Privacy Statement

At Enreach, we value your privacy and are committed to protecting your personal data (‘Personal Data’). This privacy statement (‘Privacy Statement’) explains how we process your Personal Data in accordance with applicable data protection legislation (‘Data Protection Legislation’), what Personal Data we process, for what purposes we process your Personal Data, how we protect your Personal Data, how long we store your Personal Data, how you can exercise your privacy rights in relation to this Personal Data, and any other information that may be relevant to you.

This Privacy Statement is only applicable when you interact with to an Enreach entity located in the EU. When you have interacted with an Enreach entity located outside of the EU/EEA, different privacy statements apply.

In this Privacy Statement, ‘you’, ‘your’, and ‘yours’ refers to all data subjects (‘Data Subject’) interacting with Enreach as either a (potential/former) customer, partner, end user, website visitor, or in any other capacity other than as an employee or job applicant, whereas ‘Enreach’, ‘we’, ‘our’, or ‘us’ refers to the Enreach entity that you have interacted with as a Data Subject. Additionally, you will see references to the Enreach Group, which includes all other Enreach entities globally. Further information on the Enreach Group can be obtained by contacting us using the details provided below.

Enreach Group is the data controller (‘Data Controller’) for the Personal Data we process as identified in this Privacy Statement. In some circumstances, Enreach will process data on behalf of other organisations (e.g., on behalf of customers or partner organisations with their own purposes for processing the data). In such circumstances, the other organisation will be the Data Controller and so you should refer to their privacy statements/notices for details of how your Personal Data is processed.

Occasionally, Enreach may be a joint Data Controller with one of our partner organisations. Such processing may be communicated to you in a separate privacy statement.

We may provide additional privacy statements or information to you at the time when we collect your data other than for the purposes listed in this Privacy Statement. For example, if you apply for a job with us or use the Chatbot feature of our website. Such privacy statements will govern how we process the information you provide at that time.

Enreach does not share Personal Data with third parties, unless this is (1) legally required, (2) necessary to supply a service, 3) specifically requested by the customer that has provided the Personal Data, or (4) otherwise Enreach has a legitimate interest in doing so, assuming that interest outweighs any potential effects that the sharing of Personal Data might have on the rights and freedoms of the affected Data Subject.

The capitalised words in this Privacy Statement have the meanings ascribed to them in this Privacy Statement and in the Definitions provided below. 

You can find our contact us here:

Enreach Holding B.V. 

Address: Verlengde Duinvalleiweg 102, 1361 BR Almere 

Email: info@enreach.com 

Phone: +31 088 889 0889 

We have a dedicated Data Protection Team and a Data Protection Officer (DPO). If you have any questions relating to the processing of your Personal Data or want to contact our DPO, feel free to do so using the details provided below:

Enreach Data Protection Team

Email: dataprotectionteam@enreach.com

Phone: +31 088 889 0889

Below are some key terms relevant to this Privacy Statement:

• Personal Data: Any information directly or indirectly relating to an identified or identifiable natural person, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• Data Subject (You): Natural person(s) whose Personal Data is processed, specifically in this case, the customer, partner, end user, or website visitor.
• Data Controller (We): Natural or legal entity that determines the purpose and means for the processing of Personal Data. In the context of this Privacy Statement, this is the Enreach entity that you have interacted with as a customer, partner, end user, or website visitor.
• Data Processor: Natural or legal entity processing data on behalf of the Data Controller.
• Sensitive Personal Data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a Data Subject’s sex life or sexual orientation.
• Data Protection Legislation: Data Protection Legislation refers to the applicable laws that govern the protection of Personal Data and privacy. This includes the legislation applicable to the processing of Personal Data in the EU, such as the General Data Protection Regulation (‘GDPR’) and the ePrivacy Directive (‘ePD’), as well any national laws implemented in connection with the aforementioned legislation.

We only collect Personal Data that is necessary for our intended purposes and in accordance with the GDPR. The type of Personal Data that we will collect depends on the nature of our relationship with you.

