At Enreach, we value your privacy and are committed to protecting your personal data (‘Personal Data’). This privacy statement (‘Privacy Statement’) explains how we process your Personal Data in accordance with applicable data protection legislation (‘Data Protection Legislation’), what Personal Data we process, for what purposes we process your Personal Data, how we protect your Personal Data, how long we store your Personal Data, how you can exercise your privacy rights in relation to this Personal Data, and any other information that may be relevant to you.
This Privacy Statement is only applicable when you interact with to an Enreach entity located in the EU. When you have interacted with an Enreach entity located outside of the EU/EEA, different privacy statements apply.
In this Privacy Statement, ‘you’, ‘your’, and ‘yours’ refers to all data subjects (‘Data Subject’) interacting with Enreach as either a (potential/former) customer, partner, end user, website visitor, or in any other capacity other than as an employee or job applicant, whereas ‘Enreach’, ‘we’, ‘our’, or ‘us’ refers to the Enreach entity that you have interacted with as a Data Subject. Additionally, you will see references to the Enreach Group, which includes all other Enreach entities globally. Further information on the Enreach Group can be obtained by contacting us using the details provided below.
Enreach Group is the data controller (‘Data Controller’) for the Personal Data we process as identified in this Privacy Statement. In some circumstances, Enreach will process data on behalf of other organisations (e.g., on behalf of customers or partner organisations with their own purposes for processing the data). In such circumstances, the other organisation will be the Data Controller and so you should refer to their privacy statements/notices for details of how your Personal Data is processed.
Occasionally, Enreach may be a joint Data Controller with one of our partner organisations. Such processing may be communicated to you in a separate privacy statement.
We may provide additional privacy statements or information to you at the time when we collect your data other than for the purposes listed in this Privacy Statement. For example, if you apply for a job with us or use the Chatbot feature of our website. Such privacy statements will govern how we process the information you provide at that time.
Enreach does not share Personal Data with third parties, unless this is (1) legally required, (2) necessary to supply a service, 3) specifically requested by the customer that has provided the Personal Data, or (4) otherwise Enreach has a legitimate interest in doing so, assuming that interest outweighs any potential effects that the sharing of Personal Data might have on the rights and freedoms of the affected Data Subject.
The capitalised words in this Privacy Statement have the meanings ascribed to them in this Privacy Statement and in the Definitions provided below.
You can find our contact us here:
Enreach Holding B.V.
Address: Verlengde Duinvalleiweg 102, 1361 BR Almere
Phone: +31 088 889 0889
We have a dedicated Data Protection Team and a Data Protection Officer (DPO). If you have any questions relating to the processing of your Personal Data or want to contact our DPO, feel free to do so using the details provided below:
Enreach Data Protection Team
Phone: +31 088 889 0889
Below are some key terms relevant to this Privacy Statement:
We only collect Personal Data that is necessary for our intended purposes and in accordance with the GDPR. The type of Personal Data that we will collect depends on the nature of our relationship with you.
