At Enlyft, we take pride in the accuracy and integrity of the data we offer to our clients (each a “Client”). This Privacy Policy explains how we collect and treat information through our sales and marketing data interface and integrations (the “Platform”), and other online channels we own or operate (collectively, the “Site”), as well as other services we offer (altogether, with the Platform and Site, our “Services”). This Privacy Policy is governed by and part of our Terms of Service. Any terms defined in the Terms of Service have the same meaning when used in this Privacy Policy.

To learn whether your Personal Data is included on our Platform, or to opt-out of processing by Enlyft, please visit our Verify Information page.

You consent to our privacy practices described in this Privacy Policy by accessing our Site, registering on our Platform, providing us with your Personal Data, or allowing us to process your Personal Data following receipt of a notice from Enlyft that your Personal Data is included in our records. If you do not agree with this Privacy Policy, do not access or use our Services.  

Enlyft’s Privacy Promise

Our Services are built to offer the richest, deepest, and most reliable company data to support your business goals, while respecting the privacy of everyone whose Personal Data is captured within the data collected and made available via our Platform Enlyft Data. To ensure you have complete confidence in Enflyt Data and our privacy practices, we offer this privacy promise to you:

·       Human Element: Enlyft brings the human element back into marketing and sales. Human users leverage Enlyft technology to build target profiles unique to each Client’s needs.

·       Trusted Data Sources: Your Personal Data within Enlyft Data is either provided to Enlyft by you or is professional information collected from publicly available resources or our trusted data vendors. We carefully vet our data vendors and other third-party data sources for lawful privacy practices and data integrity.

·       Privacy is Key: Enlyft will never collect or disclose Personal Data that was meant to remain private.

·       No Mass Marketing: Our Services are designed to support tailored, personalized sales messages and marketing campaigns to the right accounts at the right time. Enlyft does not use mass communications or spamming techniques, and we prohibit our Services from being used in this manner.

·       You’re In Control: You can always control your Personal Data on Enlyft. As part of our commitment to data integrity, we encourage you to submit requests to [email protected] to correct or delete Personal Data within the Enlyft Data.

·       Enlyft as Controller: When we collect Personal Data from your visit to our Site or to include it in the Enlyft Data for use by our Platform Clients, we do so as a data controller. This Privacy Policy describes how Enlyft treats that Personal Data.

·       Enlyft as Processor: When our Custom Solutions Clients use Enlyft Data, we act as a processor or service provider to the Custom Solutions Client.

·       Your Rights: Enlyft welcomes your requests to restrict our use or processing of your Personal Data as provided under your privacy rights (see Section 6).

·       Client Use of Personal Data: This Privacy Policy applies to processing of Personal Data by Enlyft only. Enlyft contractually obligates all Clients to use Enlyft Data in compliance with applicable laws, including privacy laws and the exercise of privacy rights by consumers. However, Enlyft cannot control how a Client ultimately uses Enlyft Data. As such, this Privacy Policy does not apply to the use of Enlyft Data by Clients. Please direct any questions relating to a Client’s use of Enlyft Data to that Client.

If you have questions about this Privacy Policy or any of our Services, please contact us at [email protected].

1.     Personal Data

As used in this Privacy Policy, “Personal Data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Data falls within certain categories, for example:

·       Identifiers (e.g., name, email, telephone number, address, username);

·       Sensitive Personal Data (e.g., government identification number; precise geolocation; racial or ethnic origin; religious beliefs; health data; contents messages when Enlyft is not the recipient);

·       Legally protected information (e.g., race, citizenship, marital status, sex);

·       Employment-related information (e.g., current or past employment);

·       Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99);

·       Biometrics (e.g., DNA, face/voice prints, health data) and audio, electronic, visual, thermal, or olfactory information;

·       Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies);

·       Internet or other similar activity (e.g., browsing history; content interactions); and

·       Inferences drawn from Personal Data to create a profile about preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, and aptitudes.

