PRIVACY POLICY
1 Introduction
In this notice “Enconvo” (“we, “our” or “us”) refers to Enconvo UK Limited.
Enconvo ideates, develops and supplies innovative communication resources for the
commercial market. As a result of our service offerings, Enconvo processes personal data
relating to our actual and prospective customers, their staff and end-users, as well as other
parties that otherwise interact with us, use our website, or show an interest in our products
and services (“you”, “your”).
In this privacy notice, you can read about the personal data we collect,
what purposes we use this data for, how we protect your privacy and personal data, how
long the data is stored and how you can exercise your rights over your data.
Enconvo does not share personal data with third parties, unless this is (1) legally required,
(2) necessary to supply a service, (3) specifically requested by the customer that has
provided the personal information or (4) otherwise necessary to achieve our legitimate
interests, where measured against your rights, freedoms and expectations.
We may provide additional privacy notices or information to you at the time we collect
your data. For example, if you apply for a job with us. Such notices will govern how we
process the information you provide at that time.
Throughout this document we refer to Data Protection Legislation, which means the Data
Protection Act 2018 (DPA 2018), United Kingdom General Data Protection Regulation (UK
GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and
any legislation implemented in connection with the aforementioned legislation. Where
data is processed by a controller or processor established in the European Union or
comprises the data of people in the European Union, it also includes the EU General Data
Protection Regulation (EU GDPR). This includes any replacement legislation coming into
effect from time to time.
2 Controller and contact details
Enconvo is the controller for the personal information we process as identified in this
privacy notice. In some circumstances, Enconvo will process data on behalf of other
organisations (e.g. on behalf of customers with their own purposes for processing the
data). In such circumstances, the other organisation will be the controller and so you
should refer to their privacy notices for details of how your data is processed.
We are registered with the UK’s supervisory authority, the Information Commissioner’s
Office (the ICO) with registration number ZB425834.
This privacy notice only covers the activities of Enconvo, which sits within the Enreach
Group. The Enreach Group privacy notice can be found here.
2.1 Contact information
Business name: Enconvo UK Limited
Address: Communications House, Hadley Park, Telford, Shropshire, TF1 6QJ
Phone: 0800 0976 543
2.2 Data Protection Officer
We have appointed The DPO Centre as Enconvo’s Data Protection Officer (DPO) to help
us monitor internal compliance, inform, and advise on data protection obligations, and
act as a point of contact for you (data subjects) and the ICO.
The DPO forms part of the Enconvo Data Protection Team. If you would like to exercise one
of your rights, or you have a question or a complaint about this notice or the way your
personal data is processed, you can contact the Enconvo Data Protection Team at:
Email: dataprotectionteam@enconvo.co.uk
3 How we collect your personal data
We may collect personal data directly from you or indirectly through a third party,
depending on your relationship with us. If you choose not to provide personal data to us,
you might not be able to make full use of our services or we may not be able to respond
fully to your queries/requests for technical assistance.
3.1 For website users or newsletter subscribers
We always inform you about our processing before collecting your personal data. Please
note that personal data can be required in order for you to use the features of the
website. Additionally, it can be necessary for us to collect and process your
personal data in order to provide and optimise our services for you. For example, we need
your contact information to be able to book a meeting with you, receive inquiries from
you via our contact form, or send you a newsletter.
3.2 For end users
As a provider and supplier of commercial telecommunication services, Enconvo will need
to process some data belonging to the end users of our customers, partners, etc. While we
will not be the controller for much of this information, we may be the controller for traffic
and location data in certain scenarios. See 4.2, 4.3 and 5.2 for more information.
3.3 For Enreach Contact users
For business end users of the Enreach Contact app our global website contains a separate
privacy notice to detail how your data is processed, which equally applies to UK users. The
statement can be found here.
