Privacy statement

Episerver takes your privacy seriously and is committed to protecting your privacy rights. We want you to know why we collect your personal information, what we collect, how we use it, and for how long we store it. We also want you to know how you can access, amend, correct, and in some cases delete your information.

Key point summary

This is a high-level overview of our privacy policy. Please scroll down to read the full privacy policy.

  • This is the privacy statement of the Episerver group of companies. The privacy statement of the Optimizely group of companies can be found here.
  • In general terms, we collect personal information to provide you with content that you request and when you buy or use our software or services as one of our customers. Learn more.
  • We collect information when you visit our websites but we generally cannot tell who you are unless you identify yourself. Learn more.
  • This privacy statement explains what information we collect when you interact with us by completing a form on our website, participating at one of our events or registering with us at an event. Learn more.
  • We may share your personal information with partners but will not sell or rent your information. We only share information with partners where you have agreed or (where permitted without agreement) where the partners have been clearly identified to you. Learn more.
  • In order to deliver our services to you, we rely on a number of systems, platforms and services provided by third party vendors who act as processors when processing personal information on our behalf. Some of these vendors may be based outside the UK and the EEA. Where personal information is processed outside the UK and the EEA, we ensure that a similar degree of protection is afforded to it using mechanisms that comply with data protection law. Learn more.
  • When we provide services to our customers, personal information that is stored and used by those customers in our software or using our services, is personal information that is controlled by the customer. We merely act as a processor. If you interact with an organisation that uses our software or services to communicate with you then any queries concerning the processing of your personal information should be addressed to that organisation. In particular, we cannot unsubscribe you from third marketing communications. Learn more.
  • This privacy statement explains how you can opt out of web tracking and marketing communications from us. Learn more.
  • This privacy statement explains how you may contact us and what to do if you want to exercise your data subject rights or to make a complaint. Learn more.

Complete privacy policy

Who we are

When we speak of Episerver, we mean the Episerver group of companies which currently comprises the following legal entities:

  • Episerver AB
  • Episerver Inc.
  • Episerver GmbH
  • Episerver UK Ltd.
  • Episerver Research and Development Company Limited
  • Episerver Denmark Aps
  • Episerver Benelux BV
  • Episerver Finland OY
  • Episerver Pty Ltd
  • BV Networks

Why we collect information

  • We collect personal information when you request our content marketing assets, in order to provide useful content and follow up on its effectiveness for marketing purposes.
  • We collect information when you contact us to respond to your request, question, or issue, and to follow up on the resolution.
  • Our advertising partners collect information about your behavior on our websites in order to deliver interest-based advertising on our behalf. We do not share any personal information with these partners, but you may have shared information with them if you have signed up for any of their services (such as Facebook or LinkedIn).
  • We collect information when you buy and/or use our software or services. We do this to be able to deliver our services, to send you important operational information, for contractual reasons, to process financial transactions, and for legal and regulatory reasons.
  • If you are an Episerver partner, we collect information to enable you to resell and provide services around our software and services, and to fulfil our contractual obligations to you as a partner.
  • We may also collect information to prevent and detect crime, fraud or corruption.