Not all information is protected as Personal Data under privacy laws. Information may not be covered by the privacy laws applicable to you if it is: (a) publicly available; (b) aggregated information, meaning data summaries or reports with the Personal Data removed; or (c) anonymized or de-identified.  

2.    Collection and Use of Personal Data

a.    Categories of Personal Data Collected

Enlyft may collect Personal Data: (i) with your consent; (ii) if we have a legitimate interest in doing so; or (iii) as authorized or required by law. We only collect, use, retain, and disclose Personal Data as is adequate and relevant to the specific, express purposes described below or as reasonably necessary and proportionate to provide our Services or for other purposes that we disclose to you and are compatible with the context of how we collected your Personal Data.

b.   Sources of Collection

During the preceding 12 months, we have collected Personal Data in the following categories: (i) identifiers; (ii) employment-related information; (iii) commercial information, (iv) internet or similar activity; and (v) inferences. Our sources of collection include:

·      Client’s use of the Platform. When a Client uses the Platform to discover, prioritize, and engage prospects, Enlyft collects commercial information such as the Client’s prospect profiles and interactions with prospects, and internet and similar activity like search history and content interactions. In addition to your consent for these activities, Enlyft collects this information to achieve our legitimate interests of providing you with the Services to which the Client subscribes and improving our technology and delivery of the Services to Clients. If a Client opts in for marketing communications, we may also use this data to market our Services to Clients in a manner that reflects the Client’s stated preferences..

·      Custom Solutions Clients. If you are a Custom Solutions Client, Enlyft will collect the Personal Data you choose to submit to our Platform, such as your identifiers (e.g., name, email, username), employment-related information (e.g., company, title, work history) as part of your Platform account profile, and any information you include in your communications with Enlyft. If you choose to link your Platform account with your social media or another third-party account, you consent to Enlyft automatically collecting your Personal Data from your third-party account. We collect this information with your consent, and we use it to provide you with the Services you request from Enlyft.

·       Our Data Sources. Enlyft uses trusted third-party data vendors and public data sources (each a “Data Source”) to collect data about professional contacts at companies that our Platform Clients may wish to prospect as part of a sales or marketing campaign. Enlyft executes contracts with each Data Source after a rigorous due diligence process focused on lawful privacy practices and data integrity. In all other cases, Enlyft uses automated technology to collect and generate Enlyft Data from publicly available online sources and methods, such as publicly available professional profiles and other online databases. All Personal Data collected in this manner is processed in alignment with the purposes for which the professional posted it online, and Enlyft processes the Personal Data in the same manner as if a human user manually views and analyzes the information. Enlyft processes the Personal Data included in this data with a legitimate interest in providing our Clients with the richest, deepest, and most reliable company data to support Clients’ business goals.

·       Our Clients or Resellers. Clients and Resellers of our Services may provide Enlyft with professional contact information about their subsidiaries, affiliates, or other organizations (“Contacts”). Contacts’ information is shared with Enlyft according to the privacy practices of each Client or Reseller. Enlyft may combine this information with Personal Data we previously collected about the Contact from other sources. Enlyft receives information about Contacts only for processing as instructed by the Client or Reseller. If Enlyft uses Contact information as a controller, we provide supplemental notice and ensure a lawful basis for processing the information.

·       Your communications with Enlyft. If you request information about our Services or other resources we offer, we will collect your name, email address and other contact information through an online form, email, or other Site feature with your consent and we will use it to provide you with the information you request. If you register as a Client, we will also collect information about your company and use a payment processor to collect and store your subscription fee payment information. We collect this information with the Client’s consent, and we use it to provide the Client with our Services. If you complete a survey, we will collect your responses with your consent and we will use the information you provide in your responses to improve our Services. By including Personal Information in your communication to Enlyft, you consent to this processing. If you do not want us to process your Personal Information, please omit it from your communication to Enlyft.

