Here at ENIGMA we take your privacy seriously and we will only use your personal information to administer your account and to provide the products and services you have requested from us.
How we use your personal information?
We use your personal information in a number of ways to:
- Provide you with the service or information you’ve requested.
- Contact you with appropriate marketing messages where you have given us permission to do so.
- Ensure we contact you based on your preferences depending on the permission you have given us this may be by post, email, telephone, SMS, social media or via a mobile application.
- Seek feedback from you following a visit to our facilities. Your feedback allows us to improve our website, products, facilities and services.
- To pass your details where appropriate our insurers and our solicitors should you be involved in an accident or incident whilst on our premises or when taking part in one of our events or activities.
- Improve our website and the range of services and products we provide.
- Keep a record of your relationship with us.
- If you enter a competition administered by ENIGMA, we will hold your entry details for the purpose of the competition. Once the competition has been closed and verified, your details will be disposed of.
- crime prevention and detection and the apprehension and prosecution of offenders.
- monitoring and collection of visual images for the purpose of maintaining the security of premises, for the preventing crime and investigating crime
- the purpose of public safety
What personal information we hold about you?
We only ask you to supply information that we need in order to provide the service you have requested. We will normally ask you to provide us with:
- Your name
- Your contact details – email, phone numbers, postal address
But we may request other information where it’s appropriate and relevant, for example:
- Your title.
- Your payment details.
- Age or date of birth, where relevant to your participation in an event or activity and for age appropriate marketing.
- How you would like us to contact you.
- What type of marketing would you like to receive and how you would like to receive it.
- Your health information.
- Your qualifications in relation to activity participation.
- Details of any accident or incident you may have been involved in whilst on our premises.
- How you heard about offers, promotions and ENIGMA.
Where we collect your personal information from
We collect personal information about you in several ways:
- via our websites when entering forms.
- when you contact our team by mail, phone, email, social media or live chat.
- when you complete one of our online, tablet or paper-based surveys.
- when submitting an online enquiry form.
- when signing up to receive marketing communications online, in person or over the phone.
- when you have used a social media platform to contact us – Facebook, Twitter, LinkedIn, Instagram or Google+.
- Like most websites, we use “cookies” to help us make our sites, and the user experience, better. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet).
How we may use your personal information for marketing
We only use your personal information for marketing where you have positively opted in by giving unambiguous consent to do so or you have provided permission to other organisations to allow us to market to you, for example, via Facebook.
We rely on marketing to help improve our services and customer experiences and by using the information you provide us we are able to contact you with specific marketing messages based on your preferences. Depending on the permission you have given us this may be by post, email, telephone, SMS, social media or via a mobile application.
We understand that your circumstances change and you can easily withdraw the permissions you have given us, at any time either by using our contact details in this notice or by using the methods we tell you about in our communications e.g. the ‘unsubscribe’ link on our emails.
Our marketing communications include information about our latest activity programme announcements, the latest news, development information and promotions. If you would like to receive such communications but have not opted in please contact us at email@example.com
Who we share your data with
We use a trusted supplier to invoice ENIGMA clients. We do not share or sell your data to any other company for marketing purposes.
However, we utilise trusted suppliers in marketing solutions to administer services that you have agreed to receive, for example:
- mailing houses to despatch our promotions, magazine, letters and event advertising
- website hosting companies which we use to administer our website content
as and when required we will share accident and incident information with the Health and Safety Executive, our insurers and our solicitors.
We sometimes use trusted suppliers to help us with marketing:
- email service providers to send our emails and manage your marketing permissions
- mailing houses to send out marketing by post
- telemarketing agencies to contact you by phone or SMS
- an organisation which helps us keep your information accurate and up to date
- Some of our suppliers may operate outside the European Economic Area (EEA). This requires us to ensure they provide an adequate level of protection in accordance with UK data protection law, for example the EU-US Privacy Shield Framework. By submitting your personal information to us you agree to this transfer, storing or processing at locations outside the EEA.
- Under some circumstances we may be required to disclose or share your information without your consent, for example if we are required by the police, the courts or for other legal reasons.
How we keep your personal information up to date
ENIGMA has a legal obligation under data protection legislation to keep the personal information it collects accurate and up to date. Among other things, it helps us ensure that we do not contact you with inappropriate information and marketing messages.
We keep your information accurate by:
- giving you the opportunity at any time to contact us to correct or change your information.
- screening your name and postal address information against Royal Mail’s National Change of Address File: where you have given your permission to Royal Mail, we can either update our records with your new address or note you have moved so we don’t send anything to your old address.
- using information publicly available to us.
- If you contact a member of our team we may ask you to confirm certain details.
- when we receive undelivered mail or emails.
It’s important for both you and us that your personal information is correct. If you believe this not to be the case then please e-mail the amended details to firstname.lastname@example.org and we will contact you to verify your identity.
How we keep your personal information safe
We take our obligations to keep your personal data safe and secure very seriously.
Within ENIGMA, access to your personal information is strictly controlled on a ‘need to know’ basis. Staff members are only allowed access to your personal data if they have been sufficiently trained in data handling. We have specific technical controls in place to restrict access and these are monitored regularly. Our website is also monitored and protected to prevent it from unauthorised access.
All personal data sent to our trusted suppliers is protected. In all cases we require these companies to comply strictly with our instructions and they are not allowed to use your information for their own business purposes. We also require these companies to have sufficient organisational and technical measures in place to ensure the security of your data.
How long we keep your personal information
We keep your personal information in line with our data retention policy. This means that we will remove data which has been collected directly from you from our systems if you have not participated in an activity at ENIGMA in the last 36 months. This is the maximum retention period for the majority of our data (detailed retention periods can be requested via email@example.com ).
However, in certain circumstances we have a statutory obligation to keep your personal information for more than 36 months.
If you unsubscribe from email marketing your information will be stored in our email service provider, Campaign Monitor’s suppression list. This is to ensure we do not send you communications that you have unsubscribed from. Should you further wish for us to remove your information entirely (and assuming we have no other obligation to keep it) then please let us know and we will do this – but we would encourage you to let us use it for suppression purposes only.
How you can find out about the information we hold about you
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us using the contact details in this privacy notice.
We will get in contact to verify your identity and if we do hold information about you we will:
- give you a description of it.
- tell you why we are holding it.
- tell you who it could be shared with.
- let you have a concise and clear copy of the information.
Our legal basis for processing your personal information
Much of our processing will be under the basis of “contractual obligation” in other words we need and use your personal information for providing the services we offer or you have contracted with us for.
However, when you have unambiguously opted in to receive information from us, our processing will be based on consent. Of course, you will always have the opportunity to object as detailed below.
Asking us to suppress or remove your personal information
Should you wish to not receive information from us in future then you can quickly action this by clicking the unsubscribe link you will find on our marketing e-mails or by sending your details to firstname.lastname@example.org and we will quickly suppress your data.
Should you further wish for us to remove your information entirely (and assuming we have no other obligation to keep it) then please let us know and we will do this – but we would encourage you to let us use it for suppression purposes only.
For clarity Data Suppression refers to the removal of any unwanted records from a contact database.
What to do if you have a complaint
If you have a complaint please contact our Data Protection Officer at email@example.com who will deal with your request promptly:
If you are not satisfied with the way your complaint was handled, you can refer your complaint to UK Information Commissioner’s Office at https://ico.org.uk/concerns/.