Enlyft, Inc. Privacy Policy

‍

At Enlyft, we take pride in the accuracy and integrity of the data we offer to our subscribers or resellers (each a “Subscriber”). This Privacy Policy explains how we collect and treat information through our sales and marketing data interface and integrations (the “Platform”), enlyft.com and other online channels we own or operate (collectively, the “Site”), and enterprise level and other services we offer (altogether, with the Platform and Site, our “Services”). This Privacy Policy is governed by and part of our Terms of Service. Any terms defined in the Terms of Service have the same meaning when used in this Privacy Policy.  

To learn whether your Personal Data is included on our Platform, or to opt-out of processing by Enlyft, please visit our Verify Information page (https://enlyft.com/privacy/check-email).  

This Privacy Policy applies to your use of our Services, whether through our Terms of Service, Subscription Service Agreement, or other written contract between you and Enlyft, or simply your accessing the Services as a visitor. You consent to our privacy practices described in this Privacy Policy by accessing the Site, registering on our Platform, providing us with your Personal Data, or by allowing us to process your Personal Data. If you do not agree with this Privacy Policy, do not access or use our Services.  

1. Enlyft’s Privacy Promise

Our Services are built to offer rich, deep, and reliable business data to support your goals, while respecting the privacy of business professionals everywhere. To ensure you have confidence in our privacy practices, we offer this privacy promise to you:

• Human Element: Enlyft brings the human element back into marketing and sales. Human users leverage Enlyft technology to build target profiles unique to each Subscriber’s needs.  

• Privacy is Key: Enlyft will never collect or disclose Personal Data that was meant to remain private.  

• Trusted Data Sources: The Personal Data that we process is readily available professional contact information that is collected from publicly available resources or our trusted data vendors.  

• No Mass Marketing: Our Services are designed to support tailored, personalized messages and campaigns to the right recipients at the right time. Enlyft does not use mass communications or spamming techniques, and we prohibit our Subscribers from using the Services in this manner.

• Enlyft as Controller: When we collect Personal Data from your visit to our Site or to include it in the datasets made available through our Platform (“Enlyft Data”) for our Business Edition Services, we do so as a data controller. This Privacy Policy describes our privacy practices for Enlyft Data.

• Enlyft as Processor: When our Enterprise Edition Subscribers use our Services to process the Subscriber’s first-party data, we act as a processor or service provider to the Subscriber. This processing is covered by the Subscriber’s privacy practices, not Enlyft’s. However, in the interest of transparency, we offer some general information about our Enterprise Plan Services below.  

• Subscriber Use of Personal Data: Each Subscriber determines whether and how it processes Enlyft Data. Enlyft contractually obligates all Subscribers to use Enlyft Data in compliance with applicable laws, including privacy laws and the exercise of privacy rights by consumers. However, Enlyft cannot control how a Subscriber ultimately uses Enlyft Data. Please direct any questions relating to a Subscriber’s use of Enlyft Data to that Subscriber.

• Data Privacy Framework: Enlyft complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce (see Section 9).

• Your Rights: Enlyft welcomes your requests to restrict our use or processing of your Personal Data as provided under your privacy rights (see Section 7 and this information).  

• You’re In Control: You can always control your Personal Data on Enlyft. You can check whether your Personal Data is included on the Platform on the Verify Information page and we encourage you to submit privacy inquiries to privacy@enlyft.com.

2. Personal Data

As used in this Privacy Policy, “Personal Data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Data falls within certain categories, for example:

• Identifiers (e.g., name, email, telephone number, address, username);  

• Sensitive Personal Data (e.g., government identification number; precise geolocation; racial or ethnic origin; religious beliefs; health data; contents messages when Enlyft is not the recipient);

• Legally protected information (e.g., race, citizenship, marital status, sex);

• Employment-related information (e.g., current or past employment);

• Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99);

• Biometrics (e.g., DNA, face/voice prints, health data) and audio, electronic, visual, thermal, or olfactory information;

• Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies);  

• Internet or other similar activity (e.g., browsing history; content interactions); and

• Inferences drawn from Personal Data to create a profile about preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, and aptitudes.  