What we collect

  • Most often we collect name, email, phone, address, job title, and company.
  • If you are an Episerver customer, we may collect the products and services you use.
  • If you sign a contract with Episerver, we may collect further details such as your signature or other proof of identity, and the IP address (if signing a contract digitally).
  • We may collect other data you have provided while contacting us, especially using the contact, download, or signup forms on our website.
  • We collect data that you have sent to us through an online survey, event attendance application, support ticket, or job application.
  • We collect anonymous information sent by your browser when you visit our websites, including IP address, operating system, and browser version. If you identify yourself by filling out a form, some data (such as what pages you view on our websites) will be connected to your personal information.
  • We offer publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose any information through our public message boards, blogs, or forums, this information may be collected and used by others.
  • Information we and partners collect when you browse our website
    • On our websites, we include a number of scripts from third-party vendors. These scripts may gather data for web statistics, which then may be used for interest-based advertising on other services (such as Google, Facebook, or LinkedIn), and they may offer additional functionality to the web sites (such as chat).
    • The websites and third-party scripts may use cookies or local storage. Cookies and local storage can be used to identify a returning visitor. Cookies and local storage in themselves do not identify you as an individual – but if you for instance are using Facebook, and subsequently visit our websites, Facebook may learn about your visit.
    • On our websites, we are tracking data for analytical purposes into our data stores and prediction models powered by Episerver Advance and Episerver Insight. 
    • We cannot tell who you are unless you willingly identify yourself on our websites.
    • If you at some point have identified yourself by filling out a form on our websites, pages you view on our websites may be connected to your personal information. We do this to understand the effectiveness of our website.
    • For certain parts of our websites, for instance pages that require a login, cookies are required for the website to work properly. Otherwise, cookies are generally not required for the operation of the website.
    • We set a cookie and use local storage in your browser that contains information that we use to identify you between visits. In particular, we set an identifier that identifies you for the functional site features described below:
      • Marketo – see below
      • Drift – see below
      • Google Analytics – see below
      • Optimizely – see below
      • Load balancer tagging – we have multiple web servers, and this identifier makes sure that you are served by the same web server between page views.
  • Required site features – vendors that may collect Personal Data on our behalf:
    • Drift: We use Drift to provide a website chat bot and to allow you to book a meeting with a sales representative. As part of your conversation with the chat bot, you may enter personal information such as your email address. This information is stored by Drift, and automatically transferred to us to enable the booking of your meeting and to notify a sales representative. If you have previously interacted with us some of your information may be shared with Drift in order for us to present you with the most relevant options and to speed up the process of booking a meeting. Read Drift’s privacy policy here.
    • Marketo: We use Marketo to manage registrations on our websites, to collect and store consent, and to send consent-based email communications. We also use Marketo to track web visits if you have registered on our website. Read Marketo’s privacy policy here.
  • Functional site features – vendors that may collect anonymous data on our behalf:
    • Clearbit: We use Clearbit to resolve a company name from your IP address when possible. The company name and details may then be processed for analytical purposes as well as to gauge interest in our products and services at a company level. Clearbit does not set any cookies and does not identify you as an individual, and we do not share any data with Clearbit. Read Clearbit’s privacy policy here.
    • Google Analytics: We use Google Analytics to analyze the performance of our websites and follow up on the effectiveness of our marketing efforts. Google Analytics allows us to analyze data in aggregate; we do not collect or store any personal information in Google Analytics. Read Google’s privacy policy here.
    • Hotjar: We use Hotjar to improve the user experience on our websites. Hotjar collects anonymous usage information from our website, including the pages you visit. We do not use Hotjar to collect any personal information for us. Read Hotjar’s privacy policy here.
    • Leadlander: We use Leadlander to find out the names of companies that visit our websites and what pages visitors from those companies have viewed. Leadlander does not collect any personal information on our websites, but you may have provided them with information on other websites that also use Leadlander, and that information may then be connected to your visit on our websites. Read Leadlander’s privacy policy here.
    • New Relic: We use New Relic to monitor the status of our website. New Relic sets an anonymous cookie to measure the time it takes to load a webpage. Read New Relic’s privacy policy here.
    • Wistia: We use Wistia to store videos that we show on our website. Wistia uses a cookie to collect anonymous viewing information that we use to find out how videos are being viewed. Read Wistia’s privacy policy here.
    • Demandbase: Demandbase is an Account Based Marketing vendor that specializes in advertising, site personalization and buying intent data. Demandbase automatically collects data through tracking pixels, web beacons and cookies. Demandbase collects IP addresses that map back to firmographic data such as company name and industry. Episerver uses this information to look for buying intent and for recommending related content. Episerver will not sell or rent this information to any third parties. For information how to request your data or have it deleted refer to the Episerver privacy page. For more information about data usage and GDPR statements view the Episerver and Demandbase privacy pages. 
    • Optinmonster (Vendor anonymous data): Optinmonster is a conversion optimization tool that we use to create pop-ups to guide users through our website. It collects anonymised visitor behaviour information such as new and returning visitor data, number of pages visited during a session, and how the visitor interacted with the Optinmonster popups. This data is stored in local cookies. For specific marketing campaigns the anonymous data is aggregated and used to evaluate the success of a campaign. The cookies are not used externally with third parties for any purpose. No personally identifiable information is stored but visitors can delete the cookies in their own browser to stop them being used. The cookies are:

