Last updated: 22nd May 2018
Enigma Marketing Services Limited (Enigma) is committed to protecting your privacy.
We are a private company established in England and Wales with company number 2897462 and registered office at The New Boat House, Mill Lane, Maidenhead, Berks SL6 0AA, and for the purposes of the General Data Protection Regulation (the “GDPR”) and any legislation in the UK implementing the GDPR, we are the data controller.
This Privacy Notice sets out the basis on which we will process any personal data we collect from you, or that you or third parties provide to us, in connection with your visit to our website. Please read this Privacy Notice carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data.
This Privacy Notice explains our policy in relation to:
- what information we collect or receive about you;
- how we use your information;
- who we share your information with;
- where and how long we will keep your data;
- how we keep your information safe;
- your rights regarding the personal information you provide to us;
- who you can contact if you have questions or complaints about how we process your information.
Information we collect about you and how we use it
Information you and your employer give us
You may provide certain personal data to us when using the website and when contacting us online, by phone, email, post or in any engagement or correspondence that you may have with us.
What types of personal information do we collect about you?
This Privacy Notice explains our policy in relation to:
- personal details such as your name, gender, age, email address, postal address, telephone or mobile number;
- technical information and other information about your visits to our website– you can find more information about this below.
How do we use your information?
We will use your personal information for the purposes of administering and managing the business of Enigma. More information on the purposes for which we process your data and the legal bases for this processing can be found by clicking here.
Where do we store your personal data?
The information that we collect from you will be transferred to, and stored at/processed in the EEA. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Notice.
We will only transfer your information outside of the EEA where we have adequate measures in place to provide appropriate safeguards such as the Privacy Shield (where recipients comply with the US Department of Commerce’s EU-US Privacy Shield) or Model Clauses (standard clauses produced by the EU Commission). Click here to learn more about these transfer mechanisms.
Keeping your information safe
Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through this website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.
How long will we keep your personal data?
We will retain your information in accordance with our Data Retention Policy which can be found here.
Your rights regarding the personal information you provide to us
You have certain rights in relation to the personal information we hold about you, which we detail below. Some of these only apply in certain circumstances as set out in more detail below. We also set out how to exercise those rights. Please note that we will require you to verify your identity before we respond to any of your requests. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please fill out the Subject Access Rights Form.
|Right of access||You have the right to know whether we process personal information about you, and if we do, to access information we hold about you and certain information about how we use it and who we share it with.
If you require more than one copy of the information we hold about you, we may charge an administration fee. We may not provide you with certain personal information if providing it would interfere with another’s rights (e.g. where providing the personal information we hold about you would reveal information about another person) or where another exemption applies.
|Right to rectification||The accuracy of the information we hold about you is important to us. Under the GDPR you have the right to access the information we hold about you and have any inaccuracies corrected. Where you request correction, please explain in detail why you believe the personal data we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that whilst we assess whether the personal data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.|
|Right to erasure||This is also known as the “right to be forgotten”. Please click here for more information about the circumstances in which you may request that we erase the personal data we hold about you.|
|Right to portability||You have the right to receive a subset of the personal data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such personal data to another party. The relevant subset of personal data is data that you provide us with your consent or for the purposes of performing our contract with you. Please click here for more information.
If you wish for us to transfer the personal data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal data or its processing once received by the third party. We also may not provide you with certain data if providing it would interfere with another’s rights (e.g. where providing the personal data we hold about you would reveal information about another person or our trade secrets or intellectual property).
|Restriction of Processing to Storage Only||You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the personal data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).
Please click here for more information on the circumstances in which you may request that we stop processing and just store the personal data we hold about you.
When you visit our website, we collect technical information about your computer, such as your internet protocol address (which is a number that can uniquely identify a specific computer on the internet), time zone setting, your login information, browser type and version, browser plug-in types and versions, operating systems and platforms.
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at firstname.lastname@example.org and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to raise a complaint with a relevant data protection supervisory authority.
