PRIVACY POLICY

 

We, Enne Software FZE, seat and registered address: the UAE, Free Trade Zone, Umm Al Quwain. P.O. Box: 7072, Business Center 103-104, Al Shmookh Building UAQ; e-mailinfo@ennesoftware.com (“Company” or “Controller” or “we” or “us”), collect and Process personal data of individuals, our customers, contracting parties or other contacts on the market (“You”). We are aware of the responsibility that we have to take care of and protect Your Personal data, to comply with the applicable legislation in the field of privacy and protection of Personal data.

With this Privacy Policy (“Policy” or “Privacy Policy”), we would like to introduce to You the way we collect and use Your personal information. The Policy describes what methods are used and for what purposes the Company, respectively our service providers, process the information collected from and about You while offering our services and concluding agreements, incl when You are visiting or using our services through the website https://ennesoftware.com (“Website”) and/or through the customer service phone (“Customer Service Phone”) or any other channels as we may make available, including providing services of the Company through third parties (hereinafter jointly referred to as “Available Channels”). We also explain what data subjects’ rights are and our obligations and liability.

 

Important!

Read this Policy carefully. It provides important information about how we process Personal data and explains Your legal rights. This Policy is not intended to change the terms and conditions of any agreement entered into with us, nor the rights that You have under the applicable data protection laws.

By providing Your Personal data or using the Available Channels, You trust us and voluntarily accept the terms and conditions of this Privacy Policy.

If You provide information about another person on their behalf, You shall ensure that that person has been provided with this Privacy Policy and that the requirements of the applicable laws have been complied with before providing the information.

 

 

1.                       CONTROLLER

1.1                    The joint Data Controllers are Enne Software FZE (hereinafter referred to as “Data Controller”):

 

Address:

Contact for any comments, questions or concerns:

the UAE, Free Trade Zone, Umm Al Quwain. P.O. Box: 7072, Business Center 103-104, Al Shmookh Building UAQ

e-mail:  info@ennesoftware.com

 

1.2                    The Data Controller is responsible for the correct and lawful processing of Personal data that we may have lawfully obtained about You.

2.                       TERMS AND DEFINITIONS USED

There are a total of 26 definitions listed within the Regulation and it is not appropriate to reproduce them all here. However, the most fundamental definitions with respect to this Policy are as follows:

“Data Controller” - the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Your Personal data.

“Personal data” – any information that concerns You, including information obtained from public databases and public channels and information lawfully obtained from third parties, through which You can be identified directly or indirectly, in particular by an identifier such as names, Personal ID No., location data, phone, e-mail or one or more markers specific to Your identity.

“Processing of Personal data” – any action or set of actions that can be performed on Your Personal data by automatic or other means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or transmission, dissemination, update or combination, blocking, erasure or destruction of data.

“Pseudonymization of Personal data” or “Anonymization of Personal data” – pseudonymization and anonymization are operations that are alternatives to erasure or destruction of Your Personal data. These operations remove all elements that directly or indirectly identify You. Pseudonymized or anonymized data does not constitute Personal data.

“Regulation” – General Data Protection Regulation (EU) 2016/679.

3.                       GENERAL PRINCIPLES OF PROCESSING PERSONAL DATA

3.1                    We Process Your Personal data pursuant to effective law, including the Personal Data Protection Act, the Money Laundering and Terrorist Financing Prevention Act, this Policy and the terms and conditions of the agreements entered into with You.

3.2                    We process Your Personal data in a reliable and confidential way. We respect each person's right to the protection of their Personal data, and we shall do our best to ensure that Personal data collected by us is well protected. We regularly evaluate the risks associated with the Processing of Personal data and shall apply appropriate mitigation strategies to hedge risks.

3.3                    Data protection is an integral part of our services and is overseen by our data protection officer. We ensure that our employees know and comply with the requirements of data protection. We expect, instruct and train our employees to respect our privacy requirements.

3.4                    We process Your Personal data lawfully and purposefully. We set clear goals for the Processing of personal data and process Personal data for these purposes only. We do not collect or process the data that we do not need. We have the right to delete/blur or use other ways to make data/documents presented to us unreadable that are not necessary for the provision of our services.