Not all information is protected as Personal Data under privacy laws. Information may not be covered by the privacy laws applicable to you if it is: (a) publicly available; (b) aggregated information, meaning data summaries or reports with the Personal Data removed; or (c) anonymized or de-identified.    

3. Collection and Use of Personal Data

Enlyft may collect Personal Data: (i) with your consent; (ii) with a legitimate interest; or (iii) as authorized or required by law. We only collect, use, retain, and disclose Personal Data as is adequate and relevant to the specific, express purposes described below or as reasonably necessary and proportionate to provide our Services or for other purposes that we disclose to you and are compatible with the context of how we collected your Personal Data.

1. Categories of Personal Data Collected. During the preceding 12 months, we have collected Personal Data in the following categories: (i) identifiers; (ii) employment-related information; (iii) commercial information, (iv) internet or similar activity; and (v) inferences.

2. Sources of Collection. Our sources of collection include:

• When you register as a Subscriber, we collect your identifiers (e.g., name, email, username), employment-related information (e.g., company, title, work history) as part of your Platform account profile. We use a secure third-party payment processor to collect and store your subscription fee payment information. If you choose to link your Platform account with your social media or another third-party account, you consent to Enlyft automatically collecting your Personal Data from your third-party account.

• We use trusted third-party data vendors and public data sources (each a “Data Source”) to collect data about professional contacts at companies that our Platform Subscribers may wish to prospect as part of a sales or marketing campaign. We contract with each Data Source after a rigorous due diligence process focused on lawful privacy practices and data integrity.  

• We use automated technology to collect and generate Enlyft Data from publicly available online sources, such as publicly available professional profiles and other online databases. This Personal Data is processed in alignment with the purposes for which the professional posted it online. Enlyft processes this Personal Data with a legitimate interest in providing our Subscribers with the richest, deepest, and most reliable company data to support Subscribers’ business goals.    

• When a Subscriber uses the Platform to discover, prioritize, and engage prospects, we collect commercial information such as the Subscriber’s prospect profiles and interactions with prospects, and internet and similar activity like search history and content interactions.  

• If you request information about our Services or other resources we offer, we will collect your name, email address, and other contact information through an online form, email, or other Site feature with your consent. If you include other information in your message to us, we will process that information as well. If you do not want us to process your Personal Data, please omit it from your communication to us.

• If you complete a survey, we will collect your responses with your consent and we will use the information you provide in your responses to improve our Services.  

• If you opt to receive marketing communications from Enlyft, we may use the Personal Data in these communications to send you marketing messages. If you opt out of Enlyft marketing, we will not use your Personal Data for marketing purposes.

• Depending on your consent and opt-in via Enlyft’s cookie consent banner on the Site, Enlyft may automatically collect details about your interactions through the Site or Platform, including your (i) browsing history; (ii) content interactions; (iii) device information (e.g., IP address, operating system, browser type, device ID, mobile network information, caller ID); (iv) usage details (e.g., traffic data, communication data and the features or resources you access and use); or (v) stored information (e.g., metadata).  

Enlyft will not collect additional categories of Personal Data or use already collected Personal Data for purposes that are materially different, unrelated, or not reasonably necessary or compatible with the original purpose without notice and consent to you as required by law.  

3. Processing of Enlyft Data. Enlyft uses the Personal Data described in Section 2(b) as a controller or business as described below:  

• Enlyft collects Subscriber registration information with the Subscriber’s consent, and we use it to provide the Subscriber with our Services.

• Enlyft Data is processed in the same manner as if a human user manually views and analyzes the information online, but we use automated means to enhance Subscriber efficiency and efficacy.  

• Enlyft data processing may include use of artificial intelligence technology to analyze data and produce richer, deeper, and more reliable data insights for the benefit of our Subscribers.  

• We process Subscribers’ Platform activity data to provide the subscribed-to Services and to improve our technology and delivery of the Services to Subscribers.  

• Each Subscriber determines which Enlyft Data it will access and process, as well as the lawful basis and purpose of the Subscriber’s processing of that data. The Subscriber is an independent controller of all Enlyft Data Subscriber accesses via the Services and is independently responsible for its own lawful and appropriate use of that data.  

• Information you include in your communications to us is used to provide you with the information you request.  