      _omappvp: used for determining new vs. returning visitors
      _omappvs: used to determine when a new visitor becomes a returning visitor
      om-global-cookie / omGlobalSuccessCookie: used to prevent any future OptinMonster campaigns from showing on your site
      om-interaction-cookie / omGlobalInteractionCookie: used to determine if a visitor has interacted with any campaign on your site
      om-{id} / om-{campaignSlug}: ;used to determine if a visitor has interacted with a campaign ID of {id} / {campaignSlug} on your site
      omSeen-{campaignSlug}: used to determine if a visitor has been shown a campaign by the slug
      om-success-{id} / omSuccess-{campaignSlug}: used to determine if a visitor has successfully opted into a campaign with the ID of {id} / {campaignSlug} on your site
      om-success-cookie / omSuccessCookie: used to determine if a visitor has successfully opted into any campaign on your site
      om-{id}-closed / omSlideClosed-{campaignSlug}: used specifically with slide-in campaigns {id} / {campaignSlug} to determine if it has been closed or not by a visitor
      omCountdown-{campaignSlug}-{elementId}: used for countdown elements {elementId} in campaigns {campaignSlug} to determine when it should complete
      omSessionStart: used to determine the current session time of the visitor on your site
      omSessionPageviews: used to determine the number of pages seen by a visitor during their browsing session on your site.

      The Optinmonster privacy policy can be found here.
  • We use a number of services, listed below, for advertising based on your web activity, or remarketing. We use this to show ads to visitors that have been to our websites, on Google, Facebook, LinkedIn, and other participating websites. If you have an account with any of the vendors below, their privacy policy may allow them to connect the fact that you have been to our websites and the pages you have viewed with your profile. Your anonymous browsing behavior may in turn be shared by the following partners as outlined in their privacy policies. We do not share any personal information with these vendors.

Also see the section on opting out of marketing and web tracking – including a page to opt out of interest-based advertising in general.

  • Information we collect when you fill out a form on our websites
    • When you submit a form on our websites, we collect the information that is listed in the form – typically your name, email address, company name, phone number, and survey questions about the nature of your company. If you are based in a country within the European Union, you also get the option to opt in to our email newsletter. If you are a non-EU individual, you will receive our newsletter if you sign up for an asset, demo, or webinar.
    • By submitting a form on our websites, you confirm that you have you have read and accept this privacy policy, and that you understand that data will be collected and processed for the purposes outlined in this policy.
    • If you have filled out a form on our websites, we may collect the URLs of any pages viewed or links clicked on our websites and connect them to your profile. This may include pages that you have visited prior to filling out a form on our website. We do this to better understand your needs.
    • If you open or click a link in an email we have sent you in response to you filling out a form, including email newsletter, that information will be connected to your profile. We may do this to either verify your email address to prevent spam and misuse, or to follow up on the usefulness of our email marketing.
    • If you use any of our discussion forums (such as the one on Episerver World), the information you enter will be stored for the purpose of publishing it to the discussion forum.
    • As a way to prevent spam and fraudulent input, we make use of the reCAPTCHA service from Google to protect forms. This service captures data about the visitor in order to figure out if it is a real person or a bot. We do not send any personal data to Google, but they may see information that your browser sends, such as your hardware and software configuration or your IP address.
  • Information we collect when you participate at an Episerver event
    • When you register for an event, we may direct you to the website of our event registration vendor. In that case, the information you enter in the form is shared with us for managing and following up on the event.
    • Even if you sign up on an external website (such as that of our event management vendor, for example Eventbrite), your data will be processed by us for the purpose of managing the event and for following up on your participation. You may also have the option to opt in to our newsletter or other marketing communication.
  • Information we collect when you register with us at a trade show or industry event
    • If you meet us at a trade show or industry event, you may leave your contact details in order for us to follow up with you, to enter a competition or a game, or to subscribe to our newsletter. We will collect the information that is available on e.g. a business card, or in a form we may provide to you.
    • Please note that when you register for an industry event, you might have consented to sharing your personal information with us when signing up for the event.

