Enence PRIVACY POLICY (GLOBAL)
1. WHY SHOULD YOU READ THIS PRIVACY POLICY?
In Short: This Policy explains how we handle your Personal data. It helps you understand what we do with your information and what your privacy rights are.
Welcome! This Privacy Policy (“Policy”) explains how EcomLT LLC (“Company”, “we”, “us”, or “our”) handles your personal data (“Personal data” or “Data”) when you:
visit our sales websites (“Website”);
purchase our products or services (“Goods” or “Service”);
enter into a business relationship with us;
or otherwise interact with us.
This Policy outlines what Data we collect, the purposes for which it is collected, how we use and share it, how long we retain it, your rights, and how we protect your Data. We are committed to processing your Data lawfully, fairly, and transparently in accordance with:
the General Data Protection Regulation (GDPR);
the ePrivacy Directive 2002/58/EC;
UK General Data Protection Regulation (UK GDPR);
Australia's Privacy Act 1988 and Australian Privacy Principles (APPs);
and any other applicable data protection laws.
This Policy applies globally. Specific privacy rights and regional supplements (e.g. for the United Kingdom, Australia, United States etc.) are provided in Regional Addenda at the end of this Policy.
If you do not agree with our practices, please refrain from using the Website, purchasing our Goods or Service or submitting your Data in any other way. This Policy is effective as of 17th of October 2025. We may update this Policy occasionally all updates take effect upon publication, so we encourage you to review it regularly to stay informed.
2. WHO IS RESPONSIBLE FOR PROTECTING YOUR PERSONAL DATA?
We are: EcomLT LLC, your Personal data Controller
Yritysnumero: 5416329
Our registered address: 354 Downs Blvd, Suite 102, Franklin, TN 37064
Our support e-mail address: support@enence.com
We have appointed a Data Protection Officer (DPO) to oversee our data protection obligations. You can contact the DPO directly at: dpo@enence.com
3. FOR WHAT PURPOSES AND WHAT DATA DO WE COLLECT?
In Short: We mainly collect only the Data needed to provide our Goods or Services and operate our Website. This section explains why we collect it and how we use it.
We only collect the Data we truly need – and only use it for clear, lawful reasons (e.g., to process your purchase, provide services, respond to your enquiries, ensure Website functionality, etc.). You can find a full list of purposes, what Data we collect, how we use it and more detailed information in the subsections below.
Here are also few important things for you to know:
Lawful basis: We will only process your Data if we have a lawful basis under applicable data protection laws. The lawful bases that we might rely on are normally - contract, consent, legal obligation or legitimate interest.
Sensitive Data: We do not collect any sensitive Data (like your health, religious beliefs, or biometric data).
Marketing: We only use your Data for marketing if you’ve clearly consented or if we have other legal basic.
Automated tools and AI: We may use AI or other fully or semi-automated technologies to support service delivery (e.g., chatbots, ChatGPT, Gemini etc.), but we do not use automated decision-making that produces legal or similarly significant effects on you within the meaning of Art. 22 of GDPR.
No sale of Data: We never sell your Data to anyone.
Children’s data: This Website is not intended for children under the age of 18. We do not knowingly collect Personal data from minors without appropriate consent. If we become aware that we have inadvertently received Personal data from a child, we will delete such information promptly.
