Policies and Terms of Use

Privacy Policies

Release updated on 31/08/2022

Before reading our privacy policy, we affirm our commitment based on 05 (five) assumptions about Data Privacy:

Control: You will have control of your privacy at any time, upon request and will be answered within a maximum period of 48 (forty-eight hours).

Transparency: We are transparent with the collection and use of data so that you make well-informed decisions.
Security: Your data is protected through cryptographic mechanisms and excellent security.

Strong Legal Protections: We respect the laws of the countries in which we operate and the international cooperation agreements between countries regarding the protection of data of individuals and companies.

No content-based targeting: You will not receive any emails, text messages, files, chats, or other personal content that is not requested in advance through our service channels.

Summary Table:

Our Privacy Policy

Your privacy is important to us. This privacy policy explains Enlighten's personal data processes, and how Enlighten processes them and for what purposes.

Enlighten offers a wide range of products and services. References to Enlighten products and services in this instruction include Enlighten websites, apps, software, servers, devices, and services.

This policy applies to Enlighten's interactions with you and the products listed below, in addition to other products that display this policy.

Personal Data

Enlighten collects data from you, through our interactions with you and through our products and services. You provide some of this data directly, while some of it we obtain by collecting data about your interactions, usage, and experiences with our products and services. The data we collect depends on the context of your interactions with Enlighten and the options you choose, including your privacy settings and the products and features you use. We also obtain data about you from third parties.

If you represent an organization, such as a company, and use Company products, this rule also applies to your organization.

There are options when it comes to the technology you use and the data you share. When we ask you to provide your personal data, you can refuse. Many of our products require some personal data for the service to be offered. If you choose not to provide the data necessary to provide a product or feature, you will not be able to use that product or feature.

Likewise, when we need to collect personal data required by law, or enter into or perform a contract with you and you do not provide the data, it will not be possible to enter into the contract; or, if this is related to an existing product that you are using, we may have to suspend or cancel it. You will be notified if this is the case at this time. Where providing data is optional and you choose not to share personal data, features that use that data, such as personalization, will not work for you.

Use of personal data collected

- Enlighten uses the data we collect to provide sophisticated and interactive experiences. Specifically, we use data to: Provide our products, including updating, security, and troubleshooting, as well as providing support. This also includes sharing data, when necessary, to provide the service or carry out the transactions you request.


- Improve and develop our products.


- Personalize our products and make recommendations.


- Advertise and market to you, including sending promotional communications, targeting advertisements, and presenting relevant offers to you. We also use data to operate our business, including analyzing our performance, complying with our legal obligations, developing our workforce, and conducting research.


- Our processing of personal data for these purposes includes automatic and manual (human) processing methods. Our automated methods are often related to and are supported by our manual methods.

From the Sharing of Personal Data

We share your personal data with your consent or to complete transactions or provide a certain requested or authorized product.

We may also share data with affiliates and subsidiaries controlled by Enlighten, with authorized vendors, when required by law or to respond to legal process, to protect our customers; protect lives, maintain the security of our products, and protect the rights or property of Enlighten and its customers.

How to Control Your Personal Data

And Enlighten guarantees the possibility of submitting user requests for products and services as listed below:

i) confirmation of the existence of treatment;
ii) access to data;
iii) the correction of incomplete, inaccurate or outdated data;
iv) the anonymization, blocking or elimination of unnecessary, excessive, or non-compliant data
v) the portability of your data to another service or product provider, upon express request by the Owner;
vi) the elimination of data processed with the consent of the Data Controller;
vii) obtaining information about the public or private entities with which ENLIGHTEN shared your data;
viii) information about the possibility of not providing your consent, as well as of being informed about the consequences, in case of refusal;
ix) the revocation of consent.

You can also make choices about the collection and use of your data. You can control the personal data obtained by Enlighten and exercise your data protection rights by contacting us or using one of the various tools we provide.

In some cases, your ability to access or control your personal data may be limited, as necessary or permitted by applicable law. Access to or control of your personal data also depends on the products used.
The personal data processed by Enlighten can be accessed upon request through the e-mail contato@enlightenbrasil.com.br or communication channels available on the site https://www.be-enlighten.com. If you want to access or control processed personal data, you can always contact Enlighten at the address contained on the site https://www.be-enlighten.com.

What are cookies and their technology

Cookies are small text files placed on your device to store data that can be remembered by a web server on the domain that placed the cookie.

We use cookies and similar technologies to store and respect your preferences and settings, allow you to log in, provide interest-based advertising, combat fraud, analyze the performance of our products, and fulfill other legitimate purposes.

We also use “web beacons” to help send cookies and gather performance data. Our sites may include web beacons, cookies, or similar technologies from third-party service providers.

You have a variety of tools to control the data collected by cookies, web beacons, and similar technologies.
For example, you can use the controls in your Internet browser to limit how the sites you visit can use cookies and withdraw your consent by clearing or blocking cookies.

Business Products

If you use an Enlighten product or service through an organization with which you are affiliated, the organization may:
Control and manage your access to Enlighten products, including controlling settings related to product privacy or product account.

Access and process your data, including interaction and diagnostic data and the content of your communications and associated files.

If you lose access to your account, you may lose access to the products and content associated with those products, including those purchased in your own name.

If your organization grants you access to Enlighten products, your use of the products will be subject to your organization's policies, if any.

You should direct your privacy questions, including any request to exercise your data protection rights, to the administrator of your organization.

Enlighten is not responsible for the privacy or security practices of our customers, which may differ from those set out in this privacy policy.

When you use an Enlighten product provided by your organization, the processing of personal data in connection with that product is governed by an agreement between Enlighten and your organization.

Enlighten processes your personal data to provide the product to your organization and to you.

As mentioned above, if you have questions about processing for your organization, please contact the organization.

How We Keep Your Data Safe

ENLIGHTEN uses reasonable market and legally required means to preserve the privacy of the personal data it collects. In this way, it adopts several precautions, in compliance with the guidelines on safety standards established in the legislation, such as:

I. ENLIGHTEN uses standard and market methods to encrypt and anonymize the collected data;

II. ENLIGHTEN is protected against unauthorized access to its systems;

III. ENLIGHTEN only authorizes previously established individuals to access the place where the collected information is stored;

Those who come into contact with personal data must undertake to maintain absolute secrecy. The breach of secrecy will result in civil liability and the person responsible will be held responsible in accordance with Brazilian law; and
Inventory maintenance indicating the time, duration, and identity of the employee, or of the person responsible for the access and the object file, based on connection records and access to applications, as determined by law.

In addition to technical efforts, ENLIGHTEN also adopts institutional measures aimed at the protection of personal data, so that it maintains a privacy governance program applied to its activities and governance structure, which is constantly updated.

IV. Although ENLIGHTEN takes the best efforts to preserve the privacy and protect the data of the Holders, no transmission of information is completely secure, so ENLIGHTEN cannot fully guarantee that all the information it receives or sends is not subject to unauthorized access perpetrated through methods developed to obtain information improperly.

V. For this reason, we encourage Holders to take appropriate measures to protect themselves, such as keeping all Owner names and passwords confidential, being certain that such information is personal, non-transferable, and the sole responsibility of the Holders.

From the Elimination of Data

In order to protect the privacy of the Holders, the personal data processed by ENLIGHTEN will be automatically deleted when they cease to be useful for the purposes for which they were collected, or when the Owner requests their deletion, unless their maintenance is expressly authorized by applicable law or regulation, to subsidize ENLIGHTEN in future judicial or administrative action, in which it must defend its rights or prove compliance with legal or contractual obligations.

However, the information may be kept for compliance with a legal or regulatory obligation, transfer to a third party - provided that the data processing requirements are respected - and the exclusive use of ENLIGHTEN, including for the exercise of its rights in judicial or administrative proceedings.

norms

Enlighten adheres to the principles of the Privacy Protection framework of the European Union, the United States, and Brazil.

Talk to us

If you are concerned about your privacy, have a complaint or question to the Privacy Officer (DPO), please contract with us using our form at https://www.be-enlighten.com or send us an email at dpo@be-enlighten.com.

