Enlyft’s Privacy Promise
Our Services are built to offer the richest, deepest, and most reliable company data to support your business goals, while respecting the privacy of everyone whose Personal Data is captured within the data collected and made available via our Platform (the “Enlyft Data”). To ensure you have complete confidence in the Enflyt Data and our privacy practices, we offer this privacy promise to you:
· Human Element: Enlyft brings the human element back into marketing and sales. Human users leverage Enlyft technology to build target profiles unique to each Client’s needs.
· Trusted Data Sources: Your Personal Data within Enlyft Data is either provided to Enlyft by you or is professional information collected from publicly available resources or our trusted data vendors. We carefully vet our data vendors and other third-party data sources for lawful privacy practices and data integrity.
· Privacy is Key: Enlyft will never collect or disclose Personal Data that was meant to remain private.
· No Mass Marketing: Our Services are designed to support tailored, personalized sales messages and marketing campaigns to the right accounts at the right time. Enlyft does not use mass communications or spamming techniques, and we prohibit our Services from being used in this manner.
· You’re In Control: You can always control your Personal Data on Enlyft. As part of our commitment to data integrity, we encourage you to submit requests to [email protected] to correct or delete Personal Data within the Enlyft Data.
· Enlyft as Processor: When our Custom Solutions Clients use Enlyft Data, we act as a processor or service provider to the Custom Solutions Client.
· Your Rights: Enlyft welcomes your requests to restrict our use or processing of your Personal Data in accordance with your privacy rights (see Section 6).
1. Personal Data
· Identifiers (e.g., name, email, telephone number, address, username);
· Sensitive Personal Data (e.g., government identification number; precise geolocation; racial or ethnic origin; religious beliefs; health data; contents messages when Enlyft is not the recipient);
· Legally protected information (e.g., race, citizenship, marital status, sex);
· Employment-related information (e.g., current or past employment);
· Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99);
· Biometrics (e.g., DNA, face/voice prints, health data) and audio, electronic, visual, thermal, or olfactory information;
· Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies);
· Internet or other similar activity (e.g., browsing history; content interactions); and
· Inferences drawn from Personal Data to create a profile about preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, and aptitudes.
Not all information is protected as Personal Data under privacy laws. Information may not be covered by the privacy laws applicable to you if it is: (a) publicly available; (b) aggregated information, meaning data summaries or reports with the Personal Data removed; or (c) anonymized or de-identified.
2. Collection and Use of Personal Data
a. Categories of Personal Data Collected
Enlyft may collect Personal Data: (i) with your consent; (ii) if we have a legitimate interest in doing so; or (iii) as authorized or required by law. We only collect, use, retain, and disclose Personal Data as is adequate and relevant to the specific, express purposes described below or as reasonably necessary and proportionate to provide our Services or for other purposes that we disclose to you and are compatible with the context of how we collected your Personal Data.
b. Sources of Collection
During the preceding 12 months, we have collected Personal Data in the following categories: (i) identifiers; (ii) employment-related information; (iii) commercial information, (iv) internet or similar activity; and (v) inferences. Our sources of collection include:
· Client’s use of the Platform. When a Client uses the Platform to discover, prioritize, and engage prospects, Enlyft collects commercial information such as the Client’s prospect profiles and interactions with prospects, and internet and similar activity like search history and content interactions. In addition to your consent for these activities, Enlyft collects this information to achieve our legitimate interests of providing you with the Services to which you subscribe and improving our technology and ability to market and deliver our Services to Clients.
· Custom Solutions Clients. If you are a Custom Solutions Client, Enlyft will collect the Personal Data you choose to submit to our Platform, such as your identifiers (e.g., name, email, username), employment-related information (e.g., company, title, work history) as part of your Platform account profile, and any information you include in your communications with Enlyft. If you choose to link your Platform account with your social media or another third-party account, you consent to Enlyft automatically collecting your Personal Data from your third-party account. We collect this information with your consent, and we use it to provide you with the Services you request from Enlyft.
