Enreach is committed to protect and respect your privacy. This privacy notice explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
You can find our contact information here:
Enreach (Benemen Oy)
Address: Valimotie 13 A, 00380 Helsinki, Finland
Phone: +358 40 450 3001
Data Protection Officer
We have a Data Protection Officer (DPO). If you have any questions relating to the processing of your personal data or want to contact our DPO, feel free to send an e-mail to the address below.
What do we mean by these fancy words?
This is what we mean when we make certain references within this notice.
"Client", "you", refers to a private or corporate user or any other data subject who buys, registers for use, or uses our services and who may have submitted personally identifiable information to us. This information may have been submitted using our services, web sites, telephone, email, registration forms, or other similar channels.
"Personal data" refers to any information on private individuals and their personal characteristics or circumstances, which are identifiable to them. This information may include names, email and mailing addresses, telephone numbers, and other information incidental to the services and their provisioning.
"Services" refer to any services or products that are manufactured or distributed by Enreach, including software, web solutions, tools, and related support services.
"Web site" refers to the www.enreach.fi, www.enreach.se, www.enreach.dk web site or any other web site that Enreach hosts or controls, including sub-sites and browser-based service portals.
“Data Controller” is a party or entity that determines the purposes and means of the processing of personal data. A company functions as a data controller when it decides how such information is to be used, and then uses that information accordingly.
“Data Processor” is a party or entity that processes Personal Information on behalf of a Data Controller. A company functions as a Data Processor when it acts as an agent of another company, following its instructions as to how that information should be handled and processed.
“Third Party” is an entity or person other than you, Enreach or its customers who may act as controllers to the personal data. Third party data recipients with whom personal data may be shared include service providers, accountants and auditors, and external legal counsels.
“Sensitive personal data” is personal data treated in European data protection laws as posing special risks to an individual, such as information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health, or sex life.
When do we collect personal data about you?
- When you are using our services, provided to you by your employer.
- When you interact with us in person, by mail, by phone, by social media, or through our websites.
- When we collect personal information from other legitimate sources, such as third-party data aggregators, Enreach partners, public sources or social networks. We only use this data if you have given your consent to them to share your personal data with others.
- We may collect personal data if it is of legitimate interest, and if this interest is not overridden by your privacy interests. Before data is collected we make sure an assessment is made, ensuring that there is an established mutual interest between you and Enreach.
Why do we collect and use personal data?
We process our customer controlled personal data mainly to provide and enhance communication services to you, according to the controllers’ instructions.
We also process personal data that we control, to perform direct sales, direct marketing and customer service. We also collect data about suppliers, partners and persons seeking a job or working in our company.
We may use your information for the following purposes:
- To personalize your experience and to allow us to deliver the type of content service and products as agreed based on contract.
- To deliver our services to you, maintain and develop our services and web sites, and to provide help and support for the services
- Send you marketing communications which you have requested. These may include information about our products and services, events, activities, and promotions of our associated partners’ products and services. This communication is subscription based and requires your consent.
- Send you information about the products and services that you are using.
- Perform direct sales activities in cases where legitimate and mutual interest is established.
- Provide you content and venue details on a webinar or event you signed up for.
- Reply to a ‘Contact me’ or other web forms you have completed on enreach.fi (e.g. to download a whitepaper).
- Follow up on incoming requests (customer support, emails, chats, or phone calls).
- Provide access to our Customer Support portal.
- To make our communication more efficient, we may use your profiled personal information. For example, to best serve you, we may route your call to the customer service agent who is just now the best person to answer your requests, based on our common history together. We do not use profiled information to make automated decisions
- Perform contractual obligations such as order confirmation, license details, invoice, reminders, and similar.
- Notify you about any disruptions to our services (system messages).
- Contact you to conduct surveys about your opinion on our products and services.
- Process a job application.
- To prevent fraudulent activities, remove or stop sharing of illegal or infringing material, and comply with legal or regulatory requirements.
However, we seek to give you as much control as possible. For example, we may ask you for your separate consent for some data collected or provide a possibility to opt out from non-critical data collection.
What type of personal data is collected?
We may, as a controller, or when you are using our services we provide to our corporate customers, as a processor on behalf of the controller, collect the following data:
Email address, name, phone number, login credentials, company name, company address, call history, call recordings, location, presence, chat messages, SMS messages and email messages
Calendar data, such as: Subject, Body, Status, Location, Event time, Event date
Computer and operation network related data, such as: Network name, Network quality and Computer name
We may also collect feedback, comments and questions received from you in service-related communication and activities, such as meetings, phone calls, documents, and emails. From our websites we may collect IP-address and actions taken on the site.
If you apply for a job at Enreach, we collect the data you provide during the application process.