• Mandatory personal and user information: When you purchase a service from Enreach or when you contact us, Enreach processes your Personal Data, such as your name, address, telephone number, email address and bank account number.
• Traffic data: When using our services, traffic data will be processed. This data is required for us to facilitate communication. Traffic data is generated and processed automatically when end users make use of our telecommunication services. Traffic data consists of calling and called numbers, as well as the date, time, duration, and the fees that were charged for said call.
  This data does not concern the contents of the communication. In the case of a data session, we also register the amount of data used, and when roaming, we register the network that was used. We never store the contents of communication unless directly instructed to do so by a customer, such as in the case of call recordings.
• Location data: When you set up a call or data session, Enreach processes information that can make a very rough determination of your location at that moment. We use this information to determine whether or not the call or data session is happening within in the Netherlands.
  Enreach uses third party operators’ mobile networks. These operators are able to accurately determine your location by looking at which transmission tower was used for your call or data session. Enreach does not have access to this information.
• Information collected when visiting our website: When you visit our website www.enreach.com and our customer portals, we use cookies to optimise our website’s functionality. When visiting the website, you have the option to configurate your Cookie settings. Our website and our customer portal Operator use Google Analytics, Hotjar, and social media cookies to analyse site usage. Google Analytics transfers and stores cookie-generated information (including IP address) on servers in the United States and uses it to monitor website use, compose reports for operators, and offer other services. Please see Section 7 below for more information about our use of cookies.
• Other information: When you visit our offices, we will register you as a guest for safety purposes. This allows us to quickly evacuate the premises in case of a disaster without leaving anyone behind. We also have cameras in our offices for security reasons and will inform you of their presence.
  Any additional information collected will be used in accordance with this Privacy Statement or as disclosed at the time of collection.

We may collect Personal Data directly from you or indirectly through a third party, depending on your relationship with us. If you choose not to provide Personal Data to us, you may experience limited functionality in your desired Enreach service, function, or technical assistance. The way we collect your Personal Data differs depending on your relationship with us:

• For website users or newsletter subscribers: We always inform you about our processing before collecting your Personal Data such as name, e-mail address, company name, address, and telephone number.
  Please note that Personal Data may be required in order for you to use the features of the website. Additionally, it may be necessary for us to collect and process your Personal Data in order to provide and optimise our services for you. For example, we need your contact information to be able to book a meeting with you, receive inquiries from you via our contact form or Chatbot, or send you a newsletter if you consented to this.
• For end users: The same principles apply to the processing of traffic data and your telephone number when we are delivering our telecommunication offerings.
• For Enreach Contact users: For business end users of the Enreach Contact app the privacy statement can be found here: https://enreach.com/en/security-privacy/privacy/enreach-contact-privacy-statement
• For business customers and partners: Personal Data is collected directly from you or indirectly through your employer. In some instances, a third party may provide us with data relating to you (e.g., if we need to carry out a credit check). If you, as a business customer or a partner, provide us with Personal Data about individuals other than yourself, for example by making our telecommunication solutions available to your employees, you are obligated to inform your end users about this transfer of Personal Data to Enreach.             
• For other parties: We may collect your data directly if you provide your data to us through your use of our website, via online forms or questionnaires, through phone conversations, by email, in person (at conferences, workshops, seminars or events), and so on. Alternatively, we may collect your data indirectly through approved sales and marketing channels. Whether your Personal Data is collected directly or indirectly, we will always provide our privacy information where required under the Data Protection Legislation.

We only process your Personal Data when we have a lawful basis for doing so. The specific legal basis we rely on is identified per processing activity in the table below. Possible legal bases for processing Personal Data include:

• Legitimate Interest: The processing is necessary for the purposes of our legitimate interests (i.e., our business interests), except where such interests are overridden by your interests or fundamental rights and freedoms.
• Consent: You have given consent to the processing of your Personal Data for one or more specific purposes.
• Legal obligation: The processing is necessary for compliance with our legal obligations.
• Vital interests: The processing is necessary in order to protect the vital interests of the Data Subject or of another natural person.
• Contractual obligation: The processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

In our capacity as a Data Controller, we do not actively collect Sensitive Personal Data for any of the purposes described in this Privacy Statement. If, for whatever reason, we need to collect such data, we will inform you at the time of collection, and it will only be done so with your explicit consent or in line with other lawful purposes under the Data Protection Legislation.