Additionally, if you opt-in to receive marketing communications from Enlyft, we may use the Personal Information in these communications to send you marketing messages about Enlyft and the Services we offer. If you opt-out of Enlyft marketing, we will not use your Personal Information for marketing purposes.

·       Automatically from your Site visit, with a legitimate interest. Depending on your consent and opt-in via Enlyft’s cookie consent banner on the Site, Enlyft may automatically collect details about your interactions through the Site or Platform, including your (i) browsing history; (ii) content interactions; (iii) device information (e.g., IP address, operating system, browser type, device ID, mobile network information, caller ID); (iv) usage details (e.g., traffic data, communication data and the features or resources you access and use); and (v) stored information (e.g., metadata). Like most commercial online services, Enlyft uses cookies and other technologies to track how visitors interact with the Site. Please read our Cookie Notice for more information about how we use cookies. We collect this information with the Site visitor’s consent as required by law, or to achieve our legitimate interest of providing and improving our Services. Additionally , we may also use this information to deliver targeted advertising if you opt-in to advertising cookies via the cookie consent banner.

Enlyft will not collect additional categories of Personal Data or use already collected Personal Data for purposes that are materially different, unrelated, or not reasonably necessary or compatible with the original purpose without notice and consent to you as required by law. Enlyft might also use your Personal Data to (i) monitor your compliance with any of your agreements with us; (ii) protect your privacy and enforce this Privacy Policy; (iii) if we believe it is necessary, to identify, contact, or bring legal action against persons or entities who may be causing injury to you, to us, or to others; (iv) comply with a law, regulation, legal process, or court order; or (v) fulfill any other purpose to which you consent.

3.    Children’s Privacy

Our Services are designed for adults, not children. Enlyft does not knowingly collect Personal Data from children under 16, and we will delete that information if we learn we have collected it. If you believe we have received information from a child under 16 or other unauthorized information, please contact [email protected].

4.    Retention of Personal Data

It is Enlyft’s policy to collect the richest and most reliable data to support our Clients’ efforts to achieve efficient and highly valuable sales and marketing campaigns. Enlyft Data offered to Clients on our Platform is retained as an essential asset to our provision of Services as long as it serves a legitimate interest. If we learn that any Enlyft Data is inaccurate or stored or used unlawfully, we will correct or delete that Enlyft Data as required by law and our company policies.  Personal Data associated with a Client’s account is retained while that account remains active and is deleted within 90 days after account closure. We retain data collected from cookies and similar technologies for trends analysis and data security purposes for up to 24 months or according to the cookie hosting company’s own policies. Enlyft reserves the right to retain data, including Personal Data, for longer periods if it is critical to our business and securely stores that retained data. Enlyft regularly reviews and deletes or deidentifies unnecessary data.

5.    Disclosing Personal Data

Enlyft will only disclose Personal Data to the third parties described in this section, with your permission, or as required by law. In the preceding 12 months, Enlyft has disclosed identifiers, employment-related information, commercial information, and internet or similar activity to third- party recipients for a business purpose. We may disclose this information to the following recipients:

a.    Our Clients. A core element of our Services is the provision of rich, deep, and reliable data about companies as prospects for Client sales and marketing campaigns. If a Client’s prospect profile for a sales or marketing campaign matches with your Personal Data contained in Enlyft Data, that Client may access your Personal Data on the Platform. Clients control their own prospect profiles and choose which Enlyft Data to access and how to use that data subject to the Client’s own privacy practices.

b.   Service Providers. Enlyft’s third-party service providers (e.g., data hosting companies, analytics services, fraud prevention vendors, and payment processors) may have access to your Personal Data to perform their contractual obligations to us. The type of information that we disclose to a service provider will depend on the service that they provide to us. Our service providers are subject to contractual agreements that protect your Personal Data, and we require all service providers to maintain confidentiality standards and organizational measures to ensure the security of your Personal Data. Our service providers are prohibited from selling or disclosing the Personal Data we provide.

