Last updated on September 2023
Enliven Social Enterprise B.V., a Dutch company, having its registered office at (6811 KS) Arnhem atNieuwe Stationsstraat 12, the Netherlands, and all its affiliated companies(Enliven, we, us, or our) makes its online virtual reality software as a servicesolution available through its platform (the Platform) to companies (theCompany), the employees of the Company, or other persons authorized by theCompany to access and use the Platform on behalf of the Company (user,customer, you, or your).
Enliven takes the careful handling of your personal data very seriously.As the party responsible for processing your personal data, we ensure that yourpersonal data is handled and protected with the utmost care. In doing so, wealways comply with the applicable laws and regulations. While we are active inthe European Economic Area (EEA) and keep our data on servers within the EEA,we are exploring expanding our operations to other parts of the world
We process your personal datawhen you use our services, applications, Platform, websites, and software (theServices). In this privacy statement, we summarize and provide insight into thepersonal data we collect, why, when, and how we collect, use, and secure it. Byusing (part of) our Services, you agree to this privacy statement.
We may change the provisionsof this privacy statement from time to time. The most recent version can befound on our websites at all times. We advise you to check for an updatedversion periodically.
2. Legal grounds
In this section, we explain the personal data we may collect from you and the legal basis forits collection. We process your personal data based on the following legalgrounds defined in European privacy legislation:
execution of an agreement with you;
legitimate interest of Enliven or a third party
By legitimate interests, we mean among other things:advertising, marketing, security, auditing, fraud detection, (crime)prevention, (market) research and analysis, improvement of our Services,internal management, legal affairs, and business administration. Eachprocessing instance specifies which ground(s) apply.
2.1. The personal data we collect, its purposes and applicable legal grounds
Create an account: As users haveindividual accounts linked to their respective companies, they must provide:(i) first name, last name, gender (once we implement our sign-in system), phonenumber, email address, and residential address; (ii) username of their account;(iii) password of their account (once we implement our sign-in system); and(iv) the name of the organization at which they are employed. Grounds 2 or 4apply, and Ground 1 will apply once our sign-in system is implemented.
Information Messages: We may use yourcontact information (first name, last name, email address) to send informationmessages (not marketing communications) necessary to provide the Services.Ground 2. applies.
IP-address: Upon each visitto the Platform or our website your (fixed or temporary) IP address isdetected. We process this data for technical and functional management in orderto ensure our Platform or website are easy to use. Ground 4. applies.
Testing and analytics: We use personaldata to analyse how users use the Services. This includes using the data todetect and remedy errors and malfunctions. Ground 4. applies.
Data aggregation: In order to minimizethe processing of your personal data, we may aggregate or encrypt your personaldata to create anonymous data that cannot subsequently be traced back to anatural person. Ground 4. applies
Compliance with (local) law: In order tocomply with applicable law, we may be required to process your personal datafor purposes other than those set out in this privacy statement, for examplefor law enforcement and in case of a court order. Ground 3. is applies.
Customer Service: We may collectand share your personal data to provide (international) customer service. Forexample, we may collect (telephone) requests received by customer service andthe related responses, together with the other contact information (first name,last name, email address) and any other user information. This way we canbetter respond to enquiries. Depending on the processing, either ground 1. or4. is applicable.
Fraud detection: We process yourpersonal data for fraud detection and to prevent fraud and misuse. If we have areasonable suspicion of, or determine that there has been, any fraud, scam orcriminal activity attributable to you, your personal data will be processed inorder to prevent you from using the Services in the future. Depending on theprocessing, either ground 3. or 4. is applicable.
Marketing: To the extentpermitted by applicable law, we may use your contact information (first name,last name, email address) for marketing communications, such as newsletters.You may unsubscribe from these at any time. The newsletter may also containinformation and offers from other parties. Each newsletter contains a link thatallows you to unsubscribe from our newsletter. The newsletter subscribers filewill not be provided to third parties, unless you have given your explicitpermission. If you unsubscribe, this will not affect our ability to send youimportant e-mails about the Service and your account. Depending on theprocessing, ground 1. or 4. is applicable.
Events: We may take andcollect your picture and collect your contact information when you attend anevent of us. Should we wish to use the picture for promotional reasons, we willask for your permission. Depending on the processing, ground 1. or 4. isapplicable.
