Privacy Policy

Privacy and Cookies

We are Enigma Creative Limited, a company incorporated in England and Wales. Our company number is 7136316 and our registered office is at Unit 19, Omega Business Village, Thurston Road, Northallerton, North Yorkshire. DL6 2NJ (“we”/ “our” / “us”).

We are committed to ensuring that your privacy is protected. We will continue to comply with the provisions of the Data Protection Act (“DPA”) until midnight at the start of 25 May 2018, after which we will comply with the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) unless and until the GDPR is no longer directly applicable in the UK, together with any national implementing laws, regulations and secondary legislation as amended or updated from time to time in the UK, and any successor legislation to the GDPR and the DPA (together “Data Protection Legislation”). We are the data controller of data you pass to us pursuant to this policy.

This policy sets out how we collect personal information from you and how the personal information you provide will be processed by us. By visiting the website at enigmacreative.co.uk (the “Website”) you are accepting and consenting to the practices described in this policy. If you do not consent, please do not submit any personal data to us.

Our Data Protection Officer can be contacted using the following email address lee@enigmacreative.co.uk or alternatively writing to our registered office address set out above and marking it for the attention of the Data Protection Officer.

1. What information do we hold and how will we use it?

• We may collect and process the following data about you:
  • Information you give us: You may give us information about you by completing enquiry forms on the Website or by corresponding with us by phone, email or otherwise. The information you give us may include your name, email address, address / location and phone number. We will retain this information while we are corresponding with you or fulfilling the task for which you visit the Website. We will retain this information for 12 months from the last date you engaged with us;
  • Information we collect about you: We may collect the following information from you when you visit our Website:
    • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug in types and versions, operating system and platform; and
    • information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from the Site (including date and time), services you viewed or searched for, page response times, Website errors, length of visits to certain pages, page interaction information, methods used to browse away from the page and any phone number used to call our customer services number.
  • We will retain this information for 12 months from the date you last engaged with us.
  • Information we receive from other sources: This includes information we receive about you when you use other websites operated by us or other services we provide. This information may include your name, email address, postal address and phone number. We will retain this information for 12 months from the date you last engaged with us.

2. Cookies
   • The Website uses cookies to distinguish you from other users. This helps us to provide you with a good experience when you browse the Website. It also allows us to improve the Website.
   • A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
   • We use the following cookies:

• Strictly necessary cookies. These are required for the operation of the Website. They include, for example, cookies that enable you to log into secure areas of the Website.
• Analytical/performance cookies.These allow us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way the Website works, for example, by ensuring that users are finding what they are looking for easily.
• Functionality cookies. These are used to recognise you when you return to the Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
• Targeting cookies.These cookies record your visit to the Website, the pages you have visited and the links you have followed. We will use this information to make the Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
• You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

 

Cookie	Name	Purpose	More information
PHPSESSID		This stores a simple message when a form is submitted that can be displayed on a different page.E.g. if an enquiry form is completed incorrectly, a message will be stored and presented to the user to indicate the errors in the submission. When an enquiry form is submitted successfully, a message is stored and shown to the user thanking them for their enquiry. No personal information is stored in this cookie. Expiry: When the user’s browser is closed.	Click here
_ga	Google Analytics	Google Analytics software is used to monitor the number of people visiting the website and uses a cookie to collect this information.Google Analytics only collects anonymous aggregate data, i.e. we cannot tell who you are or link data back to a specific name, and everyone’s data is shown as a whole, not individually. We use this only for statistical purposes to tell us information like how many people are new to the site or have visited before and which pages are the most popular. Expiry: 2 years.	Click here
_gid	Google Analytics	As above – used to distinguish users.Expiry: 24 hours.	Click here
_gat_UA-xxxxxxx-x	Google Analytics	As above – used to throttle request rate.Expiry: 1 minute.	Click here
amputk /AMP_TOKEN	Google Analytics	Contains a token that can be used to retrieve a Client ID from AMP (accelerated mobile pages) Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.Expiry: 30 seconds to 1 year.	Click here
__hstc	HubSpot	The main cookie for tracking visitors. Contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).Expires: 2 years.	Click here
hubspotutk	HubSpot	This cookie is used for to keep track of a visitor’s identity. This cookie is passed to HubSpot on form submission and used when de-duplicating contacts.Expiry: 10 years	Click here
__hssc	HubSpot	This cookie keeps track of sessions. This is used to determine if we should increment the session number and timestamps in the_hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.Expiry: 30 minutes.	Click here
__hssrc	HubSpot	Whenever HubSpot changes the session cookie, this cookie is also set. We set it to 1 and use it to determine if the user has restarted their browser. If this cookie does not exist when we manage cookies, we assume it is a new session.Expiry: expires at the end of your current session.	Click here