Changes to our Privacy Notice
Any changes we make to our Privacy Notice in the future will be posted on this page and we will notify our users. Please check back frequently to see any updates or changes to our Privacy Notice. Any changes to this Privacy Notice will become effective when we post the revised Privacy Notice on our website. Your use of the website, or continued participation in Enigma, following these changes means that you accept the revised Privacy Notice. This Privacy Notice was last updated in May 2018.
If you have any questions, comments or requests regarding any aspect of this Privacy Notice, please do not hesitate to contact us at:
By post: Enigma Marketing Services ltd, the New Boat House, Mill Lane, Maidenhead, Berks SL6 0AA UK
By email: email@example.com
By phone from within the UK: 01628 580058
By phone from outside the UK: +44 1628 580058
Who do we share your personal data with?
The categories of recipients include:
- our affiliate companies, Enigma Marketing Inc. Enigma Marketing Pty Ltd, to manage and administer marketing campaigns;
- cloud and other data storage providers, to store the personal data you provide and for disaster recovery services, as well as for the performance of any contract we enter into with you;
- IT Services providers;
- external printing and mailing support providers;
- legal and other professional advisers located in Europe, to provide us with legal and other professional services (who in certain circumstances will also be ‘data controllers’);
We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
- comply with a legal obligation, process or request;
- enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
- detect, prevent, investigate or otherwise address security, fraud or technical issues; or
- protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
We will also disclose your information to third parties:
- in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or
- if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.
Your Right to Erasure
You may request that we erase the personal data we hold about you in the following circumstances:
- you believe that it is no longer necessary for us to hold the personal data we hold about you;
- we are processing the personal data we hold about you on the basis of your consent (for more information click here), and you wish to withdraw your consent and there is no other ground under which we can process the personal data;
- we are processing the personal data we hold about you on the basis of our legitimate interest (for more information click here), and you object to such processing. Please provide us with details as to your reasoning so that we can assess whether there is an overriding interest for us to retain such personal data; or
- you believe the personal data we hold about you is being unlawfully processed by us.
Also note that you may exercise your right to restrict our processing the data whilst we consider your request as described below.
Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. Please note, however, that we may retain the personal data if there are valid grounds under law for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case.
Where you have requested that we erase data that we have made public and there are grounds for erasure, we will use reasonable steps try to tell others that are displaying the data or providing links to the data to erase the data too.
Restriction of Processing to Storage Only
You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the personal data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).
You may request we stop processing and just store the personal data we hold about you where:
- you believe the personal data is not accurate for the period it takes for us to verify your claim;
- we wish to erase the personal data as the processing we are doing is unlawful but you want us to retain the personal data for storage but not further process it;
- we wish to erase the personal data as it is no longer necessary for our purposes but you require it to be stored for the establishment, exercise or defence of legal claims; or
- you have objected to us processing personal data we hold about you on the basis of our legitimate interest (for more information click here), and you wish us to stop processing the personal data whilst we determine whether there is an overriding interest in us retaining such personal data.
You also have the right to object to our processing of data about you and we will consider your request in other circumstances as detailed below by filling out the Subject Access Rights Form and submitting it to firstname.lastname@example.org
You may object where:
- we are processing the data we hold about you on the basis of our legitimate interest or public interest (for more information click here), and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. Also note that you may exercise your right to request that we stop processing the data whilst we make the assessment on an overriding interest by ticking the box for that purpose on the Subject Access Rights Form.;
- we are processing the data on the basis of historical/scientific research or statistics and you have a particular reason to object. Your right would not apply where we have been tasked with and it is necessary for us to undertake such processing in the public interest.
- Privacy Shield: the relevant recipient will comply with the US Department of Commerce's EU-US Privacy Shield and has certified that it adheres to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield website.
- Model Clauses: The personal data that we collect from you will be transferred to, stored at and/or processed by the relevant recipient under a written agreement incorporating the EU Commission’s model clauses for the transfer of personal data to third countries (the ”Model Clauses”), pursuant to Decision 2010/87/EU. A copy of these Model Clauses is available upon request. Please see section “Contact” of this Privacy Notice on how to request a copy.