3.4 For business customers
Personal data is collected directly from you or indirectly through your employer. In some
instances, a third party may provide us with data relating to you (e.g. if we need to carry
out a credit check). If you, as a business customer, provide us with personal data about
individuals other than yourself, for example by making our telecommunication
solutions available to your employees, you are obligated to inform your end
users about this transfer of personal data to Enconvo. As an employer, you
can meet this obligation by linking to this privacy notice.
3.5 For other parties
We may collect your data directly if you may provide your data to us through your use of
our website, via online forms or questionnaires, through phone conversations, by email, in
person (at conferences, workshops, seminars or events), and so on. Alternatively, we may
collect your data indirectly through approved sales and marketing channels. Whether
your data is collected directly or indirectly, we will always provide our privacy information
where required under Data Protection Legislation.
4 What personal data we collect
We only collect personal data that we know we will genuinely use and in accordance
with Data Protection Legislation. The type of personal information that we will collect
depends on the nature of the relationship that we have with you.
4.1 Personal and User data
Personal data is information that can be linked to an individual. The type of personal data
that we will collect depends on the nature of the relationship that we have with you. We
may collect the following:
- Business contact information (such as name, job title, employer name, email
address, mailing address, phone number). - Personal or sole trader contact information, in more limited circumstances (such as
name, email address, mailing address, phone number). - Photo ID for verification purposes.
- Payment data (such as bank account details). This will only be personal data when
it relates to an individual (e.g. sole trader). - Enconvo call recordings (not call recordings taken under a customer’s instructions).
- We may, in further dealings with you, extend this personal information to include
services used, products purchased, subscriptions, records of conversations and
agreements and payment transactions.
4.2 Traffic data
When using our services, traffic data will be processed. This data is required for us to
facilitate communication. Traffic data is generated and processed
automatically when end users make use of our telecommunication services, traffic data
consists of: the calling and called numbers, the date, the time, the duration, and the fees
that were charged for said call.
This data does not concern the contents of the communication. In the case of a data
session, we also register the amount of data, and when roaming, we register the network
that was used.
We never store the content of communication unless this forms part of a contractual
obligation or instruction from a customer, such as in the case of call recordings.
4.3 Location data
When you set up a call or data session, Enconvo processes information that can make a
very rough determination of your location at that moment. We use this information to
determine whether the call or data session is happening in the UK or not.
Enconvo uses other operators’ mobile networks. These operators are able to accurately
determine your location by looking at which transmission tower was used for your call or
data session. Enconvo does not have access to this information.
4.4 Website data
Enconvo.co.uk and our customer portals use cookies to optimise the functionality of
certain pages on the website. See Section 6 of this notice for more information.
Enconvo.co.uk and our customer portal Operator use Google Analytics, Hotjar and Social
Media cookies (such as LinkedIn) to analyse how users make use of the site. For Google
Analytics, the information generated by cookies about your visit to the website (including
your IP address) is transferred to and stored on servers in the United States by Google.
Google uses this information to monitor the way you use the website, compose reports on
the website activity for website operators, and offer other services with regard to website
activity and internet use.
4.5 Other
When you visit our offices, you will be registered as a visitor. We use this registration for
safety purposes, so that we can quickly evacuate the premises in case of a disaster,
without leaving anyone behind. We also use camera recordings as a security measure in
our offices. We do this to protect our guests, personnel and the building. You will be clearly
informed about the presence of cameras when on our premises.
Other information that we may collect that is not specifically listed here but that we will use
in accordance with this privacy notice or as otherwise disclosed at the time of collection.
In most instances, you are under no statutory or contractual requirement or obligation to
provide us with your personal information; however, we will often require elements of the
information above in order to provide our services to you in an efficient and effective
manner.
5 What do we use this information for?
5.1 Lawful basis
We only process, store or transfer your personal information when we have a lawful basis
for doing so. The lawful basis we rely on to process the information is identified in the table
as per 5.2, and will be one of the following:
- Legitimate Interest: processing is necessary for the purposes of our legitimate interests
(i.e., our business interests), except where such interests are overridden by your
interests or fundamental rights and freedoms. - Consent: You have given consent to the processing of your personal data for one
or more specific purposes. - Legal obligation: processing is necessary for compliance with our legal obligations.
