Privacy Policy

Effective Date: May 22, 2020

Thank you for visiting Echo! Echo (“Echo”, “we”, “us” or “our”) respects your privacy. When it comes to your personal information, we believe in transparency, not surprises. That’s why we’ve set out here what personal information we and our website hosting provider collects, what is done with it and your choices and rights.

By using any of Echo’s Services, you confirm you have agreed to the Terms & conditions and read and understood this Privacy Policy and our Cookie Policy.

1. Key terms

In our Privacy Policy, when we refer to “Users”, we mean visitors to our website. Any other capitalized terms not defined in this Privacy Policy have the meanings in our Terms & conditions.

2. How does this Privacy Policy apply?

This Privacy Policy describes what we do with personal information that our website hosting provider collects and use for our own purposes (i.e., where we and our hosting provider are a controller), such as your account information. This Privacy Policy does not apply to personal information of our employees or job applicants (except to the extent employees or job applicants are Users).

We use cookies and similar technologies. Our Cookie Policy describes what we do in that regard.  

3. Personal information we collect

Our website hosting provider collects various personal information regarding you or your device. This includes the following:

  • Information you provide to create an Account, specifically email address, first name and last name.

  • The emails and other communications that you send us or otherwise contribute, such as customer support inquiries.

  • Information you share with us in connection with surveys, contests or promotions.

  • Information from your use of the website. This includes: IP addresses, preferences, web pages you visited prior to coming to our site, information about your browser, network or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs and language and other regional settings), information about how you interact with the website (such as timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, and problems you may encounter, such as loading errors).

  • Other information you submit to us directly or through Third Party Services if you use a Third Party Service to create an Account (based on your privacy settings with such Third Party Service).

This information is shared with our website analytics provider, to learn about site traffic and activity.

4. How we collect personal information

We obtain personal information from various sources. This is done in three main ways:

  • You provide some of it directly (such as by registering for an Account).

  • Our website hosting provider records some of it automatically when you use our website (including with technologies like cookies).

  • We receive some of it from third parties (like when you register for an account using a Third Party Service or if you make payments to us using our payment processor or via a mobile app store).

5. How we use your personal information

We use the personal information we obtain about you for the following purposes:

  • Provision of the Services. Create and manage your Account, provide and personalize our Services, process payments and respond to your inquiries.

  • Communicating with you. Communicate with you, including by sending you emails about your transactions and Service-related announcements.

  • Surveys and contests. Administer surveys, contests and other promotions.

  • Promotion. Promote our Services and send you tailored marketing communications about products, services, offers, programs and promotions and measure the success of those campaigns.

  • Advertising. Analyze your interactions with our website and third parties’ online services so we can tailor our advertising to what we think will interest you. For example, we may choose to serve you a particular advertisement based on what we think may interest you based on other information we hold about you.

  • Customizing the Services. Provide you with customized services. For example, we use your location information to determine your language preferences or display accurate date and time information. We also use cookies and similar technologies for this purpose.

  • Improving our Services. Analyze and learn about how the website is accessed and used, evaluate and improve our website and monitor and measure the effectiveness of our advertising. We usually do this based on anonymous, pseudonymized or aggregated information which does not focus on you individually.

  • Security. Ensure the security and integrity of our website.

  • Third party relationships. Manage our vendor and partner relationships.

  • Enforcement. Enforce our Terms & Conditions and other legal terms and policies.

  • Protection. Protect our and others’ interests, rights and property (e.g., to protect our Users from abuse).

  • Complying with law. Comply with applicable legal requirements, such as tax and other government regulations and industry standards, contracts and law enforcement requests.

We process your personal information for the above purposes when:

  • Consent. You have consented to the use of your personal information in a particular way. When you consent, you can change your mind at any time.  

  • Performance of a contract. We need your personal information to provide you with services and products requested by you, or to respond to your inquiries. In other words, so we can perform our contract with you or take steps at your request before entering into one. For example, we need your email address so you can sign in to your Retailer account.

  • Legal obligation. We have a legal obligation to use your personal information, such as to comply with applicable tax and other government regulations or to comply with a court order or binding law enforcement request.

  • Legitimate interests. We have a legitimate interest in using your personal information. In particular, we have a legitimate interest in the following cases:

    • To operate the Echo business and provide you with tailored advertising and communications to develop and promote our business.

    • To analyze and improve the safety and security of our website and services - we do this as it is necessary to pursue our legitimate interests in ensuring Echo is secure, such as by implementing and enhancing security measures and protections and protecting against fraud, spam and abuse.

    • To anonymize and subsequently use anonymized information.

  • Protecting you and others. To protect your vital interests, or those of others. 

  • Others’ legitimate interests. Where necessary for the purposes of a third party’s legitimate interests, such as our partners who have a legitimate interest in delivering tailored advertising to you and monitoring and measuring its effectiveness or our Users who have a legitimate interest in having their sites function properly and securely and analyzing the usage of their sites so they can understand trends and improve their services.  