DETAILED INFORMATION ABOUT THE PROCESSING OF YOUR PERSONAL DATA:
|
When do we process your Personal Data? |
When you purchase Goods or Services via our Website, we process your Data to manage your order, arrange delivery, handle payments and provide related service (e.g., order confirmation, updates, returns, or refunds). |
|
Data categories |
Identification and contact details: full name, delivery address, email address, phone number. Payment details: price, currency, credit card brand, type, BIN number, and issuing country. Technical information: IP address, language, device type. |
|
Legal basic(s) |
GDPR Art. 6(1)(b) - Contract:
|
|
Data retention period |
Order and payment records are retained for 10 years in line with legal, tax and accounting obligations. |
|
Data recipients |
|
|
When do we process your Personal Data? |
In order to use Enence Translator (“Device”), you are required to download and install the Enence App (translator Enence) (“App”) to connect your smartphone with the Device. The App does not require registration or account creation and does not process your Personal data. However, to enable functionality, you will be asked to grant permissions for Bluetooth, microphone, and speech recognition, which are required to provide Device features. |
|
Data categories |
Technical data: from Bluetooth pairing (non-personal data) and other technical data. |
|
Legal basic(s) |
GDPR Art. 6(1)(b) - Contract:
|
|
Data retention period |
No Personal data is stored by us. |
|
Data recipients |
|
|
When do we process your Personal Data? |
After successful Device and App pairing, you can start using Device. When you speak into the Device, your voice is securely transmitted via Wi-Fi or mobile data to Google Translate/Google Cloud services. Google converts your speech into text, translates it into the selected language, and returns the translated output as spoken text. Note! Your voice or text inputs are processed directly by Google’s services and are not collected, accessed, or stored by us in the Device or the App. |
|
Data categories |
Inputs: include voice, words, phrases, or sentences you speak; Technical data: Bluetooth and Device pairing data (we only store technical information that is not related with your Personal data). |
|
Legal basic(s) |
GDPR Art. 6(1)(b) - Contract:
|
|
Data retention period |
We do not store or retain any Personal data from your use of the translation services. |
|
Data recipients |
|
|
When do we process your Personal Data? |
To use the Travel Buddy Service, you must install the App to enable functionality. We use artificial intelligence Google’s Gemini AI to provide you with Travel buddy personalized travel recommendations, including flights, accommodation, and destination suggestions etc. This Service works by processing your inputs (such as your travel preferences, dates, budget, or other details you share in natural language) and generating tailored options using Google’s real-time data sources (e.g., Google Flights and Google Hotels). Note! We do not collect or store your voice, text, or other inputs, and we do not receive additional Personal data from your use of Gemini AI. All inputs are processed in real time by Google and we do not control how Google processes your Data. Please consult Google's privacy policies to understand your rights and obligations in relation to their services. |
|
Data categories |
Inputs: text, voice and all others inputs you choose to provide to Travel Buddy processed directly by Google Gemini AI. |
|
Legal basic(s) |
GDPR Art. 6(1)(b) - Contract:
|
|
Data retention period |
We do not store or retain any Personal data from your use of the Travel Buddy service. |
|
Data recipients |
|
|
When do we process your Personal Data? |
To use the Smart Tag Service, you must install a third-party mobile application, such as Apple’s Find My or Google’s Find My Device, to enable functionality. After installing the application, you must follow the third-party Terms of Service and Privacy Policy to set up and use the service. Note! We do not have access to, collect, or process any Personal data generated through your use of the Smart Tag Service. All Data is handled directly by the third-party App providers. |
|
Data categories |
Location data and related personal data are processed directly by the third-party App providers under their own privacy policies. Both providers normally use end-to-end encryption, meaning location data cannot be accessed by Apple or Google in identifiable form. |
|
Legal basic(s) |
GDPR Art. 6(1)(b) - Contract:
|
|
Data retention period |
We do not store or retain any Personal data from your use of the Smart Tag Service. |
|
Data recipients |
|
|
When do we process your Personal Data? |
We process your Personal data when handling payments related to your orders, subscriptions, discounts, returns, or refunds. We also use this Data to comply with legal, financial, and tax obligations, including invoicing and bookkeeping. |
|
Data categories |
Payment Information: payment method (card type, few last card numbers), payment token, transaction amount, transaction date and time, refund reasons. Billing & Legal Data: name, email, phone, billing address, IBAN/account number, payment records, invoices, and other required accounting documentation. |
|
Legal basic(s) |
GDPR Art. 6(1)(b) - Contract:
GDPR Art. 6(1)(c) - Legal obligation:
|
|
Data retention period |
We retain accounting-related data for 10 years, as required by financial and tax regulations. |
|
Data recipients |
|
|
When do we process your Personal Data? |
