Privacy Policy.
How we handle personal data on enterprisesight.com. We aim to be specific. If anything below isn't clear, write to privacy@enterprisesight.com.
Last updated: 10 May 2026.
This is a draft prepared during a site rebuild. Final wording will be reviewed by counsel before publication. Items in [brackets] are open decisions, listed at the bottom.
Who we are
Enterprise Sight (the “Company”, “we”, “us”, “our”) is a California stock corporation, entity number 5950627, registered with the California Secretary of State on 23 October 2023, with working teams in San Francisco, Sacramento, Portugal, and Hong Kong. Our website is enterprisesight.com.
The data controller for personal data collected through this website is Enterprise Sight. The contact for privacy questions is privacy@enterprisesight.com.
What this policy covers
This policy applies to enterprisesight.com.
It does not apply to:
- Our blog at blog.enterprisesight.com, which is hosted separately on WordPress and has its own notice.
- Engagement-stage processing once a client signs a Master Services Agreement. That is governed by the Data Processing Addendum to that agreement.
Information we collect
When you visit the website, we collect:
- Server logs. Your IP address, the pages you visit, the date and time of your visit, your user-agent string, and the referrer that brought you here. Written by our hosting provider for security and operational purposes.
- Analytics data, only if you have given consent through our cookie banner. See the Cookies section below.
- Information you give us directly. When you book a call or send us an email, you give us your name, your work email, the company you work for, and whatever else you choose to include in the conversation.
We do not run an account system. There is no login on this site. We do not request social-login through Google, Facebook, LinkedIn, or any other third party.
Cookies and similar technologies
When you arrive at enterprisesight.com, we set only the cookies needed to make the site work. We do not set analytics or marketing cookies until you give consent through the cookie banner.
| Category | Purpose | Examples | Duration | Consent required? |
|---|---|---|---|---|
| Strictly necessary | Records your cookie-banner choice so the banner does not reappear on every visit. | klaro | 12 months | No (PECR exemption). |
| Analytics | Helps us understand which pages people read, how they got here, and where they leave. | _ga, _ga_[MEASUREMENT_ID] (Google Analytics 4) | 24 months | Yes. |
We use Google Analytics 4, supplied by Google LLC and Google Ireland Limited. Google Analytics 4 does not store the full IP address; it derives an approximate location and discards the IP. Analytics data is processed by Google in the United States. Google relies on the EU-US Data Privacy Framework (and its UK extension) as the lawful transfer mechanism, with Standard Contractual Clauses as a fallback.
You can change your cookie choice at any time through the Manage cookies link in the footer.
We use no advertising, retargeting, or social-media tracking cookies. We do not embed third-party video or media players that set cookies.
How we use your information, and the lawful basis under UK and EU law
For visitors in the UK or the EEA, the UK GDPR and the EU GDPR require us to state our lawful basis for each processing activity.
| Purpose | What we do | Lawful basis |
|---|---|---|
| Run the website | Serve pages, log requests for security and uptime. | Legitimate interests (Art 6(1)(f)) — operating a marketing website securely. |
| Analytics | Aggregate traffic data via Google Analytics 4. | Consent (Art 6(1)(a) and PECR Reg 6). |
| Respond to enquiries | Reply to email at info@enterprisesight.com. | Legitimate interests (Art 6(1)(f)) — responding to people who have contacted us. |
| Calendar bookings | Operate the call-scheduling link. | Steps prior to entering a contract (Art 6(1)(b)). |
| CRM follow-up | Hold notes on the conversation in our CRM. | Legitimate interests (Art 6(1)(f)) — managing a B2B sales conversation that the prospect has initiated. |
| Compliance | Tax records, accounting records. | Legal obligation (Art 6(1)(c)). |
Sharing your information
We do not sell personal data. We do not share it for advertising. We do not enrich it from data brokers.
We do share with the following processors, each engaged under a written agreement:
| Processor | Purpose | Country |
|---|---|---|
| Google LLC / Google Ireland Limited | Google Analytics 4 (only with consent) | United States, Ireland |
| IONOS | Web hosting | Germany |
| Cloudflare, Inc. | DNS, edge caching, SSL termination | United States |
[CALENDAR_PROVIDER] | Calendar booking | [JURISDICTION] |
[EMAIL_PROVIDER] | Inbound and outbound email at the privacy@, and info@ addresses | [JURISDICTION] |
[CRM_PROVIDER] | Customer-relationship management for prospect and client records | [JURISDICTION] |
We may disclose personal data when legally compelled (a valid court order or lawful regulatory request) or where necessary to defend our legal rights. We do not respond to requests we believe are unlawful.
International transfers
The Company is established in the United States. We have working teams in Portugal (EEA) and Hong Kong. Personal data we collect may be transferred to the United States, the EEA, the UK, or Hong Kong, depending on which team is handling it.