How we use information

  • We never sell or rent your personal information to third parties. If you are an individual based in the EU and have given us your express permission, we may share your personal information to select partners that you decide. If you are an individual not based in the EU, we may share your personal information to select partners that are clearly labelled when you sign up. We always make clear when we share that information – as an example when we provide an event or an asset in collaboration with a partner of ours.
  • If you have requested a marketing asset or have participated in a marketing event, we use your personal information to follow up on the effectiveness of the marketing activity.
  • If you are an individual based in the EU and you have requested to be added to one of our newsletters, we may use your address to send you marketing communications. If you are an individual not based in the EU and you have registered to access one of our content marketing assets or a webinar, me may use your address to send you marketing communications.
  • If you are a customer or a partner of ours, we may use your contact information to send you product or service updates and information that is relevant to your use of the products and services.
  • Your information may be processed by vendors that act on our behalf, such as services we use to maintain our contact records, provide webinar services, or provide back-office services such as email. These vendors are under a data processing agreement with us, act on our instructions and adhere to the policies described in this document.
  • Episerver has employees and offices globally. This means that we may transfer information globally. Outside of the EU, we have offices in for example United States, Vietnam, Norway, Australia, and South Africa, but Episerver employees or subprocessors may access the information from other countries.
  • Protection of your information
    • We take care to protect your personal data against abuse or loss. As an example, we store it in secure environments. We also provide training to our employees on data protection best practices and require them to enter into a confidentiality agreement.
    • We cannot guarantee absolute security though. If you would like to learn more about what we do to protect your data, please contact us at compliance@episerver.com.
  • Information shared with vendors and service providers
    • In order to deliver our services, we rely on a number of different systems, platforms and services, some of which are provided by members of the Episerver and Optimizely group of companies (such as Zaius - https://www.zaius.com/) and some of which are provided by third party vendors and service providers. This covers everything from the software we use in our finance department to the infrastructure we use to run Digital Experience Cloud and other services. Where we use vendors and service providers, they act as data processors on our behalf.
    • Third party vendors that we use in order to provide support for our services include:
      • Gainsight –https://www.gainsight.com/
      • Intercom - https://www.intercom.com/
      • JIRA - https://www.atlassian.com/software/jira
      • Salesforce – www.salesforce.com
      • Zendesk – www.zendesk.com
    • We hold our vendors and service providers to the same high privacy standards as we hold ourselves to. In all cases where we share your information with anyone outside of the Episerver and Optimizely group of companies, we explicitly require them to acknowledge and adhere to our privacy and customer data handling policies through a data processing agreement.
    • Some vendors and service providers are based outside the EU and UK, including the United States. Whenever we transfer your personal data out of the EU and/or UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
      • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
      • Where we use certain service providers, we may use specific contracts approved for use in the UK and/or EU that give personal data the same protection it has in the UK and/or EU.
      • In the case of specific service providers, we may implement supplemental safeguard measures, which may be technical, contractual and/or organisational.
    • Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK and/or EU.