c.    Affiliates. Enlyft may disclose the information we collect from you to our affiliates or subsidiaries following applicable privacy laws.

d.   Other Third Parties, as permitted by applicable law. For example: if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); to comply with a legal requirement or a court order; when we believe it is appropriate to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.

e.    Law enforcement, and other governmental agencies, at our sole discretion in connection with an investigation of any matter that is illegal or that could expose Enlyft or our affiliates or subsidiaries to liability.

f.     Aggregated and De-Identified Information. Enlyft reserves the right to disclose aggregated, anonymized, or de-identified information about any individuals with non-affiliated entities for research, product development, marketing, or other purposes, without restriction.

6.    Your Privacy Rights

a.    Controlling Your Personal Data

Enlyft provides you a variety of methods and options to directly control how we collect and use your Personal Data, including but not limited to:

·       Client Account. If you are a Client with an account on the Platform, you have the option to access, correct or update, or delete the Personal Data associated with your account at any time. If you require assistance, please contact [email protected].

·        Check Email. To learn if you are included in the Enlyft Directory, visit our Check Email page and follow the instructions.

·       Marketing Communications. If you inquire about our Services, we may use your contact information to send you marketing communications in compliance with applicable law. As part of our policy to provide you total privacy, you may opt-out of receiving these communications at any time by clicking the “Unsubscribe” button contained in any email or by sending a request to [email protected].

·       Device Settings. You can control the data we collect through automated means by adjusting your device settings, such as blocking cookies or installing a third-party plugin to control how cookies interact with your device.

·       Do Not Track. Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed below.

b.   Privacy Requests

To express concerns, lodge a complaint, or request information, please contact Enlyft at [email protected]. To exercise your rights under your applicable privacy laws beyond the methods described above, please follow the instructions below:

·       When Clients use Enlyft, If a Client contacts you as part of a sales or marketing campaign or for any other reason, please submit your request directly to the Client. ENLYFT CANNOT FULFILL A REQUEST RELATED TO A CLIENT’S USE OF YOUR PERSONAL DATA. In these cases, Enlyft acts as a service provider or processor only, and the Client is the controller. The Client is solely responsible for its own use of our Services, including all processing of Personal Data by the Client using our Services.

·       When Enlyft is the controller, meaning we use your Personal Data for our marketing or sales or we process your Personal Data via a Data Source, please submit your request to [email protected].

Enlyft can only fulfill a Privacy Request when we have sufficient information to verify that the requester is the person or an authorized representative of the person about whom we have collected Personal Data, and to properly understand, evaluate, and respond to the request. We do not charge a fee to process or respond to a request unless we have legal grounds to do so. We endeavor to respond to Privacy Requests following the requirements of the law applicable to your jurisdiction. Note that Enlyft collects Personal Data as a controller or business from publicly available sources and/or in a business-to-business context. As such, privacy rights may not extend to Personal Data in some cases.

c.    United States Consumer Privacy Rights California and Certain Other U.S. States

In the United States, consumer privacy is governed by federal privacy laws covering specific industries or data uses and state privacy laws providing general consumer privacy rights. This section provides general notices under state privacy laws that require companies to inform consumers about their privacy rights and provide a method to exercise those rights. Residents of states offering privacy protections (each a “Consumer”) may have some or all the following rights over their Personal Data:

·      Right to Correct. You have the right to request that we correct inaccurate Personal Data about you on our systems. If you become aware that the Personal Data that we hold about you is incorrect, or if your information changes, please inform us and we will update our records.

·      Right to Deletion. You have the right to request that we delete the Personal Data that we collected and retained, with certain exceptions. Enlyft may permanently delete, deidentify, or aggregate Personal Data in response to a request for deletion.

