Our privacy promise
We care about your privacy.
Keeping your personal information safe matters to us. We take data protection seriously because we respect the trust that you place in us to use your personal information appropriately and responsibly.
You can be confident that:
- We will only use personal information in ways we need to and that are expected of us.
- We will make it easy for you to tell us how you want us to communicate with you including how to opt out from future communications.
- We will not share your information with third parties for their marketing purposes
- We will keep your data safe.
This policy covers how we treat the personal information that we collect when you use our website www.enigma-interactive.co.uk and our services, or when you contact us in any manner.
It sets out how we collect the information, what we collect, how we use it, how we safeguard it, your rights under the law and in particular your rights under the General Data Protection Regulations (GDPR).
Who we are
We are Enigma Interactive (company no. 03360519) and we are registered in the Information Commissioner’s Office (ICO) Register of Data Controllers with registration no. Z7608769
Personal data and processing – what is it?
Personal data means information (whether stored electronically or paper based) relating to a living individual that can be used to determine their identity. Examples include:
- Name, address, email address, social media posts, photos, passport, personal medical information (e.g. genetic, biometric – this is ‘sensitive personal data’, which can only be processed under strict conditions), IP addresses, bank details, National Insurance Number etc.
Processing is any activity that involves use of personal data. It includes obtaining, recording or holding the data, organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
Data protection principles - what are they?
When we process your personal data we’ll be guided by the following principles:
- Lawfulness, fairness and transparency - We’ll be open about what data processing we do, what is processed will match up with how we have described it and we shall comply with the law.
- Purpose limitations - We’ll only collect or obtain data for specified, explicit and legitimate purposes which can only be used for the processing purpose that we have made you aware of. If that changes, we’ll need your consent.
- Data minimisation - The data we collect will be adequate, relevant and limited to what is necessary.
- Accuracy - Our data will be accurate and where necessary, kept up to date.
- Storage limitations - Any personal data we keep will be kept for no longer than necessary and then removed / deleted.
- Integrity and confidentiality - We’ll put in place appropriate security measures to safeguard data and protect against unlawful processing or accidental loss, destruction or damage.
What data do we collect?
We only collect what we need to as a business.
Depending on your use of our site and the reasons you are contacting us, personal information we collect from you will include some or all of the following - your name, address, company name, job title, email address, IP address, date of birth, mobile or telephone number and information regarding what web pages are accessed on our site.
Data may be collected in the following ways:
- when you complete our website enquiry form, email us, phone us, or submit job applications
- by means of ‘cookies’ when you use our website – please see our Cookies Policy
- by means of ‘web beacons’ embedded in emails – please see our Cookies Policy
- in the form of ‘traffic data’
We keep a record of traffic data which is logged automatically by the server hosting our website. This includes your IP address, the website address you visited before ours and which pages you visit on our website. We do not store or analyse traffic data in a way that identifies any individual.
We use Lead Forensics, a 3rd Party IP address tracking technology to identify businesses visiting our site and the pages that are being used. This helps us analyse data about web page traffic in order to develop and improve our website for business visitors.
We may also collect information about you in other ways:
- during face-to-face meetings
- when you provide us with your business card
- if you are a client of ours – through our client relationship and contract
- indirectly, through one of our staff, a client of ours or a third party
- if you are a supplier of ours - through that relationship and any contract that is in place
- via a recruitment agent - if you are put forward for a vacancy
How we use your data and our legal basis for processing your data
There are six lawful bases for processing personal data and we will always use the most appropriate bases depending on our purpose for processing and our relationship with you.
1. Consent - when you give clear consent for us to process your personal data for a specific purpose
2. Contract - the data processing is necessary for a contract that we have with you, or you have asked us to take specific steps before entering into a contract
3. Legal obligation - the data processing is necessary for us to comply with the law—not including contractual obligations
4. Vital interests - the data processing is necessary for us to protect an individual’s life
5. Public task - the data processing is necessary for us to perform a task in the public’s interest or for our company’s official functions, and the task or function has a clear basis in law
6. Legitimate interests - the data processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data that overrides those legitimate interests
We’ll only process your information, where:
- you have given your consent to such processing (which you may withdraw at any time)
- the processing is necessary to provide our services to you
- the processing is necessary for compliance with our legal obligations
- the processing is necessary for our legitimate interests
When we use the basis ‘ legitimate interests’ this means that we will process your information when we have a genuine and legitimate reason to do so but that we are not harming or infringing on any of your rights.