How long we keep information

  • We keep your information only for as long as it is warranted to fulfil our commitments to you, or to adhere to legal or regulatory requirements.
  • If you are a customer or partner, we keep the information for the duration of our relationship. Certain information may be kept for longer though, for instance contracts will be archived even when terminated.
  • If you have requested to receive marketing communications, we will keep your personal information only for as long as you interact with us.
  • In most cases, we keep your personal information for no more than 12 months after the last contact or when your contract has expired, with the exception of information we have to keep for legal reasons, such as signed contracts.
  • If you are an Episerver customer or partner (or prospective customer or partner), Episerver is a controller
    • If you are an Episerver customer or partner, we may keep your personal information for the duration of our contract between your organization and us. If not required by law or regulation to keep your information beyond that term, we will remove it within 12 months of the contract ending.
    • If you have signed or entered into a contract with us, we typically archive and store that contract for an extended period of time, typically seven years or longer, depending on jurisdiction. Other items such as invoices may also be kept for longer than 12 months.
    • If you have asked to receive one of our newsletters or other marketing communications from us, we will keep your personal information to maintain your subscription, even if you would no longer be a customer or partner of ours.
    • If you have signed up to take part in our developer community or discussion forums, your personal information will remain unless you explicitly tell us to remove it.
  • If you are not an Episerver customer or partner
    • If you have opted into any of our content marketing initiatives or have opted in to our newsletters, your personal information will be kept for as long as you seem to be an active subscriber.
    • If we haven’t seen any activity on your part for 12 months, we will remove your personal information or anonymize it.
    • If you have been in touch with us with a question, demo request, asked for a quote, or have engaged with a sales representative, your information will be stored for up to 12 months after the last recorded activity, and will then be removed or anonymized.
    • If you have signed up to take part in our developer community or discussion forums, your personal information will remain unless you explicitly tell us to remove it.
    • If you have submitted a valid GDPR data subject access request to exercise your right to be forgotten we will delete your data within 30 days of the request.

Episerver as a processor

  • We provide software and services to our customers, including through the Digital Experience Cloud. This software and these services allows our customers to build websites, ecommerce sites, and manage marketing campaigns, and it may be used to collect personal information.
  • In these cases, it is our customers that control the processing of personal information, and we act on their behalf as a data processor. The terms of our processing activities are regulated by a data protection agreement entered into between us and our customer.
  • Where we act as a data processor, if you have a question about how your information is processed or have any other requests relating to your data, please contact the owner of the website or sender of the communication.
  • Information processed in Digital Experience Cloud and other products and services
    • Our customers use the Digital Experience Cloud and other products and services from Episerver to build webpages and ecommerce sites that people can visit to learn more about their business and/or make online transactions, and campaign management services to help them create online marketing campaigns.
    • We do not control the content of these webpages, emails or other messages, or the types of information that our customers may choose to collect or manage using our services.
    • Information that is collected using our services on behalf of our customers belongs to them and is used, disclosed and protected by them according to their privacy policies and is not subject to this Privacy Policy.
    • With regards to the Digital Experience Cloud and other products and services we provide, we collect information under the direction of our customers and have no direct relationship with the individuals whose Personal Information we process.
  • How to opt out from marketing communications from Digital Experience Cloud Customers
    • Our customers are solely responsible for their own marketing emails and other communications and we cannot unsubscribe you from their communications.
    • You can unsubscribe from our customers' marketing communications by clicking on the "unsubscribe" link located on the bottom of their emails, or by contacting them directly.
    • If you believe any of our customers has engaged in unsolicited sending of mass email (or SPAM) and that they are using Episerver products or services to do so, please contact us at abuse@episerver.com.

