Envolve Technology Limited (“Envolve”, “we” and “us”) are committed to protecting and respecting your privacy.
For the purpose of the EU General Data Protection Regulation (“GDPR”) 25 May 2018 and the Data Protection Act 1998 as may be amended or replaced from time to time (“the Act”) and save as otherwise expressly stated, the data controller for data that we collect is Envolve Technology Limited c/o Excalibur House, Newport, NP18 2HJ VAT Number: 200 854345.
Information we may collect from you
We may collect and process the following data about you:
Information that you provide to us
This includes without limitation when you participate in a conversation with a business through our widget placed on their website or social media account ("Site") of one of our customers (“Business”) or participate in any of the activities of that Business, when you complete a user profile, when you subscribe to one of our Business hosting or related services, when you participate in conversations or any other social media functions on that Site from time to time, when you enter a competition, promotion or survey, when you post material on or through our Site, when you respond to a request for information which we may use for our internal research purposes or to evaluate our services when you report a problem with the widget on the Site or social account, or when you contact us for any other reason.
The information you give us may include your name, address, e-mail address and phone number, financial, credit card information or other details relating to any transaction carried out through the widget on one of our customers sit Site, personal descriptions, photograph, opinions etc.
Information we collect about you
With regard to each of your visits to our Site or to any Business we may automatically collect the following information:
This above is statistical data about your browsing actions and patterns, and does not identify you as an individual.
Information we receive from other sources
We may receive or access information about you and your participation in a Business from the customer on whose behalf we are hosting that Business. We will not share this information with any other Business. Such information will be aggregated and anonymised so that it does not identify you as an individual and may be used by us for analytics and other business purposes, including selling such anonymised and aggregated information to third parties.
We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this Site. We also work closely with third parties from time to time (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
Where we store your personal data
The transmission of information via the Internet is not completely secure and you do so at your own risk. For example, if you engage with a a Business via our technology on their Site you may be able to send emails using our third party provider’s Internet based email tool. We cannot guarantee the security or confidentiality of any data transmitted to or via our Site and we do not accept any liability for this. Once we have received any information you supply on our Site, we will however use reasonable endeavours to protect any personal data held on our Site and will use strict procedures and security features to try to prevent unauthorised access.
Uses made of the information
Your information will be used for a wide range of purposes, including but not limited to,:
We may combine information we collect from third parties with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above.
Disclosure of your information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries from time to time, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information with selected third parties including:
Current third parties used for the provision of the Envolve service include:
Data shared directly from customer to Go Cardless
VAT & Invoicing
Data shared directly from customer to Quaderno
Public Information and Third Parties
Blog. We may have public blogs on our Site or a Business. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your personal information appears on these blogs and you’d like it to be removed, contact us at email@example.com or in the case of a blog available on a Business, contact the Business operator. If we’re not able to remove your information, we’ll let you know why.
Social Media Widgets. Our Site may include social media features, like the Facebook Like button. These features may collect information about your IP address and which page you’re visiting on our Site, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our Site. Your interactions with those features are governed by the privacy policies of the companies that provide them.
Service Providers. If it is necessary to provide you a service you’ve requested, like send you a T-shirt, then we may provide your personal information to a service provider. We will restrict any service provider’s use of your personal information. We will tell you whenever reasonably possible and you may request at any time the name of our service providers.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the web pages we use from time to time to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org
Access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
Google Analytics: We use Google Analytics to collect information about visitor behaviour on our website. Google Analytics stores information about what pages you visit, how long you are on the page, how you got there and what you click on. This Analytics data is not tied to any personally identifiable information, so it cannot be used to identify who you are.
You can find out more about Google’s position on privacy regarding its analytics service at www.google.com/intl/en_uk/analytics/privacyoverview.html
Session Cookies: We use a session cookie to remember your log-in for you if you are a registered user or for other purposes strictly necessary for the operation of our website. If these are disabled then the website will not function properly.