·      Right to Access. You have the right to request confirmation that we have collected Personal Data about you and that we provide you with access to that Personal Data. If you submit an access request, we will provide you with copies of the requested pieces of Personal Data in a portable and readily usable format. Please note that Enlyft may be prohibited by law from disclosing certain pieces of Personal Data, and we may be limited in the number or frequency of requests we must fulfill.

·      Right to Disclosure. You may request that we disclose information to you about our collection and use of your Personal Data, such as: (a) the categories of Personal Data we have collected about you; (b) the categories of sources for the Personal Data we have collected about you; (c) our business purpose for collecting, using, processing, sharing or selling that Personal Data, as applicable; (d) the categories of third parties with whom we share that Personal Data; and (e) if we sold or shared your Personal Data under the CCPA, two separate lists stating: (i) sales or sharing, identifying the Personal Data categories that each category of recipient purchased; and (ii) disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained. Certain laws may limit the number or frequency of requests we must fulfill.

·      Limited Use and Disclosure of Sensitive Personal Data. You have the right to opt-out or limit our use of your sensitive Personal Data. Enlyft may collect or receive Personal Data from you that qualifies as sensitive Personal Data under privacy laws. Enlyft does not and will not disclose any sensitive Personal Data for the purpose of inferring characteristics about you or otherwise use your sensitive Personal Data without your consent. We only use this Personal Data to provide the Services and, where we process the Personal Data for a covered entity, in compliance with HIPAA controls. If this ever changes in the future, we will update this Privacy Policy and provide you with methods to opt-out or limit our use and disclosure of sensitive Personal Data.

·      No Selling or Sharing Personal Data. Some states entitle consumers to opt out of the sale or sharing of Personal Data or targeted advertising practices. Enlyft does not sell your Personal Data or share your Personal Data with third parties for cross-contextual behavioral advertising purposes. If this changes in the future, we will update this Privacy Policy and provide you with a method to opt-out.

·      No Patient Profiling. You have the right to opt-out of automated profiling. Enlyft does not process your Personal Data to evaluate, analyze, or predict your interests and preferences or otherwise use automated profiling to produce significant effects that concern you. If this changes in the future, we will update this Privacy Policy and provide you with a method to opt-out.

·      Right to Nondiscrimination. We will not discriminate against you for exercising your privacy rights. For example, unless permitted by law we will not: (i) deny you goods or services; (ii) charge you different prices or rates for goods or services; (iii) provide you a different level or quality of goods or services; (iv) retaliate against you as an employee, applicant for employment, or independent contractor for exercising your privacy rights; or (v) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised a right under applicable privacy laws.

·      Health Data Rights. Enlyft does not collect any health data. As a courtesy notice, some state laws entitle consumers to certain details about health data collected about them, including (i) confirmation of whether the entity collects, shares, or sells the consumer’s health data and access that data, including a list of all third parties and affiliates with whom the entity has shared or sold the health data and a method to contact those third parties, (ii) a method to withdraw consent related to use of health data, and (iii) the right to have their health data be deleted.

·      Right to Disclosure of Marketing Information. California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California residents to request certain disclosures regarding Personal Data sharing with affiliates and/or third parties for marketing purposes.

Consumers may exercise these rights by submitting a verifiable Privacy Request to Enlyft. We will respond within the legally required timeline to the extent the applicable law applies to you and our business activities. If your Privacy Request is not addressed in a timely manner, you can appeal it by contacting [email protected].  

d.   Canadian Privacy Rights

We adopted this section to provide supplemental information in compliance with Canada’s Personal Data Protection and Electronic Documents Act (“PIPEDA”). This section applies solely to residents of Canada where PIPEDA applies (“Canadian Consumers”). PIPEDA gives Canadian Consumers specific rights regarding Personal Data offering details on an identifiable person without the inclusion of name, title, telephone number, and business address of an employee of a business or organization. The following paragraphs describe PIPEDA rights and explain how to exercise those rights.

