Customer Privacy Notice

Enveritas, Inc., a Connecticut non-profit company, 24 Innis Lane, Greenwich 06870, CT, U.S., and Enveritas International Inc., 24 Innis Lane, Greenwich 06870, CT, U.S., which have place of business at 450 Lexington Avenue, New York, NY 10017, U.S. (together referred to as the “Company”) collect and process your personal information that is provided by you, as our customer or prospective customer, or generated by you in your use of our services. This Privacy Notice is provided to you in accordance with applicable privacy laws including, but not limited to, the General Data Protection Regulation 2016/679 (“GDPR”) and laws implementing the GDPR (the “Data Privacy Laws”). The Company is the data controller under the Data Privacy Laws. It applies only to residents in the European Economic Area, Switzerland and the UK who use our services and it explains what information you provide to us and how we use your information to provide our services to you. This Privacy Notice is not applicable to customers or prospective customers in any other territory other than in the European Economic Area, Switzerland and the UK.

The Company (“we” or “us”) provides the services to our customers. We are a data controller of our customers’ staff personal data and a data processor of our customer’s customers’ personal data under the Data Privacy Laws. This Privacy Notice is for our customer’s staff (referred to as “you” in this Privacy Notice). We include in this Privacy Notice a summary of your rights to control how we use your personal information.

Please note that this Privacy Notice is subject to our Privacy Policy, which is available on our website at https://www.enveritas.org/privacy.

Your personal information

Your personal information includes any information relating to you where you are identified or from which you are identifiable. This includes your name, contact information, information about where you work and, if applicable, where you live, payment information, purchasing history and about your use of our services and our website.

We collect various types of personal information from different sources, including:

  • Information you provide directly to us when you use the Company website or obtain goods or services provided by us or otherwise provided about you by our customer;
  • Information we collect about your or your company’s purchase of goods or use of our services or enquires thereof; and
  • Information we collect about you when you voluntarily complete a customer survey or provide feedback on any of our message boards or via email, physical letters or other means.

What we do with your personal information

We use your personal information for the following key purposes:

  • to contact you: subject to applicable law, we and/or our third-party service providers may contact you and send you communications relating to your use of our services, website or purchase of our goods; where required under applicable data privacy laws, we will not send you marketing communications without your prior consent;
  • for legal purposes: we may use and share personal information for legal purposes, including financial, regulatory, tax and other legal obligations and to respond to governmental or regulatory requests or subpoenas or for litigation purposes;
  • for contractual purposes (including taking pre-contractual steps): we will use your personal information to perform our contractual requirements and obligations and to take any required pre-contractual steps;
  • for our legitimate interests and those of a third party: we may use your personal information to manage our legal, regulatory, financial and business requirements, including obtaining legal advice, in the course of disputes and litigation, internal and/or regulatory investigations and other legitimate interests;
  • for our business purposes: we may use your personal information to help us manage the lawful requirements of our business;
  • for other purposes: subject to applicable law, we may use your personal information for additional purposes in connection with the website or our organization, where you have provided your prior consent.

All the personal information we collect from you or generated by you is used to provide the services you have requested or for communications to which you have subscribed or otherwise as described in this Privacy Notice. The Company will safeguard the privacy and security of special categories of personal information as required under Data Privacy Laws. You may also consent to us using your personal information for additional purposes not described in the Privacy Notice but which we consider may be of interest to you from time to time. We will not use your personal information for these additional purposes without your consent. You have the right to tell us that you do not want to be contacted by us for these additional purposes any time after you initially provide your consent. We also use your information for marketing purposes where you have consented to receive marketing communications.

Some of your personal information is processed by us in the United States and is held on servers in the United States. By using our services and providing your personal information, you expressly acknowledge and agree to the transfer of some of your personal information to the United States, which may have a lower standard of data privacy laws than in your country of residence. Our security measures are described below in this Privacy Notice and you can contact us for more information on how we keep your personal information secure when it is transferred outside your country of residence. The Company uses external technology services such as Google, including for the purpose of processing and storing your personal data. The services of such third-party providers may mean that your personal data is processed and stored outside of the United States and we comply with our obligations to require such third-party providers to keep your personal information secure.