More information on session cookies and what they are used for can be found at www.allaboutcookies.org/cookies/session-cookies-used-for.html
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Third Party Cookies: These are cookies set on your computer by external service providers. Cookies of this type are advertising networks and providers of analysis services as well as the social network sharing buttons to allow visitors to share content onto their social networks. Third party cookies we currently use include Facebook and Twitter. In order to implement these sharing buttons, and connect them to the relevant social networks and external sites, scripts are used from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing across the internet, not just on this website. We have no control over third party cookies used on our website and you should check the respective policies of each of these sites to see how they use your information and to find out how to opt out, or delete, such information, if you wish to do so.
Welcome to www.envolvetech.com a service operated by Envolve Technology Limited (“Envolve”, “we” or “us”) (the “Site”) which, amongst other things, is intended to (i) provide you with information about and to allow you to subscribe to and purchase our products and services as a customer (a “Customer”) (ii) allow you to register a user account with us (a “Registered User”) (iii) allow you to use the technology without a registered account (a “User”) to engage with one or more of the virtual Businesses via our technology hosted on their own website or social media accounts ("Site") on behalf of our customers (a “Businesses”) (iv) allow you to post and upload content and interact with others and (v) allow you to contact us directly.
Please note that:
If you are a Registered User and Customer of our business using products and services available on the Site your use of those products and services will be governed by the Customer Licence and Terms of Service which you will have accepted at the time of putting our technology live on your website or in your social channels.
Information about us
The Site, and technology which sits on a businesses website or in their social channels is operated by Envolve Technology Limited a company registered in England (Number 08548197) with our registered office being c/o Excalibur House, Newport, NP18 2HJ VAT Number: 200 854345.
In order to engage with a Business via our technology hosted on their website or their social channels ("Site"), you must provide the requested identification information. You represent and warrant that all personal data and information provided during the registration process is up to date, complete, accurate and true and agree to communicate to Envolve any changes of your personal data in a timely manner.
You are responsible for the activities carried out on or through the Site through and all such activities shall be attributed to you as the User. You are liable for any damage caused to or prejudices against Envolve or third parties as a result of the misuse, loss, misappropriation and/or compromising of the confidentiality of your User ID and password.
You are responsible for making all arrangements necessary for you to have access to our Site.
We do not guarantee that our or a businesses Site, or any content on it, will always be available or be uninterrupted. Access to our Site is permitted on a temporary basis. From time to time, we may suspend, withdraw, discontinue or change all or any part of our Site without notice. We will not be liable if for any reason the Site is unavailable at any time or for any period.
Acceptable use policy
In using the Site, you undertake that you:
Intellectual property rights
We are the owner or the licensee of all intellectual property rights in the Site and in the material published on it. Those works are protected by copyright laws and treaties around the world. All such rights are reserved.
You may print off one copy of any page from the Site and, where applicable functionality exists, download data from the Site for your personal reference. You may also draw the attention of others to material posted on the Site.
Our status, and that of any identified contributors, as the authors of Content on the Site must always be acknowledged.
You are not permitted to publish or otherwise copy or use any part of this on the Site for commercial purposes, distribution or personal gain to other parties without first obtaining our express written consent or a licence to do so from us or our licensors
Other than any materials clearly marked as capable of being modified, you must not modify the paper or digital copies of any materials you have printed off or downloaded in any way, and you must not use any illustrations, photographs, video or audio sequences or any graphics separately from any accompanying text or logos.
‘Envolve.com’ and ‘Envolve’ plus any other trade marks or logos used on the Site are trade marks of Envolve Technology or its third party licensors. You are not permitted to use any of these marks without express written consent.
Uploading Content to the Site
Any contributions, experiences, information, views or other Content that you upload to or through the Site is for public display and will be considered non-confidential and non proprietary, and we have the right to use, copy, distribute and disclose to third parties any such material for any purpose associated with the operation of the Site.