The Enlighten Company
Felipe Rodriguez Alvarez
CEO

Glossary

Terms of Use

These Terms of Use are effective as of February 2023

These Terms of Service (“Terms”) govern the use of the free and paid services, software, and websites (the “Service”) provided by The Enlighten Company, and any data, text, files, information, usernames, images, graphics, photos, profiles, audio and video clips, sounds, musical works, works of authorship, apps, links, created tasks, and associated information, text, files, and other content or materials (together, the “Content”) uploaded, downloaded, or appearing on our sites or apps.

Our Privacy Policy explains how we collect and use your information. By using the Service, you agree to be bound by these Terms and our Privacy Policy. If you are using our Service on behalf of an organization or entity (“Organization”), then you agree to these Terms on behalf of that Organization and you represent and warrant that you have the authority to bind the Organization to these Terms. In this case, “you” and “your” refer to that Organization.

Our Terms and Privacy Policy affect your legal rights and obligations. If you do not agree to submit to all of these, do not access or use our Service.

The following guidelines apply to your use of the ENSPACE account and content:

You must provide accurate information when creating your Enspace account.

You are responsible for protecting the password and for all activities that occur under your account. You must notify us immediately if you become aware of any security breach or unauthorized use of your account.
‍
You can never use another user's account without permission.

You may not make use of the tool for the purpose of learning the functionalities for the practice of reverse engineering or trying to help someone else do so.

Your account must be registered by a human being. Accounts registered by “bots” or other automated methods are not allowed.

You may not use the Service for any illegal or unauthorized purpose. You agree to comply with all laws, rules, and regulations (for example, federal, state, local, and municipal) applicable to your use of the Service and its Content (defined below), including, but not limited to, copyright laws.

If you have a paid account, fees are non-refundable, except as required by law or in the event that you cancel your account during the 30-day money-back guarantee period.

You will pay all applicable fees on the due date, and if those fees are being paid by credit card or other electronic means, you authorize us to charge those fees using your selected payment method.

By default, customer accounts are set up for automatic renewal and we may automatically charge for that renewal on or after the renewal date associated with your account, unless you canceled the Service before the renewal date.

We may revise the rate rates for the Service from time to time and will provide you with email notice of any rate change at least thirty (30) days in advance of the renewal date.

You are responsible for providing complete and accurate billing information to The Enlighten Company. We may suspend or terminate your use of the service if there is a default. You are responsible for all taxes (except those charged by government agencies on our company's billing).

If you need to use a purchase order or purchase order number, you (a) must provide the purchase order number at the time of purchase; and (b) agree that any terms and conditions in your purchase order will not apply and will be null and void.

About the use of our services

You must not alter, modify, adapt, or alter the Service or alter another site to falsely suggest that it is associated with our company or service.

You must not access our private API by means other than those expressly permitted by us.

You must not interfere with or interrupt the service or the servers or networks connected to the Service including the transmission of any virus, spyware, malware, or any other code of a destructive or disruptive nature. You may not inject content or code or otherwise alter or interfere with the way in which any page of ours is rendered or displayed on a browser or user device.

You must not attempt to restrict another user from using or enjoying the Service and you must not encourage or facilitate violations of these Terms or any of our other terms.

As part of the Service, we may provide downloadable client software (the “Software”) for your use in connection with the Service. This software can be updated automatically, and if this software is designed for use on a specific mobile or desktop operating system, a compatible system is required for use. As long as you comply with these Terms, we grant you a limited, non-exclusive, non-transferable, revocable license to use the software, solely to access the Service; however, that license does not constitute a sale of the software or any copy of it, and between you and us, we retain all right, title, and interest in the software. You agree that you will not copy, reproduce, republish, frame, download, transmit, modify, reverse engineer, sell, or participate in any sale, rent, lease, lend, assign, distribute, license, sublicense, or exploit in any way, in whole or in part, our Content, the Services, or any related software, except as expressly set forth in these Terms.

Violation of these Terms may, at our sole discretion, result in the termination of your account. In addition, we reserve the right to investigate and prosecute violations of any of these Terms to the maximum extent permitted by law. We may involve and cooperate with law enforcement authorities in prosecuting users who violate the Terms. You acknowledge that we have no obligation to pre-screen or monitor your access to or use of our Service or any information, material, or other content provided or made available through our Service, but we have the right to do so. You agree that we may, in the exercise of our sole discretion, remove or delete any data, accounts, or other content that violates these Terms or is otherwise reprehensible.

If you choose to use any third-party application in connection with the use of our Service, by doing so, you are agreeing to the sharing of your information with the third-party application. To understand how such third-party app provider will use your information, you should check the privacy policy of the third-party app.

General Conditions of Use

We may suspend or terminate your account or discontinue providing all or part of our Services at any time without liability to you for any reason, including, but not limited to, if we reasonably believe:

(i) That you violated these Terms;
(ii) That there was a risk or possible legal exposure for us, whether directly or indirectly, on your part;
(iii) That you have a free account with no activity (responses or logins) for sixty (60) days or trial accounts without a payment method thirty (30) days after expiration;
(iv) That our provision of Services is no longer commercially feasible.

1.1. We will make reasonable efforts to notify you through our Service, the next time you attempt to access your account, or through an email address or telephone number that you provided to us (if applicable).

1.2. If we close your access to the Service, your information and all other data will no longer be accessible through your account.

1.3. Upon termination, all licenses and other rights granted to you in these Terms will cease immediately.

1.4. We reserve the right, at our sole discretion, to change these Terms and/or our offered Services from time to time (“Updated Terms”).

1.4. Unless we make a change for legal or administrative reasons, we will provide reasonable notice before the Updated Terms take effect.

1.5. You agree that we can notify you of the Updated Terms by posting them directly to the application and that using the Service after the effective date of the Updated Terms (or engaging in such other conduct as we can reasonably specify) constitutes your agreement to the Updated Terms.

1.6. Therefore, you should review these Terms and any Updated Terms before using the Service. The Updated Terms will take effect from the time of publication or a later date specified in the Updated Terms and will immediately apply to the use of the Service. These Terms will govern any disputes that arose before the effective date of the Updated Terms.

2. We reserve the right to refuse access to the Service to anyone for any reason at any time.

3. Through the Agreement to this Terms of Use, you authorize The Enlighten Company, directly or through a third party, to make any inquiry that we deem necessary to validate your identity and/or authenticate your identity and account information. This may include asking for more information and/or documentation regarding the use of your account or identity, or requiring you to take steps to confirm ownership of your email address, mobile/cell phone number, or financial instruments and verify your information in third-party databases or through other sources. This process is for internal verification purposes. You further understand that a fee may be charged for this verification process.

4. We may, but are not obligated to remove, edit, block, and/or monitor content and information that is present in your account and that we determine, in our discretion, to violate these terms of use.

5. You agree that you are responsible for all data charges that you incur when using the service.

6. By creating an account, you agree that the application may send informational and promotional text messages (SMS) as part of the normal functioning of your use of our services. You can choose not to receive messages at any time. You acknowledge that opting out of receiving text messages (SMS) may affect your use of the Services.

7. We prohibit tracking, “crawling”, caching, or other access to any information in the application by automated means (unless it is the result of standard search engine protocols or technologies used by authorized companies with our express consent).

8. In some cases, it is necessary for our employees, contractors, or affiliates to access your account and data for diagnostics involving support and corrective maintenance. When you contact our support team, it's implied that you're allowing us to access your account, if necessary, to be useful. If you wish to receive assistance without granting permission for your account, please specify this in your communication with the support team and these requests will be honored to the extent possible to correct the problem in the application.

9. In the context of providing the service, we may transfer, store, and process your content in the United States of America or any other country where we maintain facilities. By using the service, you consent to this transfer, processing, and storage of your data and information.

Of User Rights

Property. For the purposes of this Terms of Use: (i) Information means any data, text, files, information, content, user names, images, graphics, photos, profiles, audio excerpts, video, musical works, works of authorship, applications, links, tasks created, and information, texts, files, and other associated content or materials; and (ii) User Content means any content provided by account holders (including you) to be made available through our services. Content includes, without limitation, user content.

