Skip to content
EnableGRC
  • Our solution
  • Features
  • Pricing
Client login Register interest

Privacy Notice

Effective: 16 July 2026. Version: 1.0.

This notice explains how WislPort Compliance Limited (registered in Gibraltar, company number 124227) — trading as EnableGRC — (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our website, contact us, or engage our services. We are the data controller for the personal data described below.

We take data protection seriously — we advise our own clients on ISO 27001 and GDPR compliance, and we hold ourselves to the same standard. This notice is written to be understood, not to be clever.

1. Who we are

Legal entity WislPort Compliance Limited (registered in Gibraltar, company number 124227)
Trading as EnableGRC
Registered office G02, Eurocity, Gibraltar, GX11 1AA
EU presence Tallinn, Estonia (via e-Residency)
Primary supervisory authority Gibraltar Regulatory Authority (GRA)
Contact for data protection privacy@enablegrc.ai

For the purposes of the UK GDPR and EU GDPR, we act as data controller for the personal data described in this notice. Where we provide services to clients, the contractual terms of engagement may designate us as a processor for specific datasets — in those cases, the client’s own privacy notice governs.

2. What personal data we process

We process the following categories:

2.1 Information you give us directly

Data Context Lawful basis
Name, email, company, role Booking an intro call, emailing us Legitimate interests (responding to a business enquiry); ultimately necessary for contract if we engage
Phone number Optional on booking form Consent (provided at booking)
Message content What you write in your message or enquiry Legitimate interests
Meeting notes and outcomes Recorded during and after calls for continuity Legitimate interests

2.2 Information collected automatically when you visit the site

Data Purpose Lawful basis
Aggregated, anonymised page views Understand which content is useful (via Plausible Analytics — cookieless, no IP retained) Legitimate interests
Server logs (IP address, user agent, timestamp) Site security, incident investigation; retained 30 days Legitimate interests

We do not use advertising cookies, tracking pixels, or cross-site identifiers. See our Cookie Policy for details.

2.3 Information we receive from third parties

  • LinkedIn / referrals: if you reach us through an introduction or a LinkedIn connection, the introducer’s data and the context of the referral may be retained alongside your enquiry.

3. How we use your data

We use personal data for the following purposes:

  1. Responding to enquiries — if you book a call or email, we use your data to reply, prepare for the meeting, and follow up.
  2. Providing services — once you become a client, to deliver the engagement, invoice, and maintain working records.
  3. Firm administration — billing, accounting, tax compliance, and internal audit evidence.
  4. Regulatory compliance — satisfying our own obligations (AML, anti-bribery, tax, ISO management system records).
  5. Security — monitoring and protecting the website, email, and client-facing systems against attack.

We do not use personal data for marketing profiling, automated decision-making, or sale to third parties.

4. Who we share your data with

Personal data is accessed only by the people who need it: our team, and a small number of trusted service providers (processors) who operate under GDPR-compliant Data Processing Agreements.

Processor Purpose Location / data residency
Microsoft 365 (Exchange Online, SharePoint, OneDrive) Email, document storage, calendar EU datacentres (Ireland / Netherlands)
HubSpot CRM, meeting scheduling, deal tracking EU data residency option enabled
Plausible Analytics Cookieless, anonymous site analytics EU (Germany)
Cloudflare DNS, content delivery, bot protection Global edge; no personal data stored beyond edge logs
QuickBooks Invoicing and bookkeeping United Kingdom
Stripe / bank providers Payment processing for invoices UK / EU

We share personal data with these processors only to the extent necessary for the stated purpose. We do not sell personal data.

We may disclose personal data if legally required (court order, regulator request, criminal investigation). We will challenge overbroad requests and notify the data subject where not legally prohibited.

5. International transfers

Where data leaves the EU/UK (for example, to a US-based third-party subprocessor), we rely on the following safeguards:

  • Adequacy decisions (UK–EU; EU–UK)
  • Standard Contractual Clauses (SCCs) with equivalent safeguards for US or third-country transfers
  • Supplementary measures where SCCs alone are insufficient

6. How long we keep data

Data Retention Reason
Enquiries that do not convert 12 months So we can recognise you if you come back
Client engagement records 6 years after engagement ends Professional services retention standard; tax / audit
Financial and tax records 7 years Statutory
Internal audit + management review records Minimum 5 years ISO 27001 / 9001 evidence standards
Website analytics (Plausible) Aggregated indefinitely; no per-user data retained Legitimate interest
Server logs 30 days Security investigation window

After the retention period, data is deleted or irreversibly anonymised.

7. Your rights

Under UK and EU GDPR you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Erase data where we no longer have a basis to hold it
  • Restrict processing (temporarily freeze use pending a decision)
  • Portability of data you provided us
  • Object to processing based on legitimate interests
  • Withdraw consent where consent was the basis (e.g. phone number on booking)
  • Not be subject to automated decisions (not applicable — we don’t make automated decisions)

To exercise any right, email privacy@enablegrc.ai. We will respond within 30 days. We may ask you to verify your identity so we don’t disclose data to the wrong person.

If you are not satisfied with our response, you have the right to complain to:

  • Gibraltar Regulatory Authority (GRA) — https://www.gra.gi/ (primary)
  • UK Information Commissioner’s Office (ICO) — https://ico.org.uk/ (if you are in the UK)
  • Your local EU supervisory authority — if you are in the EU

8. Security

We maintain an Information Security Management System (ISMS) that is currently in certification for ISO 27001. Controls include access control, encryption in transit and at rest, incident response, staff security training, and regular audit. The full Statement of Applicability is available to clients under NDA.

9. Changes to this notice

We may update this notice to reflect changes in law, practice, or our services. The current version is shown at the top. Material changes will be notified via the site (banner) and, where we have a direct relationship with you, by email.

10. Contact

General hello@enablegrc.ai
Data protection queries privacy@enablegrc.ai
Postal G02, Eurocity, Gibraltar, GX11 1AA

EnableGRC

Simplify complexity. Power growth.

  • Privacy notice
  • Terms of use
  • Cookie policy