If you contact us by phone and/or in writing (via Live Chat, customer support, email, social media or otherwise), we will keep a record of the fact of your contact and the information you have provided to us, including your Personal data, to properly process your request and respond to your question, request or complaint. We use artificial intelligence (AI)-based tools (fully or semi-automated) to assist our customer support team. These tools are used to: suggesting draft responses, guiding or answering calls before transfer to a human agent, transcribing and summarizing conversations, and providing automated replies to frequently asked and trained questions. Note! All AI-generated outputs are reviewed and validated by human staff where decisions could affect your rights. We do not rely solely on automated decision-making that produces legal or similarly significant effects. We do not use your data for training AI models unless fully anonymized. |
|
Data categories |
When contacted by call: name, surname, mobile phone number, email address, residential address, purchase details and other information required to verify your identity (if needed). Date and time of the call, duration of the call and a recording of the call. Contact by email / or via Livechat, Customer Support: name, surname, mobile phone number, email address, residential address. Purchase details and other information required to verify your identity (if needed). Other information related to the written request, attached documents or other visual content, all correspondence history. |
|
Legal basic(s) |
GDPR Art. 6(1)(b) - Contract:
GDPR Art. 6(1)(f) - Legitimate interest:
|
|
Data retention period |
Recordings of conversations - 6 months from the moment of creation. Written communication - 3 years after your inquiry was closed. We may retain some information longer if we are required to do so to comply with applicable laws or based on justified interests. |
|
Data recipients |
|
|
When do we process your Personal Data? |
We have the right, in performing our rights and obligations under the Terms (“ToS”), to contact you at any time (e.g., provide transactional communication). We may send you important notifications and information by e-mail, SMS or via phone call. Note! This important communication is not considered marketing, and you cannot opt out of it. |
|
Data categories |
Identification and contact details: name, surname, mobile phone number, e-mail address, residential address. Call details: date and time, duration, the call recording. Technical data: copies of electronic messages/SMS, delivery status and date, message opening (reading) status and date, links opened from the message content. |
|
Legal basic(s) |
GDPR Art. 6(1)(b) - Contract:
|
|
Data retention period |
Recordings of conversations are kept for 6 months from the moment of creation. Electronic communications history logs are kept for 1 month, unless longer retention is required for legal purposes. |
|
Data recipients |
|
|
When do we process your Personal Data? |
We process your Personal Data to inform you about our Goods, Services, promotions, new features, or to request your feedback. This includes sending general or personalized marketing content (e.g., newsletters, promotional messages, surveys) via email, SMS, or phone calls. Marketing content may be customized based on the Data we already hold about you (e.g., previous purchases, browsing history, selected preferences), in order to provide you with relevant offers or content. If you are an existing customer, we may contact you with marketing messages about the same or similar products or services, even if you haven’t given explicit consent — unless you objected and OPT-OUT during your order (e.g., via “Thank You“ page”), it’s not allowed by law, or you objected later. Remember! you have the right to object to the use of your Personal data for direct marketing at any time. You may simply withdraw your consent or opt-out at any time by using the unsubscribe link provided in our newsletters, replying to SMS required word or by contacting us via email. |
|
Data categories |
Contact details: full name, e-mail, telephone number, country; Logs: consent collection logs (date, method, preferences). |
|
Legal basic(s) |
GDPR Art. 6(1)(a) - Consent:
GDPR Art. 6(1)(f) - Legitimate interest:
|
|
Data retention period |
3 years from consent given date, unless you opt-out earlier. |
|
Data recipients |
|
|
When do we process your Personal Data? |
We manage our business profiles and accounts on various social networks. If you are interested in our Services and follow our profiles on social networks, participate in our games, promotions, share your photo with us or tag us in your photo, public post, etc., we collect and use your Data, which we receive directly from you, when you are active in our accounts. Please note that our accounts are integrated into social networking platforms (e.g. Facebook, Instagram, Linkedin, etc.) and therefore all social platform providers as independent data controllers have full access to collect your Personal data. You can find detailed information on the data processing, purposes and scope of data use by each social networking platform in the privacy policy of the respective social network. Also if you want to exercise your rights in relation to data processed by social networks, it is more efficient to contact the controller of the social network directly. |
|
Data categories |
Identifiers: name, surname, and profile photo; Public interactions: likes, follows, comments, shares; Participation: messages you send (content, time, attachments, history), active participation in games/events, any photos you send us or tag us in. |
|
Legal basic(s) |
GDPR Art. 6(1)(a) - Consent:
|
|
Data retention period |