· Our Data Sources. Enlyft uses trusted third-party data vendors and public data sources (each a “Data Source”) to collect data about professional contacts at companies that our Platform Clients may wish to prospect as part of a sales or marketing campaign. Enlyft executes contracts with each Data Source after a rigorous due diligence process focused on lawful privacy practices and data integrity. In all other cases, Enlyft uses automated technology to collect and generate Enlyft Data from publicly available online sources and methods, such as publicly available professional profiles and other online databases. All Personal Data collected in this manner is processed in alignment with the purposes for which the professional posted it online, and Enlyft processes the Personal Data in the same manner as if a human user manually views and analyzes the information. Enlyft processes the Personal Data included in this data with a legitimate interest to provide our Platform customers with the richest, deepest, and most reliable company data to support Clients’ business goals.
· Our Clients or Resellers. Clients and Resellers of our Services may provide Enlyft with professional contact information about their subsidiaries, affiliates, or other organizations (“Contacts”). Contacts’ information is shared with Enlyft according to the privacy practices of each Client or Reseller. Enlyft may combine this information with Personal Data we previously collected about the Contact from other sources. Enlyft receives Contacts information only for processing as instructed by the Client or Reseller. If Enlyft uses Contact information as a controller, we provide supplemental notice and ensure a lawful basis for processing the information.
· Your communications with Enlyft. If you request information about our Services or other resources we offer, we collect your name, email address and other contact information through an online form, email, or other Site feature. If you complete a survey, we will collect your responses. If you register as a Client, we will also collect information about your company and use a payment processor to collect and store your subscription fee payment information. We collect this information with your consent and use it for the purposes stated at the time of collection, to provide you with our Services, and to communicate with you or send you marketing information.
3. Children’s Privacy
Our Services are designed for adults, not children. Enlyft does not knowingly collect Personal Data from children under 16, and we will delete that information if we learn we have collected it. If you believe we have received information from a child under 16 or other unauthorized information, please contact [email protected].
4. Retention of Personal Data
It is Enlyft’s policy to collect the richest and most reliable data to support our Clients’ efforts to achieve efficient and highly valuable sales and marketing campaigns. Enlyft Data offered to Clients on our Platform is retained as an essential asset to our provision of Services as long as it serves a legitimate interest. If we learn that any Enlyft Data is inaccurate or stored or used unlawfully, we will correct or delete that Enlyft Data as required by law and our company policies. Personal Data associated with a Client’s account is retained while that account remains active and is deleted within 90 days after account closure. We retain data collected from cookies and similar technologies for trends analysis and data security purposes for up to 24 months or according to the cookie hosting company’s own policies. Enlyft reserves the right to retain data, including Personal Data, for longer periods if it is critical to our business and securely stores that retained data. Enlyft regularly reviews and deletes or deidentifies unnecessary data.
5. Disclosing Personal Data
Enlyft will only disclose Personal Data to the third parties described in this section, with your permission, or as required by law. In the preceding 12 months, Enlyft has disclosed identifiers, employment-related information, commercial information, and internet or similar activity to third- party recipients for a business purpose. We may disclose this information to the following recipients:
a. Our Clients. A core element of our Services is the provision of rich, deep, and reliable data about companies as prospects for Client sales and marketing campaigns. If a Client’s prospect profile for a sales or marketing campaign matches with your Personal Data contained in Enlyft Data, that Client may access your Personal Data on the Platform. Clients control their own prospect profiles and choose which Enlyft Data to access and how to use that data subject to the Client’s own privacy practices.
b. Service Providers. Enlyft’s third-party service providers (e.g., data hosting companies, analytics services, fraud prevention vendors, and payment processors) may have access to your Personal Data to perform their contractual obligations to us. The type of information that we disclose to a service provider will depend on the service that they provide to us. Our service providers are subject to contractual agreements that protect your Personal Data, and we require all service providers to maintain confidentiality standards and organizational measures to ensure the security of your Personal Data. Our service providers are prohibited from selling or disclosing the Personal Data we provide.
c. Affiliates. Enlyft may disclose the information we collect from you to our affiliates or subsidiaries in accordance with applicable privacy laws.
d. Other Third Parties, as permitted by applicable law. For example: if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); to comply with a legal requirement or a court order; when we believe it is appropriate to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.
e. Law enforcement, and other governmental agencies, at our sole discretion in connection with an investigation of any matter that is illegal or that could expose Enlyft or our affiliates or subsidiaries to liability.
f. Aggregated and De-Identified Information. Enlyft reserves the right to disclose aggregated, anonymized, or de-identified information about any individuals with non-affiliated entities for research, product development, marketing, or other purposes, without restriction.