• If you opt-in to our marketing communications, we will use your information for that purpose. If you are a Subscriber, we may also use your Platform activity data to market our Services in a manner that reflects your stated preferences.  

• Enlyft uses cookies and other technologies to track how visitors interact with the Site. Please read our Cookie Notice for more information about how we use cookies. Depending on your cookie consents, we may use some of this data for marketing or retargeting.

• Enlyft might also use your Personal Data to (i) monitor your compliance with any of your agreements with us; (ii) protect your privacy and enforce this Privacy Policy; (iii) identify, contact, or bring legal action against persons or entities who may be causing injury to you, to us, or to others; or (iv) comply with a law, regulation, legal process, or court order.

• Enlyft will also use the Personal Data we process for other purposes with appropriate consent or another lawful basis.  

4. Enterprise Plan Processing. For Enterprise Plan Subscribers, Enlyft processes Subscriber Data (defined below) as instructed by the Subscriber. This Privacy Policy does not apply to Enterprise Plan processing by Enlyft. However, in the interest of transparency, we offer some general information about our Enterprise Plan below:

• Subscribers to our Enterprise Plan disclose their first-party professional contact information about their subsidiaries, affiliates, or other organizations (“Contacts”) and other Personal Data to the Services for Enlyft to process as instructed by the Subscriber (“Subscriber Data”). 

• Subscriber Data is disclosed to Enlyft according to the Subscriber’s privacy practices. The Subscriber is solely responsible for ensuring the Subscriber is authorized to share Personal Data with Enlyft, and the Subscriber determines the lawful basis of this processing and use of Susbcriber Data.

• Enlyft processes Subscriber Data as a processor or service provider to the Subscriber as the controller according to the Subscriber’s privacy practices, not Enlyft’s. Enlyft is not responsible for the privacy practices of any Subscriber or third party.

• With Subscriber’s permission, Enlyft may combine Subscriber Data with data we previously collected about the same Contacts. If Enlyft uses Personal Data from Subscriber Data in this manner or otherwise as a controller, we provide supplemental notice and ensure a lawful basis for processing the information.  

• Please contact the Subscriber with questions about Subscriber’s use of the Services related to your Personal Data.  

5. Children’s Privacy. Our Services are designed for adults, not children. Enflyft does not knowingly collect Personal Data from children under 16, and we will delete that information if we learn we have collected it. If you believe we have received information from a child under 16 or other unauthorized information, please contact privacy@enlyft.com.  

4. Retention of Personal Data

It is Enlyft’s policy to collect the richest and most reliable data to support our Subscribers’ efforts to achieve efficient and highly valuable sales and marketing campaigns. Enlyft Data offered to Subscribers on our Platform is retained as an essential asset to our provision of Services as long as it serves a legitimate interest. If we learn that any Enlyft Data is inaccurate or stored or used unlawfully, we will correct or delete that Enlyft Data as required by law and our company policies.  Personal Data associated with a Subscriber’s account is retained while that account remains active and is deleted within 90 days after account closure. We retain data collected from cookies and similar technologies for trends analysis and data security purposes for up to 24 months or according to the cookie hosting company’s own policies. Enlyft reserves the right to retain data, including Personal Data, for longer periods if it is critical to our business and securely stores that retained data. Enlyft regularly reviews and deletes or deidentifies unnecessary data.

5. Onward Transfers/Disclosing Personal Data

Enlyft will only disclose Personal Data to the third parties described in this section, with your permission, or as required by law. Enlyft will be responsible for all onward transfers of Personal Data to our subcontractors and other disclosure recipients. In the preceding 12 months, Enlyft has disclosed identifiers, employment-related information, commercial information, and internet or similar activity to third-party recipients for a business purpose. We may disclose this information to the following recipients:

1. Subscribers. A core element of our Services is the provision of rich, deep, and reliable data about companies as prospects for Subscriber sales and marketing campaigns. If a Subscriber’s prospect profile for a sales or marketing campaign matches your Personal Data contained in Enlyft Data, that Subscriber may access your Personal Data on the Platform. Subscribers control their own prospect profiles and choose which Enlyft Data to access and how to use that data subject to the Subscriber’s own privacy practices.