Enreach does not collect or process any special categories of personal data, such as public unique identifiers or sensitive personal data unless specifically required by legislation (e.g. related to employment).
How do we protect your information?
To ensure the security and confidentiality of personal data that we collect, we use data networks protected, inter alia, by industry standard firewall and password protection. In the course of handling your personal data, we take measures reasonably designed to protect that information from loss, misuse, unauthorized access, disclosure, alteration or destruction. Your personal information is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user or a system enters, submits, or accesses user information to maintain the safety of your personal information.
Our legal basis for collecting personal data
Collecting personal data based on consents
We use “Consent Forms” when we collect personal data based on your consent. They will store documentation related to the consent given by you. Individual consents will always be stored and documented in our systems.
Collecting personal data based on contracts
We use personal information for fulfilling our obligations related to contracts and agreements with customers, partners and suppliers.
Collecting personal data based on legitimate interest
We may use personal data if it is of legitimate interest, and if the privacy interests of the data subjects do not override this interest. Normally, to establish the legal basis for data collection, an assessment has been made during which a mutual interest between Enreach and the individual person has been identified. This legal basis is primarily related to our sales and marketing purposes. We will always inform individuals about their privacy rights and the purpose for collecting personal data.
How long do we keep your personal data?
We store personal data for as long as we find it necessary to fulfill the purpose for which the personal data was collected, while also considering our need to answer your queries or resolve possible problems, to comply with legal requirements under applicable laws, to attend to any legal claims/complaints, and for safeguarding purposes. The same applies also when the data is controlled by our customer, not Enreach. The decision in such cases is made by the controller.
This means that we may retain your personal data for a reasonable period after your last interaction with us. When the personal data that we have collected is no longer required, we will delete it in a secure manner. We may process data for statistical purposes, but in such cases, data will be anonymized.
Under GDPR, you have a number of rights regarding our processing of your personal data. To exercise these rights, please contact us via our contact information.
Right of access
You have the right to access the information we process about you.
Right to rectification
You have the right to have incorrect or outdated information about yourself corrected.
Right to be forgotten
In exceptional cases, you have the right to have information about you deleted before the time of our retention period.
Right to restrict processing
In some cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we may only process your personal data - except for storage - with your consent, or for the purpose of establishing, asserting, defending, protecting, a significant public- or private interest.
Right to object
In certain cases, you have the right to object to our otherwise lawful processing of your personal data.
Right to receive your information (data portability)
In certain cases, you have the right to receive your personal data in a structured-, commonly used- and machine-readable format and to have that personal data transferred from one controller to another without hindrance.
Do we share your data with anyone?
We do not share, sell, rent, or trade your information with any third parties without your consent, except from what is described below:
If required by law
We will disclose your personal information if required by law or if we, as a company, reasonably believe that disclosure is necessary to protect our company’s rights and/or to comply with a judicial proceeding, court order or legal process. However, we will do what we can to ensure that your privacy rights continue to be protected.
Use of subcontractors (processors and sub-processors)
We may use subcontractors to process personal data on our behalf. We require, in our contracts with them, that they use such information solely for providing their agreed services (for example, to solve a support case). We require such subcontractors to act in a manner consistent with this privacy notice and applicable laws. Whenever possible, we anonymize the data sent.
If the subcontractor processes Personal Data outside the EU/EEA area, such processing is in accordance with requirements of the law. We do this by imposing appropriate technical and contractual safeguards on relevant subcontractors and Enreach Group companies, for example by using data transfer clauses that are approved by the European Union. We only do global or cross-border data transfers for a good reason and after assessing the resulting privacy risk
If a new subcontractor is signed or a change of sub-contractor is performed related to our BeneCloud service, the customers will be notified in line with our agreements.
Our services and websites may embed or interoperate with third-party services. Where the third-party service is a visible, separately branded part of your user experience, such third-party services' privacy policies apply in lieu of this notice.
There are circumstances not covered by this privacy notice where the use or disclosure of personal data may be justified or permitted, or where we may be obligated by applicable laws to disclose information without acquiring your consent or independent of service provisioning.
One example includes complying with a court order or a warrant issued by the authorities in the relevant jurisdiction to compel the production of information. We weigh each disclosure requirement carefully and take the possibility of such disclosure requests into account when deciding where and how we store your personal data.
Disclosing your personal data may also be justified to protect ourselves against liability or to prevent fraudulent activity, or where it is necessary to solve or contain an ongoing problem. In any such action, we will act according to the applicable laws.
Questions or complaints
If you remain dissatisfied, then you have the right to apply directly to your national supervisory authority for a decision. The supervisory authority contact information can be found at: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
If we make changes that significantly alter our privacy practices, we will notify you by email or post a notice on our websites prior to the change taking effect.
Version 1.0; Dec 2021