We may create anonymous, aggregated, or de-identified data from your Personal Data and other individuals whose Personal Data we collect. We do this by excluding information that makes the data personally identifiable to you.

Enreach is legally obliged to store certain customer information for a specific period for legal investigations. Enreach must cooperate with requests for Personal Data from the competent authorities or other authorised governmental institutions and requests for information we process and store as part of our normal business operations.

For example, this may include information from your telephone records or data usage. The stored information is destroyed or made anonymous when the storage period has elapsed. Another example of a legal requirement is the calling of the national emergency number. When you do this, your telephone number and location can be transmitted to the relevant authorities, even when you have blocked the display of your telephone number. This is a legal requirement.

Enreach uses third-party services, such as wholesalers, to facilitate the delivery of its services. In such cases, Enreach must share the necessary information with such wholesalers to provide certain services. For instance, when Enreach shares data with a wholesaler, the wholesaler must comply with Enreach's terms and adhere to the same privacy standards as Enreach.

As a customer, you may purchase certain services that require Personal Data, such as an application using GPS data. In these cases, you can choose whether or not to share your information and grant permission to the application provider. Enreach is not responsible for processing your Personal Data in these circumstances.

A cookie is a small file of letters and numbers that we store on your browser or your computer's hard drive if you give us your consent to store the cookie. Cookies contain information that is transferred to your computer's hard drive.  Pursuant to the Data Protection Legislation we can store cookies on your device without your prior permission if they are strictly necessary for the operation of our website or services. For all other types of cookies, we need your consent.

We may use different types of cookies. Some cookies may be placed by third-party services that appear on our pages.

If we ask for your consent for cookies, then this applies to the following domain: www.enreach.com   

We categorise cookies into four types: necessary, preference-based, statistical, and marketing-based. You can find descriptions of each type and the cookies we use under each category in our cookie banner. You can also learn about the purpose and duration of each cookie we use when choosing your cookie preferences.

When you visit our website for the first time, Enreach will present you with a cookie banner, which asks for your consent to place non-essential cookies or otherwise allows you to adjust your cookie settings.

Please note if you use your browser settings to block all cookies (including necessary cookies), you may not be able to access all or parts of our website.

If you require further information, please contact us using the contact details above. Once you have interacted with our cookie banner, you can change your cookie settings at any time by visiting our home page and clicking on the Cookie settings icon in the bottom right-hand corner of the screen.

We retain your Personal Data to provide high-quality service compliant with the Data Protection Legislation. Personal Data is stored as long as necessary to fulfil collection purposes, legal obligations, and accounting reporting requirements. 

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure, and whether we can achieve the purposes through other means.

Personal Data may be anonymised in some circumstances rather than deleted. In this event, the anonymised data will no longer be traceable to you and is no longer considered Personal Data. 

If we deem it necessary for the abovementioned processing purposes, your Personal Data may be shared with one or more third parties, regardless of whether the third party is affiliated with the Enreach Group, for the purpose of processing Personal Data in accordance with our instructions.

When third parties are given access to your Personal Data in line with the above, we undertake required contractual and organisational measures to ensure that your Personal Data are processed only to the extent that such processing is legitimate and necessary.

We may share your Personal Data with trusted third parties as follows:

As the Enreach entity that you have interacted with is part of a wider group of undertakings with headquarters in the Netherlands, and entities located in the EU, the UK and Serbia, Enreach may transfer your Personal Data to, or otherwise allow access to such data by other entities within the Enreach Group, which may use, transfer, and process your Personal Data for the purposes described within this Privacy Statement. We may also share aggregated data about our customers in the form of business intelligence and statistics with members of the Enreach Group.

We may engage certain Data Processors who may process your Personal Data on our instructions. The Data Processors are contractually obliged to implement appropriate technical and organisational measures to ensure that your Personal Data is processed in accordance with our instructions.