3.5                    We process Your Personal data in a transparent and fair way. We ensure an appropriate secure, honest and lawful manner of processing Your Personal data to prevent the unauthorized disclosure or inappropriate use of Your Personal data.

3.6                    We shall store Your Personal data only for as long as the retention of data is required by law or the agreement or is necessary for the provision of our services and/or our legitimate interest. At the end of the retention period, we shall permanently erase Your Personal data or anonymize it.

3.7                    We do our best to make sure that Your Personal data we process is accurate and limited to what is necessary.

4.                       HOW WE COLLECT YOUR PERSONAL DATA

We may collect and process Your Personal data in the following cases:

·                 If You contact us via any Available Channels to request information about our products and        services;

·                If for certain data a written consent is required by law, the consent will be taken from You either in the offices of the Controller, or our partners premises, or in case of channels made available electronically, by You ticking the appropriate box(es), in which case the consent is considered equivalent to written consent;

·                Through inquiries in public registers;

·                If Your data is available during and on the occasion of an agreement for provision of services by the Controller;

·                If You respond to our direct marketing campaigns, for example by filling out a questionnaire or submitting data electronically;

·                If other legal entities, including partners, make a permitted transfer of Your Personal data to us.

5.                       WHAT PERSONAL DATA WE COLLECT

5.1                    We process Personal data regarding Your identity and other necessary data for the purposes of concluding and performing an agreement or any other agreement, for fulfillment of Your requests, petitions, applications, complaints, as well as for the purpose of fulfilling our legal obligations, this processing is mandatory to meet these objectives. Without this data, we would not be able to provide the relevant services. If You do not provide us with identification data, we would not be able to enter into an agreement with You.

5.2                    We also process Personal data for marketing, safety and/or analytical purposes, to provide first-class products and services to You now and in the future.

5.3                    The following categories of personal data may be collected from and of You or your representative or contact person depending on whether You are our potential customer, customer or contracting party and which of our services You use:

Personal information

Your name, sex, personal identification code, date of birth, legal capacity, nationality and citizenship, as well as Your historic data that may have been stored with us during previous interactions within the retention periods. The name of Your contact person as indicated by You, who is not a guarantor, including the data obtained about the contact person during our inspection, if such data has been collected in a database of related persons. The name, personal identification code, address, telephone number and other data of Your representative specified in the power of attorney, in case You authorize a third person to represent Yourself before the Company

Document details

Your or Your representatives document type, issuing country, number, expiry date, information embedded to document barcodes (may vary depending on the document) and security features

Contact details

Your or Your representatives´ address, e-mail address, telephone (contact) numbers. Your contact persons´ contact number

Technical data

Your or Your representatives device signature data, including but not limited to information about the date, time and Your or Your representatives´ activity on our Available Channels, Your or Your representatives´ IP address, cookies You or Your representative have accepted and domain name, Your or Your representatives´ software and hardware attributes as well as Your or Your representatives´ general geographic location (e.g. city, country)

Publicly available data

e.g. information about You or Your representative being a politically exposed person (PEP) and checks in public Sanctions and Watch lists

Communication data

data related to Your visits to our Website and communication via any other of our Available Channels, the visual and/or audio recordings collected when You visit Our offices and other places where we provide services and when You communicate with us by telephone, as well as any other data collected via email, messages, social media and other manners of communication

 

6.                       WHY AND ON WHAT GROUNDS ARE WE PROCESSING YOUR PERSONAL DATA

6.1                    The main purposes for which we Process Your or Your representatives´ data are the establishment of customer relationships, performance and termination contracts, performance of the due diligence procedures, providing better customer service to You, making offers to You, analysing the usability of services and development of new services.

6.2                    We process Personal data for the following purposes and on the following grounds:

Purposes of Processing

Legal grounds for processing

We decide whether and on what conditions to establish a customer relationship or enter into specific agreements and on which conditions to provide our services.

Performance of an agreement or implementation of precontractual measures or performance of a legal obligation.