3. Retention period of personal data
We arecommitted to retaining your personal data only for the period necessary to fulfilthe purposes outlined in this privacy statement unless a longer retentionperiod is mandated or permitted by law.
Account Data: For data required to create andmaintain your account, it will be kept for as long as you actively use ourServices. Should you decide to unsubscribe, remain inactive, or delete youraccount, your account data will be retained for an additional period of 2years. This duration ensures that we can address any issues or concerns relatedto past transactions or interactions, support possible legal claims, andaccommodate potential reactivation of your account.
Financial Records: In accordance with tax laws, anydata related to financial transactions, invoices, and payments will be retainedfor a period of 7 years.
Other Personal Data: For other personaldata not specified here, we will retain the information for a period of 2 yearsafter our last meaningful interaction, unless a longer retention period isrequired for legal, auditing, or compliance reasons.
After theexpiration of the retention periods mentioned above, we will securely delete oranonymize your personal data, so it can no longer be linked back to you.Notwithstanding the foregoing, we may retain data in an aggregated andanonymous form indefinitely for (market) research, analysis, and fraudprotection purposes. Ground 4 applies in this case.
Should you have further inquiries about the specificretention periods for certain types of personal data or if you require moreclarity on our data retention practices, please reach out to us through thecontact details provided below.
4. Sharing personal data to third parties
In the situations listedbelow we are permitted to share your personal data with third parties. If the organizationsmentioned below are regarded as processors under the European privacylegislation, we will enter into a processing agreement with them. Processing ofyour personal data will only take place on our instruction and under ourresponsibility.
4.1. Service providers
We may use third parties tohelp with the provision of our Services to you, such as hosting, data analysisand storage, payment processing, information technology and relatedinfrastructure, customer service, product design, product diagnostics, emaildelivery, credit card processing, auditing and marketing. It is possible thatthese third parties process your personal data on our behalf, but only to theextent necessary for the provision of the Services to you. They may not useyour personal data for advertisement purposes. If you provide additionalinformation to such third parties yourself, we are not responsible. Dependingon the processing either ground 2. or 4. applies.
4.2. With your consent
We may share your personaldata with third parties if you give us permission to do so. For example, wecan cooperate with third parties to offer you specific services or offers. Ifyou register for these services or marketing offers, we may provide your contactinformation, if necessary to provide you the service or for them to contactyou. You will always be asked for your consent. Ground 1. is applicable.
4.3. Competent authorities
We disclose personal data tolaw enforcement authorities and other public authorities to the extent requiredby law or strictly necessary for the prevention, detection or prosecution ofcriminal offences and fraud. Ground 4. applies. We will notify you ifa government agency makes a request that relates to your personal data, to theextent permitted by law.
4.4. Bankruptcy, merger or sale (part) of the company
We may transfer your personaldata to third parties in the event that our organization is subject to amerger, acquisition, reorganization, sale of business units or bankruptcy. Inthis case we will ask for your prior consent, to the extent required underapplicable law. Ground 4. is applicable.
5. Transfer of your personal data abroad
At the time of drafting this privacy statement, your personal data will not betransferred to a third party abroad (outside the European Economic Area orEEA). We adhere to the strict guidelines of the EEA's data protectionregulations. However, as our operations evolve, should there ever arise anecessity to transfer data outside the EEA, we will ensure that all suchtransfers are compliant with the relevant data protection laws and regulations, and the data transferred will receive the same protection as it would withinthe EEA.
In any situation where your data would be transferred outside the EEA,we will notify you in advance and seek your explicit consent if required bylaw. Furthermore, we will review this privacy statement periodically to ensureits accuracy in light of our operational practices.
6. Protection of personal data
Protecting your personal datais of the utmost importance for us. We therefore have taken appropriatetechnical and organizational security measures in order to protect your personaldata against manipulation, loss, destruction and access by unauthorized persons. Thesemeasures include, but are not limited to:
Physical and electronic measures designed to prevent unauthorized access, loss or misuse of personal data as far as possible;
We use TLS (Transport Layer Security) technology to encrypt sensitive information or personal data, such as account passwords and other identifiable information about payments;
Where reason ably possible, backups of personal data will be made;
Sensitive information is only stored encrypted if possible
Vulnerabilities in the software are dealt with as quickly as reasonably possible.