- Vital interests: processing is necessary in order to protect the vital interests of the data
subject or of another natural person. - Contractual obligation: processing is necessary for the performance of a contract
to which you are a party or in order to take steps at your request prior to entering
into a contract.
5.2 Processing activities
We may use your data to:
| Processing activity | Personal Data Category (see section 4) | Lawful basis |
|---|---|---|
| Communications | ||
| Contact you following an enquiry or in reply to any questions, suggestions, issues, or complaints you have contacted us about. | Personal and User data. | Legitimate Interest |
| Follow up on any interest you have shown in our products and services (e.g. to email you regarding a partially completed webform). | Personal and User data. | Legitimate Interest |
| Facilitate meeting and quotation requests. | Personal and User data. | Legitimate Interest |
| Communicate with you and send B2B marketing communications, including where you have attended events or webinars. See also section 9 of this notice. | Personal and User data. | Legitimate Interest or Consent |
| Generate marketing/analytics from our website using cookies. This includes the monitoring, development and improvement of the website and your experience. For full details on our use of cookies please see our cookie banner. | Website data. | Consent |
| Products and services | ||
| Manage your online account and provide you access to your billing information. | Personal and User data. | Contractual Obligation (when the contract is with you) or Legitimate Interest (when the contract is with the organisation for which you work) |
| Carry out financial checks (e.g. if you are a company director) should they be required when you or your company purchase our services. | Personal and User data. | Legal Obligation or Legitimate Interest (depending on our relationship and your role) |
| Display the Caller ID. Enconvo always displays your telephone number to the called number. This means that your number will be visible to the call recipient on the display of their telephone. This can be turned off by calling anonymously. However, we are legally obliged to always reveal your number when you call the national emergency number. | Personal and User data. | Legitimate Interest or Legal Obligation |
| Conduct security analysis. Based on analyses of call and internet behaviour, Enconvo can proceed to restrict certain destinations when excessive usage is detected. Higher usage than average call behaviour may indicate fraud. A blockade can limit fraud and misuse, and prevent you from receiving a huge bill for fees that you have not incurred yourself. Enconvo also uses advanced techniques (such as firewalls, spam filters and virus scanners) to protect against security breaches, viruses, spam and malware. | Personal and User data; Traffic data; Location data. | Legitimate Interest |
| Provide training and support in the use of our products and services. | Personal and User data. | Legitimate Interest |
| Prevent malicious or annoying contact. If someone is harassing you by telephone or via internet, then you can report this to us and submit a written request to provide information on the person responsible for this malicious or annoying behaviour. If we receive such a request, we will follow internal procedures. | Personal and User data; Traffic data. | Legitimate Interest |
| Process for traffic management, network planning and quality of services. For the sake of the maintenance and the improvement of our platform, we analyse information about the use of our network. We do this so that we can, among other things, redirect traffic in case of potential overloading, but especially so that we can prevent this by planning and implementing targeted improvements. In addition, we can use the information to see when malfunctions occur on the platform. | Traffic data; Location data. | Legitimate Interest |
| Permit number retention and transfer services. Enconvo offers you the option of keeping your number when you transfer to a different provider. To do this, we exchange information with your current or next provider. In case of a landline, this information is your current telephone number, your name and your address. For a mobile number, your SIM card number, telephone number and name are shared. | Personal and User data. | Contractual Obligation (when the contract is with you) or Legitimate Interest (when the contract is with the organisation for which you work) |
| Process and facilitate an order you have made with us (e.g. through our website) | Personal and User data. | Contractual Obligation (when the contract is with you) or Legitimate Interest (when the contract is with the organisation for which you work) |
| Provide and improve services purchased by you or your employer. For example, the delivery of an order to the specified address, or setting up of a telephone call | Personal and User data. | Contractual Obligation (when the contract is with you) or Legitimate Interest (when the contract is with the organisation for which you work) |
