the personal information we collect to operate, maintain and provide to you the features and functionality of the Echobox Service, to monitor and improve the Echobox Service, our Website and business, and to help us develop new products and services. The processing is necessary for our legitimate interests, namely to administer and improve the Echobox Service, our business and develop new services.


Annex 2: Personal Information collected automatically

Category of personal information How we use it Legal basis for the processing
IP address, activity log and related information. We collect IP addresses and we log and store actions you have taken on the Echobox Service (for example where you edit a media item). We use this information for security and verification purposes. The processing is necessary for our legitimate interests, namely verifying your identity and for the purposes of accountability with respect to your employer.
We use this information to resolve issues with the Echobox Service. The processing is necessary for our legitimate interests, namely to monitor and resolve issues and to improve the Echobox Service generally.
We use this information to determine appropriate scheduled messages as part of the Echobox Service. The processing is necessary for the performance of our contract with you (namely our Terms of Service).
Information about how you access and use the Echobox Service. For example, the website from which you came and the website to which you are going when you leave our Website, how frequently you access the Echobox Service, the time you access the Echobox Service and how long you use it for, whether you open emails or click the links contained in emails, whether you access the Echobox Service from multiple devices, and other actions you take on the Echobox Service. We use this information to present our Website and the Echobox Service to you on your device. The processing is necessary for our legitimate interests, namely to tailor the Echobox Service to the user.
We use this information to determine products and services that may be of interest to you for marketing purposes. The processing is necessary for our legitimate interests, namely for marketing purposes.
We use this information to monitor and improve our Website and the Echobox Service and business, and to help us develop new products and services. The processing is necessary for our legitimate interests, namely to monitor and resolve issues and to improve the Echobox Service generally.
Log files and information about your device. We also collect information about the computer, tablet, smartphone or other electronic device you use to connect to the Echobox Service. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to the Echobox Service through the device, information about the server upon which the Echobox Service operates, your Internet service provider or mobile network. We use this information to:
• enable the Echobox Service to be presented to you on your device; and
• operate, maintain and provide to you the features and functionality of the Echobox Service.
The processing is necessary for the performance of a contract and (namely our Terms of Service).
We use this information to monitor and improve the Echobox Service and business, and to help us develop new products and services. This processing is necessary for our legitimate interests, namely to tailor the Echobox Service to the user and to improve the Echobox Service generally.