Last updated on 21st May 2018
- "Us", "We", "Our" and "Endole" is Endole Limited (Company Registration No. 9346879), the data controller of your personal data and is subject to General Data Protection Regulation ("GDPR") and any locally applicable data protection laws in the UK.
- "You", "Your", "Yours" means you, the data subject.
Who we are and what we do
Endole is an online platform offering a number of business services and products such as B2B data and business credit reports. We are also an aggregator of corporate data from both public and private sources and maintain a database of over 7 million companies that covers the entire UK.
Endole offers corporate credit checking facilities and platforms to its clients helping them make better financial decisions and minimise business risk. In order for us to provide this service, we are required to collect, process, and store data on companies and their historical conduct. This data comprises of information on a corporate level such as company name, company address, financial accounts, and information on an individual basis such as directors, people of significant control and shareholders.
Types of personal data we collect
This sections explains all the different types of personal information Endole collects, processes and stores. They are grouped together as follows:
|Type of personal data||Description|
|Identity Data||This comprises of data used to identify you (many of this data will be provided by you) and so includes name, title, age and date of birth.|
|Contact Data||This consists of data used to contact you such has your home address, email address and telephone number.|
|Financial||This data will be provided by you when purchasing our products such as your credit/debit card and bank account details. Endole will not store your full credit/debit card details in its database (this is handled by our payment processor).|
|Transactional||Details about payments to and from Endole and information on products and services you may have purchased and vouchers or coupons you may have used during your purchase.|
|Technical ||Details on the software, devices and technology you used when accessing Endole's platform or website such as your internet protocol (IP) address, browser type and version.|
|Usage Data||This consists of data on how you use Endole's website, products and services.|
|Consents||Details of any permissions, consents or preferences that you give Endole such as how you wish to be contactd or other marketing and communications choices.|
Personal data we don't collect
Endole does not collect or process any "sensitive personal data" or other "special category data" as defined by GDPR. Examples would include information relating to ethnicity and political or religious beliefs. In addition to this, Endole does not collect or process data relating to any persons under 16 years of age.
Personal data we collect and how we collect it
This section lists all the ways Endole collects personal data.
- Provided by you
From time to time, Endole will collect and store information provided by you, such as:
- At the time of registering to use Endole
- Subscribing to our newsletters
- Updating your account information
- Creating a support ticket or help request
- Reporting issues with our website or products
- When purchasing a product or service
The personal data you provide may be personally identifiable but do not fall under the sensitive data category as defined by GDPR (see section 4).
Endole may ask for any of the following information:
- Your name including first name(s) and surname
- Your email address
- Your home or business address
- Your telephone number
- Third party social profiles such as Facebook and Twitter
- Debit or Credit Card details including the name displayed across your card
- As you use our products and services
As you interact with Endole, the platform will automatically collect information about your browser, internet and device, which we use to improve our products and services. Many of this data cannot be used to directly identify you, such as:
- Device information including browser type, settings and operating system
- Details of how you used our service, such as your navigation history
- Device language, the date and time of your requests and referral pages
- Your IP address (this is not directly identifiable but may be indirectly)
- From outside organisations and publicly available sources
In order for Endole to provide business products and services such as corporate credit reports, it is required to collect and aggregate both commercial and personal data from a number of sources. This includes both publicly available sources such as Companies House and outside organisations such as the Registry Trust. Endole may also collect personal data from outside sources for legal reasons such as regulatory obligations.
Endole collects data from a number of external sources, such as:
- Companies House, the Registry Trust (Ministry of Justice) and the TSO Gazette (Company Insolvency Information), and other suppliers. Endole receives personal data from suppliers including particulars of company directors, secretaries, shareholders and people with significant control.
- Personal information including credit information, from private third party sources such as:
- Credit reference agencies
- Business directories
- Company list brokers
- Fraud prevention agencies
- Government and law enforcement agencies
- Website usage data from analytics providers such as Google Analytics
- Information found on websites in the public domain
How we store your personal data
Your personal data is stored in Endole's data centre located in Kent, in the south-eastern region of England. The data centre has a number of security features in place to protect your personal data such as:
- A secure location with physical security such as card and pin entrance barriers with 24/7 manned and patrolled external security.
- Independent infrared CCTV surveillance and centrally controlled access systems with complete logs of personnel entrances and exits.