·       Right to know why we collect, use, and distribute the Personal Data we process. We have set the required notices in this Privacy Policy. We may provide you with additional notices about other ways we process your Personal Data, such as by sending you a notice via email or by other means of communication.

·       Right to expect us to collect, use, or disclose Personal Data responsibly and not for any other purpose other than which you consented. We set your expectations in this Privacy Policy and collect express or implied consent at various stages of collection or processing. If we collect or use your Personal Data based on your consent, we will also notify you of any changes and will request your further consent as needed. You may withdraw your consent at any time with reasonable notice by contacting us at [email protected].

·       Right to accuracy of your Personal Data. We take steps to reasonably ensure that your Personal Data we are using is accurate. In most cases, we rely on you to ensure that your information is current, complete, and accurate. We provide methods for you to correct, update, and delete inaccurate Personal Data in your account, and we will provide you with reasonable assistance to ensure that your Personal Data is accurate in our systems and with our service providers.

·       Right to access your Personal Data. Upon written request and identity authentication, we will provide you with your Personal Data under our control, information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed. We will make the information available within 30 days or provide written notice where additional time is required to fulfill the request. If limited by law or potential infringement on another’s privacy rights, we may not be able to provide access to some or all of the Personal Data you request. If we must refuse an access request, we will notify you in writing, document the reasons for refusal, and outline further steps that are available to you.

e.    European Economic Area and United Kingdom Privacy Rights

We adopted this section to comply with the General Data Protection Regulations (“GDPR”) and its counterpart regulation applicable to residents of the United Kingdom. This section applies solely to residents of the European Union and the European Economic Area and the United Kingdom (“Data Subjects”). If you are a Data Subject, you have the following rights in relation to the Personal Data we hold about you:

·       Right to know how we process your Personal Data. We have set the required notices in this Privacy Policy. We may provide you with additional notices about other ways we process your Personal Data, such as by sending you a notice via email or by other means of communication. We notify Data Subjects via email that their Contact Information has been added to the Enlyft Directory and may be used by third parties to contact them. Learn more about Enlyft email notification.

·       Right to access your Personal Data. You can request to access your Personal Data. Upon request, we will provide you with a copy of your Personal Data, along with details about the types of Personal Data we process, why we process it, and any third parties we work with to collect Personal Data on our behalf. We may have one or more legally valid reasons to refuse your request in whole or in part, for example, to protect the rights of other individuals.

·       Right to restrict processing of your Personal Data. You can request that we restrict the processing of your Personal Data if: (i) the data is inaccurate; (ii) the processing is unlawful; (iii) we no longer need the Personal Data; or (iv) you exercise your right to object.

·       Right to rectify your Personal Data. If you become aware that the Personal Data that we hold about you is incorrect, or if your information changes, please inform us and we will update our records.

·       Right to data portability. In some circumstances, we are required to provide your Personal Data to another organization at your request and in a structured, commonly used machine-readable format, so that the other organization can read and use it.

·       Right to erasure (a.k.a. the “right to be forgotten”). Upon your request, and in certain circumstances and where we are required to do so by law, we are required to delete your Personal Data. This right is not absolute, and we may be entitled to retain and process your Personal Data despite your request. If you make this request, we balance certain legal, contractual, and business interests against your right to request the deletion of your Personal Data.

·       Right to object to certain processing of your Personal Data. Upon your request, and in certain circumstances and where we are required to do so by law, we will limit our processing of your Personal Data as you request.

·       Right to not be subject to Automated Decision-Making (“ADM”). Enlyft uses algorithms to prioritize Client target profiles, but our technology does not use ADM in a manner that produces legal effects concerning or significantly affecting any individual. If this changes in the future, we will update this posting to describe our use of ADM and your options to exercise your privacy rights related to your Personal Data processed using ADM.

If you are a resident of the EEA and you believe we are unlawfully processing your Personal Data, you also have the right to complain to your local data protection supervisory authority. If you are a resident in Switzerland, you have the right to complain to the Swiss data protection authorities.