Circumstances where your Personal Data may be shared include:

• With partners with whom we jointly process your data. In this case we will be the joint Data Controllers of your Personal Data with such third parties;
• With professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us;
• In order to provide telephony services to our business customers, it is necessary for us to transmit traffic data via operators. Enreach uses several European infrastructure providers, and these operators therefore process Personal Data on our behalf. These operators are independent Data Controllers for the processing of Personal Data within their respective networks;
• We might also pass on your Personal Data to Data Processors acting as suppliers for us, e.g., for sending out newsletters and website maintenance, for data storage and analytics; technology support and services (email, web hosting, marketing, and advertising providers, etc.);
• We only share your data with Data Processors that can provide sufficient guarantees that they will process your data securely and in accordance with the Data Protection Legislation. Our Data Processors cannot do anything with your Personal Data unless we have instructed them to do it. They will not share your Personal Data with any organisation apart from us or further sub-processors which must process your Personal Data on precisely the same terms and to the same high standards.

Where necessary for the processing purposes described above or where required by law, your Personal Data may be transferred to regulators, courts and other authorities, independent external advisors, insurance providers, pensions, and benefits providers, and internal or external compliance and investigation teams.

In principle we process your Personal Data in the EEA. However, where necessary for the processing purposes described above or where required by law, we may transfer your Personal Data outside of the EEA to countries not deemed by the European Commission (as relevant) to provide an adequate level of personal information protection. In such cases any Personal Data transfer will be based on safeguards that allow us to conduct the transfer in accordance with the Data Protection Legislation, such as the specific contractual clauses approved by the European Commission as relevant to provide adequate protection of personal information. 

We attach great importance to your privacy. We therefore implement suitable physical, electronic, and managerial procedures to safeguard and secure your collected Personal Data.

Enreach has implemented generally accepted standards of technology and operational security in order to protect Personal Data from loss, misuse, alteration, or destruction. Only authorised Enreach personnel are provided access to Personal Data and these employees are contractually or statutorily obliged to ensure confidentiality of this data.

Enreach will implement appropriate technical and organisational measures to ensure that the processing of your Personal Data is performed in accordance with the Data Protection Legislation, in particular ensuring an appropriate level of security.

Under the Data Protection Legislation, you have a number of rights regarding our processing of your Personal Data, as below:

You have the right to be informed about the collection and use of your Personal Data. We ensure we uphold this right with our internal data protection policies and through this and other privacy statements. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities. 

You have the right to access the information we process about you.

You have the right to have incorrect or outdated information about yourself corrected. 

In exceptional cases you have the right to have information about you deleted before the expiry of our retention period. 

In some cases, you have the right to have the processing of your Personal Data restricted. If you exercise this right, we may only process your Personal Data with your consent, or for the purpose of establishing, asserting, defending, protecting, a significant public or private interest, except when we process your data for storage. 

In certain cases, you have the right to object to our otherwise lawful processing of your Personal Data. 

In certain cases, you have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to have that Personal Data transferred from one Data Controller to another without hindrance.

You have the right to withdraw your consent at any time in the circumstances where you have given us consent to process your Personal Data.

An automated decision is one that is made by our systems rather than a person. You have the right to express your concerns and object to a decision taken by purely automated means under some laws such as the GDPR. You also have a right to request that a person review that decision.

This right is unlikely to apply to Enreach’s use of your data, as any automated processing we carry out is unlikely to make decisions and would include human intervention. If you would like to discuss this in further detail, please contact us as set out above.

You can invoke any of the above rights by reaching out to us on the Contact Information provided above. When you submit a request, we will ask you some additional questions to verify your identity. We will respond to your request as soon as possible, but at the latest within one month.

In case you have any questions with respect to the processing of your Personal Data as described within this Privacy Statement, you can contact the Enreach Data Protection Team and our DPO via the Contact Information above. 

Please note that you also have the right to lodge a complaint with the competent supervisory authority for the Enreach entity that is acting as the Data Controller regarding how we process your Personal Data. However, we hope that you would consider raising any issue or complaint you have with us first (using the contact details above). Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have. If you have any questions regarding which supervisory authority is applicable to your engagement with Enreach, please contact us via the Contact Information above.

Please be aware that the Enreach website you have accessed may link to other websites that you may access. We are not responsible for the data policies, content, or security of such sites. We do not have any control over any use of your data by third parties when you visit such sites or otherwise provide your data through these channels. 

Enreach reserves the right to modify or amend this Privacy Statement at any time. The effective date will be displayed below. It is the user's responsibility to check this document regularly for changes.

Thank you for taking the time to read our Privacy Statement.

Version 2.0; October 2023