The provider of the social network concerned shall set the time limits for the retention of data. We recommend that you check the privacy policy of the social network concerned. We normally retain and don’t delete them unless you withdraw consent, request deletion, or the platform enforces earlier deletion. |
|
Data recipients |
|
|
When do we process your Personal Data? |
We may process your Personal data in case we become a party or concerned party in legal process which you are subject to, or we are statutorily required to collect and/or provide information about you in order to comply with the applicable law. Also, in all cases where we suspect fraud, theft, account misuse, or other unlawful activities involving our Website, Company, brands and or services, we report such cases to the appropriate pre-trial investigation authorities (such as the police or prosecutor’s office). |
|
Data categories |
All information that we uphold about you and that is a part of the legal process e.g. accounting and legal case files, legal documents, other information you provide us with, other information that we are statutorily required to collect and/or provide. Also, pleadings, claims, court decisions. If the case arises - information about criminal offenses and convictions. |
|
Legal basic(s) |
GDPR Art. 6(1)(f) - Legitimate interest:
|
|
Data retention period |
As long as the legal proceedings are going and 5 years from the date of entry into force of the court or authority's decision, or the date on which the legally binding decision is fully implemented. |
|
Data recipients |
|
|
When do we process your Personal Data? |
When you visit and browse our Website, we process your personal data for statistical, analytical, and performance monitoring purposes, in order to improve the functionality, stability, and user experience of our Website. This includes processing data collected via cookies and similar tracking technologies, primarily through tools such as Google Analytics 4 or other analytics platforms. |
|
Data categories |
Identifiers: IP address or other device identifiers; Technical information: device type, browser type, language settings, hardware/software settings and configurations, referring URLs (websites visited before/after); Use information: pages visited on our Website, interactions, clicks, or session behavior, visit timestamps, session duration, selected interface or account preferences (if applicable). |
|
Legal basic(s) |
GDPR Art. 6(1)(a) - Consent:
|
|
Data retention period |
For more information on the retention periods of cookies, please refer to our Cookie Policy. |
|
Data recipients |
|
|
When do we process your Personal Data? |
We process your Personal data when you participate in our contests, competitions, games, or events. This is done to manage your participation, communicate with you, and (where applicable) publish or promote the outcome of the activity. |
|
Data categories |
Identifiers: full name, email address, phone number; Participation: social media engagement (comments, shares, “likes”, “follows”, reactions) contest entries, responses, evaluation/ratings, event attendance; Media content: submitted or captured photos/videos, image/voice in recording. |
|
Legal basic(s) |
GDPR Art. 6(1)(a) - Consent:
|
|
Data retention period |
Contest participant data – retained for 1 year after the announcement of winners or as described in specific contest terms. |
|
Data recipients |
|
|
When do we process your Personal Data? |
We process your Personal Data when you submit, create, or allow us to use content that features you for promotional purposes. This includes:
Where applicable, a separate image-use or content-use agreement will be signed before publication or distribution, or consent will be collected via a dedicated form. |
|
Data categories |
Identifiers: full name, username or profile name; Media content: photo, video, or audio recordings; Participation: testimonials, reviews, or other content you provide or permit us to use, social media identifiers (tags, mentions, handles), image-use or promotional content agreement (if applicable), consent logs. |
|
Legal basic(s) |
GDPR Art. 6(1)(a) - Consent:
GDPR Art. 6(1)(b) - Contract:
|
|
Data retention period |
UGC and campaign content: retained for up to 2 years from the date of collection or consent, unless a shorter or longer period is specified or consent is withdrawn. Advertising campaign content: archived for up to 10 years for legal, contractual, or compliance purposes. |
|
Data recipients |
|
|
When do we process your Personal Data? |
When you participate in our Affiliate Program (e.g., promoting our Goods or Services via links, campaigns, or other agreed methods), we process your Personal data to manage your participation, track referrals, calculate commissions, and make payments. We may also use your Data to communicate with you about affiliate program updates, compliance checks, complaints or performance reporting. |
|
Data categories |
Identifiers: name, surname, and contact details (e-mail address, phone number), Affiliate account/login details; Payment and billing details: bank account, or other payment identifiers, invoices; Performance and tracking data: referral codes, campaign statistics, generated leads/sales, IP address, cookies where applicable; Cookies: tracking data where applicable (subject to Cookie Policy and local regulations). |
|
Legal basic(s) |
GDPR Art. 6(1)(b) - Contract:
GDPR Art. 6(1)(f) - Legitimate interest:
|
|
Data retention period |
Affiliate program data – retained for the duration of your participation in the program and up to 5 years after termination (for accounting, legal, and fraud-prevention purposes). Payment records – retained for 10 years to comply with financial/accounting laws. Affiliate photos and videos - as agreed in specific affiliate program, or mutual agreement. |