Ownership of the Information that Enspace elaborates. Unless otherwise specified, all materials contained on or within the application, including but not limited to text, graphics, images, codes, illustrations, designs, icons, photographs, videos, musical works, works of authorship, applications, links, created tasks and associated information, text, files, and other content or materials (collectively, “Enspace Content”), as well as their selection and arrangement, are protected by copyright, trademark, and/or other intellectual property laws and the unauthorized use of Enspace content may violate these laws and these Terms. Except as expressly provided in these Terms, we do not grant any express or implied rights to use the Enspace Content. You agree that you will not copy, reproduce, republish, frame, download, transmit, modify, display, reverse engineer, sell, or participate in any sale of, rent, lease, loan, assign, distribute, license, sublicense, or exploit in any way, in part or in full, the Enspace content, the Services, or any related software or customer Software, as defined above, except as expressly set forth in these Terms. You agree not to remove, alter, or obscure any copyright, trademark, service mark, or other proprietary rights notice incorporated into or accompanying the services or content. You acknowledge that the services and content are protected by copyrights, trademarks, and other laws of the Federative Republic of Brazil and the United States.

User Rights and their Content: we do not claim copyright or intellectual property on content submitted or created exclusively by you in your Enspace service account. Any content that's yours, stays yours. This Terms of Service does not grant any licenses or rights to your content, except for the limited rights necessary for us to provide the Enspace Service to you. Notwithstanding the foregoing, we may access the content to determine how we can improve our Service and determine customer satisfaction.

Likewise, any reporting data that we collect from your use of the Enspace Service remains yours. By using the Enspace Service, you agree that we can use this data to provide the Enspace Service to you, and you agree that, as long as the data is anonymized and does not identify you, we may combine that data with anonymized data from other companies to provide benchmarking, public reporting, or otherwise use it to provide the Enspace Service.

Notifications and Alerts: as part of the services we provide, you may (if enabled) receive push notifications, text messages, alerts, emails, or other types of messages sent directly to you outside or within the app (“Notifications”).

Part of the Service may be supported by advertising revenue and may display advertisements and promotions, and you hereby agree that we may place these advertisements and promotions on the Service or on, on or in conjunction with your Content. The manner, mode, and extent of these advertisements and promotions are subject to change without specific notice to you.

You represent and warrant that: (i) you are the owner of the content included by you on or through the Service or otherwise have the right to grant the rights and licenses set forth in these Terms of Use; (ii) the posting and use of your content on or through the Service does not violate, misappropriate, or infringe the rights of any third party, including, without limitation, privacy rights, publicity rights, copyrights, trademarks, and/or other intellectual property rights; (iii) you agree to pay all fees, fees, and any other amounts due because of the content you post on or through the Service; and (iv) you have the legal right and capacity to agree to these Terms of Use in your jurisdiction.

The Enspace name and logo and The Enlighten Company are our trademarks and may not be copied, imitated, or used, in whole or in part, without our prior written permission. In addition, all page headers, custom graphics, button icons, and scripts are our service marks, trademarks and cannot be copied, imitated, or used, in whole or in part, without prior permission, which will be in official form, written and sent by our administration.

While it is our intention that the Service be available as much as possible, there will be occasions when the Service may be interrupted, including, without limitation, for scheduled maintenance or updates, for emergency repairs, for unscheduled interruptions, for system and server failures, or due to telecommunications link and/or equipment failures. Consequently, we encourage you to keep your own backup of your Content. In other words, we are not a backup service and you agree that you will not rely on the Service for the purpose of backing up or storing Content. We will not be responsible to you for any modification, suspension, or discontinuation of the Services or loss of any Content. You also acknowledge that the Internet may be subject to security breaches and that the submission of Content or other information may not be secure.
You agree that we are not responsible for and do not endorse content posted within the Service. We have no obligation to preview, monitor, edit, or remove any Content. If your Content violates these Terms, you are legally and solely responsible for that Content.

Except as otherwise described in the Service's Privacy Policy, between you and us, any Content will be non-confidential and non-exclusive, and we will not be responsible for any use or disclosure of Content. You acknowledge and agree that your relationship with us is not a confidential or other type of special relationship and that your decision to submit any Content does not place us in a position different from the position of members of the general public, including with respect to your Content. None of your Content will be subject to any obligation of confidentiality on our part and we will not be responsible for any use or disclosure of any Content you provide.

Use License: subject to your express agreement by reading and clicking the button to access Enspace and your continued compliance with these Terms and any other relevant policies, we grant you a limited, non-exclusive, non-transferable and revocable license to use the Service solely for your intended purposes. You agree not to use the Service for any other purpose.

This license can be revoked at any time. This license is subject to these Terms and does not include:

- Distribution, public display, or public presentation of our content.

- Modify or make any derivative use of the Service or our content, or any part of it.
‍
- Use of any scrapping method, data mining, robots, or other similar data collection or extraction methods.
‍
- Download (except page caching) of any part of the Services, our Content, or any information contained therein, except as expressly permitted on the Services.
‍
-
Access to our API with an unauthorized customer or from a third party.
‍
-
Any use of our Services or Content other than for your intended purposes.
‍
-
Any use of our Services or Content that is not specifically authorized in these Terms without our prior written permission is strictly prohibited and will result in the termination of the license to use our Service and Site, granted in these Terms.

By using this service, you agree to the above terms regarding the submissions that the user (s) under your account and responsibility must observe under penalty of being deleted without notice from our platform.

Limitations on the use of licenses

Any attempt to interfere with the service on your part, including subverting or manipulating the legitimate operation of any of our sites or services is a violation of our policy and may be a violation of criminal and civil laws.

‍
Without limiting other measures, we may limit, suspend, terminate, modify, or delete accounts or access to the service or their postage if you are or suspend anyone who is violating the terms of service or for any illegal or improper use of the service, with or without notice to you. You may lose your account and any user content as a result of account termination or limitation, as well as any benefits, privileges, earned items, and purchased items associated with your use of the service, and we have no obligation to compensate you for any losses or results.

Without limiting other measures, we may limit, suspend, or terminate the service and user accounts or their size, prohibit access to our services and sites, and their content, tools, delay or remove hosted content, and take technical and legal measures to prevent users from accessing the service if we believe that they are creating risks or possible legal liabilities, violating the copyrights of third parties, or acting inconsistently with our terms or policies. In addition, under appropriate circumstances and at our sole discretion, we may suspend or terminate accounts of users who may be repeat infringers of third-party copyrights.

We reserve the right to discontinue offering and/or supporting the service or a particular part of the service at any time, permanently or temporarily. In such an event, we will not be required to provide refunds, benefits, or other compensation to users in respect of such discontinued elements of the service.

We reserve the right to discontinue services dedicated to providing support or offering the functionality of the tool, either temporarily or permanently. If this occurs, we will not make any refund, compensation, or refund of amounts to users for the discontinuity of services or functionality.

Important Notice 

The service, including, without limitation, our content, is provided “as” and “available” and “with the defects”. To the maximum extent permitted by law, neither we nor any of our employees, managers, contractors, suppliers, or licensors make any kind of representation or warranty or endorsement of any kind, express or implied as to the service, content, user content, security associated with the transmission of information to us or via the service. In addition, The Enlighten Company, its brands and subsidiaries disclaim all warranties, express or implied, that you may require in connection with commercialization, customization, improvement, adaptation to a specific purpose, system integration, and computer viruses.

The Enlighten Company and its brand (“Enspace”) do not guarantee that the service will be error-free or uninterrupted; that defects will be corrected; or that the service or server that makes the service available is free of any harmful components, including, without limitation, viruses and security breaches of any kind. The Enlighten Company does not guarantee that the information in the service will be accurate, complete, or useful. You acknowledge that your use of the service is at your own risk. The Enlighten Company does not guarantee that the use of the service is legal in its jurisdiction. Some jurisdictions limit or do not allow the disclaimer of warranties, so the waiver may not apply to you to the extent that the law of the jurisdiction applies to you and the terms of use.

Limitations of Liability 

UNDER NO CIRCUMSTANCES will The Enlighten Company be responsible for any civil liability resulting from the use of its clients on the platform, including, but not limited to: direct and indirect economic losses related directly to the use of the platform, to the services, functionalities, content of Enspace or its created content, inability to use or performance of the service.