We may collect Personal Data directly from you or indirectly through a third party, depending on your relationship with us. If you choose not to provide Personal Data to us, you may experience limited functionality in your desired Enreach service, function, or technical assistance. The way we collect your Personal Data differs depending on your relationship with us:
We only process your Personal Data when we have a lawful basis for doing so. The specific legal basis we rely on is identified per processing activity in the table below. Possible legal bases for processing Personal Data include:
|To contact you following an enquiry or in reply to any questions, suggestions, issues, or complaints you have contacted us about.||Legitimate Interest|
|To follow up on any interest you have shown in our products and services (e.g., to contact you via email regarding a partially completed webform).||Legitimate Interest|
|To facilitate meeting and quotation requests.||Legitimate Interest|
|To communicate with you and send B2B marketing communications, including where you have attended events or webinars.||Legitimate Interest or consent|
|To communicate with you using our Chatbot, processing the information that you have voluntarily provided. We digitally monitor live chat conversations for the purposes of quality control and staff training. Please note this is an Enreach Group product and subject to its own privacy statement which can be found here: Chatbot Privacy Statement||Legitimate Interest|
|Products and services|
|To manage your online account and provide you access to your billing information.||Contractual Obligation (when the contract is with you) or Legitimate Interest (when the contract is with the organisation for which you work)|
|To carry out financial checks (e.g., if you are a company director) should they be required when you or your company purchase our services.||Legal Obligation or Legitimate Interest|
|To display the Caller ID. Enreach always displays your telephone number to the called number. This means that your number will be visible to the call recipient on the display of their telephone. This can be turned off by calling anonymously. However, we are legally obliged to always reveal your number when you call the national emergency number.||Legitimate Interest or Legal Obligation|
|To conduct security analysis. Based on analyses of call and internet behaviour, Enreach can proceed to restrict certain destinations when excessive usage is detected. Higher usage than average call behaviour may indicate fraud. A blockade can limit fraud and misuse and prevent you from receiving a huge bill for fees that you have not incurred yourself. Enreach also uses advanced techniques (such as firewalls, spam filters and virus scanners) to protect against security breaches, viruses, spam, and malware.||Legitimate Interest|
|To provide training and support in the use of our products and services.||Legitimate Interest|
|To prevent malicious or annoying contact. If someone is harassing you by telephone or via internet, then you can report this to us and submit a written request to provide information on the person responsible for this malicious or annoying behaviour. If we receive such a request, we will follow internal procedures.||Legitimate Interest|
|To permit number retention and transfer services. Enreach offers you the option of keeping your number when you transfer to a different provider. To do this, we exchange information with your current or next provider. In case of a landline, this information is your current telephone number, your name, and your address. For a mobile number, your SIM card number, telephone number and name are shared.||Contractual Obligation (when the contract is with you) or Legitimate Interest (when the contract is with the organisation for which you work)|
|To process your data for traffic management, network planning and quality of services. For the sake of the maintenance and the improvement of our platform, we analyse information about the use of our network. We do this so that we can, among other things, redirect traffic in case of potential overloading, but especially so that we can prevent this by planning and implementing targeted improvements. In addition, we can use the information to see when malfunctions occur on the platform.||Legitimate Interest|
|To process and facilitate an order you have made with us (e.g., through our website)||Contractual Obligation (when the contract is with you) or Legitimate Interest (when the contract is with the organisation for which you work)|
|To provide and improve services purchased by you or your employer. For example, the delivery of an order to the specified address, or setting up of a telephone call.|
|To manage invoices and payments. For example, an invoice may show the fees charged for each service, specified by type of use. You can see fees incurred abroad, call costs, data usage and more.|
|To store certain information from customers for a specific time period for the purposes of legal investigations and to cooperate with requests for Personal Data from competent authorities or other authorised governmental institutions, as well as with requests for information we process and store as part of our normal business operations.
For example, this can include information from your telephone records or about your data usage. When the storage period has elapsed, stored information is destroyed or made anonymous. Another example of a legal requirement is the calling of the national emergency number. When you do this, your telephone number and the location of your telephone can be transmitted to the relevant authorities, even when you have blocked the display of your telephone number.
|Other operational or legal purposes|
|To negotiate and/or enter into and/or fulfil a contract with you, or the organisation for which you work.|
|To fulfil pre-contractual steps, such as supplier questionnaires, as part of our onboarding process.|
|To comply with applicable laws, lawful requests, and legal process, where appropriate/necessary.||Legal Obligation|
|To comply with regulatory monitoring and reporting obligations, where appropriate/necessary.||Legal Obligation|
|To digitally monitor and/or record calls between you and us for the purposes of quality control and staff training. You will be informed of this prior to the call.||Legitimate Interest|
|As part of professional services provided to us by lawyers, bankers, auditors, and insurers, where necessary.||Legitimate Interest or Legal Obligation|
|To meet our high security standards in managing your personal data, our systems, and our website.||Legitimate Interest|
|To share your data with healthcare professionals if you are taken ill or involved in an accident while visiting our office or sites and are unable to provide your consent.||Vital Interest|
In our capacity as a Data Controller, we do not actively collect Sensitive Personal Data for any of the purposes described in this Privacy Statement. If, for whatever reason, we need to collect such data, we will inform you at the time of collection, and it will only be done so with your explicit consent or in line with other lawful purposes under the Data Protection Legislation.