- All network inbound and outbound are protected by the latest firewall and software technology.
How long we store your personal data for
Endole will only store and process your personal data for as long as it has a lawful basis to do so and will make sure your privacy is protected. A few reasons why Endole will store your personal data in particular are:
- Purposes of satisfying any legal, accounting, or reporting requirements.
- We are required by law to retain basic information about our customers for 6 years after they cease being customers for tax and legal purposes.
In some circumstances you can ask us to erase your data. See the "Your rights" (section 11) for more information.
Lawful basis for processing your personal data
This section explains the lawful basis Endole relies on for each of the different types of personal data. Depending on the specific purpose in which Endole is processing your personal data, it may process your personal data in accordance with more than one lawful basis.
|Purpose/Activity ||Lawful basis|
To register you as a new customer and serve you. This includes:
- To maintain our relationship with you including offering support and fulfilling contracts.
- To deliver of our products and services including the purchase of them
- Communicate with you about our products and services.
- Fulfilling contracts
- Legal obligation
To improve our website, products and services. This includes:
- Research and analyse how our customers use our products and services.
- Testing new products and services
- Asking you to complete a survey
- Legitimate interests (to study how customers use our products and to improve them)
To provide business information and corporate products to customers and clients. This includes:
- Business to business marketing solutions which supports them in growing their business.
- Credit checking facilities which enables them to comply with their legal and professional obligations and to minimise financial risk.
- Legitimate interests (to provide a service in the public's interest which help them comply with legal obligations and reduce financial risks by having comprehensive information on individuals and corporate entities, and provide marketing solutions to help them grow their business)
To offer recommendations and suggestions to you. This includes:
- Information about products or services that may be interest to you
- Guides and advice on how to use our software and services more efficiently.
- Legitimate interests (to study how customers use our products and to grow our customer base)
To protect and prevent our business from fraud, financial loss, and debt.
- Legitimate interests (to recover debts or payments due to us)
How we share your personal data
Endole collects business information from third parties (see section 5), which may include personal data, for the purposes of providing business products and services. Endole may share your this data with outside organisations such as service providers and regulators. This section lists the different types of organisations Endole may share your personal data with.
- Cliens and suppliers with whom Endole enters into an agreement with to provide business information or commercial data.
- Regulators or law enforcement agencies where Endole is required to do so.
- Professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, IT or public relations advisers.
- Debt collection agencies where it is necessary for Endole to recover money.
- Payment processing agents where it is necessary for Endole to protect a transaction.
- With third parties and their advisers where those third parties are acquiring, or considering acquiring, all or part of Endole.
Endole will not disclose or sell your personal data which you have provided to us by means of explicit consent to clients or marketing agencies.
Transferring personal data outside the European Economic Area ("EEA")
In certain circumstances Endole may share your personal data with third parties situated in countries outside the EEA. When Endole transfers your personal data out of the EEA, it will ensure a similar degree of protection is afforded to it, by ensuring at least one of the following safeguards is implemented:
- The country that we send the personal data to is approved by the European Commission as providing an adequate level of protection for personal data
- The transfer is to a recipient in the United States of America who has registered under the EU/US Privacy Shield
- The recipient has entered into European Commission standard contractual clauses with Endole
- You have explicitly consented to the transfer of your personal data
This section explains your rights on how Endole collects, processes and stores your personal data.
Your rights under data protection laws, in relation to your personal data are:
- Right of access to your personal data or commonly known as "data subject access request". This right entitles you to receive a copy of the personal data which we store about you and details on how we are processing it.
- Right to rectification entitles you to have any incomplete or inaccurate data we hold about you corrected. It is important to note that before we make any amendments to your personal data, we may need to verify the accuracy of any new information you provide us.
- Right to erasure of your personal data or commonly known as "the right to be forgotten". This right entitles you to request to delete or remove your personal data, where there is no lawful basis for us to continue to process it. You also have the right to request to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. We may not always be able to comply with your request of erasure for specific reasons which will be notified to you at the time of your request.
- Right to object to the processing of your personal data. This right entitles you to object if you feel our processing of your personal data affects your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms. You have an absolute right to object to the processing of your personal data for direct marketing purposes.