We do not allow any third-parties to have access to your personal information, except as required or permitted by applicable laws or in accordance with the Privacy Notice. We may disclose your personal information to our subcontractors, agents, or payment service providers (who may be located in or outside the United States) that we contract with to assist us in providing the services, provided that any such subcontractors or agents shall agree in writing to comply with the privacy and security standards described in this Privacy Notice or similar standards that comply with Data Privacy Laws. We have in place safeguards to protect your personal information agreed with our customers.

There may be instances when we disclose your personal information to other recipients:

  • to comply with the law or respond to compulsory legal process (such as a search warrant or court order) or request for information from a regulator or otherwise for legal purposes;
  • to verify or enforce compliance with the policies governing the services; or
  • to protect the rights, property or safety of the Company, or any of our respective affiliates, business partners, or customers or otherwise in the legitimate business interests of the Company and/or our affiliates and in accordance with Data Privacy Laws.

We may share your personal information with other entities in connection with the sale, assignment, merger or other transfer of all or a portion of the Company's business to that other entity.

In any instance where we need to share your personal information with third parties, such as legal or financial advisors including auditors, and we will restrict the nature and categories of personal information to that which is required to comply with our contractual obligations to you or our legal and/or regulatory requirements. We may de-identify your personal information to protect your privacy.

How we protect your personal information

The Company understands that storing data in a secure manner is essential. The Company stores personal information and other data using reasonable physical, technical and administrative safeguards to secure data against foreseeable risks, such as unauthorized use, access, disclosure, destruction or modification. Although we make good faith efforts to store the information we collect in a secure operating environment that is not available to the public, we cannot guarantee complete security. Further, while we work to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party "hackers" from illegally obtaining this information.

How long we keep it

We retain your personal data relating to the use of our services for the duration of the customer relationship and may retain such information for at least seven years after the customer account is closed (or the relevant relationship with the source of your personal information is ended) for legal, regulatory, audit or tax requirements. After this period has expired, the personal information relating to your account and your use of the services will be deleted. Any personal information which you have provided to us for marketing purposes will be kept until you notify us that you no longer wish to receive this information.

Notification of other the Company services and products

We would like to use your name and email address to inform you of our future or related services, offers and similar products and we will only do so with your consent. If you provide us with your consent to receive marketing communications, we will offer the right to unsubscribe in each electronic communication. We may also send marketing communications to you on the basis of our or our customer’s legitimate interests, even if we do not have specific consent, which will be our lawful processing basis for these communications. This information is not shared with third parties and you can unsubscribe at any time via email or through our website.

What are your rights?

You have some rights to make requests, which are all subject to exemptions and qualifications under the Data Privacy Laws. You have the right to request a copy of your personal information. You have the right to ensure your personal information is accurate. This means that you can request that we complete the information you believe is incomplete or inaccurate. You have the right to request that we delete your personal information (although we may still need to retain your personal information as described above in this Privacy Notice for contractual and/or legal purposes). You have the right to request that we restrict the processing of your personal information (although we will still need to process your personal data during the duration of the contract and beyond for legal purposes). You have the right to request that we transfer the data that we have collected to another organization, or directly to you (although we may still need to retain your personal information as described above in this Privacy Notice for contractual and/or legal purposes). If you wish to raise a complaint on how we have handled your personal information, you can contact us, and we will investigate the matter and respond to you promptly. If you would like to exercise any of these rights, please contact us at our email: gdpr@enveritas.org. Should you wish to report a complaint or if you feel that the Company has not addressed your concern in a satisfactory manner, you may contact If you are not satisfied with our response, or if you prefer not to engage with us first, you can complain to any applicable data privacy authority in your country of residence.

Changes to this Privacy Notice

The Company keeps its Privacy Policy and this Privacy Notice under regular review and places any updates on its webpage at https://www.enveritas.org. This Privacy Notice was last updated on 5 November 2019. If you have any questions about this Privacy Notice or about the Company’s handling of your information, please contact gdpr@enveritas.org.