 

• This Website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.
• You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. If you have previously consented to the use of cookies but wish to withdraw your consent, please do this by emailing us at yourdata@enigmacreative.co.uk. However, if you use your browser settings to block all cookies (including “strictly necessary” cookies) you may not be able to access all or parts of the Website.

3. Use made of the information

• Provided that we have obtained your consent to the extent we are required to under the Data Protection Legislation, we may use the information we receive and/or collect about you to:
  • fulfil our obligations under any contract we have entered into with you and to provide you with information, products and services you have requested;
  • send you newsletters and marketing information if you have consented to us doing so;
  • notify you of products and services we offer that are similar to those you have purchased or enquired about;
  • notify you of changes to our services and products; and
  • monitor Website usage and provide statistics to third parties for the purposes of improving and developing the Website and the services we provide via the Website.
• We collect and process much of your personal information on the grounds of legitimate interests, which include some or all of the following:
  • where the processing enables us to enhance, modify, personalise or otherwise improve the Website, our services and communications for the benefit of our customers;
  • to identify and prevent fraud;
  • to enhance the security of our network and information systems;
  • to better understand how people interact with our websites;
  • administer the Website and carry out data analysis, troubleshooting and testing; and
  • to determine the effectiveness of promotional campaigns and advertising.
• If we require your personal data for fulfilment of a contract with you, we may be unable to fulfil the contract without your personal data.
• If we are unable to rely on legitimate interests or any other ground set out in the GDPR to process your personal data, we will obtain consent from you to the processing.
• If we obtain consent from you to do so, we may provide your personal details to third parties so that they can contact you directly in respect of services and/or products in which you may be interested.
• You have the right to withdraw your consent to the processing of your personal data at any time. If you would like to withdraw your consent, or prefer not to receive any of the above-mentioned information (or if you only want to receive certain information) from us please let us know by emailing us at yourdata@enigmacreative.co.uk. Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit. Withdrawal of your consent won’t affect any processing we have carried out in respect of your personal data prior to you withdrawing consent.
• If you wish to have your information removed from our database or if you do not want us to contact you for marketing purposes, please let us know by clicking the “Unsubscribe” option in any email we send to you and providing the details requested or by emailing us at yourdata@enigmacreative.co.uk and we will take steps to ensure that this information is deleted as soon as reasonably practicable.
• We will not share, sell or distribute any of the information you provide to us (other than as set out in this policy) without your prior consent, unless required to do so by law.

4. Third Party Sites

• Our site may contain links to third party websites, including websites via which you are able to purchase products and services. They are provided for your convenience only and we do not check, endorse, approve or agree with such third party websites nor the products and/or services offered and sold on them. We have no responsibility for the content, product and/or services of the linked websites. Please ensure you review all terms and conditions of website use and privacy policy of any such third party websites before use and before you submit any personal data to such websites.

5. How safe is your information?
   • Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
   • Protecting your security and privacy is important to us and we make every effort to secure your information and maintain your confidentiality in accordance with the terms of the Data Protection Legislation. The Website is protected by various levels of security technology, which are designed to protect your information from any unauthorised or unlawful access, processing, accidental loss, destruction and damage.
   • We will do our best to protect your personal data but the transmission of information via the Internet is not completely secure. Any such transmission is therefore at your own risk.
6. Disclosure of your information

• We may share your information with selected third parties including:
  • business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
  • advertisers and advertising networks that require the data to select and serve relevant adverts to you and analytics and search engine providers that assist us in the improvement and optimisation of the Website.
• Please note that we may need to disclose your personal information where we:
  • sell any or all of our business or assets or we buy another business or assets in which case we may disclose your personal data to the prospective buyer or seller;
  • are under a legal duty to comply with any legal obligation or in order to enforce or apply our terms and conditions; or
  • need to disclose it to protect our rights, property or safety of our customers or others, including the exchange of information with other companies, organisations and/or governmental bodies for the purposes of fraud protection and credit risk reduction.

