|GDPR Reference||Summary||Compliance at Enhancio|
Principles relating to processing of Personal data (Article 5)
Lawfulness, Fairness and Transparency
Enhancio's Data Processing Addendum with their Customers define the purpose of processing activities. With the DPA, the duties and responsibilities of the parties are defined. We also urge our Customers to make sure that as a data controller, insist on their partners (channels and publishers) to collect the specified, explicit and legitimate consent from the end-users (leads). If the purpose of the data collection is changed, our Customers need to inform us about the change and we will also change the DPA per the revised purpose of processing.
Based on our customers need and expectation, we process the data which is defined and collected by the customer through their Marketing campaigns.
Any data collected by our customers that are inaccurate will be attempted to be normalized using our API endpoints and data will be purged on fixed intervals.
Integrity and confidentiality
Our platform employs all required technical and organizational measures including encrypting the key data to ensure its security and confidentiality.
Consent (Article 7)
Conditions for consent
According to the rules defined under GDPR, the relationship between Enhancio and our customers are of data controller and data processor where Enhancio is the data processor and customers are the data controller. Based on these roles, Enhancio as such is not responsible for collecting the consent from end-users (leads) to process the data. To help our customers to be compliant, we are committed to enabling our customers to collect data responsibly as a controller. In our platform, for all campaigns targeting GDPR territory where the customer (controller) collect leads' personal data, we have provided the ability to add consent fields that are active and explicit.
Rights of Data Subject (Article 15 – 23)
Data subject rights:
Enhancio will cooperate with any requests from controllers to access, erase or rectify data of end-users (leads) through support portal servicing these requests. Additionally, our platform also provides multiple API endpoints to delete data or update data to keep user data accurate.
Security of Processing (Article 32)
Ongoing confidentiality, integrity, availability, resilience of processing systems and services
Enhancio stores all the personal data in such a way that only the right set of users have access to it. To ensure that the entire company and its employees are aware of GDPR, we have taken continuous training and process measures. We have quarterly training programs to ensure employees are enabled to comply with GDPR. In addition to this we also have new employee onboarding to include GDPR awareness and policy coverage.
Data Breach (Article 33 – 34)
Responding to Data breaches and incidents
Data Protection Officer (Article 37-39)
Appointment of DPO
Our DPO is available to answer any questions regarding data processing and how we’re compliant with core principles of GDPR such as “consent” and “SaaS product compliance”. You can reach our DPO anytime at email@example.com
Transfer of Data (Article 44-50)
All the EU data we collect is stored in an EU-based center, the Amazon Web Services (AWS), in Ireland. This data storage center is available to all customers, by default, who runs marketing campaigns in our application targeting the EU citizens and runs within the territorial scope of the GDPR.
Data Processing and Transfer
We will ensure that there are adequate safeguards in place to protect your personal data and that comply with our legal obligations if at all we transfer your data out of EU area. These adequate safeguards might comprise a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission for transfers of personal data to countries outside EU.