| Manage invoices and payments. For example, an invoice may show the fees charged for each service, specified by type of use. You can see fees incurred abroad, call costs, data usage and more. | Personal and User data. | Contractual Obligation (when the contract is with you) or Legitimate Interest (when the contract is with the organisation for which you work) |
| To store certain information from customers for a specific time period for the purposes of legal investigations and to cooperate with requests for personal information from competent authorities or other authorised governmental institutions, as well as with requests for information we process and store as part of our normal business operations. For example information from your telephone records or about your data usage. When the storage period has elapsed, stored information is destroyed or made anonymous. Another example of a legal requirement is the calling of the national emergency number. When you do this, your telephone number and the location of your telephone can be transmitted to the relevant authorities, even when you have blocked the display of your telephone number. | Potentially any data items from section 4 should there be a legal need. Please note: Enconvo will follow data minimisation principles in all such instances. | Legal Obligation |
| Other operational or legal purposes | ||
| Negotiate and/or enter into and/or fulfil a contract with you, or the organisation for which you work. | Personal and/or User data. | Contractual Obligation (when the contract is with you) or Legitimate Interest (when the contract is with the organisation for which you work) |
| Fulfil pre-contractual steps, such as supplier questionnaires, as part of our onboarding process. | Personal and/or User data. | |
| Comply with applicable laws, lawful requests, and legal process, where appropriate/necessary. | Potentially any data items from section 4 should there be a legal need. Please note: Enconvo will follow data minimisation principles in all such instances. | Legal Obligation |
| Comply with regulatory monitoring and reporting obligations, where appropriate/necessary. | Potentially any data items from section 4 should there be a legal need. Please note: Enconvo will follow data minimisation principles in all such instances. | |
| Digitally monitor and/or record calls between you and us for the purposes of quality control and staff training. You will be informed of this prior to the call. | Personal and/or User data. | Legitimate Interest |
| As part of professional services provided to us by lawyers, bankers, auditors, and insurers, where necessary. | Personal and/or User data. | Legitimate Interest or Legal Obligation |
| Meet our high security standards in managing your personal data, our systems and our website. | Potentially any data items from section 4 due to all data held by Enconvo being subject to data security measures. | Legitimate Interest |
| Share your data with healthcare professionals if you are taken ill or involved in an accident while visiting our office or sites, and are unable to provide your consent. | Personal and/or User data; Other data. | Vital Interests |
5.3 Sensitive information
In our capacity as a controller, we do not actively collect ‘special category data’ for any
of the purposes described in this notice. If for whatever reason we need to collect such
data, you will be informed at the time of collection and it will only be done so with your
explicit consent or in line with other lawful purposes under Data Protection Legislation.
5.4 Anonymous information
We may create anonymous, aggregated, or de-identified data from your personal
information and other individuals whose personal information we collect. We do this by
excluding information that makes the data personally identifiable to you.
6 Cookies
6.1 Information about our use of cookies
Our website uses cookies to distinguish you from other users of our website. This helps us to
provide you with a good experience when you browse our website and also allows us to
improve our site. You can set your cookie preference when you first visit our site based on
your own preferences by selecting the ‘Manage Cookies’ option on our cookie banner.
A cookie is a small file of letters and numbers that we store on your browser or the hard
drive of your computer if you agree. Cookies contain information that is transferred to your
computer’s hard drive.
The law states that we can store cookies on your device if they are strictly necessary for
the operation of this site. For all other types of cookies we need your permission.
This site may use different types of cookies. Some cookies may be placed by third party
services that appear on our pages.
If we ask for your consent for cookies then this applies to the following domain:
www.enconvo.co.uk
6.2 Types of cookie
We classify cookies as either, necessary, preference-based, statistical, or marketing based.
Descriptions of what each of these cookie classifications mean and the cookies that we
use which come under each of these headings is available through our cookie banner,
prior to you providing your consent or adjusting your cookie settings.
