01Who we are
Entero Strategies Ltd. ("Entero", "we", "us", "our") is a company incorporated in Israel, providing boutique consulting and solutions services in technology and data compliance, including DPO-as-a-Service, CISO-as-a-Service, GRC operations, product compliance, and professional training.
This Privacy Policy explains how we collect, use, disclose and protect personal data when you visit entero.io (the "Site"), contact us, register for our events, or subscribe to our mailing list.
For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the UK GDPR, and the Israeli Protection of Privacy Law, 5741-1981, as amended (including by Amendment 13, in force 14 August 2025) and its regulations ("Israeli Privacy Law"), Entero Strategies Ltd. is the controller of the personal data described in this Policy.
When we act as an outsourced DPO, CISO, or compliance consultant for a client, we generally process personal data on that client's behalf as a processor, under a written data processing agreement. That processing is governed by our agreement with the client and by their privacy notice, not by this Policy. This Policy covers only personal data for which Entero itself decides the purposes and means: primarily website visitors, enquirers, event attendees, mailing list subscribers, and business contacts.
Contact
| Purpose | Address |
|---|---|
| Privacy, data protection and data subject requests | privacy@entero.io |
| All other enquiries | info@entero.io |
Data Protection Officer. We are not required to appoint a Data Protection Officer under Article 37 GDPR, and we have assessed that the mandatory appointment criteria under Amendment 13 to the Israeli Protection of Privacy Law do not apply to us. Privacy matters are handled directly by our senior team via privacy@entero.io.
02What personal data we collect
2.1Data you give us
| Where | Data collected |
|---|---|
| Contact / enquiry form | First name, last name, email address, company website (optional), the content of your message, and your consent indication |
| Mailing list signup | First name, last name, email address |
| Event, workshop and training registration | Name, email address, organisation, role, and any dietary or accessibility requirements you choose to share. For paid sessions, billing details |
| Direct correspondence | Anything you include when you email, call, or message us |
You do not have to give us any of this data. If you choose not to, we may be unable to answer your enquiry or register you for an event.
2.2Data we collect automatically
When you visit the Site, our hosting infrastructure records standard technical data, including your IP address, browser type and version, device type, operating system, referring URL, and the pages you view together with timestamps. This is generated automatically by the web server and is used for security, abuse prevention, and keeping the Site running.
We also store a cookie recording your cookie preferences, so that we do not have to ask you again on every page. See Section 6.
2.3Data we do not want
Please do not send us special category data (health, biometric, religious or political information, trade union membership, sexual orientation), criminal offence data, or confidential client information through our website forms or general email. If you need to share sensitive material with us in the course of an engagement, contact us and we will arrange a secure channel.
The Site is intended for business and professional users aged 18 or over. We do not knowingly collect personal data from anyone under 18, and the Site is not directed at children.
03Why we process your data, and on what legal basis
| # | Purpose | Data used | Legal basis (GDPR) |
|---|---|---|---|
| 1 | Responding to your enquiry or request for information | Contact form data, correspondence | Legitimate interests, Art. 6(1)(f): answering someone who has asked us to get in touch. Where you have also given consent on the form, we treat that consent as confirming your request and you may withdraw it at any time |
| 2 | Registering and running events, workshops, trainings and Q&A sessions, and issuing certificates | Registration data | Contract, Art. 6(1)(b): performance of your registration |
| 3 | Photographing or recording our events | Image, voice | Consent, Art. 6(1)(a). We tell you in advance and you may opt out. See Section 6 of our Terms |
| 4 | Operating our community channels and moderating participation | Profile and posted content | Contract, Art. 6(1)(b): participation terms |
| 5 | Providing our consulting and professional services to clients, and managing the client relationship | Business contact details of client personnel | Legitimate interests, Art. 6(1)(f): administering a B2B relationship with our client's staff |
| 6 | Sending our mailing list and newsletter | Name, email | Consent, Art. 6(1)(a), and prior express consent under s.30A of the Israeli Communications Law. You may withdraw at any time |
| 7 | Sending existing clients information about similar professional services | Business contact details | Legitimate interests, Art. 6(1)(f), within the "soft opt-in", subject to an unsubscribe link in every message and to the existing-customer exception in s.30A of the Israeli Communications Law |
| 8 | Maintaining a suppression list, so that we do not contact you again after you unsubscribe | Email address only | Legal obligation, Art. 6(1)(c): giving effect to your objection under Art. 21(3) |
| 9 | Operating, securing and maintaining the Site, and preventing fraud and abuse | Technical and server data | Legitimate interests, Art. 6(1)(f): network and information security |
| 10 | Accounting, invoicing, tax and statutory record-keeping | Billing and transaction data | Legal obligation, Art. 6(1)(c) |
| 11 | Establishing, exercising or defending legal claims | As relevant | Legitimate interests, Art. 6(1)(f): protecting our legal position |
| 12 | Non-essential cookies | See Section 6 | Consent, Art. 6(1)(a), and Art. 5(3) ePrivacy Directive |
| 13 | Strictly necessary cookies | See Section 6 | Exempt from consent under Art. 5(3) ePrivacy Directive. Legitimate interests, Art. 6(1)(f), for any onward processing of the data they generate |
Where we rely on legitimate interests, we have carried out a balancing assessment and concluded that our interests, being the operation of a secure website, the running of our events, the maintenance of professional relationships, and the defence of our legal position, do not override your rights and freedoms. You have the right to object. See Section 9.