2. Service Providers. Enlyft’s third-party service providers may have access to your Personal Data to perform their contractual obligations to us. Our service providers include, for example, data hosting companies, payment processors, analytics services and artificial intelligence technology providers. The type of information that we disclose to a service provider will depend on the service that they provide to us. Our service providers are subject to contractual agreements that protect your Personal Data, and we require all service providers to maintain confidentiality standards and organizational measures to ensure the security of your Personal Data. Our service providers are prohibited from selling or disclosing the Personal Data we provide.
   Enlyft may use generative or predictive artificial intelligence to enhance the Services for our Subscribers. Data processed using artificial intelligence may be accessible to third-party service providers simultaneously or in real-time. By using our Services, the Subscriber consents to this access processing of Personal Data according to the Subscriber’s own lawful basis.

3. Affiliates. Enlyft may disclose the information we collect from you to our affiliates or subsidiaries following applicable privacy laws.  

4. Other Third Parties, as permitted by applicable law. For example: if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); to comply with a legal requirement or a court order; when we believe it is appropriate to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.

5. Law enforcement, and other governmental agencies, at our sole discretion in connection with an investigation of any matter that is illegal or that could expose Enlyft or our affiliates or subsidiaries to liability.

6. Aggregated and De-Identified Information. Enlyft reserves the right to disclose aggregated, anonymized, or de-identified information about any individuals with non-affiliated entities for research, product development, marketing, or other purposes, without restriction.

6. Your Privacy Controls

Enlyft provides you a variety of methods and options to directly control how we collect and use your Personal Data, including but not limited to:  

1. Subscriber Account. If you are a Subscriber with an account on the Platform, you have the option to access, correct or update, or delete the Personal Data associated with your account at any time. If you require assistance, please contact privacy@enlyft.com.  

2. Check Email. To learn if you are included in the Enlyft Directory, visit our Check Email page and follow the instructions.  

3. Marketing Communications. If you inquire about our Services, we may use your contact information to send you marketing communications in compliance with applicable law. As part of our policy to provide you total privacy, you may opt-out of receiving these communications at any time by clicking the “Unsubscribe” button contained in any email or by sending a request to privacy@enlyft.com.

4. Device Settings. You can control the data we collect through automated means by adjusting your device settings, such as blocking cookies or installing a third-party plugin to control how cookies interact with your device.  

5. Do Not Track. Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed below.

7. Privacy Requests

1. When Subscribers use Enlyft, If a Subscriber contacts you as part of a sales or marketing campaign or for any other reason, please submit your request directly to the Subscriber. ENLYFT cannot fulfill a request related to a Subscriber’s use of your Personal Data. In these cases, Enlyft acts as a service provider or processor only, and the Subscriber is the controller. The Subscriber is solely responsible for its own use of our Services, including all processing of Personal Data by the Subscriber using our Services.  

2. When Enlyft is the controller, meaning we use your Personal Data for our marketing or sales or we process your Personal Data is included in Enlyft Data, you can exercise your privacy rights as described here. Please submit your request to privacy@enlyft.com.  
   Note that Enlyft can only fulfill a privacy request when we have sufficient information to verify that the requester is the person or an authorized representative of the person about whom we have collected Personal Data, and to properly understand, evaluate, and respond to the request. We do not charge a fee to process or respond to a request unless we have legal grounds to do so. We endeavor to respond to Privacy Requests following the requirements of the law applicable to your jurisdiction. Enlyft collects Personal Data as a controller or business from publicly available sources and/or in a business-to-business context. As such, privacy rights may not apply to some of the data we process.

8. Your Privacy Rights

To exercise your rights under your applicable privacy laws beyond the methods described in Section 7, please follow the instructions below:

1. United States Consumer Privacy Rights. In the United States, consumer privacy is governed by federal privacy laws covering specific industries or data uses and state privacy laws providing general consumer privacy rights. This section provides general notices under state privacy laws that require companies to inform consumers about their privacy rights and provide a method to exercise those rights. Residents of states offering privacy protections (each a “Consumer”) may have some or all the following rights over their Personal Data:

• Right to Correct. You have the right to request that we correct inaccurate Personal Data about you on our systems. If you become aware that the Personal Data that we hold about you is incorrect, or if your information changes, please inform us and we will update our records.