Our cookie banner also providers information about the purposes for each cookie we use
and the duration they are used for.
6.3 Updating your cookie settings
When you visit our website for the first time, you will be presented with a cookie banner,
which asks for your consent for the placement of non-necessary cookies or otherwise
allows you to adjust your cookie settings.
Please note, if you use your browser settings to block all cookies (including necessary
cookies) you may not be able to access all or parts of our site.
If you require further information, please contact us by using the contact details provided
above.
Once you have interacted with our cookie banner, you can change your cookie
preferences at any time by visiting our home page and by clicking on the icon in the
bottom left-hand corner of the screen.
7 Who we might share data with
We may share your personal data with trusted third-party organisations as follows:
- In certain circumstances, for example due to legislation, it may be necessary to
pass on information to the authorities or directory inquiries databases. Disclosure
may also take place if necessary to establish or defend legal claims. - As part of our group wide activities we may share personal data with members of
the Enreach Group, for any shared services or in an aggregated form for business
intelligence and statistical purposes. - In order to provide telephony to our business customers, it is necessary for us to
transmit traffic data via operators. Enconvo uses several infrastructure providers
and these operators therefore process personal data on our behalf. These
operators will typically be independent data controllers for the processing of data
within their respective networks. - We might also pass on your personal information to data processors acting as
suppliers for us, e.g. for sending out newsletters and website maintenance, for data
storage and analytics; technology support and services (email, web hosting,
marketing, and advertising providers, etc.).
We only share your data with data processors that can provide sufficient
guarantees that they will process your data securely and in accordance with Data
Protection Legislation. Our data processors cannot do anything with your personal
information unless we have instructed them to do it. They will not share your
personal information with any organisation apart from us or further sub-processors
which must process your personal data to the same high standards. - With partners with whom we jointly process your data.
- With professional advisors, such as lawyers, bankers, auditors, and insurers, where
necessary in the course of the professional services that they render to us. - With government or law enforcement officials or private parties as required by law
and disclose and use such information as we believe necessary or appropriate.
8 International transfers of information
Most third parties that we engage with are based in the UK. Should we need to transfer
your personal information outside of the UK to countries not deemed by the ICO to
provide an adequate level of personal information protection, the transfer will be based
on safeguards that allow us to conduct the transfer in accordance with the Data
Protection Legislation, such as the specific contracts approved by the ICO providing
adequate protection of personal information.
We may share personal data between Enconvo UK Limited and other entities within the
Enreach Group internationally. We do this based on group wide agreements, where we
have mapped the transfers and designated the responsibility for compliance with Data
Protection Legislation, amongst members. Transfers between the UK and the majority of
Enreach Group members are deemed adequate by the European Commission and the
ICO. Where this is not the case, the aforementioned group-wide agreements will contain
appropriate safeguards to permit the transfer. For more information regarding these
transfers please contact us using the details above.
9 How we keep you updated on our services
As a business contact, we will send you relevant news about our services in a number of
ways including by email, but only if we have a legitimate interest to do so. Marketing
communications will be sent from our own domain.
Each email communication will have an option to object to the processing, if you wish to
amend your marketing preferences, you can do so by following the link in the email and
updating your preferences.
We make every effort to ensure that we only send such communications to those acting in
a business capacity and do not send such materials to consumers via personal email
addresses if it is clear they are not acting in such a capacity.
An exception to this will be where you have provided your consent to be contacted
specifically. In such cases you can withdraw this consent by contacting us using the details
provided in this notice.
10 Security
Data security is of great importance to Enconvo and to protect your data we have put in
place suitable physical, electronic, and managerial procedures to safeguard and secure
your collected data.
We take security measures to protect your information including:
- Limiting access to our buildings to those that we have determined are entitled to be
there (by use of passes, key card access and other related technologies). - Implementing access controls to our information technology.
