Enso is committed to protecting and respecting your privacy at all times. Therefore, we respect and protect your right to privacy and will process your personal data in accordance with the provisions of the European General Data Protection Regulation (“GDPR”) and other applicable privacy laws.
The GDPR and any other applicable privacy laws apply to this Privacy Notice and anything not specifically mentioned in this notice shall be governed by the GDPR and any other applicable privacy laws.
‘GDPR’ means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council and incorporates Jersey and Guernsey variations (Data Protection Legislation 2018).
This Privacy Notice explains how we may use, process and store your personal data.
What is personal data?
Personal data is information that can identify a living individual from the information we hold. This includes their name, address and contact details and may include individual’s IP addresses and online identifiers. This is data which identifies an individual, even without a name associated with it, where it is processed to learn or record something about that individual. Data may ‘relate to’ an individual in several different ways, such as
What kind of personal data do we collect?
We collect the following types of personal data:
The list above is not exhaustive and Enso may also collect and process personal data to extent this is useful or necessary for the provision of our services.
What is sensitive data?
Under Data Protection law some data may be considered ‘sensitive’ – this could be race or ethnic origin, political opinion, religion, a membership of a trade union, health, genetic/biometric data or criminal activity. It is not our intention to hold any sensitive data in relation to our business contacts or clients.
How does Enso collect personal data?
Enso obtains and processes personal data in different ways.
Personal data provided to Enso directly:
We will collect personal data directly from all contacts and clients including prospective contacts and clients, as well as partners for the purposes of entering into a contract or service agreement and/or to meet certain legal requirements.
How does Enso use personal data?
The majority of the personal data processed by Enso is necessary for the performance of a contract or service to which the data subject is a party or to comply with the request of the data subject prior to entering into a contract.
Enso also processes personal data in order to comply with our current legal and future regulatory obligations.
We may furthermore process personal data for the purposes of the legitimate business interests pursued by Enso. Such legitimate interests include general research and development, including operational or statistical research or as a basis to analyse our current security measures, or to develop and improve our services or to strengthen our relationship with you.
We may provide you with communications or information regarding our service offering which we think will be interesting for you. When we process your personal data for our legitimate business interests, we will consider any potential impact on you and your rights under the relevant data protection and any other relevant law. Whenever we process personal data for these purposes you have the right to object or opt out to this way of processing.
Who does Enso provide personal data to?
Enso may disclose or transfer personal data collected by Enso to our group companies in the future, insofar as reasonably necessary for the purposes of our service offering or for bona fide business purposes as well as on the legal basis as set out in this Privacy Notice.
Except as described in this paragraph, Enso will not disclose, transfer or sell your personal data to any third party unless you have consented to this.
The following is a list of potential recipients of data (in each case including respective employees, directors and officers):
Enso may disclose or transfer personal data to subcontractors for the purpose of the proper performance of the services we provide to you, our clients.
We may, for example, disclose or transfer such personal data to third party service providers who provide administrative, computer, payment, data processing, screening debt collecting or other services. We enter into data processing agreements with such subcontractors to ensure that they process your data, on our behalf, with the same level of security and confidentiality as applied by Enso. Enso may furthermore disclose or transfer personal data when we received your consent to do so.
In addition, Enso may disclose or transfer personal data to protect our rights or those of our clients and/or to prevent fraud. Enso can also be obliged to disclose or transfer personal data to competent authorities in order to comply with our legal and/or regulatory obligations.
International transfers and data storage
Enso may disclose or transfer personal data to other companies of the future Enso located in countries that are outside the European Economic Area (“EEA”) in connection with the above purposes or to transact within a post Brexit Economic Area.
The personal data Enso processes is stored by Enso primarily on the servers of cloud-based services Enso subscribes to, and/or utilise.
Enso will process and store the relevant personal data for the duration of our services or for the duration of the business relationship.
Enso may also continue to store the data for as long as it is necessary or required in order to fulfil legal, regulatory, contractual or statutory obligations and, or for the establishment, exercise or defence of legal claims, and in general where it has a legitimate interest for doing so.
You have the following rights:
Automatic decision making
Enso may on occasion process data or make decisions by purely automatic means leveraging Artificial Intelligence and/or Robotic Process Automation, if we do, you have the right to object.
Your right to object to the processing of your personal data
You have the right to object at any time to the processing of your personal data for any direct marketing (and/or related profiling) by Enso.
If you wish to exercise the above right, you can contact Enso or you have the right to make a complaint to the Jersey Information Commissioner with respect to the way Enso is processing your personal data or the way Enso is handling your rights.
Navigations and Cookies
We may collect information about your computer, including your IP address, operating system and browser type, for system administration and in order to create reports. This is statistical data about our users’ browsing actions and patterns to improve user experience and does not identify any individual but may, on occasion identify your employing organisation.
The only cookies in use on our site are for Analytical processing either in partnership with Microsoft, Click Dimensions, WordPress or Google Analytics, this helps us to understand how visitors engage with our website and to ensure that we can respond to enquiries in a timely fashion.
Like many services, Analytical tools use first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use our site. We then use the information to compile reports and to help us improve our site and ultimately your experience of our online services.
Cookies contain information that is transferred to your computer’s hard drive. These cookies are used to store information, such as the time that the current visit occurred, whether the visitor has been to the site before and what site referred the visitor to the web page.
Our Analytical tools collect information anonymously.
How we protect personal data
Enso is committed to ensuring the security of your personal data.
Enso takes appropriate commercially reasonable technical, physical and organisational measures to prevent unauthorised or unlawful processing of your personal data or accidental loss or destruction of your personal data.
Enso will ensure a level of security suitable to the identified risks and pursuant to applicable Data Protection Laws and, where the Processing concerns personal data of EU residents, shall take measures required pursuant to Article 32 GDPR.
Where relevant, the Cloud Services Enso utilise adhere to ISO27001 and PCIDSS compliance. Our key partner, Microsoft, frequently update and transparently publish their compliance standards, which we benefit from here – https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings
Employees of Enso are trained from induction onwards to handle personal data securely and with utmost respect and they will treat your personal data as strictly confidential.
Staff members shall be authorised to access personal data only to the extent necessary to serve the applicable legitimate purposes for which the data is held and processed for by Enso.
Changes to this notice
Enso may update this Privacy Notice from time to time. We advise you to periodically review this Privacy Notice to be informed of how Enso is protecting your privacy.
Useful Contact information – Enso/Data Protection Officer
If you have any questions, concerns or complaints with respect to this Privacy Notice, the way Enso is handling your privacy please contact us:
Please note that Enso is not always required to provide details of all data held.
We have a professional relationship with our clients, by entering into a service contract or by accepting our terms of business, you will have explicitly provided us permission to process your personal data specifically for the purposes identified of servicing a contract or delivering a service or exploring employment with us.
You may withdraw consent at any time by contacting Enso as detailed above.