UNDER NO CIRCUMSTANCES will The Enlighten Company be responsible for any compensation resulting from the user's due or undue use that may result in damage to any user's computer, mobile device, or other equipment or technology, including, without limitation, damages resulting from security breaches or any virus, error, omission, interruption, defect, delay in operation or transmission, computer line or network failure, or any other technical problem or other failure, including, without limitation, damages for lost profits. , loss of a chance, loss of data, interruption of the user's work, accuracy of the results, failure or problem with the computer, even if foreseeable or even if The Enlighten Company has been informed or should have known of the possibility of such damages, whether in an action or clause, or due to the negligence, malpractice, or recklessness of its employees, with or without admission of strict liability or compensation (caused in part or totally by negligence, telecommunications failures, force majeure, theft, or destruction of service). In no event will The Enlighten Company be liable to you or anyone else for loss, damage, or injury, including, without limitation, death or personal injury.

YOU AGREE that, in the event that you incur any damages, losses, or injuries resulting from our acts or omissions, the damages, if any, caused to you, will not be irreparable or sufficient to give you the right to obtain an injunction preventing any exploitation of any site, service, property, product, or other content owned or controlled by The Enlighten Company and you will have no rights to prevent or restrict the development, production, distribution, advertising, display, or exploration of any site, property, product, service or other content owned or controlled by The Enlighten Company.

Comprehensive Agreement

If you are using our service on behalf of a legal entity (“company”) or similar you declare that you are authorized to enter into an agreement on behalf of that legal entity. These terms constitute the entire agreement between you and us and govern your use of the service, superseding any previous agreements between you and us. You may not assign the terms or assign any rights or delegate any obligations set forth herein, in whole or in part, either voluntarily or by force of law, without our prior written authorization. Any assignment or delegation by you without our proper prior written authorization will be null and void. We may assign these terms or any rights set forth herein without your authorization, and the terms will be advantageous and enforceable by our successors. Neither the course of conduct between the parties nor business practice will modify the terms. These terms do not confer any third-party payee rights.

Applicable Legislation

This Terms of Use is regulated and prepared in accordance with the laws of the Federative Republic of Brazil and will serve as a rule for all users who have registered accounts and are domiciled and/or resident in Brazilian territory.

For users who are not resident and/or domiciled in Brazilian territory, the contract will be in force as law between the parties as the first source of law, and in the event of a conflict with the user's domestic legislation, the International Convention on Product and Service Contracts, governed by the United Nations World Organization.

Foro 

For users and accounts registered in Brazilian territory, the Parties choose the District Court of São Paulo to settle any existing consumer disputes when providing The Enlighten Company's service through the provision of the Enlighten Company platform.

For users and accounts registered in any location outside Brazilian territory, you agree that any dispute involving consumer relations will be litigated in the Court of Litigation of New York City, New York State, United States of America and headquarters of The Enlighten Company.

Contract Termination 

The Enlighten Company reserves the right to terminate, rescind and/or rescind this Terms of Use and its attachments at any time, with or without notification to the user and regardless of any offer of just cause to do so.

These Terms of Use were written in Portuguese and for users resident in Brazil. Other users resident outside the Brazilian territory must access the English version of this Terms of Use. In the event of a conflict between the translations, The Enlighten Company's official language version (English) will prevail.

Information Security

ISAE 3402 is an international standard that provides guidelines for ensuring the security and protection of information in services provided by third parties. It is a reference for evaluating and proving the trust and security of information. Here at ENSPACE, we understand the importance of protecting our customers' data and for this reason, we are proud to be ISAE 3402 certified.

This means that you can be sure that your data is in good hands and complies with the best security and privacy practices.

Data Protection Addendum

The customer who agrees to these terms (“Customer”) has entered into a Terms of Use Agreement or SaaS Services Agreement with The Enlighten Company S/A (“Enspace”) under which Enspace agreed to provide services to the Customer (as amended from time to time, the “Agreement”).

This Data Protection Addendum, including its applicable Appendices (the “Addendum”) will take effect and supersede any previously applicable data processing and security terms as of the Effective Date of the Addendum (as defined below). This Amendment forms part of the Agreement.
 
Any capitalized term used but not otherwise defined in this Addendum shall have the meaning provided to it in the Agreement.

1. Definitions

For the purposes of this Addendum, the terms below shall have the meanings set forth below. Capitalized terms used but not otherwise defined in this Addendum shall have the meanings set forth in the Agreement.

1.1 “Addendum Effective Date” means the date on which the parties agreed to this Addendum.

1.2 “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity, where “control” refers to the power to direct or cause direction of the subject entity, whether through the ownership of voting securities, by contract, or otherwise.

1.3 “Audit Reports” has the meaning given in Section 5.4.4 (Audit Reports).

1.4 “CCPA” means the California Consumer Privacy Act of 2018.

1.5 “Customer Personal Data” means any personal data or personal information of the data subjects contained in the data provided or accessed by Enspace by or on behalf of the Customer or the Customer's end users in connection with the Services.

1.6 “Global Data Protection Legislation” means European Data Protection Legislation, CCPA, and LGPD as applicable to the processing of Customer Personal Data under the Agreement.

1.7 “EEA” means the European Economic Area.

1.8 “EU” means the European Union.

1.9 “European Data Protection Legislation” means the GDPR and other data protection laws of the EU, its Member States, Switzerland, Iceland, Liechtenstein, and Norway, and the United Kingdom, applicable to the processing of Customer Personal Data under the Agreement.

1.10 “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data of EU data subjects and on the free movement of such data, and repealing Directive 95/46/EC.

1.11 “Information Security Incident” means a breach of Enspace's security that leads to accidental or illegal destruction, loss, alteration, unauthorized disclosure, or access to Customer Personal Data in Enspace's possession, custody, or control. “Information security incidents” will not include unsuccessful attempts or activities that do not compromise the security of Customer Personal Data, including unsuccessful login attempts, pings, port checks, denial of service attacks, and other network attacks on firewalls or networked systems.

1.12 “LGPD” means the Brazilian General Data Protection Law.

1.13 “Standard Contractual Clauses” or “SCCs” have the meaning defined for Appendix 3 (Cross-Border Transfer Solutions) of this Addendum.

1.14 “Security Documentation” means all documents and information made available by Enspace in Section 5.4.1 (Audits).

1.15 “Security Measures” has the meaning given in Section 5.1.1 (Enspace Security Measures).

1.16 “Services” means the services and/or products to be provided by Enspace to the Customer under the Agreement.

1.17 “Sub-processors” means third parties authorized under this Addendum to process Customer Personal Data in connection with the Services.

1.18 “Term” means the period from the Effective Date of the Addendum to the end of the provision of the Services by Enspace.

1.19 “Transfer Solution” means the Standard Contractual Clauses or another solution that allows the legal transfer of personal data to a third country in accordance with Article 45 or 46 of the GDPR.

1.20 The terms “personal data”, “data subject”, “processing”, “controller”, “processor” and “supervisory authority” as used in this Addendum have the meanings assigned in the GDPR and LGPD, as applicable, and the terms “data importer” and “data exporter” have the meanings given in the Standard Contractual Clauses. The terms “personal information”, “commercial” and “service provider” have the meanings defined in the CCPA.

2. Addendum Duration

3. Data Processing

This Addendum will take effect on the Effective Date of the Addendum and, notwithstanding the expiration of the Term, will remain in effect until, and will automatically expire upon the deletion of all Customer Personal Data by Enspace, as described in this Addendum.

3.1 Papers and Regulatory Compliance; Authorization.

3.1.1 Responsibilities of the Processor and the Controller. This Addendum applies only to the extent that we are processing Customer Personal Data on behalf of the Customer. If European Data Protection Legislation, LGPD or CCPA applies to the processing of Customer Personal Data, the parties acknowledge and agree that:

(a) the object and details of the processing are described in Appendix 1; (b) Enspace is a processor of that Customer Personal Data under European Data Protection Legislation or LGPD, and/or a Service Provider with respect to such Customer Personal Data under the CCPA, as applicable; (c) the Customer is a controller or processor of that Customer Personal Data under European Data Protection Legislation or LGPD, and/or a Company with respect to that Customer Personal Data under the CCPA, as applicable; and (d) each party will comply with obligations applicable to it in accordance with the applicable Global Data Protection Legislation with respect to the processing of such Customer Personal Data.