6. Your Privacy Rights
a. Controlling Your Personal Data
Enlyft provides you a variety of methods and options to directly control how we collect and use your Personal Data, including but not limited to:
· Client Account. If you are a Client with an account on the Platform, you have the option to access, correct or update, or delete the Personal Data associated with your account at any time. If you require assistance, please contact [email protected].
· Check Email. To learn if you are included in the Enlyft Directory, visit our Check Email page and follow the instructions.
· Marketing Communications. If you inquire about our Services, we may use your contact information to send you marketing communications in compliance with applicable law. As part of our policy to provide you total privacy, you may opt-out of receiving these communications at any time by clicking the “Unsubscribe” button contained in any email or by sending a request to [email protected].
· Device Settings. You can control the data we collect through automated means by adjusting your device settings, such as blocking cookies or installing a third-party plugin to control how cookies interact with your device.
· Do Not Track. Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed below.
b. Privacy Requests
To express concerns, lodge a complaint, or request information, please contact Enlyft at [email protected]. To exercise your rights under your applicable privacy laws beyond the methods described above, please follow the instructions below:
· When Clients use Enlyft, If a Client contacts you as part of a sales or marketing campaign or for any other reason, please submit your request directly to the Client. ENLYFT CANNOT FULFILL A REQUEST RELATED TO A CLIENT’S USE OF YOUR PERSONAL DATA. In these cases, Enlyft acts a service provider or processor only, and the Client is the controller. The Client is solely responsible for its own use of our Services, including all processing of Personal Data by the Client using our Services.
· When Enlyft is the controller, meaning we use your Personal Data for our marketing or sales or we process your Personal Data via a Data Source, please submit your request to [email protected].
Enlyft can only fulfill a Privacy Request when we have sufficient information to verify that the requester is the person or an authorized representative of the person about whom we have collected Personal Data, and to properly understand, evaluate, and respond to the request. We do not charge a fee to process or respond to a request unless we have legal grounds to do so. We endeavor to respond to Privacy Requests in accordance with the requirements of the law applicable to your jurisdiction. Note that Enlyft collects Personal Data as a controller or business from publicly available sources and/or in a business-to-business context. As such, privacy rights may not extend to Personal Data in some cases.
c. United States Consumer Privacy Rights California and Certain Other U.S. States
In the United States, consumer privacy is governed by federal privacy laws covering specific industries or data uses and state privacy laws providing general consumer privacy rights. This section provides general notices under state privacy laws that require companies to inform consumers about their privacy rights and provide a method to exercise those rights. Residents of states offering privacy protections (each a “Consumer”) may have some or all the following rights over their Personal Data:
· Right to Correct. You have the right to request that we correct inaccurate Personal Data about you on our systems. If you become aware that the Personal Data that we hold about you is incorrect, or if your information changes, please inform us and we will update our records.
· Right to Deletion. You have the right to request that we delete the Personal Data that we collected and retained, with certain exceptions. Enlyft may permanently delete, deidentify, or aggregate Personal Data in response to a request for deletion.
· Right to Access. You have the right to request confirmation that we have collected Personal Data about you and that we provide you with access to that Personal Data. If you submit an access request, we will provide you with copies of the requested pieces of Personal Data in a portable and readily usable format. Please note that Enlyft may be prohibited by law from disclosing certain pieces of Personal Data, and we may be limited in the number or frequency of requests we must fulfill.