|
Data recipients |
|
4. FROM WHAT SOURCES DO WE GET YOUR DATA?
In Short: We get your Data directly from you, through your use of our Website, or from trusted third parties and public sources. This helps us operate our Services and stay in touch with you.
We might collect Data from the following source (-s):
Directly from you: When you place an order, contact us for support or inquiries, fill out forms, surveys, participate in contests or promotional campaigns.
Automatically via technology: When you visit or interact with our Website or other online platforms, we automatically collect certain Data, including identifiers and information regarding your activity. We utilize cookies and similar technologies to enhance your experience, analyse usage patterns, and secure our platforms.
From third parties, vendors, and service providers: When we receive services from third party providers – such as hosting platforms, software providers, or professional consultants, we are normally receiving all Data from them directly about you.
From our affiliate and referral partners: If you follow a referral link using a partner discount code, we may receive information that might contain your Personal data.
From other Intra-Group companies (if applicable): Where necessary for internal administrative, service provision, or business development purposes, we may receive your Data from other entities within our corporate group.
From publicly available sources (if applicable): Where appropriate and permitted by law, we may collect Personal data from public registers (e.g. company registries, professional association websites), official government databases, or social media profiles (e.g. LinkedIn), particularly in the context of business-to-business (B2B) communication, professional outreach or due diligence.
5. DO WE SHARE YOUR DATA WITH OTHERS?
In Short: Yes, but only when necessary and with strong safeguards - always ensuring your privacy is protected.
Yes - but only when necessary, and with your privacy in mind.
We may share limited Data with trusted third parties to provide our services, meet legal obligations, or support business daily operations. Whenever we do, we ensure that your Data is protected and handled responsibly. For this reason, parties who process Data on our behalf, they act as Data Processors and are contractually bound by Data Processing Agreements (DPAs). These agreements ensure they follow our instructions, apply appropriate safeguards, and do not use your Data for their own purposes. We may share your Data with:
Service Providers (Data Processors): We engage with various service providers to support our business functions (e.g. IT support, hosting, payments, analytics, customer service, marketing, auditing, legal services, etc.). Service providers process Data strictly on our behalf and under our documented instructions.
Intra - Group Companies (Data Processors or Joint Controllers): We may share your Data with other entities within our corporate group for internal administrative purposes, centralized services, or to provide integrated services.
Public authorities and other Data Controllers: In certain circumstances, your Data may be shared with third parties who act as independent Data Controllers who determine their own purposes and means of processing. Such as public authorities, law enforcements, courts, insurers, fraud prevention services agencies, independent service providers etc.
Other corporations or auditors: In the context of a potential or actual merger, acquisition, asset sale, or restructuring, we may disclose limited Data to potential investors, buyers, or their auditors, and advisors.
To other third parties with your consent: Where legally required, we will only share your Data with third parties if you have explicitly given us your informed, freely given consent.
6. HOW LONG WE KEEP DATA?
In Short: We keep your Data only as long as needed for legal, contractual, or service-related purposes - then we delete or anonymize it securely.
We keep your Data only for as long as necessary to:
fulfil the purposes for which it was collected,
provide you with our Goods or Services,
comply with legal, regulatory, or contractual obligations, or
resolve disputes or enforce our agreements.