- We use appropriate procedures and technical security measures (including strict
encryption and archiving techniques) to safeguard your information across all our
computer systems, networks, websites, mobile apps, offices, and stores.
11 Your rights over your information
Under the UK GDPR, you have a number of rights regarding our processing of your data. To
exercise these rights, please contact our Data Privacy Team using the contact details
above. We may ask for proof of identity and sufficient information about your interactions
with us so that we can locate your personal information.
11.1 The right to be informed about our collection and use of personal data
You have the right to be informed about the collection and use of your personal data. We
ensure we uphold this right with our internal data protection policies and through this and
other privacy notices. These are regularly reviewed and updated to ensure these are
accurate and reflect our data processing activities.
11.2 Right to access your personal information
You have the right to access the personal information that we hold about you by making
a request. This is referred to as a ‘Data Subject Access Request’. If we agree that we are
obliged to provide personal information to you (or someone else on your behalf), for non-complex requests, we will provide it to you or them within one month from when your identity has been confirmed.
11.3 Right to rectify your personal information
If any of the personal information we hold about you is inaccurate, incomplete, or out of
date, you may ask us to correct it.
11.4 Right to object or restrict our processing of your data
You have the right to object to us processing your personal information for particular
purposes or have its processing restricted in certain circumstances.
11.5 Right to erasure
You have the right to have personal data erased. This is also known as the ‘right to be
forgotten’. The right is not absolute and only applies in certain circumstances.
11.6 Right to portability
The right to portability gives you the right to receive personal data you have provided to a
controller in a structured, commonly used, and machine-readable format. It also gives you
the right to request that a controller transmits this data directly to another controller.
11.7 Rights in relation to automated processing
An automated decision is one that is made by our systems rather than a person. Under
Data Protection Legislation, you have the right to express your concerns and object to a
decision taken by purely automated means. You also have a right to request that a person
review that decision.
This right is unlikely to apply to Enconvo’s use of your data, as any automated processing
we carry out is unlikely to make decisions and would include human intervention. If you
would like to discuss this in further detail, please contact us as set out above.
12 Questions or complaints
The ICO regulates data protection and privacy matters in the UK. They make a lot of
information accessible to consumers on their website and they ensure that the registered
details of all data controllers such as ourselves are available publicly. You can access
them here https://ico.org.uk/for-the-public.
You can make a complaint to the ICO at any time about the way we use your
information. However, we hope that you would consider raising any issue or complaint you
have with us first (using the contact details above). Your satisfaction is extremely important
to us, and we will always do our very best to solve any problems you may have.
13 How long we keep your information for
We will retain your personal information in order to provide you with a high-quality service,
in accordance with Data Protection Legislation and for as long as necessary to fulfil the
purposes we collected it for, including for the purposes of satisfying any legal, accounting,
or reporting requirements.
To determine the appropriate retention period for personal information, we consider the
amount, nature, and sensitivity of the personal information, the potential risk of harm from
unauthorised use or disclosure of your personal information, the purposes for which we
process your personal information and whether we can achieve those purposes through
other means.
In some circumstances we may anonymise your personal information (so that it can no
longer be associated with you).
14 Giving your reviews and sharing your thoughts
When using our websites, you may be able to share information through social networks
like Facebook and Twitter, or review platforms such as Trustpilot. For example, when you
‘like’, ‘share’ or review our services. When doing this, your personal information may be
visible to the providers of those social networks and/or their other users. Please remember it
is your responsibility to set appropriate privacy settings on your social network accounts, so
you are comfortable with how your information is used and shared on them.
15 Other links
Please be aware that the website may link to other websites that may be accessed by
you. We are not responsible for the data policies, content or security of such sites. We do
not have any control over any use of your data by third parties when you visit such sites or
otherwise provide your data through these channels.
16 Changes
Enconvo reserves the right to modify or amend this notice at any time. The effective date
will be displayed below the statement. It is the user’s responsibility to check this document
regularly for changes.
Thank you for taking the time to read our privacy notice.
June 2025