Privacy Policy

I. That Enydos provides a private, personal, and discreet matchmaking service to facilitate introductions between potentially compatible individuals in Mallorca, based on interviews, verification, and manual curation, without dating apps, without public disclosure of identifying information, and with anonymized narrative profiles, as described in the Terms and Conditions, General Terms and Conditions, website content, and FAQ.

II. That, in order to provide the service (including onboarding, personalized advice, reasonable verification, creation of a narrative profile, selection of matches, coordination of introductions, support, and follow-up), Enydos needs to process the personal data of the Client and, where applicable, of third parties (e.g., potentially compatible candidates) under strict criteria of confidentiality and control over data sharing.

III. That Enydos will maintain a multi-layered transparency system on the website and at data collection points (forms, email, interviews), supplemented by a Privacy Policy and, where applicable, by specific consent notices for particular data sharing, consistent with the particularly discreet nature of the service.

1.- Purpose, Scope, and Compliance Framework

This document governs the conditions applicable to the processing of personal data carried out by Enydos within the framework of: (i) responding to requests for information received via email; (ii) the subscription to membership plans (Private or Silent) and customized services; (iii) the onboarding process and interviews; (iv) the creation, storage, and use of anonymized narrative profiles; (v) manual curation, selection of matches, and organization of introductions; (vi) the management of Private Salons and other invitation-only meeting formats; (vii) customer service, complaints, incidents, and the exercise of rights; and (viii) compliance with legal obligations. 

2.- Operational definitions and data categories

For the purposes of these terms: (i) “Personal data” means any information relating to an identified or identifiable natural person; (ii) “Processing” means any operation performed on personal data (collection, recording, organization, storage, use, disclosure, erasure, etc.); (iii) “Narrative profile” means the descriptive dossier created by Enydos for manual curation and presentations, which is designed without direct identifying data or photographs and can be translated and printed on paper; and (iv) “Safe Circle” means the limited, private community of verified members within which Enydos operates the service. 

3.- Roles and Responsibilities in Data Processing

In general, Enydos acts as the data controller with respect to personal data processed for: (i) the provision of the service, its operational management, and monitoring; (ii) contracting and billing; (iii) customer service and complaints; and (iv) compliance with legal obligations. When Enydos uses vendors who access personal data to provide ancillary services (e.g., hosting, communication tools, document management, or support), such vendors will act as data processors, and their access will be formalized through the corresponding contract or other written legal instrument containing the required terms. 

4.- Applicable principles, privacy by design, and a discretion-based approach

Enydos will process data in accordance with the principles of lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; and integrity and confidentiality. Consistent with the “analog, curated, and discreet” nature of the service, Enydos will apply privacy-by-design and privacy-by-default measures, prioritizing: (i) the use of anonymized narrative profiles; (ii) sharing in stages and under the Client’s control; (iii) access limited to operational necessity; and (iv) the reduction of direct identifying data in initial presentations. 

5.- Purposes of Processing

Personal data will be processed, as appropriate, for the following main purposes:
a) managing requests for information, initial contact, and scheduling interviews (including video calls);
b) conducting the onboarding process: in-depth interviews, reasonable verification of data, creation of the narrative profile, translation, and preparation in a durable medium, primarily on paper;
c) to execute the membership and matchmaking service: manual selection of matches, conversations prior to the first meeting, coordination of introductions, organization of first dates (including, if applicable, moderated introductions), feedback sessions, documentation of actions and recommendations;
d) managing silent membership: profile maintenance and selective consideration for one-off contacts when there is maximum compatibility with a private member;
e) organizing and managing invitations and attendance at Salons Privés and other private events (small, rotating guest lists), with measures of discretion;
f) providing contracted customized services (e.g., coaching/mentoring or others) when specifically agreed upon;
g) managing customer service, incidents, complaints, and record-keeping;
h) complying with legal, tax/accounting, and record-keeping obligations; 
i) Compile internal statistics that are non-identifying or pseudonymized/aggregated where possible, aimed at improving the service without revealing identities. 

6.- Legal Bases for Processing

The legal bases will be, depending on the specific processing: (i) the performance of a contract or the implementation of pre-contractual measures at the data subject’s request (e.g., interview request and onboarding process); (ii) compliance with applicable legal obligations (e.g., tax/accounting obligations); (iii) consent, when necessary for specific, distinct purposes; and/or (iv) legitimate interest, following a balancing test, for the ordinary management of the service, security, and the prevention of misuse, provided that the data subject’s rights and freedoms do not prevail. 

7.- Duty of information and layered transparency

Enydos will provide the required  information regarding the processing of personal data in a concise, transparent, and intelligible manner, utilizing a layered system: (i) a first layer at the point of collection (forms, initial contact email, or interview); and (ii) a second layer easily accessible in the Privacy Policy published at the URL Privacy Policy. Such information shall include, in particular: the identity of the data controller, purposes, legal basis, recipients, retention periods, and the data subject’s rights, as well as, where applicable, international transfers and automated decision-making. 

8.- Recipients, Disclosures, and “Step-by-Step Sharing” with Third Parties

• In general, data may be disclosed: (i) to the data subject themselves; (ii) to administrative/judicial authorities or law enforcement agencies when there is a legal requirement or a decision by a competent authority; and (iii) to suppliers acting on behalf of Enydos as data processors, under contract and with appropriate safeguards. 

• Disclosures and sharing: given the nature of the service, Enydos will share information with potential recipients gradually and under the Client’s control. As an operational rule, identifying information (name, contact details, address, or other direct identifiers) will only be shared when there is express consent for that specific action or another mechanism agreed upon in the engagement, and when the other party also consents to the reciprocal sharing. This sharing is neither public nor widespread and is carried out under strict criteria of necessity and discretion . 

