Enliven Privacy Policy

Last updated on September 2023

Enliven Social Enterprise B.V., a Dutch company, having its registered office at (6811 KS) Arnhem atNieuwe Stationsstraat 12, the Netherlands, and all its affiliated companies(Enliven, we, us, or our) makes its online virtual reality software as a servicesolution available through its platform (the Platform) to companies (theCompany), the employees of the Company, or other persons authorized by theCompany to access and use the Platform on behalf of the Company (user,customer, you, or your).

Enliven takes the careful handling of your personal data very seriously.As the party responsible for processing your personal data, we ensure that yourpersonal data is handled and protected with the utmost care. In doing so, wealways comply with the applicable laws and regulations. While we are active inthe European Economic Area (EEA) and keep our data on servers within the EEA,we are exploring expanding our operations to other parts of the world

We process your personal datawhen you use our services, applications, Platform, websites, and software (theServices). In this privacy statement, we summarize and provide insight into thepersonal data we collect, why, when, and how we collect, use, and secure it. Byusing (part of) our Services, you agree to this privacy statement.

We may change the provisionsof this privacy statement from time to time. The most recent version can befound on our websites at all times. We advise you to check for an updatedversion periodically.

In this section, we explain the personal data we may collect from you and the legal basis forits collection. We process your personal data based on the following legalgrounds defined in European privacy legislation:

By legitimate interests, we mean among other things:advertising, marketing, security, auditing, fraud detection, (crime)prevention, (market) research and analysis, improvement of our Services,internal management, legal affairs, and business administration. Eachprocessing instance specifies which ground(s) apply.

2.1.  The personal data we collect, its purposes and applicable legal grounds

We arecommitted to retaining your personal data only for the period necessary to fulfilthe purposes outlined in this privacy statement unless a longer retentionperiod is mandated or permitted by law.

Account Data: For data required to create andmaintain your account, it will be kept for as long as you actively use ourServices. Should you decide to unsubscribe, remain inactive, or delete youraccount, your account data will be retained for an additional period of 2years. This duration ensures that we can address any issues or concerns relatedto past transactions or interactions, support possible legal claims, andaccommodate potential reactivation of your account.

Financial Records: In accordance with tax laws, anydata related to financial transactions, invoices, and payments will be retainedfor a period of 7 years.

Other Personal Data: For other personaldata not specified here, we will retain the information for a period of 2 yearsafter our last meaningful interaction, unless a longer retention period isrequired for legal, auditing, or compliance reasons.

After theexpiration of the retention periods mentioned above, we will securely delete oranonymize your personal data, so it can no longer be linked back to you.Notwithstanding the foregoing, we may retain data in an aggregated andanonymous form indefinitely for (market) research, analysis, and fraudprotection purposes. Ground 4 applies in this case.

Should you have further inquiries about the specificretention periods for certain types of personal data or if you require moreclarity on our data retention practices, please reach out to us through thecontact details provided below.

In the situations listedbelow we are permitted to share your personal data with third parties. If the organizationsmentioned below are regarded as processors under the European privacylegislation, we will enter into a processing agreement with them. Processing ofyour personal data will only take place on our instruction and under ourresponsibility.

4.1.  Service providers

We may use third parties tohelp with the provision of our Services to you, such as hosting, data analysisand storage, payment processing, information technology and relatedinfrastructure, customer service, product design, product diagnostics, emaildelivery, credit card processing, auditing and marketing. It is possible thatthese third parties process your personal data on our behalf, but only to theextent necessary for the provision of the Services to you. They may not useyour personal data for advertisement purposes. If you provide additionalinformation to such third parties yourself, we are not responsible. Dependingon the processing either ground 2. or 4. applies.

4.2.  With your consent

We may share your personaldata with third parties if you give us permission to do so. For example, wecan cooperate with third parties to offer you specific services or offers. Ifyou register for these services or marketing offers, we may provide your contactinformation, if necessary to provide you the service or for them to contactyou. You will always be asked for your consent. Ground 1. is applicable.

4.3.  Competent authorities

We disclose personal data tolaw enforcement authorities and other public authorities to the extent requiredby law or strictly necessary for the prevention, detection or prosecution ofcriminal offences and fraud. Ground 4. applies. We will notify you ifa government agency makes a request that relates to your personal data, to theextent permitted by law.

4.4.  Bankruptcy, merger or sale (part) of the company

We may transfer your personaldata to third parties in the event that our organization is subject to amerger, acquisition, reorganization, sale of business units or bankruptcy. Inthis case we will ask for your prior consent, to the extent required underapplicable law. Ground 4. is applicable.

At the time of drafting this privacy statement, your personal data will not betransferred to a third party abroad (outside the European Economic Area orEEA). We adhere to the strict guidelines of the EEA's data protectionregulations. However, as our operations evolve, should there ever arise anecessity to transfer data outside the EEA, we will ensure that all suchtransfers are compliant with the relevant data protection laws and regulations, and the data transferred will receive the same protection as it would withinthe EEA.