We may create anonymous, aggregated, or de-identified data from your Personal Data and other individuals whose Personal Data we collect. We do this by excluding information that makes the data personally identifiable to you.
Enreach is legally obliged to store certain customer information for a specific period for legal investigations. Enreach must cooperate with requests for Personal Data from the competent authorities or other authorised governmental institutions and requests for information we process and store as part of our normal business operations.
For example, this may include information from your telephone records or data usage. The stored information is destroyed or made anonymous when the storage period has elapsed. Another example of a legal requirement is the calling of the national emergency number. When you do this, your telephone number and location can be transmitted to the relevant authorities, even when you have blocked the display of your telephone number. This is a legal requirement.
Enreach uses third-party services, such as wholesalers, to facilitate the delivery of its services. In such cases, Enreach must share the necessary information with such wholesalers to provide certain services. For instance, when Enreach shares data with a wholesaler, the wholesaler must comply with Enreach's terms and adhere to the same privacy standards as Enreach.
As a customer, you may purchase certain services that require Personal Data, such as an application using GPS data. In these cases, you can choose whether or not to share your information and grant permission to the application provider. Enreach is not responsible for processing your Personal Data in these circumstances.
A cookie is a small file of letters and numbers that we store on your browser or your computer's hard drive if you give us your consent to store the cookie. Cookies contain information that is transferred to your computer's hard drive. Pursuant to the Data Protection Legislation we can store cookies on your device without your prior permission if they are strictly necessary for the operation of our website or services. For all other types of cookies, we need your consent.
We may use different types of cookies. Some cookies may be placed by third-party services that appear on our pages.
If we ask for your consent for cookies, then this applies to the following domain: www.enreach.com
We categorise cookies into four types: necessary, preference-based, statistical, and marketing-based. You can find descriptions of each type and the cookies we use under each category in our cookie banner. You can also learn about the purpose and duration of each cookie we use when choosing your cookie preferences.
When you visit our website for the first time, Enreach will present you with a cookie banner, which asks for your consent to place non-essential cookies or otherwise allows you to adjust your cookie settings.
Please note if you use your browser settings to block all cookies (including necessary cookies), you may not be able to access all or parts of our website.
If you require further information, please contact us using the contact details above. Once you have interacted with our cookie banner, you can change your cookie settings at any time by visiting our home page and clicking on the Cookie settings icon in the bottom right-hand corner of the screen.
We retain your Personal Data to provide high-quality service compliant with the Data Protection Legislation. Personal Data is stored as long as necessary to fulfil collection purposes, legal obligations, and accounting reporting requirements.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure, and whether we can achieve the purposes through other means.
Personal Data may be anonymised in some circumstances rather than deleted. In this event, the anonymised data will no longer be traceable to you and is no longer considered Personal Data.
If we deem it necessary for the abovementioned processing purposes, your Personal Data may be shared with one or more third parties, regardless of whether the third party is affiliated with the Enreach Group, for the purpose of processing Personal Data in accordance with our instructions.
When third parties are given access to your Personal Data in line with the above, we undertake required contractual and organisational measures to ensure that your Personal Data are processed only to the extent that such processing is legitimate and necessary.
We may share your Personal Data with trusted third parties as follows:
As the Enreach entity that you have interacted with is part of a wider group of undertakings with headquarters in the Netherlands, and entities located in the EU, the UK and Serbia, Enreach may transfer your Personal Data to, or otherwise allow access to such data by other entities within the Enreach Group, which may use, transfer, and process your Personal Data for the purposes described within this Privacy Statement. We may also share aggregated data about our customers in the form of business intelligence and statistics with members of the Enreach Group.