9.- Data processors, sub-processors, and contractual safeguards

When Enydos engages service providers that process data on its behalf (e.g., hosting, corporate email, calendar tools, document management, or CRM), it will enter into a data processing agreement with them that includes the required provisions, such as: processing only in accordance with documented instructions; a confidentiality commitment from authorized personnel; security measures; assistance in exercising data subject rights; a system for authorized sub-processing; assistance in the event of data breaches; return or deletion upon termination; and provision of information to demonstrate compliance and facilitate audits. If the processor engages sub-processors, equivalent obligations shall apply. 

10.- Enhanced Confidentiality and Client Obligations Regarding Third-Party Protection

• Enydos personnel and, where applicable, those of processors/subprocessors shall be subject to a duty of confidentiality regarding personal data and any information accessed within the scope of the service, with this obligation remaining in effect even after the professional or contractual relationship has ended. 

• The Client undertakes to maintain the strictest confidentiality regarding any information received from other persons (profiles, identities, locations, data, or any circumstance that allows identification), and the copying, reproduction, forwarding, dissemination, publication, or exploitation of such information is prohibited, unless expressly authorized in advance by Enydos and/or the affected person. In the event of a breach, Enydos may suspend the service and, if applicable, terminate the contract for material breach, without prejudice to additional actions. 

11.- Retention periods and criteria for deletion/blocking

Personal data will be retained for as long as necessary to: (i) manage the pre-contractual and contractual relationship and provide the customized membership or service; (ii) manage incidents, inquiries, complaints, and maintain a documentary record of actions; (iii) respond to requests to exercise rights; and (iv) comply with legal obligations and address potential liabilities arising from the processing or the contractual relationship. Once these periods have expired, the data will be deleted or, where applicable, blocked/restricted to address liabilities. In the case of Silent Membership, the retention criterion is linked to the purpose of “indefinite presence,” and the data subject may request cancellation and deletion in accordance with applicable rights. 

12.- Security Measures and Incident Management

Enydos will implement appropriate technical and organizational measures to ensure a level of security commensurate with the risk, considering the service’s particularly sensitive nature from a reputational standpoint and the requirement for discretion. The measures may include, where applicable: access and role control; identity management; segregation of duties; traceability; encryption; backups; internal procedures; training; and vendor controls. In the event of a personal data breach, Enydos will implement internal procedures for detection, analysis, containment, logging, and documentation, and where required, will notify the supervisory authority and, where appropriate, inform the data subjects. 

13.- International Transfers

In the event that, due to the use of technology providers or third-party tools, international transfers of personal data are made outside the European Economic Area, Enydos will carry out such transfers in accordance with the safeguards required by the GDPR and the applicable Spanish framework, including, where appropriate, the adoption of standard contractual clauses or other appropriate safeguards, as well as supplementary measures if deemed necessary following a case-by-case analysis. This information will be provided in the Privacy Policy and/or in specific notices. 

14.- Cookies and Similar Technologies

The Enydos Website may use cookies and/or similar technologies. Non-exempt cookies (e.g., analytics or marketing) will only be installed if the user provides informed consent through a layered system and a settings panel that allows them to accept, reject, or configure by category, as well as modify their decision at any time. Detailed information is provided in the Cookie Policy: URL Cookies Policy . 

15.- Electronic Commercial Communications

When Enydos sends commercial communications via email or other equivalent means, such communications will comply with the applicable regulations, generally requesting prior consent when necessary, and incorporating simple and free mechanisms for to object or revoke consent. Email communications will include a valid email address to exercise this right. 

16.- Rights of data subjects and means of exercising them

Data subjects may exercise, where applicable, their rights of access, rectification, erasure, restriction of processing, objection, and data portability by submitting a request to Enydos via: privacy email and/or form and/or postal address, providing proof of identity through appropriate means. Enydos will respond within the legally prescribed timeframes and, if it does not comply with a request, will inform the data subject of the reasons and of the possibility of filing a complaint with the competent supervisory authority (AEPD). 

17.- Automated Decisions and Profiling

Enydos provides the service through manual curation and analog methodology. If, exceptionally, Enydos were to implement exclusively automated mechanisms that result in decisions with legal effects for the user or profiles with equivalent effects, the user will be informed of: (i) the existence of such decisions; (ii) the logic applied; and (iii) the significance and anticipated consequences, in accordance with the Privacy Policy and, where applicable, the Cookie Policy if tracking technologies are involved. 

18.- Identification of the data controller and contact information

Data Controller: Ms. MELLENTHIN, SABINE (Enydos).
NIE: Y7874213Q.
Business address: Carrer del 31 de Març, No. 1, 07570 Artà (Balearic Islands).
Privacy contact: contact@enydos.com
General contact: contact@enydos.com

19.- Appendix of minimum obligations for service agreements with suppliers

Ready-to-copy/paste clause for contracts with service providers (hosting, email, CRM, calendar tools) that expressly includes: documented instructions; staff confidentiality; security measures; assistance with rights; support in the event of breaches; subcontracting with authorization; return/deletion at the end of the service; and audits/verifications. 

20.- Annex on risk analysis and documentation of measures (accountability)

Section for internally documenting the proactive accountability approach: identification of processing activities; risk assessment (reputation, confidentiality, pseudonymization); technical/organizational measures; periodic reviews and document traceability, with reference to AEPD tools. 

21.- Appendix: Minimum Content Checklist for the Cookie Policy

Table/guide for completing the Cookie Policy: types and purposes, identified third parties, how to accept/reject/revoke, international transfers, duration (session/persistent), automated decisions if any, and rights with reference to privacy.