We will not be liable for any Content transmitted or posted by you on or through the Site or for any interactions you may have with other users. You warrant that you are able to licence the material that you upload to the Site to us and that the use of such Content will not infringe the intellectual property rights of any other party.
You acknowledge that we have the right to disclose your identity to any third party who is claiming that any Content posted or uploaded by you on or through the Site constitutes:
The Site changes regularly
Envolve aims to update the Site regularly, and may change or delete the content at any time. Any of the content on the Site may be out of date at any given time, and we are under no obligation to maintain or update such content. If the need arises, we may without liability suspend access to the Site, or close it indefinitely.
The material displayed on the Site is provided without any guarantees, conditions or warranties as to its accuracy or it being comprehensive.
To the extent permitted by law, we expressly exclude all conditions, warranties and other terms which might otherwise be implied by statute, common law or the law of equity.
We will not be liable to any user for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, even if foreseeable, arising under or in connection with:
If you are a business, please note that in particular, we will not be liable for:
whether caused by tort (including negligence), breach of contract or otherwise
Transactions with third parties and links from / to the Site
Where the Site or activities hosted on it contain links to other sites and resources provided by third parties, these links are provided for your information only. We have no control over the content of those sites or resources, and accept no liability for them or for any loss or damage that may arise from your use of them.
Contracts for the supply of any goods or services formed as a consequence of the use of these external sites arising through use of the Site shall be governed by the terms and conditions of supply of the relevant party supplying those goods or services. We will have no involvement, liability or obligations in relation to any contracts that you form with any third parties.
Third parties shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 in relation to any agreement between us and you.
The Site must not be framed on any other site.
Viruses, hacking and other offences
We do not guarantee that our Site will be secure or free from bugs or viruses. You are responsible for configuring you information technology, computer programmes and platform in order to access our Site. You should use your own virus protection software.
You must not knowingly introduce viruses, trojans, malware, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to the Site, the server on which the Site is stored or any server, computer or database connected to the Site. You must not attack the Site via a denial-of-service attack or a distributed denial-of service attack. By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use the Site will cease immediately.
We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of the or to your downloading of any material posted on it, or on any linked to it.
The Site uses:
The Site contains:
Jurisdiction and applicable law
The English and Welsh courts will have exclusive jurisdiction over any claim arising from, or related to, a visit to the Site. However, we retain the right to bring proceedings against you for breach of these conditions in your country of residence or any other relevant jurisdiction
If you have any concerns in relation to our Site, please contact email@example.com.
This Data Processing Agreement ("Agreement") forms part of the Contract for Services ("Principal Agreement") between any businesses which uses the Envolve Technology Limited technology (the “Company”) and Envolve Technology Limited (the “Data Processor”) (together as the “Parties”)
(A) The Company acts as a Data Controller.
(B) The Company wishes to subcontract certain Services, which imply the processing of personal data, to the Data Processor.
(C) The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
(D) The Parties wish to lay down their rights and obligations.
IT IS AGREED AS FOLLOWS:
1. Definitions and Interpretation
1.1 Unless otherwise defined herein, capitalised terms and expressions used in this Agreement shall have the following meaning:1.1.1 "Agreement" means this Data Processing Agreement and all Schedules;
1.1.2 "Company Personal Data" means any Personal Data Processed by a Contracted Processor on behalf of Company pursuant to or in connection with the Principal Agreement;1.1.3 "Contracted Processor" means a Subprocessor;
1.1.4 "Data Protection Laws" means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
1.1.5 "EEA" means the European Economic Area;
1.1.6 "EU Data Protection Laws" means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to 1.1.7 "GDPR" means EU General Data Protection Regulation 2016/679;
1.1.8 "Data Transfer" means:
184.108.40.206 a transfer of Company Personal Data from the Company to a Contracted Processor; or
220.127.116.11 an onward transfer of Company Personal Data from a Contracted Processor to a Subcontracted Processor, or between two establishments of a Contracted Processor, in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws);1.1.9 "Services" means the services the Company provides.
