Epiq Class Action & Claims Solutions, Inc. and its affiliates and subsidiaries (“Epiq”) have made a commitment to collect, use and disclose personal information in compliance with applicable law and in such a manner that a reasonable person would consider appropriate in the circumstances.
SCOPE OF POLICY
Epiq has designated a Privacy Director who is responsible for our compliance with this Policy. The Privacy Director may be contacted as described below.
Attn: Privacy Director
11 Old Jewry
London EC2R 8DU
CLAIMS DATA COLLECTED
On behalf of its clients who are the data controllers, Epiq may collect Data from claimants, from its clients and from third parties. The Data may include:
- Identity information, such as name, address, email address and other contact information for claimants and other related parties;
- Banking and financial account information;
- Publicly available information about you, related parties, and other related information related to your Claim(s); and
- Other information that you may disclose to or share with us online, over the phone, or otherwise related to your Claim(s).
USES AND DISCLOSURES
Epiq will identify the purposes for which Epiq collects personal information at or before the time the information is collected from individuals. Epiq may choose to identify such purposes orally or in writing. Written notification will be used whenever practical to do so.
On behalf of its clients, Epiq may collect, use and disclose Data for the following purposes:
- To initiate, process, review, investigate, assess, validate, settle, finalize, and otherwise administer Claims, according to the terms and conditions of the Class Action Settlement Agreements as approved by the Courts;
- For reporting, auditing and analytics purposes, including to provide with reports on Claims and to audit Claims on behalf of its clients;
- To communicate with you regarding your Claim(s);
- To verify your identity;
- For fraud detection and verification purposes, and to otherwise protect us, our clients and others from fraud, error and other harm;
- To improve our services and operations that we use to provide claims management and related services, and to provide training to relevant personnel; and
- In order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
We may also use de‐identified information and aggregate information relating to Claims for research, analytics, and related purposes.
In carrying out the activities and purposes described above on behalf of its clients, Data may be processed by Epiq, including other affiliated Epiq entities, who perform services or provide support relating to the Claims Management Services. Data may also be disclosed to third parties as set forth below:
- Adjusters, assessors, valuators and service providers engaged by Epiq to perform services or functions related to the Claims Management Services;
- Authorized representatives and other service providers acting on our behalf; and
- Other third parties where necessary to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
Epiq may also disclose the Data to its clients, who have control over the Data.
Your consent to the collection, use, or disclosure of your personal information can be express through written, electronic or any other method. The choice to provide Epiq with your consent is always yours, however, your decision to withhold such consent may limit our ability to provide you with certain services.
LIMITING USE, DISCLOSURE, AND RETENTION
Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law.
Upon our clients’ direction, we will destroy, erase or make anonymous documents or other records containing personal information as soon as it is reasonable to assume that the original purpose is no longer being served by retention of the information and retention is no longer necessary for a legal or business purpose. We will take due care when destroying personal information so as to prevent unauthorized access to the information.
The personal information Epiq collects will be as accurate, complete and up‐to‐date as is necessary for the purposes for which it is to be used. Epiq will, on an ongoing basis, take reasonable steps to ensure the accuracy and completeness of personal information under its care and control. Individuals who provide their personal information to Epiq must do so in an accurate and complete manner. Epiq’s goal is to minimize the possibility that inaccurate information is used to make a decision about any individual whose personal information Epiq processes.
Epiq has implemented measures designed to secure personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All personal information is stored on our secure servers behind firewalls.
Epiq’s security measures include:
- education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
- administrative and technical controls to restrict access to personal data on a ‘need to know’ basis;
- technological security measures, including firewalls, multi‐factor authentication, encryption and anti‐virus software;
- Physical security measures, such as staff security passes to access our premises; and
- Reasonable precautions for the disposal or destruction of personal information that may consist of securely shredding physical documents and deleting electronically stored information in a manner that prevents it from being readily recovered.
If we find out there has been a breach of our security safeguards and there is a real risk of significant harm to you, you will be notified unless otherwise prohibited by law.
ACCESS AND CORRECTION
You may request access to, or the correction of the personal information collected and processed by Epiq as part of the Claim Services, information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed, by making a written request to our Privacy Director. You may be required to verify your identity.
Because we are acting for and on behalf of our clients, we will provide them with your request and will work with them as needed to respond to your request. In some situations, we or our clients may not be able to provide access to certain personal information. This may be the case where, for example, disclosure would reveal personal information about another individual, the personal information is protected by solicitor/client privilege, the information was collected for the purpose of an investigation or where disclosure of the information would reveal confidential commercial information. We may also be prevented by law from providing access to certain personal information. When an access request is refused, we will notify you in writing, document the reasons for refusal and outline further steps, which are available to you.
Epiq and any of its subsidiaries or affiliated companies may transfer your personal information across national borders to fulfil any of the above purposes, including but not limited to the United States.
We will, on request, provide information regarding our complaint procedure. Any inquiries, complaints or questions regarding this Policy should be directed in writing to our Privacy Director as follows:
Attn: Privacy Director
11 Old Jewry
London EC2R 8DU
Version: July 2020