- Right to restrict processing of your personal data. This right entitles you to suspend or restrict the processing of your personal data in the following circumstances:
- You want us to establish the data's accuracy
- Where we are unlawfully processing your personal data and you do not want us to erase it
- Where you need us to hold the data, even if we are no longer processing it, as you need it to establish, exercise or defend a legal claim.
- You have objected to our processing of your personal data, but we need to establish whether we have overriding legitimate grounds to process it.
- Right to data portability of your personal data. This right entitles you to request to have your personal data transferred to you or to a third party you have chosen. We will provide the personal data in a structured, commonly used, machine-readable format. This right only applies to personal data which you initially provided consent or where we processed the information to perform a contract with you.
- Right to withdraw consent at any time to the processing of your personal data, where we are relying on consent as our lawful basis. If you withdraw your consent, we may not be able to provide certain products or services to you. We will inform you if this is the case at the time you withdraw your consent.
If you wish to exercise any of your rights mentioned above, please contact Endole (see section 17).
Updating your personal data
If you choose not to give your personal data
You are within your rights to refuse to give Endole any of your personal data, however this can have negative effects on how we can serve you as a customer, such as:
- We may not be able enter into or fulfil a contract we have or trying to have with you
- We may not be able to offer propositions or quotations on our products and services
- We may have to cancel any existing products or service you have with us
From time to time, Endole may ask you for personal data that is useful but not required by law or in order to enter into a contract. We will clearly explain to you when it is optional to provide a particular data. The service or product Endole provides to you won't be affected if you choose not to provide any optional personal data.
How to withdraw your consent
You can withdraw your consent at any time to the processing of your personal data. Please contact us (see section 17) if you wish to withdraw consent. This will only affect the way we process your personal data where our reason for doing so is that we have your consent. For more information on your rights, please see "Your rights" (section 11).
From time to time, Endole may send you marketing materials about products and services it provides which it believes may be of interest to you. In addition to this, Endole may also send other information in the form of alerts, surveys, newsletters and invitations to events or functions which it believes might be of interest to you or in order to update you with information you have requested.
Endole will communicate this to you in a number of ways including by post, telephone, email or other digital channels. Endole can only use your personal information to send you marketing material if it has either your consent or a legitimate interest. It must not conflict unfairly with your own interests.
If you object to receiving marketing from us at any time, please contact us (see section 17).
How to complain
Please get in touch with us if you are unhappy with how we have used your personal data. You also have the right to file a complaint to Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. You can learn more about your rights and information on how to file a complaint on their website (www.ico.org.uk).
You may also email us directly at helpdesk at endole.co.uk. Please note at this time we do not offer telephone support for enquiries regarding your personal data and privacy concerns.
Frequently Asked Questions
This section provides answers to the most frequently asked questions regarding your privacy and personal data.
What personal data does Endole have about me?
The personal data that Endole has about you will include personal data you have provided to us and personal data we may have collected about you from third party sources. If you are connected to a legal entity such as a public company, Endole will store personal data about you in relation to that legal entity such as company director and shareholder information.
I haven't given my consent or permission for Endole to process my personal data
Endole processes a portion of your personal data based on your explicit consent. You give us your consent when we ask for personal data such as your name and you provide this to us usually through an online form.
Endole processes other personal data based on our legitimate interest, that is to provide services and products in the public's interest which help them meet with compliance and legal obligations, protect them against fraud, reduce financial risks by having comprehensive information on individuals and corporate entities, and provide marketing solutions to help them grow their business.
I want Endole to erase all personal data they have about me
Endole will erase personal data that you have explicitly consented, that is personal data that you have provided to us. You may withdraw your consent at any time. If you wish to withdraw your consent, please contact us (see section 17).
As for personal data which you haven't explicitly consented, Endole has legitimate grounds to gather and process this personal data in accordance with the GDPR (see section 8). If you feel Endole's processing of your personal data impacts your rights and freedoms, please contact us (see section 17).
According to the GDPR, when does my right to erasure not apply?
Your right to erasure does not apply if processing is necessary for one of the following reasons:
- To exercise the right of freedom of expression and information
- To comply with a legal obligation
- For the performance of a task carried out in the public interest or in the exercise of official authority
- For archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing
- For the establishment, exercise or defence of legal claims.
How do I remove my information from public search engines?
You may request to have your information removed from search engines. Please complete the Removal Request Form