1.1.10 "Subprocessor" means any person appointed by or on behalf of Processor to process Personal Data on behalf of the Company in connection with the Agreement.1.2 The terms, "Commission", "Controller", "Data Subject", "Member State", "Personal Data", "Personal Data Breach", "Processing" and "Supervisory Authority" shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
2. Processing of Company Personal Data
2.1 Processor shall:
2.1.1 comply with all applicable Data Protection Laws in the Processing of Company Personal Data; and
2.1.2 not Process Company Personal Data other than on the relevant Company’s instructions.
2.2 The Company instructs Processor to process Company Personal Data.
3. Processor Personnel
Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Company Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Company Personal Data, as strictly necessary for the purposes of the Principal Agreement, and to comply with Applicable Laws in the context of that individual's duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
4.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to the Company Personal Data implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
4.2 In assessing the appropriate level of security, Processor shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
5.1 Processor shall not appoint (or disclose any Company Personal Data to) any Subprocessor unless required or authorized by the Company.
6. Data Subject Rights
6.1 Taking into account the nature of the Processing, Processor shall assist the Company by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Company obligations, as reasonably understood by Company, to respond to requests to exercise Data Subject rights under the Data Protection Laws.
6.2 Processor shall:
6.2.1 promptly notify Company if it receives a request from a Data Subject under any Data Protection Law in respect of Company Personal Data; and6.2.2 ensure that it does not respond to that request except on the documented instructions of Company or as required by Applicable Laws to which the Processor is subject, in which case Processor shall to the extent permitted by Applicable Laws inform Company of that legal requirement before the Contracted Processor responds to the request.
7. Personal Data Breach
7.1 Processor shall notify Company without undue delay upon Processor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow the Company to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
7.2 Processor shall co-operate with the Company and take reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
8. Data Protection Impact Assessment and Prior Consultation
Processor shall provide reasonable assistance to the Company with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Company reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Company Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.
9. Deletion or return of Company Personal Data
9.1 Subject to this section 9 Processor shall promptly and in any event within 10 business days of the date of cessation of any Services involving the Processing of Company Personal Data (the "Cessation Date"), delete and procure the deletion of all copies of those Company Personal Data.
9.2 Processor shall provide written certification to Company that it has fully complied with this section 9 within 10 business days of the Cessation Date.
10. Audit rights
10.1 Subject to this section 10, Processor shall make available to the Company on request all information necessary to demonstrate compliance with this Agreement, and shall allow for and contribute to audits, including inspections, by the Company or an auditor mandated by the Company in relation to the Processing of the Company Personal Data by the Contracted Processors.
10.2 Information and audit rights of the Company only arise under section 10.1 to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.
11. Data Transfer
11.1 The Processor may not transfer or authorize the transfer of Data to countries outside the EU and/or the European Economic Area (EEA) without the prior written consent of the Company. If personal data processed under this Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the personal data are adequately protected. To achieve this, the Parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of personal data.
12. General Terms
12.1 Confidentiality. Each Party must keep this Agreement and information it receives about the other Party and its business in connection with this Agreement (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:
(a) disclosure is required by law;
(b) the relevant information is already in the public domain.
12.2 Notices. All notices and communications given under this Agreement must be in writing and will be delivered personally, sent by post or sent by email to the address or email address set out in the heading of this Agreement at such other address as notified from time to time by the Parties changing address.
13. Governing Law and Jurisdiction
13.1 This Agreement is governed by the laws of The United Kingdom.13.2 Any dispute arising in connection with this Agreement, which the Parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the courts of The United Kingdom.
SIGNATORY AND AGREEMENT
By agreement of Emma Smith, CEO Envolve Technology Limited.
By placing the Envolve Technology platform on either your website or in your social channels you hereby agree to the terms of the data processing agreement.