Privacy Policy

This Privacy Policy describes how Enquirica AS and its affiliates (“Enquirica”, “we”, “us”, “our”) collect, use, disclose, and protect personal information in connection with our software-as-a-service solutions, websites, customer portals, APIs, and other online services that reference this Privacy Policy (collectively the “Services”). This Privacy Policy applies to individuals whose personal data we process in the context of providing the Services to our customers, including prospective customers, paying customers, account administrators, end users, visitors to our website, and other users of our Services (“you” or “your”). We respect your privacy and are committed to protecting your personal data in compliance with applicable laws including the European Union General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”), other US state privacy laws, and other relevant global privacy and data protection laws.

This Privacy Policy explains the types of information we collect, how we collect it, the purposes for which we process it, with whom we share it, how we protect it, and how you can exercise your privacy rights. By accessing or using the Services or by providing information to us, you accept the practices described in this Privacy Policy.

Information We Collect

We collect personal data that you provide directly to us when you register for our Services, request information, engage with customer support, or communicate with us. This information may include your name, business email address, business phone number, job title, company name, billing and contact information, and other identifiers. We also collect information about end users and your customers in the context of providing the Services, including user account data, usage metrics, and configurations. When you interact with our website, we automatically collect information about your device, browser, IP address, pages viewed, and actions taken through cookies and similar technologies. We may also receive information from third-party service providers, such as analytics providers, identity verification services, or payment processors. We do not knowingly collect personal data from children under the age of 16.

How We Use Personal Data

We use personal data to provide, maintain, and improve the Services, to communicate with you about your account and the Services, and to respond to your inquiries and support requests. We also use personal data to personalize your experience, to send administrative information such as updates, security alerts, and billing information, and to understand how our Services are used. We may use aggregated or de-identified data for analytics, research, development, and business planning. Where required by applicable law, we will obtain your consent for specific uses of your personal data, and we will respect your choices as expressed through your account settings or communications preferences.

In connection with marketing, we may use your contact information to send you information about our products, services, events, and promotions that may be of interest to you. You can opt out of promotional communications at any time by following the unsubscribe instructions in our messages or by contacting us directly. When you submit information through a job application on our website or express interest in a career opportunity with us, we use that information to evaluate your qualifications and contact you regarding potential employment.

Legal Bases for Processing

For individuals located in the European Economic Area or the United Kingdom, we rely on legal bases under the GDPR for processing personal data, including your consent where requested, processing necessary for performance of a contract with you or with the entity on whose behalf you use the Services, compliance with legal obligations, and legitimate interests such as improving and securing the Services, preventing fraud, and enabling internal business operations. Where we process personal data based on legitimate interests, we ensure that our interests are balanced against your rights and freedoms.

Disclosure of Personal Data

We may disclose personal data to third parties in order to provide the Services or for business operations. This includes our affiliates, service providers that perform functions on our behalf such as hosting, data storage, support services, analytics, payment processing, and email delivery, and professional advisors such as auditors and lawyers. We require these parties to process personal data in accordance with this Privacy Policy and applicable law. Personal data may be shared with third parties if necessary to comply with a legal process, enforce our agreements, protect our rights or safety or the rights or safety of others, or respond to an emergency. We may also share aggregated or de-identified data that cannot reasonably be used to identify you.

In connection with a merger, acquisition, sale of assets, or other corporate change, personal data may be transferred to the acquiring entity, and such entity would assume the rights and obligations with respect to your personal data as described in this Privacy Policy.

Cross-Border Data Transfers

Our Services operate globally and may involve the transfer of personal data to countries outside your home jurisdiction, including to servers and personnel in the United States and other countries where data protection laws may differ. Where we transfer personal data from the European Economic Area, United Kingdom, or Switzerland to a country that is not recognized as providing an adequate level of protection, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms to ensure that your personal data remains protected in accordance with applicable laws.

In connection with a merger, acquisition, sale of assets, or other corporate change, personal data may be transferred to the acquiring entity, and such entity would assume the rights and obligations with respect to your personal data as described in this Privacy Policy.

Security and Data Retention

We implement technical, administrative, and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, monitoring, and security assessments. While we strive to protect your personal data, no security measure is perfect, and we cannot guarantee absolute security. If a data breach occurs that poses a risk to your rights and freedoms, we will notify you and regulators as required by law.

We retain personal data as long as necessary to fulfill the purposes described in this Privacy Policy, to comply with legal obligations, resolve disputes, and enforce our agreements. When personal data is no longer needed, we securely delete or anonymize it in accordance with applicable retention policies.

Your Privacy Rights

Depending on your jurisdiction, you may have certain rights with respect to your personal data. These may include the right to access your personal data, request correction or deletion of your personal data, restrict or object to processing, receive a copy of your personal data in a portable format, and withdraw consent where processing is based on consent. If you are a resident of the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local data protection authority. If you are a resident of certain US states, including California, you may have the right to request information about the categories of personal data collected, the sources of that data, the purposes for which it was used, and the categories of third parties with whom it is shared.

To exercise your rights, you may contact us using the contact details provided below. We will respond in accordance with applicable law, and we may need to verify your identity before fulfilling your request. You may also have the right to designate an authorized agent to submit requests on your behalf.

Cookies and Similar Technologies

We and our service providers use cookies and similar technologies on our websites and in our Services to collect information about usage, remember preferences, and improve the user experience. Cookies are small text files stored on your device that help us recognize repeat users, analyze how our website is used, and support the proper functioning of the Services. You may configure your browser to reject cookies or prompt you before accepting them; however, some features of the Services may not function properly if cookies are disabled.

Third-Party Links and Services

Our Services may contain links to third-party websites, products, or services that are not owned or controlled by Enquirica. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third parties before providing them with personal information. The inclusion of third-party links does not imply endorsement of the linked entities or their practices.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new features of the Services. When we make material changes, we will revise the Effective Date at the top of this Privacy Policy and, where required by law, we will provide additional notice. Your continued use of the Services after the updated Privacy Policy is posted constitutes your acceptance of the changes.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Data Protection Officer at privacy@enquirica.com or Alvand AS, Holmenkollveien 79, Oslo, Norway

For residents of the European Union or United Kingdom, you may also contact your local data protection authority with any concerns about how your personal data is processed.