Version 1.01 – 30 September 2019
At Envizage, our core mission is to help people plan for an uncertain future. We do this by making our analytic engine available to financial services firms of all sizes, so they can create engaging applications for their customers.
Our goal is to set a high standard for protecting the privacy of your information. We want to be clear about how we collect, use, protect, and share your information, including your personal information, and the rights and choices you have about the ways in which you can help us protect your privacy.
This Privacy Notice explains:
Scope: This Privacy Notice applies to the information that we obtain through your use of Envizage products and services, including our website (envizage.me), our social media, communications, and web-based tools (collectively, our “Services”). For a current list of the Services and vendors covered by this Privacy Notice, see our Subvendor Directory.
This Privacy Notice does not apply to personal information arising from Envizage’s employment-related activities. Except to the extent that a third party provides services on our behalf (such as a SaaS vendor), this Privacy Notice also does not apply to the practices of third parties to which we may link or otherwise refer you, such as consultants, pen testing firms, audit firms, and other vendors.
Geography: Envizage is a U.K.-based company that offers our Services to domestic and international business customers. As a result, information that we collect, including personal information, may be transferred to our U.K. offices to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may provide information to third-party service providers in the U.K. and in other countries to the extent necessary to support Envizage’s business activities, and we may access personal information collected by our customers to support the Services that we provide to our customers. Thus, personal information may be transferred to and stored on servers located in the U.K. and in countries different from the country in which that information was initially collected. Similarly, information we collect may be accessed by Envizage and our third-party service providers and business partners from countries other than the ones in which the information is stored.
If you have any questions or concerns about this Privacy Notice or about our privacy or data security practices, please contact us at email@example.com
For purposes of this Privacy Notice, “Personal Information” means information from or about you that identifies you directly and information that is associated with you and thus could potentially identify you, including when combined with other information from or about you.
“Sensitive Personal Information” includes data about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union memberships, genetic and biometric data when used for identification purposes, and data about health, sex life, and sexual orientation.
Types of Personal Information that We May Collect
Account and Profile Information: We collect information about you and your company when you register for an account, create or modify your profile, and make purchases with respect to our Services. Information we collect includes your name, username, address, email address, phone number, and payment card details. You may provide this information directly through our Services or in some cases another user (such as an account administrator) creating an account on your behalf may provide it. If you provide information (including personal information) about someone else, you confirm that you have the authority to act for them and to consent to the collection and use of their personal information as described in this Privacy Notice.
Content: We collect and store content that you create, input, submit, post, upload, transmit, or store while using our Services. Such content may include any personal or other sensitive information submitted using our Services, such as health information, EU personal data, and other information such as regulatory compliance materials.
Other submissions: We collect other data that you may submit to our Services or to us directly, such as when you request customer support or communicate with us via email or social media sites.
Web Logs and Analytics Information: We record certain information and store it in log files when you interact with our Services. This information may include Internet protocol (IP) or other device addresses or ID numbers as well as browser type, Internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information that you search for, your locale and language preferences, your mobile carrier, and system configuration information. We and our analytics providers (see our Subvendor Directory), also collect and store analytics information when you use our Services to help us improve our Services.
Information from third parties: We may obtain information, including personal information, from our business partners and service providers. This information includes, but is not limited to, information that we receive from our direct marketing providers, product referrals, and other interactions. We also may combine information we receive from third parties with other information we collect from you through our Services as described in this Privacy Notice. If we use this information to provide you with opportunities that we think may be of interest to you, you will have the ability to inform us that you do not wish to receive such offers, and you may unsubscribe from our marketing and other email communications by clicking on the link in the email, sending an e-mail to firstname.lastname@example.org or accessing your user account and changing your distribution preferences.
Information provided by other individuals: While using our Services, individuals may provide information about another individual, or an authorized user (such as an account administrator) creating an account on your behalf may provide information about You. When one individual provides us with information (including personal information) about another individual, we assume that the individual has permission and authority to do so and to consent on behalf of that individual to the collection and use of personal information as described in this Privacy Notice. Please contact us immediately at email@example.com if you become aware of an individual providing us with personal information about another individual without being authorized to do so, and we will act consistently with this Privacy Notice.
Our customers and their designated users use our Services to develop, establish, implement, and maintain secure applications. These applications may process sensitive data, including personal information and sensitive personal information. While using our Services, our customers may create, input, submit, post, upload, transmit, or store personal information that they have collected from individuals. During the course of our business relationship, we may need to access a customer’s account and the information it contains to provide support for our Services.
Our customers and prospective customers are responsible for complying with all applicable local and international laws and regulations regarding notice, disclosure, consent, and transfer of personal information, prior to providing that personal information to Envizage.
In addition, our customers and prospective customers are also responsible for identifying, in the Services agreement or in a related document (such as a business associate agreement or GDPR data protection agreement), any additional requirements for protecting, accessing, and handling personal information in a particular matter that exceeds the reasonable, risk-based administrative, technical, and physical safeguards that Envizage would otherwise routinely implement, or that are inconsistent with the collection and use practices identified in this Privacy Notice.
Unlike the other collections of information described in this section, our agreements with customers include specific protections and limitations regarding our access to and use of personal information collected by customers.