Detailed retention periods for each Data processing purpose are set out in Section 3 of this Policy. Once the applicable retention period has expired, we will either safely delete your Data or irreversibly anonymize it within a reasonable timeframe, in line with best industry practices and legal requirements.
7. HOW DO WE ENSURE SECURITY OF YOUR DATA?
In Short: We use strong technical and organizational measures to keep your Data safe and work continuously to prevent unauthorized access and protect your privacy.
We are committed to protecting your Data and taking the security of your information seriously. We apply a combination of technical and organisational measures to prevent unauthorised access, accidental loss, misuse, alteration, or disclosure of Personal data. Our security safeguard practices are based on core data protection principles and include, but are not limited to:
Collecting Data only for specified and lawful purposes,
Processing Data fairly and transparently,
Retaining Data only as long as necessary,
Limiting access to Data strictly to authorised employees,
Sharing Data with third parties only when legally justified,
Providing regular data protection training to our employees,
Conducting internal and/or external IT security audits,
Using encryption for sensitive data,
Performing regular Data backups and activity logging,
Continuously improving processes to ensure Data security,
Regularly monitor our systems for potential threats or breaches.
While we apply strong security measures, no system is entirely risk-free - especially during internet transmission. To help protect your Data, please stay vigilant online and always use a strong, unique password, keep it confidential, secure your devices, and be cautious when sharing information, especially via strange links. Security incidents resulting from user actions (e.g. credential sharing or phishing) may fall outside our control.
8. DO WE TRANSFER YOUR DATA INTERNATIONALLY?
In Short: Yes, sometimes - but only when necessary and always with strong legal safeguards to keep your Data protected.
Yes - but only when necessary, and always with strong protection in place.
We mainly store and process your Data within the European Economic Area (EEA), and there may be times when some of your Data is transferred to trusted partners or service providers located in countries outside the EEA - for example, for cloud hosting, technical support, or specialist services. Where applicable, such recipients are listed in Section 3 of this Policy.
Whenever we send your Data outside the EEA, we make sure that it remains protected, and your privacy rights are respected. We never transfer your Data lightly — we always assess the risks and take appropriate steps to keep your Data safe, wherever it goes. Where Data is transferred outside the EEA:
We check whether the country has an “adequacy decision” from the European Commission, which means it provides a level of data protection similar to the EU;
Where no adequacy decision exists, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. These are legally binding agreements requiring the recipient to uphold EU-level privacy and security standards EU Standard Contractual Clauses;
Before using SCCs, we conduct a Data Transfer Impact Assessment, as required by the Schrems II decision and EDPB guidance, to evaluate whether additional safeguards are necessary in the recipient country;
Where needed, we may also apply supplementary technical or contractual safeguards, such as encryption, access controls, and audit rights.
If you would like more details about these transfers, you can contact us using the details provided in Section 11 of this Policy.
9. DO WE USE AUTOMATED DECISION - MAKING OR PROFILING?
In Short: Yes, but we don’t make important decisions about you using only AI. We may use smart tools to support our services, but all important decisions involve real people, not just programs.
Yes. We may use certain Artificial Intelligence (AI) - based tools and fully or semi-automated systems - for example, in customer support or during phone calls - to enhance the speed and accuracy of our Services.
However, we do not engage in automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, within the meaning of Art. 22(1) GDPR. Specifically:
Any recommendations, responses, or information generated by AI tools are provided for informational purposes only and are subject to review and validation by our human staff;
We do not use algorithms or automated systems to make decisions about you that produce legal effects (e.g., denial of a service), without meaningful human involvement;
You have the right to request human intervention and express your point of view if you believe any decision or response has been generated through automated means that significantly affects you, and to obtain an explanation and review of such a decision by a human staff.
10. WHAT ARE YOUR RIGHTS?
In Short: You have rights over your Personal data, including access, correction, deletion, objection, and more. This section outlines how you can exercise them and what to expect.