· Right to Disclosure. You may request that we disclose information to you about our collection and use of your Personal Data, such as: (a) the categories of Personal Data we have collected about you; (b) the categories of sources for the Personal Data we have collected about you; (c) our business purpose for collecting, using, processing, sharing or selling that Personal Data, as applicable; (d) the categories of third parties with whom we share that Personal Data; and (e) if we sold or shared your Personal Data under the CCPA, two separate lists stating: (i) sales or sharing, identifying the Personal Data categories that each category of recipient purchased; and (ii) disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained. Certain laws may limit the number or frequency of requests we must fulfill.
· Right to Nondiscrimination. We will not discriminate against you for exercising your privacy rights. For example, unless permitted by law we will not: (i) deny you goods or services; (ii) charge you different prices or rates for goods or services; (iii) provide you a different level or quality of goods or services; (iv) retaliate against you as an employee, applicant for employment, or independent contractor for exercising your privacy rights; or (v) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised a right under applicable privacy laws.
· Health Data Rights. Enlyft does not collect any health data. As a courtesy notice, some state laws entitle consumers to certain details about health data collected about them, including (i) confirmation of whether the entity collects, shares, or sells the consumer’s health data and access that data, including a list of all third parties and affiliates with whom the entity has shared or sold the health data and a method to contact those third parties, (ii) a method to withdraw consent related to use of health data, and (iii) the right to have their health data be deleted.
· Right to Disclosure of Marketing Information. California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California residents to request certain disclosures regarding Personal Data sharing with affiliates and/or third parties for marketing purposes.
Consumers may exercise these rights by submitting a verifiable Privacy Request to Enlyft. We will respond within the legally required timeline to the extent the applicable law applies to you and our business activities. If your Privacy Request is not addressed in a timely manner, you can appeal it by contacting [email protected].
d. Canadian Privacy Rights
We adopted this section to provide supplemental information in compliance with Canada’s Personal Data Protection and Electronic Documents Act (“PIPEDA”). This section applies solely to residents of Canada where PIPEDA applies (“Canadian Consumers”). PIPEDA gives Canadian Consumers specific rights regarding Personal Data offering details on an identifiable person without the inclusion of name, title, telephone number, and business address of an employee of a business or organization. The following paragraphs describe PIPEDA rights and explain how to exercise those rights.
· Right to accuracy of your Personal Data. We take steps to reasonably ensure that your Personal Data we are using is accurate. In most cases, we rely on you to ensure that your information is current, complete, and accurate. We provide methods for you to correct, update, and delete inaccurate Personal Data in your account, and we will provide you with reasonable assistance to ensure that your Personal Data is accurate in our systems and with our service providers.
· Right to access your Personal Data. Upon written request and identity authentication, we will provide you with your Personal Data under our control, information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed. We will make the information available within 30 days or provide written notice where additional time is required to fulfill the request. If limited by law or potential infringement on another’s privacy rights, we may not be able to provide access to some or all of the Personal Data you request. If we must refuse an access request, we will notify you in writing, document the reasons for refusal, and outline further steps that are available to you.
e. European Economic Area and United Kingdom Privacy Rights
We adopted this section to comply with the General Data Protection Regulations (“GDPR”) and its counterpart regulation applicable to residents of the United Kingdom. This section applies solely to residents of the European Union and the European Economic Area and the United Kingdom (“Data Subjects”). If you are a Data Subject, you have the following rights in relation to the Personal Data we hold about you:
· Right to access your Personal Data. You can request to access your Personal Data. Upon request, we will provide you with a copy of your Personal Data, along with details about the types of Personal Data we process, why we process it, and any third parties we work with to collect Personal Data on our behalf. We may have one or more legally valid reasons to refuse your request in whole or in part, for example, to protect the rights of other individuals.
· Right to restrict processing of your Personal Data. You can request that we restrict the processing of your Personal Data if: (i) the data is inaccurate; (ii) the processing is unlawful; (iii) we no longer need the Personal Data; or (iv) you exercise your right to object.
· Right to rectify your Personal Data. If you become aware that the Personal Data that we hold about you is incorrect, or if your information changes, please inform us and we will update our records.
· Right to data portability. In some circumstances, we are required to provide your Personal Data to another organization at your request and in a structured, commonly used machine-readable format, so that the other organization can read and use it.