We will not use your personal information for anything other than the following lawful purposes:
To establish and maintain contractual relationships with our customers and partners:
To comply with our legal obligations:
To provide services and information that you request and consent to receive:
To fulfill our other legitimate interests to the extent that they are not overridden by individual interests, fundamental rights, or freedoms:
When possible, we will use anonymized data for these purposes, but if we do not, or if we combine it with Personal Information we will treat it in accordance with this Privacy Notice.
Except to the extent necessary to fulfill our business obligations, to accomplish one of the lawful purposes described in this Privacy Notice, or pursuant to your express instructions, we do not sell, transfer, or otherwise disclose personal information that we collect from or about you.
We may share your information in the following ways:
With your express consent: We will share your personal information with companies, organizations, or individuals outside of Envizage when we have your consent to do so.
When you choose to directly share your information while using our Services: When you use our Services, certain features allow you to make some of your content accessible to the public or other users of the Services. We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.
When your account is accessed by your organisation’s designated Envizage administrator: Your Envizage account owners and administrators may be able to:
With our vendors and business partners, to accomplish our business purposes: We may share your information with our service providers and other third parties who perform services on our behalf, listed in our Subvendor Directory. We provide your payment information to our service providers for payment processing and verification. Service providers such as analytics providers may collect information about your online activities over time and across different online services when you use our Services. We also work with third-party service providers to provide the cloud-based tools that our customers use to create their secure instances and securely store their sensitive information, including personal information.
When necessary to comply with laws and law enforcement requests, or otherwise to protect our rights or those of individuals: We may disclose your information (including your personal information) to a third party if:
As the result of a business transition: We may share or transfer your information (including your personal information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will take reasonable steps to assure that any other entity involved continues to comply with the terms of this Privacy Notice. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.
Sharing aggregate, anonymized, deidentified, or otherwise non-personal data: We may share aggregated, anonymized deidentified, or otherwise non-personal information that does not directly or indirectly identify you and that cannot, with reasonable effort, be used to reidentify you in order to improve the overall experience of our Services. Such aggregated, anonymized, deidentified, or otherwise not re-identifiable information is not personal information within the scope of this Privacy Notice.
To exercise any of these options, or for additional information about our privacy and data security practices, contact us at firstname.lastname@example.org
Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. That said, we certainly try very hard, employing a variety of organizational, technical and administrative measures to provide a level of security appropriate to the risk associated with the personal information you trust us with.
To that end, we manage our data protection program to standards consistent with the requirements stipulated by the EU’s General Data Protection Regulation (“GDPR”) and the FCA’s Account Information Services Provider (“AISP”) registration requirements.
Please see our “Information and Data Security” manual (available under NDA on request to email@example.com) for more details.
Envizage protects personal information under its control, and requires its service providers (see our Subvendor Directory) to also protect against, accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored, or otherwise processed.
If you have concerns about the security of your information with Envizage, please contact us immediately at firstname.lastname@example.org to report an issue.
We retain your personal information only as long as necessary to accomplish the business purpose for which it was collected or to comply with our legal and contractual obligations, plus 1 year, and then securely dispose of that information.
Our Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us at email@example.com
If you are from the European Economic Area, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.
However, we will normally collect and use Personal Information from you where the processing is in our legitimate interests and not overridden by your data-protection interests or fundamental rights and freedoms. Typically, our legitimate interests include improving, maintaining, providing, and enhancing our technology, products, and services; ensuring the security of the Services and our Websites; and for our marketing activities.
For example, we may need the Personal Information to perform a contract with you. In some limited cases, we may also have a legal obligation to collect Personal Information from you.
If we ask you to provide Personal Information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not, as well as of the possible consequences if you do not provide your Personal Information.
Where required by law, we will collect Personal Information only where we have your consent to do so.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please email us at firstname.lastname@example.org
The core Envizage APIs are hosted in the Republic of Ireland. You may choose to run Envizage in other regions, such as the U.S., the U.K. or other regions of the world with laws governing data collection and use that may differ from U.K. law. Please note that when you use the core Envizage APIs, you may be transferring your information outside of those regions to the Republic of Ireland for storage and processing. By providing your information, you consent to any transfer and processing in accordance with this Policy.
We strive to resolve all complaints about privacy and the collection or use of customer information. If you have questions or have a complaint, please send an e-mail to email@example.com
We may change this Privacy Notice from time to time. If we make any changes, we will notify you by revising the version and date at the top of this Privacy Notice and, in some cases, where appropriate we may provide you with additional notice (such as adding a statement to the log-in screen or sending you an email notification).
Your continued use of our Services after the revised Privacy Notice has become effective indicates that you have read, understood, and agreed to the current version of this Privacy Notice.
Please contact us with any questions or comments about this Privacy Notice, your personal information, our use and disclosure practices, or your consent choices by email at firstname.lastname@example.org
Our Data Protection Officer is: Vasilis Dialinos
Last updated: 2019-09-30
Envizage shares information with service providers and other third parties who perform services on our behalf.
This page provides a list of vendors with whom we share personal information as well as describes where each is located and what services these vendors provide for us.
|01||Amazon Web Services||Cloud infrastructure||Republic of Ireland|
|02||MongoDB Cloud Atlas||Database provider||Republic of Ireland|
|03||CloudAMQP||Queue provider||Republic of Ireland|
|04||Atlassian||Project Management||United States|
|05||Mailchimp||E-mail marketing||United States|
|06||Slack||Community discussion||United States|
|07||Google Analytics||Analytics||United States|
|08||Sentry.io||Error monitoring||United States|
|09||G Suite||Collaboration tools||United States|