If we process your Data as set out in this Policy, or you believe we may be doing so, you have the following rights as a Data Subject. These rights apply regardless of whether we process your Data as a client, supplier, contractor, or professional contact:
Right to Be Informed – You have the right to clear, transparent information about how we collect and use your Data. This detailed Policy aims to provide that (Art. 12-13 GDPR);
Right of Access – You can ask us whether we process your Data and request a copy of the Data we hold about you (Art. 15 GDPR);
Right to Rectification – If your Data is inaccurate or incomplete, you can ask us to correct or update it (Art. 16 GDPR);
Right to Erasure (“Right to Be Forgotten”) – You can request that we delete your Data if it is no longer necessary for the purposes collected, you withdraw your consent (where processing was based on consent), you object and there are no overriding legitimate grounds, or the Data was unlawfully processed. Note: This right is subject to limitations. For example, we may retain certain Data if required for legal compliance, dispute resolution, or contractual purposes (Art. 17 GDPR);
Right to Restrict Processing – You may request that we temporarily limit the processing of your Data in situations such as contesting the accuracy of the Data, or objecting to processing while we assess our legal grounds (Art. 18 GDPR);
Right to Data Portability – Where processing is based on your consent or a contract and carried out by automated means, you can request a copy of your Data in a structured, commonly used, machine-readable format, and ask us to transfer it to another provider (Art. 20 GDPR);
Right to Object – You can object to processing based on our legitimate interests or for direct marketing purposes. We will stop such processing unless we demonstrate compelling legitimate grounds (Art. 21 GDPR);
Right to Withdraw Consent – Where we rely on your consent, you may withdraw it at any time. This will not affect the lawfulness of processing that took place before your withdrawal (Art. 7(3) GDPR);
Right to Lodge a Complaint – If you’re unhappy with how we handle your Data, please contact us first - we’ll do our best to resolve the issue. However, you may also lodge a complaint with the Lithuanian State Data Protection Inspectorate (https://vdai.lrv.lt/lt/) or the supervisory authority in your country of residence or place of work.
Please note: Your rights are not absolute. In some cases, the exercise of your rights may be restricted under applicable data protection laws - for example, where fulfilling your request would adversely affect the rights and freedoms of others, or where we are legally required to retain certain Personal data (e.g. for compliance, legal claims, or regulatory purposes).
11. HOW TO EXERCISE YOUR RIGHTS OR CONTACT US?
If you have any general questions about this Policy, how we process Data, complaint or if you wish to exercise any of your Data Subject rights, you can contact us by email at: dpo@enence.com.
To help us process your request efficiently, please:
clearly express your question or complaint,
specify which Data Subject right you wish to exercise (if applicable),
provide enough information to identify you (we may ask for proof of identity or proceed identity verification process), and
include any relevant details that will help us respond quickly.
You may also authorize someone to act on your behalf. If so, please ensure your authorized person provides us with written and signed permission confirming they are allowed to act for you. We may deny a request if sufficient proof of authorization is not provided.
We aim to respond without undue delay and within one month of receiving your request. If your request is particularly complex or involves multiple issues, we may extend this period by an additional month – in which case, we will inform you in advance and explain the reason for the delay.
12. REGIONAL ADDENDA
This Addendum supplements our Global Privacy Policy and applies where your Personal data is subject to the laws of the country or region in which you reside, or where our processing activities are specifically targeted. These regional terms complement the Global Privacy Policy and override it only where required by applicable local law.
UNITED KINGDOM (UK)
If you are a UK resident or our processing relates to UK individuals, the processing of your Personal data is subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Your Rights under UK Data Protection Law:
Right to be informed (Article 13–14 UK GDPR) – to receive clear information about how we collect and use your Personal Data;
Right of access (Article 15 UK GDPR) – to request a copy of the Personal data we hold about you;
Right to rectification (Article 16 UK GDPR) – to have inaccurate or incomplete Personal data corrected;
Right to erasure (Article 17 UK GDPR) – to request deletion of your Personal data in certain circumstances;
Right to restriction of processing (Article 18 UK GDPR) – to limit how we use your Personal data in specific situations;
Right to data portability (Article 20 UK GDPR) – to receive your Personal data in a structured, commonly used, machine-readable format;
Right to object (Article 21 UK GDPR) – to object to processing based on our legitimate interests or for direct marketing;
Right not to be subject to solely automated decision-making, including profiling (Article 22 UK GDPR) – where such decisions have legal or similarly significant effects.