We may engage certain Data Processors who may process your Personal Data on our instructions. The Data Processors are contractually obliged to implement appropriate technical and organisational measures to ensure that your Personal Data is processed in accordance with our instructions.
Circumstances where your Personal Data may be shared include:
Where necessary for the processing purposes described above or where required by law, your Personal Data may be transferred to regulators, courts and other authorities, independent external advisors, insurance providers, pensions, and benefits providers, and internal or external compliance and investigation teams.
In principle we process your Personal Data in the EEA. However, where necessary for the processing purposes described above or where required by law, we may transfer your Personal Data outside of the EEA to countries not deemed by the European Commission (as relevant) to provide an adequate level of personal information protection. In such cases any Personal Data transfer will be based on safeguards that allow us to conduct the transfer in accordance with the Data Protection Legislation, such as the specific contractual clauses approved by the European Commission as relevant to provide adequate protection of personal information.
We attach great importance to your privacy. We therefore implement suitable physical, electronic, and managerial procedures to safeguard and secure your collected Personal Data.
Enreach has implemented generally accepted standards of technology and operational security in order to protect Personal Data from loss, misuse, alteration, or destruction. Only authorised Enreach personnel are provided access to Personal Data and these employees are contractually or statutorily obliged to ensure confidentiality of this data.
Enreach will implement appropriate technical and organisational measures to ensure that the processing of your Personal Data is performed in accordance with the Data Protection Legislation, in particular ensuring an appropriate level of security.
Under the Data Protection Legislation, you have a number of rights regarding our processing of your Personal Data, as below:
You have the right to be informed about the collection and use of your Personal Data. We ensure we uphold this right with our internal data protection policies and through this and other privacy statements. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.
You have the right to access the information we process about you.
You have the right to have incorrect or outdated information about yourself corrected.
In exceptional cases you have the right to have information about you deleted before the expiry of our retention period.
In some cases, you have the right to have the processing of your Personal Data restricted. If you exercise this right, we may only process your Personal Data with your consent, or for the purpose of establishing, asserting, defending, protecting, a significant public or private interest, except when we process your data for storage.
In certain cases, you have the right to object to our otherwise lawful processing of your Personal Data.
In certain cases, you have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to have that Personal Data transferred from one Data Controller to another without hindrance.
You have the right to withdraw your consent at any time in the circumstances where you have given us consent to process your Personal Data.
An automated decision is one that is made by our systems rather than a person. You have the right to express your concerns and object to a decision taken by purely automated means under some laws such as the GDPR. You also have a right to request that a person review that decision.
This right is unlikely to apply to Enreach’s use of your data, as any automated processing we carry out is unlikely to make decisions and would include human intervention. If you would like to discuss this in further detail, please contact us as set out above.
You can invoke any of the above rights by reaching out to us on the Contact Information provided above. When you submit a request, we will ask you some additional questions to verify your identity. We will respond to your request as soon as possible, but at the latest within one month.
In case you have any questions with respect to the processing of your Personal Data as described within this Privacy Statement, you can contact the Enreach Data Protection Team and our DPO via the Contact Information above.
Please note that you also have the right to lodge a complaint with the competent supervisory authority for the Enreach entity that is acting as the Data Controller regarding how we process your Personal Data. However, we hope that you would consider raising any issue or complaint you have with us first (using the contact details above). Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have. If you have any questions regarding which supervisory authority is applicable to your engagement with Enreach, please contact us via the Contact Information above.
Please be aware that the Enreach website you have accessed may link to other websites that you may access. We are not responsible for the data policies, content, or security of such sites. We do not have any control over any use of your data by third parties when you visit such sites or otherwise provide your data through these channels.
Enreach reserves the right to modify or amend this Privacy Statement at any time. The effective date will be displayed below. It is the user's responsibility to check this document regularly for changes.
Thank you for taking the time to read our Privacy Statement.
Version 2.0; October 2023