Art. 6 (1) (b), (c) and (f) of the Regulation

We will identify You and/or Your representative upon the establishment of the customer relationship and/or during the customer relationship in order to comply with the anti-money laundering and counter-terrorist financing requirements and Know Your Customer principles, incl. identify Your beneficial owner(s), whether You or Your beneficial owner(s) are politically exposed person(s), whether You or Your beneficial owner(s) are subjects of financial sanctions.

Performance of an agreement or implementation of precontractual measures, performance of a legal obligation or our legitimate interest in risk management.

Art. 6 (1) (b) and (c) of the Regulation

We are performing an agreement entered into with Your or guarantee the performance of the respective agreement and realise, waive and protect our rights.

Performance of an agreement or implementation of precontractual measures, performance of a legal obligation or Our legitimate interest in the exercise of legal claims.

Art. 6 (1) (a), (b) and (c) of the Regulation

We reduce or prevent risks and damage to You as well as us and protect Your and our interests, study the quality of our services, and collect proof of business transactions or other business communication. This may include video surveillance for other purposes than the verification of Your identity as well as audio recordings of phone calls, chat and online, chat sessions for other purposes than the provision of services.

-          We may need your consent

 

Your consent, performance of an agreement or implementation of precontractual measures, performance of a legal obligation or our legitimate interest to prevent, restrict and investigate the misuse or unlawful use of our services and products or disruptions of service in order to guarantee the quality of the services.

Art. 6 (1) (a) and (f)of the Regulation

We allow access to, and the use of, our Website.

Performance of an agreement or implementation of precontractual measures or Our legitimate interest to prevent unauthorised access to our Website.

Art. 6 (1) (b) and (c) of the Regulation

We develop our systems.

Our legitimate interest in the functioning and improvement of systems.

Art. 6 (1) (f) of the Regulation

We carry out statistical research and analyses of the market shares of customer groups, products and services,  reporting and risk management, etc..

Our legitimate interest to improve our services, improve the user experience offered to You, develop new services, manage risks or perform legal obligations.

Art. 6 (1) (c) and (f) of the Regulation

We develop our existing services and new services.

Our legitimate interest to perfect our services, improve the user experience and develop new services.

Art. 6 (1) (f) of the Regulation

We check and, if necessary, improve or update Your Personal data, manage customer relationships, keep data up-to-date and correct by checking and updating data via external and internal sources, and also request updating of data from You.

Performance of a contract, implementation of pre-contractual measures or performance of a legal obligation.

Art. 6 (1) (b) and (c) of the Regulation

We send You advertisements and offers, incl. personal offers, of the products and services of our partners.

-          We may need your consent.

 

Your consent or our legitimate interest to provide additional services.

Art. 6 (1) (a) and (f) of the Regulation

We want to understand Your expectations better (e.g. analysis of Website visits, customer surveys, etc.). For our business goals, such as data analysis, certifications, developing new models, identifying trends in browsing the Website, developing a custom environment on the Website by introducing products and offers.

-          We may need your consent.

Your consent or our legitimate interest to perfect our Services, improve the user experience offered to You, develop new products and services.

Art. 6 (1) (a) and (f) of the Regulation

 

7.                       PROFILING AND AUTOMATED DECISIONS

7.1                    We do not process Your Personal Data based on profile analysis and automated decision-making.

8.                       PERSONAL DATA PROCESSING IN MARKETING

8.1                    We process Personal data for marketing purposes. If such processing is based on Your consent, You have the right to withdraw the consent at any time. If such processing is not based on a consent, You may refuse to receive such Data processing at any time as well. In order to withdraw Your consent or refuse to receive marketing materials, please send the respective message to our contact details or manage Your consents via our Available Channels. The guidelines for withdrawal of consent are also included with all marketing communication.

8.2                    The general information about our services and introductory or supplementary information or notices about changes in the terms and conditions or the price list, or information related to the performance of a contract entered into with You (e.g. notifications about due dates of payments, debts, termination of contracts, etc.) are not deemed marketing. In general, You cannot refuse to receive such information.