7. Your rights and choices

Where applicable law requires (and subject to any relevant exceptions under law), you may have the right to access, update, change or delete personal information.

You can access, update, change or delete personal information either directly in your Retailer account or by contacting us at echo@echo.is to request the required changes. You can exercise your other rights (including deleting your account) by contacting us via your account at the same email address. Please note that we may need to verify your identity in connection with your requests, and such verification process may, if you do not have access to your Account, require you to provide us with additional information (e.g. government identification). Even if you have access to your Account, we may request additional information if we believe it’s necessary to verify your identity. If we are unable to verify your identity or request, we may not, in accordance with applicable law, be able to fulfill your request.

You can also elect not to receive marketing communications by changing your preferences in your account or by following the unsubscribe instructions in such communications.

Please note that, for technical reasons, there is likely to be a delay in deleting your personal information from our systems when you ask us to delete it. We also will retain personal information in order to comply with the law, protect our and others’ rights, resolve disputes or enforce our legal terms or policies, to the extent permitted under applicable law.

You may have the right to restrict or object to the processing of your personal information or to exercise a right to data portability under applicable law. You also may have the right to lodge a complaint with a competent supervisory authority, subject to applicable law. If you are subject to EU data protection laws, we suggest you lodge any such complaints with our lead supervisory authority:

The Icelandic Data Protection Agency
E-mail: postur@personuvernd.is
Tel. (+354) 510 9600
Website: www.personuvernd.is

Additionally, if we rely on consent for the processing of your personal information, you have the right to withdraw it at any time and free of charge. When you do so, this will not affect the lawfulness of the processing before your consent withdrawal.

Our Cookie Policy explains how you can manage cookies and similar technologies.

8. How we protect your personal information

While no service is completely secure, our website hosting provider has a security team dedicated to keeping personal information safe. The provider maintains administrative, technical and physical safeguards that are intended to appropriately protect against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse and any other unlawful form of processing, of the personal information in our possession. The provider employs security measures such as using firewalls to protect against intruders, building redundancies throughout our network (so that if one server goes down, another can cover for it) and testing for and protecting against network vulnerabilities.

9. How we retain your personal information

We retain personal information regarding you or your use of the website for as long as needed to provide you the service and access needed. We also retain personal information for as long as necessary to achieve the purposes described in this Privacy Policy, for example, to comply with our legal obligations, to protect us in the event of disputes and to enforce our agreements and to protect our and others’ interests.  

The precise periods for which we keep your personal information vary depending on the nature of the information and why we need it. Factors we consider in determining these periods include the minimum required retention period prescribed by law or recommended as best practice, the period during which a claim can be made with respect to an agreement or other matter, whether the personal information has been aggregated or pseudonymized, and other relevant criteria.

As users might come back to us after an account becomes inactive, we keep your personal information for a reasonable period of time, so it will be there for you if you come back.

You may delete your account by contacting us at echo@echo.is and Echo will delete the personal information it holds about you (unless we need to retain it for the purposes set out in this Privacy Policy).

Please note that in the course of providing services related to this website, we collect and maintain aggregated, anonymized or de-personalized information which we may retain indefinitely.

10. Data transfers

Personal information that you submit through the website may be transferred to countries other than where you live, such as, for example, to our servers in the U.S. Our website hosting provider also stores personal information locally on the devices you use to access the website.

Your personal information may be transferred to countries that do not have the same data protection laws as the country in which you initially provided the information.

Our website hosting provider relies upon a number of means to transfer personal information which is subject to the European General Data Protection Regulation (“GDPR”) in accordance with Chapter V of the GDPR.  These include:

  • Privacy Shield. We transfer, in accordance with Article 45 of the GDPR, personal information to companies that have certified their compliance with the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks (each individually and jointly, the “Privacy Shield”).

  • Standard data protection clauses. We may, in accordance with Article 46 of the GDPR, transfer personal information to recipients that have entered into the European Commission approved contract for the transfer of personal data outside the European Economic Area.  

  • Other means. We may, in accordance with Articles 45 and 46 of the GDPR, transfer personal information to recipients that are in a country the European Commission or a European data protection supervisory authority has confirmed, by decision, offers an adequate level of data protection, pursuant to an approved certification mechanism or code of conduct, together with binding enforcement commitments from the recipient to apply the appropriate safeguards, including as regards data subjects’ rights, or to processors which have committed to comply with binding corporate rules.

You can find out more information about these transfer mechanisms here.

11. How to contact us

If you have questions, comments or complaints about this Privacy Policy or our privacy practices or if you would like to exercise your rights and choices, please email us at echo@echo.is, or write to us at the addresses below:

Echo ehf.
Attention: Legal - Privacy
Bæjarlind 6
201 Kópavogur
Iceland