3.1.2 Authorization by the Third Party Controller. If European Data Protection Legislation applies to the processing of Customer Personal Data and the Customer is a processor, the Customer warrants to Enspace that the Customer's instructions and actions with respect to that Customer Personal Data, including your appointment of Enspace as another processor and your consent to Enspace for subsequent transfers of Customer Personal Data to its Sub-processors have been authorized by the relevant controller.

3.2 Scope of Processing.

3.2.1 Customer Instructions. By entering this Addendum, the Customer instructs Enspace to process Customer Personal Data only in accordance with applicable law: (a) to provide the Services; (b) as authorized by the Agreement, including this Addendum and its Appendices; and (c) as documented in any other written instructions provided by the Customer and acknowledged in writing by Enspace as constituting instructions for the purposes of this Addendum.

3.2.2 Enspace Compliance with the Instructions. Enspace will only process Customer Personal Data in accordance with the Customer's instructions described in Section 3.2.1 (including with respect to data transfers) (“Customer Instructions”), unless the applicable Global Data Protection Legislation to which Enspace is subject requires other processing of Customer Personal Data Enspace, in which case Enspace will notify the Customer (unless the law prohibits Enspace from doing so for important reasons of public interest).

4. Deletion of data

4.1 Exclusion on Termination. Unless otherwise provided in the Agreement, upon expiration of the Term, the Customer instructs Enspace to delete all Customer Personal Data (including existing copies) from the Enspace systems as required and in accordance with applicable law as soon as reasonably possible, unless applicable law prevents Enspace from deleting such data. To the extent that the Customer is subject to laws or regulations that require Enspace to retain Customer Personal Data after the Term has expired and the Customer fails to inform Enspace of these retention obligations, the Customer will be solely responsible for any deletion of such data by Enspace in accordance with this Section 4.1.

5. Data security

5.1 Enspace Security Measures, Controls, and Assistance.

5.1.1 Enspace security measures. Enspace will implement and maintain technical and organizational measures to protect Customer Personal Data against accidental or illegal destruction, loss, alteration, unauthorized disclosure, or access to Customer Personal Data as described in Appendix 2 (the “Technical and Organizational Security Measures”). Enspace may update or modify the Security Measures from time to time, provided that such updates and modifications do not materially diminish the overall security of the Services.

5.1.2 Security compliance by the Enspace team. Enspace will grant access to Customer Personal Data only to employees, contractors, and Subprocessors who require such access for the scope of their performance and are subject to appropriate confidentiality agreements.

5.1.3 Enspace Security Assistance. Enspace will (taking into account the nature of the processing of the Customer's Personal Data and the information available to Enspace) provide the Customer with the reasonable assistance necessary for the Customer to fulfill its obligations in relation to the Customer's Personal Data under the Global Data Protection Legislation, including Articles 32 to 34 (inclusive) of the GDPR and articles 6 and 46 of the LGPD, by:
(a) implement and maintain Security Measures in accordance with Section 5.1.1 (Enspace Security Measures);
(b) comply with the terms of Section 5.2 (Information Security Incidents); and
(c) provide the Customer with Security Documentation in accordance with Section 5.4.1 (Security Documentation Revisions) and the Agreement, including this Addendum.

5.2 Information Security Incidents.

5.2.1 Notification of Information Security Incidents. If Enspace becomes aware of an Information Security Incident, Enspace will: (a) notify the Customer of the Information Security Incident without undue delay after becoming aware of the Information Security Incident; and (b) take reasonable steps to identify the case of such Information Security Incident, minimize damage and prevent a recurrence.

5.2.2 Information Security Incident Details. Notifications made in accordance with this Section 5.2 (Information Security Incidents) will describe, to the extent possible, the details of the Information Security Incident, including (i) the nature of the Information Security Incident, including whenever possible, the categories and approximate number of data subjects in question and the categories and approximate number of personal data records in question; (ii) the name and contact details of the data protection officer or other point of contact where more information can be obtained, (iii) the probable consequences of the Information Security Incident; (iv) measures taken, or proposed to be taken, to mitigate potential risks and measures that Enspace recommends that the Customer take to deal with the Information Security Incident, including, where appropriate, measures to mitigate its potential adverse effects.

5.2.3 Notification. The Customer is solely responsible for complying with the incident notification laws applicable to the Customer and for complying with any third-party notification obligations related to any Information Security Incident (s).

5.2.4 No fault recognition by Enspace. Enspace's notification or response to an Information Security Incident under this Section 5.2 (Information Security Incidents) will not be construed as an acknowledgement by Enspace of any fault or liability with respect to the Information Security Incident.

5.3 Customer Responsibilities and Safety Assessment.

5.3.1 Customer Security Responsibilities. The Customer agrees that, without prejudice to Enspace's obligations under Section 5.1 (Enspace Security Measures, Controls, and Assistance) and Section 5.2 (Information Security Incidents):
(a) The Customer is solely responsible for the use of the Services, including:
(i) make appropriate use of the Services to ensure a level of security appropriate to the risk in relation to the Customer's Personal Data;
(ii) protect the credentials, systems, and account authentication devices that the Customer uses to access the Services; and
(iii) protect the Customer's systems and devices that Enspace uses to provide the Services; and
(iv) back up your Customer Personal Data.
(b) Enspace has no obligation to protect Customer Personal Data that the Customer chooses to store or transfer outside of Enspace's systems and its Subprocessors (for example, offline or on-premises storage).

5.3.2 Customer Security Assessment.
(a) The Customer is solely responsible for reviewing the Security Documentation and evaluating for himself whether the Services, Security Measures, and Enspace's commitments under this Section 5 (Data Security) will meet the Customer's needs, including with respect to any Customer's security obligations under the applicable Global Data Protection Legislation.
(b) The Customer acknowledges and agrees that (taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of the processing of Customer Personal Data, as well as risks to individuals) the Security Measures implemented and maintained by Enspace as defined in Section 5.1.1 (Enspace Security Measures) provide a level of security appropriate to the risk in relation to the Customer's Personal Data.

5.4 Compliance Reviews and Audits.

5.4.1 Audits. The Customer may audit Enspace's compliance with its obligations under this Addendum up to once a year. In addition, to the extent required by applicable Global Data Protection Legislation, including when required by the Customer's supervisory authority, the Customer or the Customer's supervisory authority may carry out more frequent audits (including inspections). Enspace will contribute to such audits by providing the Customer or the Customer's supervisory authority with the information and assistance reasonably necessary to conduct the audit, including any relevant records of processing activities applicable to the Services.

5.4.2 Objections to the Third Party Auditor. If a third party conducts the audit, Enspace may object to the auditor if the auditor is, in Enspace's reasonable opinion, not adequately qualified or independent, a competitor of Enspace, or manifestly inadequate. This Enspace objection will require the Customer to appoint another auditor or to conduct the audit on its own.

5.4.3 Audit Request. To request an audit, the Customer must submit a detailed proposed audit plan to Enspace at least two weeks in advance of the proposed audit date. The proposed audit plan must describe the proposed scope, duration, and start date of the audit. Enspace will review the proposed audit plan and provide the Customer with any concerns or questions (for example, any request for information that could compromise Enspace's security, privacy, employment, or other relevant policies). Enspace will work cooperatively with the Customer to reach an agreement on a final audit plan. Nothing in this Section 5.4 (Compliance Reviews and Audits) will require Enspace to violate any confidentiality obligations.

5.4.4 Audit Reports. If the requested audit scope is addressed in an SSAE 16/18/ISAE 3402 Type 2, AICPA SOC 2 (SOC for Service Organizations: Trust Services Criteria), or similar audit report conducted by a qualified third-party auditor (“Audit Reports”) within twelve (12) months of the Customer's audit request and Enspace confirms that there are no known material changes to the audited controls, the Customer agrees to accept those findings instead of requesting an audit of the controls covered by the report.