In accordance with the notice duty in section 11 of the Protection of Privacy Law as amended by Amendment 13:
- you are not under any legal obligation to give us your personal data;
- you give it of your own free will, so that we may contact you or provide the information or services you have asked for;
- if you choose not to give it, the consequence is that we may be unable to respond to you or register you;
- except that where you register for a paid event, providing billing and invoicing data is a contractual requirement and, for the invoice itself, a statutory requirement under Israeli tax law. Without it we cannot complete the transaction.
04Automated decision-making
We do not carry out automated decision-making that produces legal effects concerning you or similarly significantly affects you, and we do not engage in profiling for such purposes.
05Who we share your data with
We do not sell your personal data. We have never sold personal data, and we do not share it for cross-context behavioural advertising. We disclose personal data only as follows.
5.1Service providers (processors)
We use a small number of vendors who process personal data strictly on our documented instructions, under written agreements meeting Article 28 GDPR:
| Category | What they do |
|---|---|
| Website hosting and infrastructure | Host the Site and its server logs |
| Consent management platform | Records and stores your cookie preferences |
| Email and productivity services | Handle our correspondence and internal documents |
| Email marketing platform | Delivers our mailing list, where you have subscribed |
| Event registration and scheduling tools | Manage registrations for our events and sessions |
| Payment processor | Handles payment for paid sessions. We do not store your full card details |
| Professional advisers | Accountants, auditors and lawyers, bound by professional confidentiality |
A current, named list of the processors we use is available on request from privacy@entero.io.
5.2Legal and regulatory disclosure
We may disclose personal data where required by applicable law, court order, or a lawful request from a competent authority, or where necessary to establish, exercise or defend legal claims.
5.3Corporate transactions
If Entero is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify you and this Policy will continue to apply until superseded.
06Cookies and similar technologies
We use a consent management platform. On your first visit you are offered a clear choice: Accept all, Reject all, or Preferences.
| Category | Purpose | Consent required |
|---|---|---|
| Strictly necessary | Keep the Site functioning, maintain security, and remember your cookie choice so we do not re-ask on every page | No |
| Functional | Remember preferences such as language, where offered | Yes |
| Statistics and analytics | Understand aggregate Site usage so we can improve it, where enabled | Yes |
| Marketing | We do not currently use marketing or advertising cookies, and we do not run advertising pixels or trackers on the Site | Yes, if ever introduced |
You can change or withdraw your cookie consent at any time via the cookie preferences control on the Site, and you can block or delete cookies through your browser settings. Blocking strictly necessary cookies may cause parts of the Site to stop working.
Our detailed Cookie Policy and preferences, listing each cookie category, its purpose and how to change your choice, are available from the cookie control on the Site.
We do not respond to browser "Do Not Track" signals, as no common standard for them has been adopted. We do honour Global Privacy Control (GPC) signals where our platform supports them.
07International transfers
Entero is established in Israel. We do not have an establishment in the European Union or the United Kingdom. Some of our service providers are located outside the EEA, including in the United Kingdom and the United States.
Transfers to Israel
The European Commission's adequacy decision for Israel (Decision 2011/61/EU) remains in force. Note that it is scope-limited: it covers automated international transfers of personal data, and non-automated transfers where the data is subject to further automated processing in Israel. Where a transfer to us falls outside that scope, or if the adequacy decision were at any time suspended, repealed or found invalid, we will transfer personal data only under Article 46 GDPR safeguards, principally the European Commission's Standard Contractual Clauses, and we will update this Policy accordingly. The United Kingdom currently recognises Israel as adequate on a materially equivalent, and equally scope-limited, basis.
Data imported into Israel from the EEA
Where we receive personal data from the EEA, we also comply with the Protection of Privacy Regulations (Instructions for Data Transferred to Israel from the European Economic Area), 5783-2023. Among other things, these require us to delete data that is no longer needed for the purpose it was transferred for, to keep it accurate and up to date, to notify you of a transfer in the circumstances the Regulations specify, and to honour a right to erasure in respect of data on EEA data subjects.
Transfers elsewhere
Where we transfer personal data to a country not covered by an adequacy decision, we rely on appropriate safeguards under Article 46 GDPR, principally the Standard Contractual Clauses (and the UK International Data Transfer Addendum where relevant), supported by a transfer impact assessment and supplementary technical and organisational measures where required.
Transfers out of Israel
These are made in accordance with the Protection of Privacy (Transfer of Data to Databases Abroad) Regulations, 5761-2001.