Your choices and rights

  • You can choose to opt out of marketing communications at any time, regardless if you are a customer, partner, or none of the above.
  • If you are an individual based in the EU, you can request a copy of your personal information and you can update any incorrect information.
  • If you are an individual based in the EU, you can ask to have your personal information removed, or in some cases limit our processing of personal information. This does not apply when we need to keep your information for legal reasons.
  • How you can opt out of marketing
    • If you don’t want to receive marketing communications from us, you can at any time use the “Unsubscribe” link present in all marketing emails from us or go to our unsubscribe page.
    • Please note that opting out of email marketing typically doesn’t mean that you won’t see ads from us – please see the section below on how you can opt out of web tracking, although it doesn’t mean that you will opt out of ads altogether.
  • How you can opt out of web tracking
    • There are several ways to opt out of web tracking:
      • Most browsers allow you to block third-party cookies or prevent cross-domain tracking. This will limit the cookies that can be set by third-party scripts. This will not completely eliminate tracking by some third-party services though as they may use first-party cookies.
      • Most browsers also allow you to ask not to be tracked (it sends the “Do Not Track” request header). If you have enabled this feature, we will not track the pages you visit in a way that enables us to connect them to your personal information. Your page views may still be collected anonymously though. Many of the third-party services we use for collecting anonymous data also respect the Do Not Track setting.
      • You can opt out of interest-based advertising on these two pages: NAI consumer opt-out page and DAA opt-out page. This will not remove ads, but will for example remove the possibility for us to display ads to people that have visited our website. Note that these services in themselves requires cookies.
      • You can also opt out from the individual services we use:
      • AdRoll: You can turn off interest-based ads on AdRoll’s opt-out page.
      • Facebook: You can turn off interest-based ads in your Facebook settings – please see this page: https://www.facebook.com/help/568137493302217
      • Google ads, including Google AdWords and Doubleclick: You can turn of personalization for Google’s display and search ads – please see this page: You can edit your settings for ad personalization here. There is more information on ad personalization on Google and through their ad networks here.
      • Google Analytics: You can use Google’s opt-out browser add-on to prevent tracking in Google Analytics, see https://tools.google.com/dlpage/gaoptout.
      • Hotjar: You can turn off Hotjar recording by following the steps on this page: https://www.hotjar.com/opt-out
      • Microsoft (including Bing): You can turn off interest-based ads here: https://choice.microsoft.com/
      • Optimizely: If you want to opt out of Optimizely experiments (such as A/B-testing), please follow the instructions on this page.
  • Your rights as an individual based in the EU
    • Access to your information: You have the right to request a copy of the personal information we hold about you.
    • Correcting your information: We want to have accurate data. Please contact us if you think the data we hold is not up to date or correct.
    • Deletion of your information: You have the right to ask us to delete Personal Data about you if it no longer is required for the purpose it was collected, you have withdrawn your consent, you have a valid objection to us using your Personal Data, or our use of your Personal Data is contrary to law or our other legal obligations.
    • Objecting to how we may use your information: You have the right at any time to require us to stop using your Personal Data for direct marketing purposes.  In addition, where we use your Personal Data to perform tasks carried out in the public interest then, if you ask us to, we will stop using that Personal Data unless there are overriding legitimate grounds to continue.
    • Restricting how we may use your information: In some cases, you may ask us to restrict how we use your Personal Data.  This right might apply, for example, where we are checking the accuracy of Personal Data about you that we hold or assessing the validity of any objection you have made to our use of your information.  The right might also apply where this is no longer a basis for using your Personal Data but you don't want us to delete the data.  Where this right to validly exercised, we may only use the relevant Personal Data with your consent, for legal claims or where there are other public interest grounds to do so.
    • Automated processing: If we use your Personal Data on an automated basis to make decisions that significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you.
    • Withdrawing consent using your information: Where we use your Personal Data with your consent you may withdraw that consent at any time and we will stop using your Personal Data for the purpose(s) for which consent was given.
    • Please contact us if you wish to exercise any of these rights. You can find the contact details below.
  • If you want to submit a complaint
    • We have appointed a Data Protection Officer. If you are a European Union (“EU”) resident who requires assistance in exercising your privacy rights, please write to Data Protection Officer at dpo@episerver.com.
    • We always want to resolve directly all complaints about how we handle Personal Data. If you are a EU resident, you also have the right to lodge a complaint with the Swedish Data Protection Authority (Datainspektionen).
    • You can reach Datainspektion using one of the following methods:

Datainspektionen
Box 8114
SE-104 20 Stockholm

Office address:
Drottninggatan 29, 5th floor
Stockholm

E-mail: datainspektionen@datainspektionen.se
Telephone: +46 8 657 61 00

How to contact us

Episerver AB
c/o Legal Department
Box 7007
103 86 Stockholm
Sweden

  • If you are based outside of the European Union, you can write to:

Episerver Inc.
c/o Legal Department
542 Amherst Street
Nashua, NH 03063
USA

On this page