9.                       TRANSMISSION OF PERSONAL DATA TO THIRD PARTIES

9.1                    We will disclose and/or transmit Your Personal data:

10.1.1. to persons and organisations related to the provision of our services and performance of the agreement entered into with You (e.g. sureties, guarantors, collateral owners; payment intermediaries, credit institutions, international card organisations, translation, communication, IT and postal service providers, call centre service providers);

10.1.3 to the third parties that receive Your Personal data as a part of the service requested by You;

10.1.4. to the service providers to whom we have outsourced activities in part or in full on the terms and conditions stipulated by effective law, provided that such persons comply with the organisational, physical and information technology requirements set by us in respect of the confidentiality and protection of the Personal data;

10.1.5. to other third parties if You have breached the agreement (e.g. provider of debt collection services, courts, trustees in bankruptcy or insolvency trustees).

9.2                    In some cases, we may be obliged to disclose and transmit Your Personal data for the performance of the obligations arising from effective law - government and other bodies, institutions and departments, insurance companies, insurance brokers, banks and institutions within the scope of their competence and in compliance with the provisions of the Regulation, the Personal Data Protection Act and the other norms of the local legislation. (e.g. transmit data to law enforcement authorities, notaries, trustees in bankruptcy, the Tax and Customs Board, or the Financial Supervision Authority).

9.3                    We may use third parties (e.g. payment service providers) upon the performance of an agreement entered into with You and make Your Personal data accessible to them. These persons process Your Personal data according to their rules and at their responsibility. We may also use third parties upon the performance of an agreement entered into with You, who process Your Personal data according to the law of their country of location.

10.                    DATA TRANSFER TO COUNTRIES OUTSIDE THE EUROPEAN ECONOMIC AREA

10.1                 There may be cases where we transmit Your Personal data to, and they are processed in, countries outside the EEA. We only transmit Personal data to the kind of third countries or territories (outside the EEA) in respect of which the European Commission has decided that protection is adequate. If there is no such decision, we will only send Personal data outside the EEA if the protection of Your rights in court is guaranteed to You and effective legal remedies are accessible in the respective country or territory. Also, the transmission described above is not done without a legal basis (e.g. performance of a legal obligation or Your consent).

11.                    HOW WE PROTECT YOUR PERSONAL DATA

11.1                 We protect Personal data in strict compliance with the principles of the framework directives of the European Union on protection of information and Personal data (including Regulation (EU) 2016/679).

11.2                 Your information is stored on our secure servers or on secure servers of our subcontractors or business partners (or in certain cases the information is also stored on paper, subject to the necessary protections). The information is available and used in accordance with our security policies and standards (or those of our subcontractors or business partner For example, we apply the following measures:s), always in compliance with the effective legislation and the necessary protection measures.

11.3                 Although we cannot guarantee that the transmission of data over the Internet, Website is free from the risk of cyber-attacks, we and our business partners work hard to maintain measures for physical, personal and documentary protection and protection of automated information systems with regard to Your data in compliance with the effective legislation. For example, we apply the following measures:

11.4                 strictly limited access of our employees and subcontractors to Your data, provided only on a need-to-know basis and in order to achieve the purposes for which it is processed and, on a need-to-know basis;

11.5                 Personal data is stored electronically in databases or in shared folders protected by passwords or with different degrees of authorization; monitoring and protection against viruses are carried out; copies and backups are created for recovery purposes; the systems also store history logs of document operations;

11.6                 at the sites of the Joint Controllers, where processing of Personal data is performed, technical security is carried out (through alarm and security equipment and video surveillance); fire protection; physical access control procedures have been introduced;

11.7                 the staff of the Controller who processes Personal data is familiar with the requirements of the effective legislation, the policies of the Controller, and the existing risks and the scenarios for their occurrence;

11.8                 Data processing information systems, including personal ones, are based on regularly audited software. For the purposed of full traceability and timely response, records with information about each access and operations performed in relation to Personal data are maintained by the Controller. The filling of the records is fully automated and is an integral part of the Data processing. The Controller, through explicit internal rules, has established technical and organizational measures consisting of terms and conditions and procedure for collection, processing and storage on paper of Personal data of its customers, as well as strict rules for monitoring their compliance, said monitoring ensuring the most comprehensive protection against unwanted access;

11.9                 contractual protection under the agreements with third-party data processors who act on behalf of the Controller has also been envisaged;

11.10              when we provide You (or choose to provide You) with a password that gives You access to certain parts of the Website or another portal or service that we manage, You are responsible for keeping that password confidential and for complying with any other security procedures of which we notify You. Please do not share Your password with anyone.