5.4.5 Conducting the Audit. The audit must be conducted during normal business hours at the applicable facility, subject to the agreed final audit plan and Enspace's health and safety or other relevant policies, and must not unreasonably interfere with Enspace's business activities.

5.4.6 Audit Conditions. The Customer will immediately notify Enspace of any non-compliance discovered during an audit and will provide Enspace with any audit reports generated in connection with any audit under this Section 5.4 (Compliance Reviews and Audits), unless prohibited by applicable Global Data Protection Legislation or otherwise instructed by a supervisory authority. The Customer may use the audit reports only to meet the Customer's regulatory auditing requirements and/or confirm compliance with the requirements of this Addendum. The audit reports and any Enspace information shared during the auditing process are the parties' Confidential Information under the Agreement.

5.4.7 Audit Expenses. Any audits are at the Customer's expense. The Customer will reimburse Enspace for any time spent by Enspace or its Subprocessors in connection with any audits or inspections under this Section 5.4 (Compliance Reviews and Audits) with Enspace's current professional services fees, which will be made available to the Customer upon request. The Customer will be responsible for any fees charged by any auditor appointed by the Customer to perform such an audit.

5.4.8 Standard Contractual Clauses. The parties agree that this Section 5.4 (Compliance Reviews and Audits) must satisfy Enspace's obligations in accordance with the auditing requirements of the 2021 Standard Contractual Clauses applied to the Data Importer in accordance with Clause 8 and Clause 13 (a) and to any Subprocessors in accordance with Clause 9.

6. Impact assessments and inquiries

Enspace will (taking into account the nature of the processing and the information available to Enspace) reasonably assist the Customer in complying with its obligations under the applicable Global Data Protection Legislation regarding data protection impact assessments and prior consultation, including, if applicable, obligations under articles 35 and 36 of the GDPR, by:

6.1 Audit Reports and Security Measures. Make copies of the Audit Reports or other documentation that describe relevant aspects of the Enspace information security program and the security measures applied in relation to it available for review;

6.2 Additional Information. Provide the information contained in the Agreement, including this Addendum.

7. Data Subject Rights

7.1 Customer Responsibility for Requests. During the Term, if Enspace receives any request from a data subject regarding Customer Personal Data, Enspace will, at its sole discretion, (i) notify the Customer of the request, (ii) advise the data subject to submit their request to the Customer, and/or (iii) notify the data subject that their request was forwarded to the Customer. The Customer will be responsible for responding to any such request.

7.2 Request for Assistance from the Enspace Data Subject. Enspace will (taking into account the nature of the processing of Customer Personal Data) provide the Customer with self-service functionality through the Services or other reasonable assistance as necessary for the Customer to fulfill its obligation under the applicable Global Data Protection Legislation to respond to requests from data subjects, including, if applicable, the Customer's obligation to respond to requests to exercise the data subject's rights established in Chapter III of the GDPR, in articles 18 and 19 of the LGPD, or in CCPA section 1798.105. The Customer will reimburse Enspace for any assistance other than the provision of self-service features included as part of the Services in Enspace's current professional services fees, which will be made available to the Customer upon request.

8. Data transfers

8.1 Data storage and processing facilities. Enspace may, in accordance with Section 8.2 (Data Transfers Outside the EEA), store and process Customer Personal Data anywhere that Enspace or its Subprocessors maintain facilities.

8.2 Data Transfers Outside the EEA.

8.2.1 Enspace Transfer Obligations. If the storage and/or processing of Customer Personal Data (as established in Section 8.1 (Data Storage and Processing Facilities)) involves transfers of Customer Personal Data outside the EEA, United Kingdom, or Switzerland, and European Data Protection Legislation applies to transfers of such data (“Transferred Personal Data”), the terms set out in Annex 3 (International Transfer Solutions) will apply. Enspace will make these transfers in accordance with a Transfer Solution and will provide information to the Customer about that Transfer Solution upon request.

8.2.2 Customer Transfer Obligations. With respect to the Transferred Personal Data, the Customer agrees that, if in accordance with European Data Protection Legislation, Enspace reasonably requires the Customer to use another Transfer Solution offered by Enspace (in addition to the Standard Contractual Clauses, attached to this document as Appendix 3 and incorporated by reference to the extent that the Customer is transferring Customer Personal Data outside the EEA, United Kingdom, or Switzerland to Enspace) and Enspace reasonably requests that the Customer take any action (which may include the execution of documents) necessary to give full effect to such a solution, the Customer will do so.

8.3 Disclosure of Confidential Information Containing Personal Data. If the Customer has entered into Standard Contractual Clauses as described in Section 8.2 (Data Transfers Outside the EEA), Enspace will, notwithstanding any contrary term in the Agreement, make any disclosure of the Customer's Confidential Information containing personal data and any notifications related to such disclosures, in accordance with such Standard Contractual Clauses. For the purposes of the Standard Contractual Clauses, the Customer and Enspace agree that (i) the Customer will act as an exporter of
data on behalf of the Customer itself and on behalf of any of the Customer's entities and (ii) Enspace or its relevant Affiliate will act on its own behalf and/or on behalf of the Enspace Affiliates as data importers.

9. Sub processors

9.1 Consent to hire a sub-processor. The Customer generally authorizes the hiring of any other third parties as Sub processors and authorizes the subsequent transfer of the Customer's Personal Data to any Subprocessors contracted by Enspace. If the Customer has entered into Standard Contractual Clauses as described in Section 8.2 (Data Transfers Outside the EEA), the above authorizations constitute the Customer's prior written consent to the outsourcing by Enspace of the processing of Customer Personal Data if such consent is required under the Standard Contractual Clauses.

9.2 Information about Sub processors. Information about Sub processors, including their functions and locations, is available at sales@be-enlighten.com (as may be updated periodically by Enspace in accordance with this Addendum).

9.3 Requirements for Sub Processor Involvement. When hiring any Subprocessor, Enspace will enter into a written contract with such Subprocessor containing data protection obligations no less protective than those in the Agreement (including this Addendum) with respect to the protection of Customer Personal Data to the extent applicable to the nature of the Services provided by such Subprocessor. Enspace will be responsible for all subcontracted obligations and for all acts and omissions of the Subprocessor.

9.4 Opportunity to contest changes to the Sub processor. When any new Subprocessor is hired during the Term, Enspace will, at least 30 days before the new Subprocessor processes any Customer Personal Data, notify the hiring by email (including the name and location of the relevant Subprocessor and the activities that it will carry out). To receive email notifications related to Sub Processor changes, the Customer can register using the portal found at sales@be-enlighten.com.

When any new Subprocessor is hired during the Term, Enspace will, at least 30 days before the new Subprocessor processes any Customer Personal Data, notify the Customer of the hiring (including the name and location of the relevant Subprocessor and the activities that it will carry out).

The Customer may object to any new Subprocessor by providing written notice to Enspace within ten (10) business days after being informed of the hiring of the Subprocessor as described above. Should the Customer object to a new Subprocessor, the Customer and Enspace will work together in good faith to find a mutually acceptable resolution to address such objection. If the parties are unable to reach a mutually acceptable resolution within a reasonable time, the Customer may, as its sole and exclusive remedy, terminate the Agreement upon written notice to Enspace.

10. Processing records

10.1 Enspace Processing Records. The customer acknowledges that Enspace is required by the GDPR to: (a) collect and keep records of certain information, including the name and contact details of each processor and/or controller on behalf of which Enspace is acting and, where applicable, of such processor or local representative of the controller and data protection officer; and (b) make this information available to supervisory authorities. Consequently, if the GDPR applies to the processing of Customer Personal Data, the Customer will, when requested, provide this information to Enspace and will ensure that all information provided is kept accurate and up to date.

11. Responsibility

11.1 Limitation of Liability The total combined liability of either party and its Affiliates with respect to the other party and its Affiliates, whether in contract, tort, or any other theory of liability, under or in connection with the Agreement, this Addendum, and the Standard Contractual Clauses if entered into as described in Section 8.2 (Data Transfers outside the EEA) combined will be limited to limitations of liability or other limits of liability agreed upon by the parties to the Agreement, subject to Section 11.2 (Exclusions of liability limit).