7. Where we store your personal data
   • The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this policy. The destination to which your personal data will be transferred will either offer adequate protection of your personal data, as determined by the European Commission, or we will make sure there are appropriate safeguards in place. If you would like to know more about the basis on which we transfer your data outside the EEA where a finding of adequacy hasn’t been made, please contact lee@enigmacreative.co.uk.

8. Your rights in respect of your data

• There are a number of rights available to you under GDPR:
  • Access to your information
    • You can ask us to confirm that we process your personal data and provide access to and copies of the information we hold about you by emailing us at yourdata@enigmacreative.co.uk. We will process your request to access your information and provide this information to you free of charge unless your request is manifestly unfounded or excessive or repetitive, in which case we are entitled to charge a reasonable fee. We may also charge if you request more than one copy of the same information.
    • We will provide the information you request as soon as possible and in any event within one month of receiving your request, unless there are extenuating circumstances. If we need more information to comply with your request, we’ll let you know.
  • Rectification of your data
    • If you believe personal data we hold about you is inaccurate or incomplete, or any of the information you provide to us changes, please let us know as soon as possible so that we can make the necessary changes to the information we hold for you on our database. If you wish to make any changes to your information, please email us at yourdata@enigmacreative.co.uk.
    • We will comply with your request within one month of receiving it, unless we don’t feel it’s appropriate for us to do so in which case we’ll let you know why. We’ll also let you know if we need more time to comply with your request.
  • Right to be forgotten
    • In some circumstances, you have the right to ask us to delete personal data we hold about you. This right is available to you:
      • where we no longer need your personal data for the purpose for which we collected it;
      • where we have collected your personal data on the grounds of consent and you withdraw that consent;
      • where you object to the processing and we don’t have any overriding legitimate interests to continuing processing the data;
      • where we have unlawfully processed your personal data (i.e. we have failed to comply with GDPR);
      • where the personal data has to be deleted to comply with a legal obligation; and
      • where the personal data we process relates to the offer of online services to a child.
    • There are certain scenarios in which we are entitled to refuse to comply with a request. If any of those apply, we’ll let you know.
    • To request that your information is deleted, please email us at yourdata@enigmacreative.co.uk.
  • Right to restrict / object to processing
    • In some circumstances you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data but we don’t have to delete it. This right is available to you:
      • if you believe the personal data we hold isn’t accurate – we’ll cease processing it until we can verify its accuracy;
      • if you have objected to us processing the data (see below) – we’ll cease processing it until we have determined whether our legitimate interests override your objection;
      • if the processing is unlawful; or
      • if we no longer need the data but you would like us to keep it because you need it to establish, exercise or defend a legal claim.
        • You are entitled to object to us processing your personal data:
      • if the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority;
      • for direct marketing purposes (including profiling); and/or
      • for the purposes of scientific or historical research and statistics.
        • In order to object, you must have grounds for doing so based on your particular situation. We will stop processing your data unless we can demonstrate that there are compelling legitimate grounds which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.
        • If you wish to restrict or object to the processing of your information, please email us at yourdata@enigmacreative.co.uk.
      • Data Portability
        • You have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller. This right only applies:
          • to personal data you provide to us;
          • where processing is based on your consent or for performance of a contract (i.e. the right does not apply if we process your personal data on the grounds of legitimate interests); and
          • where we carry out the processing by automated means.
        • We’ll respond to your request as soon as possible and in any event within one month from the date we receive it. If we need more time, we’ll let you know.
      • If you have any complaints about our use of your personal data, please contact us. You are also entitled to report any concerns which you may have to supervisory authority in your jurisdiction. The supervisory authority in the UK is the Information Commissioner’s Office. You can call the ICO on 0303 123 1113 or get in touch via other means as set out on the ICO website at https://ico.org.uk/concerns/.
      • If you have any further queries or comments on our policy, please contact us by emailing lee@enigmacreative.co.uk. We always welcome your views about our Website and our privacy and cookie policy.