Enveritas, Inc., a Connecticut non-profit company (the “Company ”), collects and processes the personal data that is provided by you when you subscribe to receive our newsletters and related communications, attend our events, provide us with your contact details or other generated by or about you. This Privacy Notice is provided to you in accordance with applicable privacy laws including, but not limited to, laws implementing the General Data Protection Regulation 2016/679 (GDPR) (the “Data Privacy Laws ”). It applies only if you are located in the European Economic Area, Switzerland and the UK and it explains what personal data (defined under the Data Privacy Laws) we collect about you and how we use this personal data. The Company (“we” or “us”) is a data controller under applicable Data Privacy Laws.

Personal data we collect

We collect and process your personal data including your name, contact information such as email and telephone number, place of work, attendance at our events and communications entered into with you. This personal data is provided directly by you or the organisation for which you work.

What we do with your personal data

We may use the personal data to send you newsletters and other related communications, invite you to events and/or manage your attendance at any such events. We may also process the personal data to comply with our contractual, legal and/or regulatory obligations or otherwise in our legitimate interests or those of our commercial partners. We also use the personal data for marketing purposes where you have either consented or where we consider we may use your personal data for such communications because of our or your legitimate interests. We process your personal data in the United States, which may have a lower standard of data privacy laws in the country of residence of our partners. We do not allow any third parties to have access to your personal data, except as required for legal or contractual purposes or where this is permitted by applicable laws or otherwise in accordance with the Privacy Policy. We may disclose your personal data to our subcontractors, agents, or payment service providers (who may be located in the United States) that we contract with to assist us in providing the services, provided that any such subcontractors or agents shall agree in writing to comply with the privacy and security standards required by the Data Privacy Laws.

There may be instances when we disclose your personal data to other parties:

• to comply with the law or respond to compulsory legal process (such as a search warrant or court order) or request for information from a regulator or otherwise for legal purposes;
• to verify or enforce compliance with the policies governing the services; or
• to protect the rights, property or safety of the Company or any of our respective affiliates, business partners, or customers or otherwise in the legitimate business interests of the Company and/or our affiliates and in accordance with Data Privacy Laws.

We may share your personal data with other business entities in connection with the sale, assignment, merger or other transfer of all or a portion of the Company's business to that business entity.

In any instance where we need to share your personal data with third parties, we will restrict the nature and categories of personal data to that which is required to comply with our contractual obligations to you or our legal and/or regulatory requirements. We may de-identify your personal data to protect your privacy.

How we protect your personal data

The Company understands that storing data in a secure manner is essential. The Company stores personal data and other data using reasonable physical, technical and administrative safeguards to secure data against foreseeable risks, such as unauthorized use, access, disclosure, destruction or modification. Although we make good faith efforts to store the information we collect in a secure operating environment that is not available to the public, we cannot guarantee complete security. Further, while we work to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party "hackers" from illegally obtaining this information.

How long we keep it

We retain the personal data for at least seven years after the end of the last communication with you. After this period has expired, the personal data will be deleted.

Data privacy rights

You have the right to request that we correct any inaccurate personal data. You also have the right to request that we delete or restrict the processing of your personal data, although we are permitted to retain it where we still have an ongoing purpose to retain it or as otherwise permitted under the Data Privacy Laws. To make any of these requests or to opt out of receiving marketing communications, please contact us at: gdpr@enveritas.org.

If you wish to raise a concern about how we have handled your personal data, you can contact us at the above email or postal address and we will investigate the matter and respond to you promptly. You may also complain to any applicable data privacy authority in the country in which you are resident.

Any questions about this Privacy Notice or about the Company’s use of your personal data should be addressed to gdpr@enveritas.org.