11.2 Limitation of Liability Exclusions. Nothing in Section 11.1 (Limit of Liability) will affect the liability of any party to data subjects under the provisions of third-party beneficiaries of the Standard Contractual Clauses to the extent that the limitation of such rights is prohibited by European Data Protection Legislation.

12. Analytics

The Customer acknowledges and agrees that Enspace may create and derive from the processing related to the Services anonymous and/or aggregated data that does not identify the Customer or any individual, and use, disclose, or share such data with third parties to improve Enspace products and services and for its other legitimate business purposes.

13. Advisories

Notwithstanding any provision to the contrary in the Agreement, any notifications required or permitted to be provided by Enspace to the Customer may be provided (a) in accordance with the notification clause of the Agreement; (b) to Enspace's main points of contact with the Customer; and/or (c) to any email provided by the Customer for the purpose of providing communications or alerts related to the Service. The customer is solely responsible for ensuring that such email addresses are valid.

14. Effect of these Terms

Notwithstanding anything to the contrary in the Agreement, to the extent of any conflict or inconsistency between this Addendum and the other terms of the Agreement, this Addendum will prevail.

Appendix 1

Subject and details of data processing

This Appendix 1 is incorporated into the Addendum and is also part of the Standard Contractual Clauses (if such Standard Contractual Clauses are applicable to the Customer).

Annex 2

Technical and Organizational Security Measures

As of the Effective Date of the Addendum, Enspace will implement and maintain the defined technical and organizational Security Measures.

Enspace may update or modify such Security Measures from time to time, provided that such updates and modifications do not materially diminish the overall security of the Services.

The following table provides more information about the technical and organizational security measures defined below:

Annex 3

Cross-border data transfer solutions

1. Definitions

For the purposes of the Clauses:

For the purposes of this Addendum, the terms below shall have the meanings set forth below. Capitalized terms used but not otherwise defined in this Addendum shall have the meanings set forth in the Agreement.

1.1 “Standard Contractual Clauses” means, depending on the Customer's unique circumstances, any of the following:

1.1.1 UK International Data Transfer Addendum, or;

1.1.2 EU Standard Contractual Clauses 2021 (“EU CECs”).

1.2 “UK International Data Transfer Addendum” means: the UK International Data Transfer Addendum (“IDTA”) to the EU Commission's Standard Contractual Clauses (“EU SCCs”) (Version B1.0) issued by the UK Information Commissioner for Parties making Transfers (which may be amended, updated, or replaced from time to time).

1.3 “2021 Standard Contractual Clauses” means the Standard Contractual Clauses approved by the European Commission in decision 2021/914.

2. Cross-border data transfer solutions

2.1 Order of Precedence. If the Services are covered by more than one Transfer Solution, the transfer of personal data will be subject to a single Transfer Solution in accordance with the following order of precedence: (a) the applicable Standard Contractual Clauses, as set out in Section 2.2 (UK Standard Contractual Clauses) or Section 2.3 (The 2021 Standard Contractual Clauses) of this Appendix 3; and, if neither (a) nor (b) are applicable, then (c) other Data Transfer Solutions permitted by applicable Global Data Protection Legislation.

2.2 2021 Standard Contractual Clauses. The parties agree that the 2021 Standard Contractual Clauses will apply to personal data transferred through the European Economic Area Services, directly or through a subsequent transfer, to any country or recipient outside the European Economic Area that is not recognized by the Commission as providing an adequate level of personal data protection. For data transfers from the European Economic Area that are subject to the 2021 Standard Contractual Clauses, the 2021 Standard Contractual Clauses will be considered concluded (and incorporated into this Addendum by this reference) and completed as follows:

2.2.1 Module Two (Controller to Processor) of the 2021 Standard Contractual Clauses will apply when the Customer is the controller of the Customer's Personal Data and Enspace is processing the Customer's Personal Data.

2.2.2 Module Three (Processor to Processor) of the 2021 Standard Contractual Clauses will apply when the Customer is a processor of Customer Personal Data and Enspace is processing Customer Personal Data.

2.2.3 For each Module, where applicable:

(a) in Clause 7 of the 2021 Standard Contractual Clauses, the optional anchor clause will not apply;
(b) in Clause 9 of the 2021 Standard Contractual Clauses, Option 2 “General Written Authorization” will apply and the period for prior notification of changes to the Subprocessor will be as set out in Section 9 (Subprocessors) of this Addendum;
(c) in Clause 11 of the 2021 Standard Contractual Clauses, the optional language will not apply;
(d) in Clause 17 (Option 1), the 2021 Standard Contractual Clauses will be governed by Irish law;
(e) in Clause 18 (b) of the 2021 Standard Contractual Clauses, disputes will be resolved before the courts of Ireland;
(f) in Annex I, Part A (List of Parties) of the 2021 Standard Contractual Clauses:
(i) Data Exporter: Customer.
(ii) Contact Details: The email address (s) designated by the Customer in the Customer's account through their notification preferences.
(iii) Role of the Data Exporter: The role of the Data Exporter is defined in Section 3.1 (Functions and Regulatory Compliance; Authorization) of this Addendum. The parties acknowledge and agree that, with respect to the processing of Customer Personal Data, the Customer may act as a controller or processor and Enspace is a processor. Enspace will process Customer Personal Data in accordance with Customer Instructions as set forth in Section 3.2.1.
(iv) Signature and Date: By entering into the Contract, the Data Exporter is considered to have signed these Standard Contractual Clauses incorporated herein, including their Annexes, as of the effective date of the Contract.
(v) Data importer: The Enlighten Company S/A dbo Enspace.
(vi) Address: 350 Tenth Ave Suite 500, San Diego, CA 92101
(vii) Contact Details: Enspace Data Security Team — data@enspace.io
(viii) Role of the Data Importer: The parties acknowledge and agree that, with respect to the processing of Customer Personal Data, the Customer may act as a controller or processor and Enspace is a processor. Enspace will process Customer Personal Data in accordance with Customer Instructions.
(xi) Signature and Date: When entering into the Contract, the Data Importer is considered to have signed these Standard Contractual Clauses, including their Annexes, as of the Effective Date of the Contract.
(g) in Annex I, Part B (Transfer Description) of the 2021 Standard Contractual Clauses:
(i) The categories of data subjects are described in the “Data Subject” Section of Appendix 1 (Object and Details of Data Processing) of this Addendum.
(ii) The categories of personal data transferred are described in the “Categories of Personal Data” Section of Appendix 1 (Subject and Details of Data Processing) of this Addendum.
(iii) The transferred Sensitive Data is described in the “Sensitive Data” Section of Appendix 1 (Subject and Details of Data Processing) to this Addendum.
(iv) Signature and Date: By entering into the Contract, the Data Exporter is considered to have signed these Standard Contractual Clauses incorporated herein, including their Annexes, as of the effective date of the Contract.
(v) The nature of the processing is described in the “Nature and Purpose of the Processing” Section of Appendix 1 (Subject and Details of Data Processing) to this Addendum.
(vi) The purpose of the processing is described in the “Nature and Purpose of the Processing” Section of Appendix 1 (Subject and Details of Data Processing) to this Addendum.
(vii) The period for which the personal data will be retained and the criteria used to determine this period are as follows: Prior to the termination of the Agreement, Enspace will process the stored Customer Personal Data for the permitted purposes set out in Section 3.1.1. (Customer Instructions) until the Customer chooses to delete or request the return of such Customer Personal Data in accordance with section 4 of the Addendum. Prior to the termination of the Contract, the Customer agrees that it is solely responsible for deleting the Customer's Personal Data through the Services. Upon termination of the Agreement, Enspace will (i) provide the Customer thirty (30) days after the effective date of termination to obtain a copy of any Customer Personal Data stored through the Services and (ii) delete any Customer Personal Data stored within thirty (30) days upon the customer's request, unless alternative deadlines for retention and/or deletion are otherwise established in the Agreement or later agreed upon by the parties in writing. Any customer personal data archived on Enspace's backup systems will be securely isolated and protected from any further processing, except as required by applicable law or regulation.
(h) in Annex I, Part C of the 2021 Standard Contractual Clauses: The Irish Data Protection Commission will be the competent supervisory authority.
(i) Appendix 2 (Technical and Organizational Security Measures) of this Amendment serves as Annex II of the Standard Contractual Clauses.