Using great care, we shall consider and balance any potential impact on you and your rights.
Some typical examples of when we might use the approach are for preventing fraud, direct marketing, maintaining the security of our system, data analytics, enhancing, modifying or improving our services. We use personal data in this way to run and operate our business and planning for strategic growth.
More examples of how we use data are below.
We use the data we collect for a range of purposes including:
- to provide, operate and maintain our services
- to set up a contact and company record
- to process and send invoices
- to manage our clients’ use of services i.e. to respond to queries or comments and provide support;
- for administration and reporting purposes, statistical analysis and testing
- to improve our website to ensure content is presented in the most effective manner for you and your device;
- to analyse use of our website
- to keep our website secure
- for purposes made clear at the time you shared the information – for example, to fulfil a request for information on our services or to sign up to our newsletter
- for HR and recruitment purposes
With your consent, or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email, phone or post with information, or news on our services.
- We will not send you any unsolicited marketing or SPAM.
- You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.
How long do we keep your data?
We store your personal information for varying lengths depending on the purpose for which it was collected.
We will keep some records permanently, if we are legally required to do so. We may keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of 7 years to support HMRC audits. In general, we will endeavour to keep data only for as long as we need it. This means that we may delete it when it is no longer needed.
How we keep your data safe
We know how important it is to protect your personal data.
We use computer safeguards such as firewalls and data encryption and we enforce physical access controls to our offices to keep this data safe. Access to data is given to appropriate employees who need it to carry out their job responsibilities.
However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us.
In regard to the services we provide, all data that we process on behalf of our clients is done under SSL and personal data will be securely stored. We take pride in ensuring all our system, client and customer data is protected and private.
How do we share and disclose information to 3rd parties
We will never sell or share your personal information with organisations for their marketing activities.
Nor do we sell any information about your web browsing activity.
Depending on our relationship with you, we share your information with a few selected organisations we work with or on our behalf and will make sure that they also comply with the current laws and GDPR (e.g. hosting provider, payroll and pension providers).
We will not transfer your information outside the EEA. The EEA comprises certain countries within Europe (including the EU) which have similar laws on data protection. Other countries outside the EEA may not give the same level of protection to your information.
Finding out more – your rights
When it comes to your personal data, you have the following rights:
- The right to be informed about our collection and use of personal data.
- The right of access to the personal data we hold about you.
- The right to correct data, if what we hold is inaccurate or incomplete.
- The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation – in a machine readable format e.g. csv).
- The right to object to us using your personal data for particular purposes.
- Rights with respect to automated decision making and profiling.
- The right to make a complaint with the Information Commissioners Office (ICO), if you feel that we have not complied with our obligations to you and your rights.
How else can you control your data?
As well as the rights above, when you share personal data with us, you will be given the choice to restrict our use of it. This applies in particular to direct marketing purposes. We will always give you the option to opt-out of receiving emails from us.
It’s important to remember that if you request that we restrict or stop using your personal data, or you withdraw a consent you have previously given to the processing that information, this may affect our ability to provide services to you or negatively impact the services we can provide. It may also mean we cannot perform our statutory or contractual obligations.
Children and their personal data
We do not offer our services directly to Children.
Occasionally, we get enquiries from children under the age of 16 regarding work experience placements. If you are 16 years or younger, please get your parent’s or guardian's consent before you provide us with personal information.
Who to contact and how to access your data
We’re happy to answer your questions.
Under GDPR, you have the right to ask for a copy of your personal information held by us.
If you want to know about your personal information, or privacy and data protection in general, please contact our data champion at firstname.lastname@example.org
Write to us at our Newcastle HQ: Enigma Interactive, Quayside Studios, 8-10 Close, Newcastle upon Tyne NE1 3RE
What happens if our business changes hands?
Changes to our policy
All changes will be posted on our website with the date that it was last updated.