You may request a copy of the relevant safeguards by writing to privacy@entero.io.
08How long we keep your data
| Data | Retention |
|---|---|
| Website enquiries that do not become a relationship | 12 months from last contact, then deleted |
| Mailing list subscribers | Until you unsubscribe, plus a suppression record kept indefinitely so we do not re-contact you |
| Event and training registrations | 24 months after the event. Certificates and their issuance records, 7 years |
| Client relationship records | Duration of the engagement plus 7 years, to meet professional, tax and limitation requirements |
| Invoices, accounting and tax records | 7 years, as required by Israeli tax law |
| Server and security logs | 12 months |
| Event photographs and recordings | 24 months after the event, unless we have your consent to keep them longer |
| Records of consent and consent withdrawal | 7 years from the date the consent was given or withdrawn, as evidence of compliance |
Where we no longer need personal data, we delete it or irreversibly anonymise it.
09Your rights
Subject to the conditions in applicable law, you have the right to:
- Access. Obtain confirmation of whether we process your data, and a copy of it.
- Rectification. Have inaccurate or incomplete data corrected.
- Erasure. Have your data deleted where one of the grounds in Art. 17 GDPR applies.
- Restriction. Have processing limited in the circumstances set out in Art. 18 GDPR.
- Portability. Receive data you provided to us, in a structured, commonly used, machine-readable format, and have it transmitted to another controller where technically feasible.
- Object. Object at any time to processing based on legitimate interests, on grounds relating to your particular situation, and object absolutely and at any time to direct marketing.
- Withdraw consent at any time, where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Not be subject to automated decisions producing legal or similarly significant effects. We do not carry out such processing.
Under Israeli Privacy Law
Regardless of your country of residence, you additionally have:
- the right of review of data held about you in our database, under s.13 of the Protection of Privacy Law;
- the right to request correction, completion or deletion of data that is incorrect, incomplete, unclear or out of date, under s.14. If we refuse, we will tell you why, and you may appeal to a court;
- the right to demand removal of your details from a database used for direct marketing or direct-mailing services, under s.17F;
- where we hold personal data transferred to us from the EEA, the right to erasure under the Protection of Privacy Regulations (Instructions for Data Transferred to Israel from the EEA), 5783-2023.
California
We do not believe Entero meets the thresholds for a "business" under the CCPA/CPRA. To the extent the CCPA/CPRA nonetheless applies to you, you may exercise the rights to know, delete, correct, and to opt out of sale or sharing. We do not sell or share personal information as those terms are defined, we do not use or disclose sensitive personal information for purposes requiring an opt-out, and we will not discriminate against you for exercising your rights.
How to exercise your rights
Write to privacy@entero.io. We will respond without undue delay and within one month of receiving your request. Where a request is complex, or where you have made several, we may extend that period by up to two further months. If we do, we will tell you within the first month and explain why.
We do not charge a fee, unless a request is manifestly unfounded or excessive. We may need to verify your identity before acting, and will only ask for what is proportionate to do so.
You may use an authorised agent, provided we receive satisfactory evidence of their authority.
Complaints
If you are unhappy with how we have handled your data, please tell us first at privacy@entero.io. You also have the right to lodge a complaint with a supervisory authority:
- EEA. The supervisory authority in your Member State of residence, place of work, or of the alleged infringement. A list is maintained at edpb.europa.eu.
- United Kingdom. The Information Commissioner's Office, ico.org.uk.
- Israel. The Privacy Protection Authority, Ministry of Justice, gov.il.
10Security
We maintain technical and organisational measures appropriate to the risk, in line with Article 32 GDPR and the Protection of Privacy (Data Security) Regulations, 5777-2017. These include encryption in transit (TLS), access control on a least-privilege basis, multi-factor authentication on administrative accounts, logging and monitoring, vendor due diligence, staff confidentiality obligations and training, and an incident response procedure.
No system is perfectly secure. If a personal data breach occurs:
- Under the GDPR, we will notify the competent supervisory authority within 72 hours where the breach is likely to result in a risk to your rights and freedoms, and will notify you directly without undue delay where it is likely to result in a high risk to you.
- Under Israeli law, we will notify the Privacy Protection Authority of a severe security incident immediately, as required by the Protection of Privacy (Data Security) Regulations, 5777-2017, and will notify affected data subjects where the Authority so directs.
11Third-party links
The Site links to third-party websites, events and partner organisations. We are not responsible for their content or their privacy practices. Read their privacy notices before providing them with your data.
12Changes to this Policy
We may update this Policy from time to time. The current version is always posted here with its effective date and version number. Where changes are material, we will post a prominent notice on the Site in advance, and will additionally email you if we hold your address and the change materially affects you.
We will not materially reduce your rights in respect of data already collected without your consent, where consent is required.
13Contact
Entero Strategies Ltd.
Israel
Privacy and data protection: privacy@entero.io
General enquiries: info@entero.io