• Right to Deletion. You have the right to request that we delete the Personal Data that we collected and retained, with certain exceptions. Enlyft may permanently delete, deidentify, or aggregate Personal Data in response to a request for deletion.  

• Right to Access. You have the right to request confirmation that we have collected Personal Data about you and that we provide you with access to that Personal Data. If you submit an access request, we will provide you with copies of the requested pieces of Personal Data in a portable and readily usable format. Please note that Enlyft may be prohibited by law from disclosing certain pieces of Personal Data, and we may be limited in the number or frequency of requests we must fulfill.  

• Right to Disclosure. You may request that we disclose information to you about our collection and use of your Personal Data, such as: (a) the categories of Personal Data we have collected about you; (b) the categories of sources for the Personal Data we have collected about you; (c) our business purpose for collecting, using, processing, sharing or selling that Personal Data, as applicable; (d) the categories of third parties with whom we share that Personal Data; and (e) if we sold or shared your Personal Data under the CCPA, two separate lists stating: (i) sales or sharing, identifying the Personal Data categories that each category of recipient purchased; and (ii) disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained. Certain laws may limit the number or frequency of requests we must fulfill.    

• Limited Use and Disclosure of Sensitive Personal Data. You have the right to opt-out or limit our use of your sensitive Personal Data. Enlyft does not purposely collect Personal Data that qualifies as “sensitive” under privacy laws and in no case would Enlyft disclose sensitive Personal Data for the purpose of inferring characteristics about you. If this ever changes in the future, we will update this Privacy Policy and provide you with methods to opt-out or limit our use and disclosure of sensitive Personal Data.  

• No Selling or Sharing Personal Data. Some states entitle consumers to opt out of the sale or sharing of Personal Data or targeted advertising practices. Enlyft does not sell your Personal Data or share your Personal Data with third parties for cross-contextual behavioral advertising purposes. If this changes in the future, we will update this Privacy Policy and provide you with a method to opt-out.  

• No Profiling. You have the right to opt-out of automated profiling. Enlyft uses artificial intelligence technology to enhance the richness and accuracy of the Enlyft Data and the Services we offer our Subscribers. This processing may qualify as “profiling” under certain privacy laws. To opt-out of this processing, please visit our Verify Information page and, if your Personal Data is included in Enlyft Data, send a request to opt-out of profiling to privacy@enlyft.com.  

• Right to Nondiscrimination. We will not discriminate against you for exercising your privacy rights. For example, unless permitted by law we will not: (i) deny you goods or services; (ii) charge you different prices or rates for goods or services; (iii) provide you a different level or quality of goods or services; (iv) retaliate against you as an employee, applicant for employment, or independent contractor for exercising your privacy rights; or (v) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised a right under applicable privacy laws.

• Health Data Rights. Enlyft does not collect any health data. As a courtesy notice, some state laws entitle consumers to certain details about health data collected about them, including (i) confirmation of whether the entity collects, shares, or sells the consumer’s health data and access that data, including a list of all third parties and affiliates with whom the entity has shared or sold the health data and a method to contact those third parties, (ii) a method to withdraw consent related to use of health data, and (iii) the right to have their health data be deleted.  

• Right to Disclosure of Marketing Information. California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California residents to request certain disclosures regarding Personal Data sharing with affiliates and/or third parties for marketing purposes.

Consumers may exercise these rights by submitting a verifiable Privacy Request to Enlyft. We will respond within the legally required timeline to the extent the applicable law applies to you and our business activities. If your Privacy Request is not addressed in a timely manner, you can appeal it by contacting privacy@enlyft.com.  

2. Canadian Privacy Rights. We adopted this section to provide supplemental information in compliance with Canada’s Personal Data Protection and Electronic Documents Act (“PIPEDA”). This section applies solely to residents of Canada where PIPEDA applies (“Canadian Consumers”). PIPEDA gives Canadian Consumers specific rights regarding Personal Data offering details on an identifiable person without the inclusion of name, title, telephone number, and business address of an employee of a business or organization. The following paragraphs describe PIPEDA rights and explain how to exercise those rights.  