For transfers from the UK or the EEA to the United States, we rely on:
- The EU-US Data Privacy Framework and its UK extension, where the receiving organisation is certified. Google is so certified.
- Standard Contractual Clauses issued by the European Commission, with the UK Addendum where applicable, where DPF certification does not apply.
You can request a copy of the safeguards in place by writing to privacy@enterprisesight.com.
Retention
We hold personal data only as long as needed.
| Data | Retention |
|---|---|
| Server access logs | 30 days. |
| Cookie consent record | 12 months from your last visit, or until you change your choice. |
| Analytics data (Google Analytics 4) | 14 months. |
| Inbound email correspondence | 24 months from the last reply, unless an engagement has begun. |
| CRM records of prospects who did not engage | 24 months from the last contact. |
| Engaged-client records | 7 years from end of engagement, for tax, accounting, and audit purposes. |
When the period ends we delete or anonymise the data, unless a legal obligation requires longer retention.
Your rights
If you are in the UK or the EEA
Under UK GDPR and EU GDPR you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request erasure (the “right to be forgotten”), subject to our legal-retention obligations.
- Restrict processing.
- Receive your data in a portable format.
- Object to processing carried out under legitimate interests.
- Withdraw consent at any time, where consent is the lawful basis.
- Lodge a complaint with a supervisory authority. Lead authorities for our offices:
- UK: Information Commissioner’s Office (ICO), ico.org.uk.
- Portugal: Comissão Nacional de Protecção de Dados (CNPD), cnpd.pt.
To exercise any right, write to privacy@enterprisesight.com. We respond within 30 days.
If you are in California
Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, California residents have the right to:
- Know what personal information we collect, why, and with whom we share it.
- Delete personal information we hold about you.
- Correct inaccurate personal information.
- Opt out of “sale” or “sharing” of personal information for cross-context behavioural advertising. We do not sell or share personal information in this sense.
- Limit the use of “sensitive personal information”. We do not use sensitive personal information for any purpose that triggers this right.
- Be free from retaliation for exercising any right.
To exercise any right, write to privacy@enterprisesight.com. You may use an authorised agent.
If you are in Hong Kong
Under the Personal Data (Privacy) Ordinance you have the right to access and correct personal data we hold about you. Write to privacy@enterprisesight.com.
Everyone else
If you are outside the jurisdictions above and your local law gives you privacy rights, write to privacy@enterprisesight.com and we will respond.
Security
We use reasonable measures to protect personal data, including TLS in transit, access controls on our systems, and processor agreements with our suppliers. No method of transmission or storage is fully secure. If we discover a breach affecting your personal data we will notify the relevant supervisory authority and, where required, you, within the timeframes the law sets.
Children
This is a B2B website. It is not directed at children. We do not knowingly collect personal data from anyone under 16. If you are a parent or guardian and you believe we hold data about a child, write to privacy@enterprisesight.com and we will delete it.
Links to other sites
We link to a small number of external sites, including blog.enterprisesight.com (our blog, hosted on WordPress) and the calendar booking page. We are not responsible for the privacy practices of any third party. Read their notices when you visit them.
Changes to this policy
We post material changes here, with an updated date at the top. For substantial changes we notify engaged clients directly. Continued use of the site after a change indicates acceptance of the updated policy.
Contact
For privacy questions, complaints, or to exercise any right above:
- Email: privacy@enterprisesight.com
- Post: Enterprise Sight, Sacramento, California, United States
- General contact: info@enterprisesight.com
You also have the right to complain to a data-protection regulator without going through us first. Contact details are listed under “Your rights” above.
Open items for solicitor review
Delete this section before publishing.
[CALENDAR_PROVIDER],[EMAIL_PROVIDER],[CRM_PROVIDER], and[JURISDICTION]placeholders. Fill in once decided.- Confirm the registered street address. Currently the policy shows the city only.
- The current live policy at enterprisesight.com/privacy-policy/ names the controller as “Enterprise Site” (no H), which does not match the registered entity (Enterprise Sight, California entity 5950627). Pull or correct that page before exposure grows.
- Confirm whether an Article 27 representative is required for the EEA. The Portugal office is likely an EEA establishment, in which case no separate Art 27 rep is needed and CNPD is the lead supervisory authority. Confirm.
- Confirm GA4 retention is set to 14 months on the property. Default for new properties is 2 months.
- Confirm IONOS server-log retention. Default may not be 30 days.
- Confirm the Hong Kong section is sufficient. PDPO obligations are lighter than GDPR but specific notice requirements may apply if HK residents are a material audience.
- Replace
[MEASUREMENT_ID]once the GA4 property is created.