12.                    HOW LONG WE STORE YOUR PERSONAL DATA

12.1                 We process Your Personal data for as long as necessary for the achievement of the purposes of Data processing or performance of obligations arising from effective law. The period of Personal data retention is based on the agreement entered into with You, our legitimate interest and/or applicable law. If Your data is processed for more than one purpose, we will retain it until the purpose with a longer processing period is achieved; but we will stop processing it for the purpose with a shorter period after the expiration of that shorter period.

12.2                 We restrict access to Your data to those parties who must process it for the relevant purpose.

12.3                 In certain circumstances, we may retain Your Personal data for longer periods of time in order to have an accurate record of Your relations with us in the event of complaints or disputes or if we reasonably believe that there is a possibility of litigation in view of which Your Personal data will be needed.

12.4                 Storage periods are based on our business needs and in accordance with the effective legislation. Personal data that is no longer needed shall be pseudonymized or anonymized or erased/destroyed.

13.                    cookies

13.1                 We are also using cookies for our webpage and more information you can find at our Cookie policy https://ennesoftware.com/cookiepolicy.html

14.                    YOUR RIGHTS TO PERSONAL DATA PROTECTION

14.1                 You have certain rights regarding Your Personal data, such as the right to:

(a)                     ask us to provide You with additional details on how Your data is used;

(b)                     ask us to give You access to Your Personal data and to provide You with a copy of it;

(c)                      receive Personal data that concerns You and that You have provided to us in a structured, widely used and machine-readable format and – where technically possible – to transfer this data to another controller without hindrance if the processing of Your data is based on Your consent or agreement and is performed by automated means;

(d)                     ask us to update any inaccuracies in the data that we store and to correct / update the same;

(e)                     ask us to erase or anonymize all data about You for which we no longer have a legal basis to process;

(f)                       when the processing is based on consent and in connection with direct marketing, You may withdraw Your consent in order for us to stop that particular processing henceforth;

(g)                     object to any processing for the purpose of automated individual decision-making (including profiling) when it significantly affects You, while You have the opportunity to exercise Your right to request human intervention by the controller, the right to express Your views and to challenge the decision;

(h)                     ask us to limit the processing of Your data, e.g. while a complaint is being investigated.

14.2                 Procedure for exercising the rights:

14.2.1            You may submit a request for exercising Your rights to the Contact Person in one of the following ways: on site, by mail (including e-mail), phone or fax, as referred to in item 1 above. 

14.2.2            Each one of Your applications, inquiries or requests is accepted with an incoming number, it is reviewed, we verify Your identity and the right that You want to exercise, and we answer within one month of receipt. In more complex cases or during the receipt of numerous requests, this period may be extended by another two months, of which we will inform You. In the event that there are reasons to reject the request, we will state these reasons to the applicant in writing.

14.2.3            The exercise of these rights is subject to certain exceptions, for example when the public interest must be protected (e.g. in preventing or detecting crimes), or our interests, or the rights and freedoms of others.

If You have any questions on the processing of Your data, please contact us via the contact details provided in item 1 above (Monday through Friday from 09:00 a.m. to 06:00 p.m.).

15.                    AMENDMENT OF PERSONAL DATA AND TERMINATION OF PERSONAL DATA PROCESSING

15.1                 Inform Us immediately of any changes and inaccuracies in Your Personal data submitted to us. At our request, submit to us a document that proves the changes in Your Personal data (e.g. name change certificate).

15.2                 We endeavour to do our best to regularly check that Your Personal data is complete and correct.

16.                    POLICY UPDATE

We may make changes to this Policy from time to time. Changes to this Policy will take effect when the revised Policy is published on the Website, and an update notification will be posted on the Website.