In any situation where your data would be transferred outside the EEA,we will notify you in advance and seek your explicit consent if required bylaw. Furthermore, we will review this privacy statement periodically to ensureits accuracy in light of our operational practices.

Protecting your personal datais of the utmost importance for us. We therefore have taken appropriatetechnical and organizational security measures in order to protect your personaldata against manipulation, loss, destruction and access by unauthorized persons. Thesemeasures include, but are not limited to:

Physical and electronic measures designed to prevent unauthorized access, loss or misuse of personal data as far as possible;

We use TLS (Transport Layer Security) technology to encrypt sensitive information or personal data, such as account passwords and other identifiable information about payments;

Where reason ably possible, backups of personal data will be made;

Sensitive information is only stored encrypted if possible

Vulnerabilities in the software are dealt with as quickly as reasonably possible.

We would like to point out that absolute security for sending personal data via the internet or storing personal data cannot always be guaranteed. We advise you to take this into account when deciding whether or not to give consent for processing your personal data.

Our Services may include links to websites, applications, and services operated by third parties, as well as advertisements from third parties. Please be aware that these third-party sites and services may independently collect, use, and disclose information about you. We emphasize that when you provide personal data to third parties, it is subject to their respective privacy policies and practices. We do not have control over, nor are we responsible for, the content, privacy policies, or data handling practices of third-party sites and services.

While we offer links forconvenience and informational purposes, the inclusion of such links does notimply endorsement or affiliation. We strongly recommend that you review theprivacy policies and security measures of any third parties before sharing yourpersonal data with them.

Note: Information regardingthe use of cookies, including those by third parties, is detailed in our CookieStatement and Cookie Table, which we have provided separately.

Privacy legislation gives you certain rights regarding your own personal data. These rights are not absolute rights. We will always consider whether we can reasonably meet your request. If we cannot meet your request, or if it would be at the expense of the privacy of others, we can refuse your request. If we refuse a request, we will let you know and explain our reasons.

8.1.  Right of access

You have the right to request which personal data we process about you. You can also ask us to provide insight into the processing grounds, relevant categories of personal data, the (categoriesof) recipients of personal data, the retention period, the source of the data and whether or not we use automated decision making. You may also request a copy of your personal data that we process. Do you want additional copies? Then we can charge a reasonable fee.

8.2.  Right to rectification 

If the personal data processed by us about you is incorrect orin complete, you can request us to adjust or supplement the personal data. If we grant your request, we will, to the extent reasonably possible, inform the parties to whom we provide information

8.3.  Right to erasure

Do you no longer want us to process certain personal data about you? Then you can request us to deletecertain (or all) personal data about you. Whether we will delete data dependson the processing ground. We only delete data that we process based on a legalobligation or for the performance of an agreement with you, if the personaldata is no longer necessary. If we process data based on our legitimateinterest, we will only delete data if your interest outweighs ours. We willmake this assessment. If we process the data based on your consent, we willonly delete the data if you withdraw your consent. Should we have accidentallyprocessed data or does a specific law require that we delete the data, then wewill delete it. If the data is necessary for the settlement of legalproceedings or a (legal) dispute, we will only delete the personal data afterthe end of the proceedings or the dispute. If we grant your request, we will,to the extent reasonably possible, inform the parties to whom we provideinformation.

8.4.  Restriction of processing

If you dispute the accuracy of personal data processed by us, if you believe that we have processed yourpersonal data unlawfully, if we no longer need the data or if you have objected to the processing, you can also request us to restrict the processing of thatpersonal data. For example, during the time that we need to assess your disputeor objection, or if it is already clear that there is no longer any legalground for further processing of the personal data, but you still have aninterest in us not deleting the personal data. If we limit the processing ofyour personal data at your request, we may still use that data for thesettlement of legal proceedings or a (legal) dispute.

8.5.  Right to data portability

At your request, we may transfer the data that we automatically process to execute the agreement or based on your consent, to you or another party designated by you. You can make such a request at reasonable intervals.

8.6.  Automated individual decision making

We do not take decisions based solely on automated processing.

8.7.  Right of restriction of processing and withdrawal of permission

If we process data on the grounds of a legitimate interest, you may object to the processing. If weprocess data based on your consent, you may withdraw that consent. For more information, please refer to the relevant processing purposes above.

8.8.  Exercising your rights

To exercise your rights, please contact us using the contact details below. In case of a writtenrequest, we ask you to identify yourself adequately to prevent misuse. You can do this by sending a copy of a valid proof of identification. Do not forget to screen off your citizen service number and passport photo on the copy. Westrive to process your request within one month.

Do you have a complaint about our processing of your personal data? Please contact us using the contact details below. We are happy to assist you. Under the European privacy legislation you are also entitled to submit a complaint directly to the PersonalData Authority. We strive to process your complaint within one month.

If you have questions,concerns or comments about this privacy statement or our processing of yourpersonal data, please contact us via e-mail at privacy@enlivenempathy.com, by calling  +31 26 303 3421‎ or by post to:

Enliven Social EnterpriseB.V.
Attn. Legal Department
Jansbuitensingel 30
6811 AE Arnhem
Gelderland
The Netherlands

We strive to process your request within one month