Here’s how Enhancio is complying with the GDPR.
We have an “EU Data Center”
All the EU data we collect and process is stored in an EU-based center, the Amazon Web Services (AWS), in Ireland. This data storage center is available to all customers, by default, who runs marketing campaigns in our application targeting the EU citizens and runs within the territorial scope of the GDPR.
Opt-out before You “Opt-in”
Either you’re downloading our content or subscribing to our newsletters or requesting our demos, we offer you the option to “opt-out” from the very beginning.
We Play “Fair and Square”
Enhancio is fully committed to be lawful, transparent and fair about our data processing actions with each and every one of our customers, by entering into Data Processing Agreements. These agreements cover issues such as consent and data-sharing processes.
We Speak “Your Language”
All our policy documents, including our Terms of Service and our Privacy Policy have inclusive, effective, accessible, and clear information.
Your “Right to be Forgotten”
We are ready to take immediate action whenever customers request to erase, transfer or modify their users’ personal data.
We’re “Serious and We Comply”
Our DPO is available to answer any questions regarding data processing and how we’re responding to GDPR issues such as “consent” and “SaaS product compliance”. You can reach our DPO at dpo@enhancio.com.
Assistance “is an Email Away”
If any data subject requires our assistance regarding any worries and queries related to the processing of their personal data, we’re here to provide full support whenever feasible, within optimal time. We can be reached anytime at privacy@enhancio.com.
Protecting “Data Subjects”
Our Demand Automation Platform, processes data on behalf of our customers. The information we collect and process includes personal data of the end-users (leads). These end-users are also known as “data subjects”, and under the GDPR, we’re committed to protecting their information with equal vigorous.
GDPR Compliance
| GDPR Reference | Summary | Compliance at Enhancio |
|---|---|---|
Principles relating to processing of Personal data (Article 5) | ||
Lawfulness, Fairness and Transparency | As a data processor, Enhancio commits to follow lawful, fair, and transparent processing activities. Please visit our privacy policy to learn more about how we process the data. We shall provide all the necessary information about what we process and the processing activities to our customers as and when requested. | |
Purpose limitation | Enhancio's Data Processing Addendum with their Customers define the purpose of processing activities. With the DPA, the duties and responsibilities of the parties are defined. We also urge our Customers to make sure that as a data controller, insist on their partners (channels and publishers) to collect the specified, explicit and legitimate consent from the end-users (leads). If the purpose of the data collection is changed, our Customers need to inform us about the change and we will also change the DPA per the revised purpose of processing. | |
Data minimisation | Based on our customers need and expectation, we process the data which is defined and collected by the customer through their Marketing campaigns. | |
Accuracy | Any data collected by our customers that are inaccurate will be attempted to be normalized using our API endpoints and data will be purged on fixed intervals. | |
Storage limitations | Our platform store user data as indicated by our customers. All our data retention and storage policies are clearly defined and available in our Privacy policy. | |
Integrity and confidentiality | Our platform employs all required technical and organizational measures including encrypting the key data to ensure its security and confidentiality. | |
Consent (Article 7) | Conditions for consent
| According to the rules defined under GDPR, the relationship between Enhancio and our customers are of data controller and data processor where Enhancio is the data processor and customers are the data controller. Based on these roles, Enhancio as such is not responsible for collecting the consent from end-users (leads) to process the data. To help our customers to be compliant, we are committed to enabling our customers to collect data responsibly as a controller. In our platform, for all campaigns targeting GDPR territory where the customer (controller) collect leads' personal data, we have provided the ability to add consent fields that are active and explicit. |
Rights of Data Subject (Article 15 – 23) | Data subject rights:
| Enhancio will cooperate with any requests from controllers to access, erase or rectify data of end-users (leads) through support portal servicing these requests. Additionally, our platform also provides multiple API endpoints to delete data or update data to keep user data accurate. |
Security of Processing (Article 32) | Ongoing confidentiality, integrity, availability, resilience of processing systems and services | Enhancio stores all the personal data in such a way that only the right set of users have access to it. To ensure that the entire company and its employees are aware of GDPR, we have taken continuous training and process measures. We have quarterly training programs to ensure employees are enabled to comply with GDPR. In addition to this we also have new employee onboarding to include GDPR awareness and policy coverage. |
Data Breach (Article 33 – 34) | Responding to Data breaches and incidents | We are fully commit to notify our customers and partners of any data incidents in line with our Terms of Service and Privacy Policy. We will keep investing in threat detection and avoidance technologies, and our round-the-clock incident management program is structured to help our customers to respond to security or privacy related events. |
Data Protection Officer (Article 37-39) | Appointment of DPO | Our DPO is available to answer any questions regarding data processing and how we’re compliant with core principles of GDPR such as “consent” and “SaaS product compliance”. You can reach our DPO anytime at dpo@enhancio.com |
Transfer of Data (Article 44-50) | ||
Data storage | All the EU data we collect is stored in an EU-based center, the Amazon Web Services (AWS), in Ireland. This data storage center is available to all customers, by default, who runs marketing campaigns in our application targeting the EU citizens and runs within the territorial scope of the GDPR. | |
Data Processing and Transfer | We will ensure that there are adequate safeguards in place to protect your personal data and that comply with our legal obligations if at all we transfer your data out of EU area. These adequate safeguards might comprise a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission for transfers of personal data to countries outside EU. |