We would like to point out that absolute security for sending personal data via the internet or storing personal data cannot always be guaranteed. We advise you to take this into account when deciding whether or not to give consent for processing your personal data.
7. Links to third party sites
Our Services may include links to websites, applications, and services operated by third parties, as well as advertisements from third parties. Please be aware that these third-party sites and services may independently collect, use, and disclose information about you. We emphasize that when you provide personal data to third parties, it is subject to their respective privacy policies and practices. We do not have control over, nor are we responsible for, the content, privacy policies, or data handling practices of third-party sites and services.
While we offer links forconvenience and informational purposes, the inclusion of such links does notimply endorsement or affiliation. We strongly recommend that you review theprivacy policies and security measures of any third parties before sharing yourpersonal data with them.
8. Your rights
Privacy legislation gives you certain rights regarding your own personal data. These rights are not absolute rights. We will always consider whether we can reasonably meet your request. If we cannot meet your request, or if it would be at the expense of the privacy of others, we can refuse your request. If we refuse a request, we will let you know and explain our reasons.
8.1. Right of access
You have the right to request which personal data we process about you. You can also ask us to provide insight into the processing grounds, relevant categories of personal data, the (categoriesof) recipients of personal data, the retention period, the source of the data and whether or not we use automated decision making. You may also request a copy of your personal data that we process. Do you want additional copies? Then we can charge a reasonable fee.
8.2. Right to rectification
If the personal data processed by us about you is incorrect orin complete, you can request us to adjust or supplement the personal data. If we grant your request, we will, to the extent reasonably possible, inform the parties to whom we provide information
8.3. Right to erasure
Do you no longer want us to process certain personal data about you? Then you can request us to deletecertain (or all) personal data about you. Whether we will delete data dependson the processing ground. We only delete data that we process based on a legalobligation or for the performance of an agreement with you, if the personaldata is no longer necessary. If we process data based on our legitimateinterest, we will only delete data if your interest outweighs ours. We willmake this assessment. If we process the data based on your consent, we willonly delete the data if you withdraw your consent. Should we have accidentallyprocessed data or does a specific law require that we delete the data, then wewill delete it. If the data is necessary for the settlement of legalproceedings or a (legal) dispute, we will only delete the personal data afterthe end of the proceedings or the dispute. If we grant your request, we will,to the extent reasonably possible, inform the parties to whom we provideinformation.
8.4. Restriction of processing
If you dispute the accuracy of personal data processed by us, if you believe that we have processed yourpersonal data unlawfully, if we no longer need the data or if you have objected to the processing, you can also request us to restrict the processing of thatpersonal data. For example, during the time that we need to assess your disputeor objection, or if it is already clear that there is no longer any legalground for further processing of the personal data, but you still have aninterest in us not deleting the personal data. If we limit the processing ofyour personal data at your request, we may still use that data for thesettlement of legal proceedings or a (legal) dispute.
8.5. Right to data portability
At your request, we may transfer the data that we automatically process to execute the agreement or based on your consent, to you or another party designated by you. You can make such a request at reasonable intervals.
8.6. Automated individual decision making
We do not take decisions based solely on automated processing.
8.7. Right of restriction of processing and withdrawal of permission
If we process data on the grounds of a legitimate interest, you may object to the processing. If weprocess data based on your consent, you may withdraw that consent. For more information, please refer to the relevant processing purposes above.
8.8. Exercising your rights
To exercise your rights, please contact us using the contact details below. In case of a writtenrequest, we ask you to identify yourself adequately to prevent misuse. You can do this by sending a copy of a valid proof of identification. Do not forget to screen off your citizen service number and passport photo on the copy. Westrive to process your request within one month.
Do you have a complaint about our processing of your personal data? Please contact us using the contact details below. We are happy to assist you. Under the European privacy legislation you are also entitled to submit a complaint directly to the PersonalData Authority. We strive to process your complaint within one month.
10. Contact details
If you have questions,concerns or comments about this privacy statement or our processing of yourpersonal data, please contact us via e-mail at firstname.lastname@example.org, by calling +31 26 303 3421 or by post to:
Enliven Social EnterpriseB.V.
Attn. Legal Department
6811 AE Arnhem
We strive to process your request within one month