• Right to know why we collect, use, and distribute the Personal Data we process. We have set the required notices in this Privacy Policy. We may provide you with additional notices about other ways we process your Personal Data, such as by sending you a notice via email or by other means of communication.

• Right to expect us to collect, use, or disclose Personal Data responsibly and not for any other purpose other than which you consented. We set your expectations in this Privacy Policy and collect express or implied consent at various stages of collection or processing. If we collect or use your Personal Data based on your consent, we will also notify you of any changes and will request your further consent as needed. You may withdraw your consent at any time with reasonable notice by contacting us at privacy@enlyft.com.  

• Right to accuracy of your Personal Data. We take steps to reasonably ensure that your Personal Data we are using is accurate. In most cases, we rely on you to ensure that your information is current, complete, and accurate.  We provide methods for you to correct, update, and delete inaccurate Personal Data in your account, and we will provide you with reasonable assistance to ensure that your Personal Data is accurate in our systems and with our service providers.

• Right to access your Personal Data. Upon written request and identity authentication, we will provide you with your Personal Data under our control, information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed. We will make the information available within 30 days or provide written notice where additional time is required to fulfil the request. If limited by law or potential infringement on another’s privacy rights, we may not be able to provide access to some or all of the Personal Data you request. If we must refuse an access request, we will notify you in writing, document the reasons for refusal, and outline further steps that are available to you.

3. European and United Kingdom Privacy Rights. We adopted this section to comply with the General Data Protection Regulations (“GDPR”) and its counterpart regulation applicable to residents of the United Kingdom. This section applies solely to residents of the European Union and the European Economic Area and the United Kingdom (“Data Subjects”). If you are a Data Subject, you have the following rights in relation to the Personal Data we hold about you:

• Right to know how we process your Personal Data. We have set the required notices in this Privacy Policy. We may provide you with additional notices about other ways we process your Personal Data, such as by sending you a notice via email or by other means of communication. We notify Data Subjects via email that their Contact Information has been added to the Enlyft Directory and may be used by third parties to contact them. Learn more about Enlyft email notification.

• Right to access your Personal Data. You can request to access your Personal Data. Upon request, we will provide you with a copy of your Personal Data, along with details about the types of Personal Data we process, why we process it, and any third parties we work with to collect Personal Data on our behalf. We may have one or more legally valid reasons to refuse your request in whole or in part, for example, to protect the rights of other individuals.

• Right to restrict processing of your Personal Data. You can request that we restrict the processing of your Personal Data if: (i) the data is inaccurate; (ii) the processing is unlawful; (iii) we no longer need the Personal Data; or (iv) you exercise your right to object.

• Right to rectify your Personal Data. If you become aware that the Personal Data that we hold about you is incorrect, or if your information changes, please inform us and we will update our records.

• Right to data portability. In some circumstances, we are required to provide your Personal Data to another organization at your request and in a structured, commonly used machine-readable format, so that the other organization can read and use it.

• Right to erasure (a.k.a. the “right to be forgotten”). Upon your request, and in certain circumstances and where we are required to do so by law, we are required to delete your Personal Data. This right is not absolute, and we may be entitled to retain and process your Personal Data despite your request. If you make this request, we balance certain legal, contractual, and business interests against your right to request the deletion of your Personal Data.

• Right to object to certain processing of your Personal Data. Upon your request, and in certain circumstances and where we are required to do so by law, we will limit our processing of your Personal Data as you request.

• Right to not be subject to Automated Decision-Making (“ADM”). Enlyft uses algorithms to prioritize Subscriber target profiles, but our technology does not use ADM in a manner that produces legal effects concerning or significantly affecting any individual. If this changes in the future, we will update this posting to describe our use of ADM and your options to exercise your privacy rights related to your Personal Data processed using ADM.

If you are a resident of the EEA and you believe we are unlawfully processing your Personal Data, you also have the right to complain to your local data protection supervisory authority. If you are a resident in Switzerland, you have the right to complain to the Swiss data protection authorities.  

9. Cookie Notice

A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes, and dislikes by gathering and remembering information about your preferences.