· Right to erasure (a.k.a. the “right to be forgotten”). Upon your request, and in certain circumstances and where we are required to do so by law, we are required to delete your Personal Data. This right is not absolute, and we may be entitled to retain and process your Personal Data despite your request. If you make this request, we balance certain legal, contractual, and business interests against your right to request the deletion of your Personal Data.
· Right to object to certain processing of your Personal Data. Upon your request, and in certain circumstances and where we are required to do so by law, we will limit our processing of your Personal Data as you request.
· Right to not be subject to Automated Decision-Making (“ADM”). Enlyft uses algorithms to prioritize Client target profiles, but our technology does not use ADM in a manner that produces legal effects concerning or significantly affecting any individual. If this changes in the future, we will update this posting to describe our use of ADM and your options to exercise your privacy rights related to your Personal Data processed using ADM.
If you are a resident of the EEA and you believe we are unlawfully processing your Personal Data, you also have the right to complain to your local data protection supervisory authority. If you are a resident in Switzerland, you have the right to complain to the Swiss data protection authorities.
7. Cookie Notice
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
8. Data Security
Enlyft has implemented and maintains reasonable and appropriate security procedures and practices to help protect your Personal Data from unauthorized or illegal access, destruction, use, modification, or disclosure. Our security measures are appropriate to the volume, scope, and nature of the Personal Data processed and designed to meet our duty of care with respect to your Personal Data. The Platform and our other Services are designed with data security in mind to continuously protect your data and our systems. Enlyft maintains internal policies to govern the collection, processing, and handling of data. Access to Personal Data is limited to employees and contractors as needed to perform their job functions. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations. We also ensure that our employees, contractors, and agents responsible for handling privacy inquiries are informed of applicable legal requirements and we restrict access to those who need that information to process it.
However, no transmission of data over the Internet is 100% secure, and we cannot guarantee that unauthorized third parties will not defeat our security measures or use your Personal Data for improper purposes. Clients that create an account on the Platform are responsible for maintaining the confidentiality of their username and password. We encourage you to take steps to protect against unauthorized access to your account and device by choosing a robust password and signing off after each session. Enlyft is not responsible for any lost, stolen, or compromised passwords, or for any activity on your account via unauthorized activity.
9. Cross-Border Data Transfers
Enlyft is owned and operated in the United States. We use technical infrastructure in the United States and other jurisdictions to provide our Services to Clients wherever they are located. As such, we must sometimes transfer data across jurisdictional boundaries. If you access our Site or use the Platform or any of our other Services from outside of the U.S., please be aware that the Personal Data we collect about you may be transferred to, processed, stored, and used in the U.S. or other jurisdictions. When your information is moved from your home country to another country, the laws and rules that protect your Personal Data in the country to which your information is transferred may be different from those of the country where you live. For example, if your information is in the United States, it may be accessed by government authorities in accordance with U.S. law.
Enlyft is committed to transferring Personal Data using a lawful data transfer mechanism. Specifically, when we transmit data from the European Economic Area (“EEA”) to the U.S. or other jurisdictions, we do so pursuant to standard contract clauses approved by the European Commission and employ those security measures required by the country in question to secure the data. To the extent that Enlyft is deemed to transfer Personal Data from the EEA to outside of the EEA, we do so on the legal basis that such transfer is necessary to provide you with the Services you choose to use.
However, Enlyft does do not warrant that the Platform or our other Services are appropriate or authorized for use in any other jurisdictions. Each Client and other users are solely responsible for determining whether their use of our Services complies with applicable laws. Your use of our Services constitutes your consent to the transfer and processing of your Personal Data as described in this section.
10. Third-party Platforms and Social Media
We may provide links to third-party websites or platforms or allow you to link to our Services from social media. Enlyft offers this as a convenience, but we are not responsible for and have no ability to control the privacy and data collection, use, and disclosure practices of any third party. When you click on links that take you to external websites or platforms, you will be subject to their privacy policies and practices and not ours. You are encouraged to review and understand the privacy policies of such websites or platforms before submitting any information.
With regards to data privacy, please refer to: Frequently Asked Questions (FAQs).