2.3 Data transfers from Switzerland. With respect to any transfer of personal data outside of Switzerland or of Personal Data governed by the Swiss Federal Data Protection Act (“FADP”) (and the revised FADP (“RevFADP”), when in effect), to a third country (without an appropriateness decision or equivalent issued by the European Commission or competent authority in Switzerland), the Parties agree that the EU SCCs in this Addendum must apply, subject to the following terms and conditions:

A. References: The terms “General Data Protection Regulation” or “Regulation (EU) 2016/679” as used in EU SCCs should be interpreted to include FADP and, where applicable, RevFADP.
B. Clause 13: To the extent that the transfer of Personal Data is subject only to the FADP/RevFADP, the Swiss Federal Data Protection and Information Commissioner (FDPIC) is the exclusive supervisory authority. To the extent that the transfer of Personal Data is governed by the GDPR and the FADP/RevFADP, the competent supervisory authority with parallel supervision (in accordance with Annex IC of the EU SCCs) is the FDPIC and to the extent that the transfer is governed by the GDPR, the criteria of Clause 13 (a) must be observed for the selection of the competent authority.
C. Clause 17: EU SCCs will be governed by Swiss law, if the transfer is subject exclusively to the FADP/RevFADP or, in other cases, to the law of one of the EU Member States, provided that the law of the member state allows third parties - rights of the party's beneficiary.
D. Clause 18 (b): Any dispute arising from EU SCCs will be resolved by the courts of Switzerland, if the transfer is subject exclusively to the FADP/RevFADP or to an EU Member State in other cases.
E. Clause 18 (c): The term “Member State” should not be interpreted to exclude data subjects in Switzerland from the possibility of claiming their rights at their place of usual residence (Switzerland) in accordance with Clause 18 (c) of the EU SCCs.
F. RevFADP: EU SCCs will protect legal entities' data until RevFADP comes into force.

2.4 UK International Data Transfer Addendum. The parties agree that the UK International Data Transfer Addendum will apply to personal data transferred through the UK Services, directly or by subsequent transfer, to any country or recipient outside the UK that is not recognized by the competent UK regulatory authority or UK government body as providing an adequate level of protection for personal data. For UK data transfers subject to the UK International Data Transfer Addendum, the UK International Data Transfer Addendum will be considered concluded (and incorporated into this Addendum by this reference) and completed as follows:

Part 1:
1) Table 1: Parts
one. The Start Date is the date of the last signature of the Parties to this Amendment or Agreement.
b. The Parties are defined in Annex IA of the EU SCCs to which this IDTA is attached.
2) Table 2: SCCs selected, modules, and clauses selected
one. EU SCC Addendum
Me. The version of the approved EU SCCs to which this IDTA is attached, including the information in the appendix, applies.
3) Table 3: Appendix Information
one. Annex 1A: List of Parties
Me. The Parties are defined in Annex IA of the EU SCCs to which this IDTA is attached.
b. Annex 1B: Description of the Transfer
Me. The Transfer Description is set out in Annex IB of the EU SCCs to which this IDTA is attached.
c. Annex II: Technical and organizational measures, including technical and organizational measures to ensure data security
Me. Technical and organizational measures are defined in Annex II of the EU SCCs to which this IDTA is attached.
c. Annex III: List of Subprocessors:
Me. Not applicable.
4) Table 4: Closing of this Addendum when the Approved Addendum Changes:
one. The Exporter and the Importer may terminate this IDTA as set forth in Section 19 of the IDTA.


Part 2:
Part 2 of the IDTA is incorporated here by reference.

2.5 Conflict. To the extent that there is any direct conflict between the Standard Contractual Clauses and any other terms of this Addendum, the Agreement, or the Privacy Policy, the provisions of the Standard Contractual Clauses will prevail.

Terms of Service for the use of ENSPACE Data Captures for Legal

Effective Date: 12/12/2023
Last Update: 12/08/2025

This Term of Service (“Term”) governs the use of Public Data Capture Services (“Services”) provided by The Enlighten Company S/A, a Brazilian public limited company, and by The Enlighten Technologies LLC, a North American limited company (together, “Enlighten”), within the scope of the ENSPACE platform.

By accessing or using the Services, the user or customer (“Customer” or “User”) declares to have read, understood and fully accepted this Term, as well as the other applicable contractual conditions. If you do not agree, the User should not use the Services.

Description of Services 

Enlighten offers proprietary technology for the automation of public data capture, in compliance with Brazilian legislation and ethical principles that govern its activities.

The Services include:
 
- Automated access to the official websites of the Brazilian Judiciary (State, Federal and Labor Courts);
- Data capture from EPROC, ESAJ and PROJUDI systems, depending on technical availability.

Enlighten doesn't: 

- Administer, change or manage data published by the Courts;
- Guarantees uninterrupted or unblocked access;
- Filtering the importance or relevance of the information collected.

The availability of the Service is subject to the operation of the platforms maintained by public agencies and is subject to interruptions, failures, or changes without notice.

Capture Definition

For the purposes of this Term, “Capture” refers exclusively to the technological and operational procedures described here. Any additional data collection, treatment, or filtering service must be subject to a specific contract and additional charge.

Integration with Third-Party Tools

The Customer may integrate external data capture tools with ENSPACE through an API key issued by Enlighten;

The responsibility for the transaction and integrity of the data between systems will be the sole responsibility of the Customer;

The third-party service provider must formally declare legal compliance and adherence to the information security protocols required by Brazilian law.

Exclusions — Electronic Justice Journals (“DJE”)

Enlighten does not capture information directly from Electronic Justice Journals (“DJE” or “official publications”).
‍
That way: 

There is no commitment to locating customer data through this technology;
No searches are carried out for keywords, names of lawyers, or any other terms in the DJE, except through a duly integrated and legally compliant third-party tool.
 
Information available on the Services

The customer who contracts the Public Data Capture package will have access to the following information, according to current business conditions:

Information available on the Services

The customer who contracts the Public Data Capture package will have access to the following information, according to current business conditions:

Search Criteria:

(a) Name/Company Name

(b) CNPJ

(c) OAB

(d) Process Number

Collection Method:

New Processes: Research conducted for the correlation between Corporate Name and/or CNPJ;

Procedural Proceedings: Search by process number and collection of new developments not previously registered in ENSPACE.

Billing:

New Processes: Researched daily; each occurrence found according to the contracted criteria will be charged on a unitary basis;
 
Procedural Proceedings: Charged based on the contracted package, considering the daily number of processes monitored. Upon reaching the package limit, the Customer will automatically be migrated to the next price level;

Additional searches outside the contracted scope will be charged separately, per unit.

Enterprise Customers

Customers on the Enterprise plan, with dedicated URL and customized services, can request exclusive projects, which will be charged separately and will depend on Enlighten's operational availability.

Legal Compliance

Enlighten complies with Brazilian legislation regarding access to public data;
The Customer is responsible for ensuring that the use of the data obtained complies with all applicable laws in their territory of operation.
 
Limitation and Liability

Enlighten is not responsible for:

- Unavailability, alteration, or inaccuracy of the data provided by the Courts;
- Interruptions or failures resulting from public agency infrastructure;
- Indirect, incidental, or consequential damages resulting from the use of the Services.

Enlighten's total liability, in any case, will be limited to the amount actually paid by the Customer in the six (6) months preceding the event that gave rise to the demand.

Term and Termination:

This Term is effective immediately and applies to all current ENSPACE contracts, with retroactive effect to the date of signature of each contract.
‍
Enlighten may suspend or terminate the Services if:
- Default;
- Breach of this Term;
- Legal or regulatory determination.
 
Applicable Jurisdiction and Legislation:

This Term will be governed by the laws of the Federative Republic of Brazil. The district court of São Paulo/SP is elected, with the waiver of any other, however privileged, to settle any dispute arising from this Term.

General Provisions:

This document constitutes the entire agreement between the parties with respect to the ENSPACE Data Capture Services and supersedes any prior oral or written understandings regarding the same subject matter.