We use Google Analytics and other software to understand the usage of our service and improve the user experience. This applies to both pages where you are signed into our service and pages where you are not signed in. For more information on how Google Analytics collects and processes data, please visit How Google uses data when you use our partners and the Smartlook Privacy Policy.  

You can opt-out of non-essential cookies on the Site by adjusting your selections on Enlyft’s cookie consent banner. Additionally, you can opt-out of Google Analytics by visiting the Google Analytics opt-out page or by adjusting your device settings.

10. Data Security

Enlyft has implemented and maintains reasonable and appropriate security procedures and practices to help protect your Personal Data from unauthorized or illegal access, destruction, use, modification, or disclosure. Our security measures are appropriate to the volume, scope, and nature of the Personal Data processed and designed to meet our duty of care with respect to your Personal Data. The Platform and our other Services are designed with data security in mind to continuously protect your data and our systems. Enlyft maintains internal policies to govern the collection, processing, and handling of data. Access to Personal Data is limited to employees and contractors as needed to perform their job functions. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations. We also ensure that our employees, contractors, and agents responsible for handling privacy inquiries are informed of applicable legal requirements and we restrict access to those who need that information to process it.  

However, no transmission of data over the Internet is 100% secure, and we cannot guarantee that unauthorized third parties will not defeat our security measures or use your Personal Data for improper purposes. Subscribers that create an account on the Platform are responsible for maintaining the confidentiality of their username and password. We encourage you to take steps to protect against unauthorized access to your account and device by choosing a robust password and signing off after each session. Enlyft is not responsible for any lost, stolen, or compromised passwords, or for any activity on your account via unauthorized activity.

11. Data Privacy Framework Compliance

Enlyft complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Enlyft has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Enlyft has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Enlyft commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Enlyft at: privacy@enlyft.com.  

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Enlyft commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

If your DPF complaint cannot be resolved through the above options, under certain conditions you may have the option to invoke binding arbitration for certain residual claims. More information is at https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf.

The U.S. Federal Trade Commission has jurisdiction over Enlyft’s compliance with the DPF, and you can submit a complaint here.

12. Cross-Border Data Transfers

Enlyft is owned and operated in the United States. We use technical infrastructure in the United States and other jurisdictions to provide our Services to Subscribers wherever they are located. As such, we must sometimes transfer data across jurisdictional boundaries. If you access our Site or use the Platform or any of our other Services from outside of the U.S., please be aware that the Personal Data we collect about you may be transferred to, processed, stored, and used in the U.S. or other jurisdictions. When your information is moved from your home country to another country, the laws and rules that protect your Personal Data in the country to which your information is transferred may be different from those of the country where you live. For example, if your information is in the United States, it may be accessed by government authorities in accordance with U.S. law.  

Enlyft is committed to transferring Personal Data using a lawful data transfer mechanism. Specifically, when we transmit data from the European Economic Area (“EEA”) to the U.S. or other jurisdictions, we do so pursuant to the standard contract clauses approved by the European Commission and employ those security measures required by the country in question to secure the data. To the extent that Enlyft is deemed to transfer Personal Data from the EEA to outside of the EEA, we do so on the legal basis that such transfer is necessary to provide you with the Services you choose to use.  

However, Enlyft does not warrant that the Platform or our other Services are appropriate or authorized for use in any other jurisdictions. Each Subscriber and other users are solely responsible for determining whether their use of our Services complies with applicable laws. Your use of our Services constitutes your consent to the transfer and processing of your Personal Data as described in this section.  

13. Third-party Platforms and Social Media

We may provide links to third-party websites or platforms or allow you to link to our Services from social media. Enlyft offers this as a convenience, but we are not responsible for and have no ability to control the privacy and data collection, use, and disclosure practices of any third party. When you click on links that take you to external websites or platforms, you will be subject to their privacy policies and practices and not ours. You are encouraged to review and understand the privacy policies of such websites or platforms before submitting any information.

14. Changes to this Privacy Policy

Enlyft reserves the right to amend this Privacy Policy at any time by updating this posting without notice and revising the last updated date. All changes are effective immediately when posted and apply to all access to and use of our Services. Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.

With regards to data privacy, please refer to:  Frequently Asked Questions (FAQs).

For older policy, click here.

‍

‍