International Data transfers from UK:
If we transfer your Personal data outside the UK (e.g., to the EEA, the United States, or other countries), we ensure that adequate safeguards are in place, such as:
An adequacy regulation issued by the UK Government; or
The UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses (SCCs), along with appropriate technical and contractual safeguards.
Supervisory Authority:
If you have concerns about how we handle your Personal Data, you may lodge a complaint with the UK’s supervisory authority: Information Commissioner’s Office (ICO), website: https://ico.org.uk/.
AUSTRALIA
If you are Australia resident or our processing relates to Australian individuals, the processing of your Personal Data is subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Your Rights under Australian Privacy Law:
Right to access (APP 12) – to request a copy of the personal information we hold about you;
Right to correction (APP 13) – to request correction if your personal information is inaccurate, incomplete, or out of date;
Right to lodge a complaint – if you believe we have breached your privacy under the APPs, you may submit a formal complaint.
International Data transfers from Australia:
We may disclose your personal information to recipients located outside Australia (e.g., in the EU, US, or other countries). Before doing so, we take reasonable steps to ensure that overseas recipients do not breach the APPs. These steps may include:
Entering into binding contractual agreements;
Conducting privacy and security due diligence;
Ensuring technical safeguards such as encryption and access control.
Supervisory Authority:
If you are not satisfied with our response to a privacy concern, you may contact: Office of the Australian Information Commissioner (OAIC), website: https://www.oaic.gov.au/.
UNITED STATES (USA)
If you are a U.S. resident or our processing relates to U.S. individuals, your Personal data may be subject to state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and Utah Consumer Privacy Act (UCPA).
Your Rights under U.S. State Privacy Laws (may vary by state):
Right to know/access – to request information about the categories and specific pieces of Personal data we collect, use, disclose, sell, or share;
Right to deletion – to request the deletion of Personal data we hold about you, subject to certain exceptions;
Right to correction – to request correction of inaccurate Personal data;
-
Right to opt out – to opt out of:
- the sale or sharing of Personal data;
- the use of Personal Data for targeted advertising;
- profiling that has legal or similarly significant effects;
Right to data portability – to receive a copy of your Personal data in a portable format;
Right to limit use of sensitive Personal data (CPRA only) – to request restrictions on how we use sensitive information (e.g., precise geolocation, health data, financial data).
International Data transfers from USA:
If we transfer your Personal data outside the United States (for example, to the EU, UK, or other jurisdictions), we apply contractual, organizational, and technical safeguards designed to ensure that the transferred data receives adequate protection, consistent with applicable U.S. state laws.
Do Not Sell or Share My Personal Information:
If you wish to opt out of the sale or sharing of your Personal data, please click the “Do Not Sell or Share My Personal Information” link available on our website footer.
Universal Opt-Out Mechanisms:
Where required (e.g., under CPRA, CPA, CTDPA), we honor Global Privacy Control (GPC) signals and other recognized universal opt-out mechanisms.
Supervisory Authorities:
If you have concerns about how we handle your Personal data, you may contact your state Attorney General. For California residents, more information is available at: https://oag.ca.gov/privacy/ccpa.
CANADA
If you are a Canadian resident or our processing relates to Canadian individuals, your Personal data is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable privacy laws.
Your Rights under Canadian Privacy Laws:
Right to access – to request access to the Personal Data we hold about you;
Right to correction – to request correction of inaccurate or incomplete Personal data;
Right to withdraw consent – where processing is based on consent, you may withdraw it at any time (subject to legal or contractual restrictions);
Right to challenge compliance – to raise concerns if you believe we are not complying with Canadian privacy laws.
International Data transfers from Canada:
Your Personal data may be transferred outside Canada (e.g., to the EU, U.S., or other countries) for processing. We take contractual, organizational, and technical measures to ensure that any such transfers provide an adequate level of protection consistent with Canadian law.
Supervisory Authority:
If you are not satisfied with our response to a privacy concern, you may contact: Office of the Privacy Commissioner of Canada (OPC), website: https://www.priv.gc.ca.
THE END OF POLICY
