Definition of personal information
Problems, Complaints or Queries
Mail: Privacy Officer
Ground Floor, 21 Bolton Street, Newcastle NSW 2300 and Level 2, 63 Ann Street, Surry Hills NSW 2010
6. Please allow 30 days for this request to be processed. On receipt of your query, problem or complaint a review will be conducted and findings will be communicated to you where required. If you do not receive a satisfactory response to your query, problem or complaint within 30 days, you may refer your query, problem or complaint to the Office of the Australian Information Commissioner via the contact details listed at http://www.oaic.gov.au/about-us/contact-us-page, or, for individuals in the EU, to the data protection supervisory authority in your country.
On what basis do we process your data?
Lawful basis of processing
8. If we collect the personal information of individuals in the European Union, Enigma may also rely on the lawful bases of contract and legitimate interest. That is, where you enter into a contract with us, Enigma will process your personal information because it is necessary for the performance of that contract with you. In some circumstances, such as fraud prevention, Enigma may also have a legitimate commercial interest in processing your personal information that is not outweighed by your interests, rights and freedoms. Enigma may also request your explicit consent to process your personal data from time to time for various purposes.
9. Enigma reserves the right to use or disclose any information, including personal information, as needed to satisfy any law, regulation or legal request, to protect the rights or property of Enigma, any member of the Enigma group, or any member of the public, to protect the integrity of a Website, to fulfil your requests, or to cooperate in any law enforcement investigation or an investigation on a matter of public safety.
When and how do we collect personal information?
10. We (or our subcontractors) collect and combine personal information in a number of ways through the following channels (each, a Collection Channel):
b. through physical and other ad-hoc channels of collecting personal information in relation to events, activations, or promotions (such as through paper forms or tablets);
c. our online properties (here and after, each a “Website”), including:
i. our websites, including but not limited to https://enigma.net.au/, https://enigmamedia.net.au
ii. any related Enigma website, social media page, internal website, intranet and any Enigma mobile or tablet applications, and
d. any other means through which an individual provides personal information to Enigma, including either physically or electronically.
Active Information Collection
11. Personal information may be collected and combined via our Collection Channels if you:
b. subscribe to any newsletters, updates, alerts or news and media releases, or request launch or event information or information about our products or services or other information services as well as third party products or services;
d. complete and submit any forms or surveys provided to Enigma, either physically or electronically;
e. conspicuously publish or provide on request your personal information to Enigma;
f. contact us or our clients directly in person or via any medium including mail, telephone, social media and commercial electronic messages (SMS (Short Message Service), MMS (Multimedia Message Service), IM (Instant Messaging) and email) including via the contact details listed on a Website;
g. participate in any events, offers, promotions, competitions or marketing activities of Enigma, or our clients or service providers;
h. interact with a Website for a specific purpose; or
i. interact with or browse a Website generally.
12. We may also collect your information through other legitimate third party sources including list brokers, social media organisations, and other data providers or organisations that share data in circumstances where it is lawful and/or you have given permission for them to do so.
What kinds of personal information does Enigma collect?
14. We may collect personal information including:
a. your full name, contact details (such as your email address, phone number, address, contact preferences), location, and passwords you create;
b. information about your preferences, interests, opinions, feedback and experiences with our products or services or the products and services of our clients;
c. social media account usernames and information published on your social media accounts;
d. information regarding your personal and professional interests and your networks;
e. information regarding your relationship history with Enigma and Enigma’s clients;
f. information about your employment history and future plans, and documents relating to your employment;
g. information about your education and qualifications, skills and experience;
h. enquiry and complaint details;
i. information about your experience with Enigma’s products or services or third party products or services. This information is requested including in order to tailor our subsequent communications to you and continuously improve our products and services;
j. the contact details of third parties. If you are asked to provide details about other people, please ensure that these individuals are happy for their details to be given to Enigma and used for the purposes set out in this policy (which may include using their details for marketing purposes);
k. financial details, if you have provided them to us, such as your bank account, credit card, Paypal or other online payment system details (where you purchase any products or services from us);
l. When you visit a Website, we may also collect personal information about you in the following general categories:
ii. device information: we may collect information about your mobile device such as the hardware model, operating system, preferred language, unique device identifier and mobile network; and
iii. other information: we may also collect and log information such as your IP address, access dates and times, browser type and pages visited when you interact with a website.
n. any other personal information requested or required by a Collection Channel.
15. We do not seek to collect sensitive information (or “special categories” of information under the GDPR).
Consequences of not providing personal information
17. No-one is obliged to provide personal information. However, failure to do so may result in Enigma or our clients being unable to provide you with Enigma’s or our clients’ goods, services, information, upcoming opportunity, promotion, event or product information, and other content, including as requested by you.
For what purposes does Enigma collect, hold, use and disclose your personal information?
18. Personal information that Enigma collects will be used for the following primary purposes:
Providing services to Enigma’s clients
b. To render services related to Enigma or our clients, including providing our professional services to our clients;
c. to carry out any purchases you make and otherwise manage our or our clients’ commercial and trading relationship with you including identifying you in our system and contacting you, invoicing you correctly, sending you our products and to address your expectations of us in respect of how we conduct our business;
d. to ensure that your personal information remains up-to-date and complete;
e. to provide you with information about your accounts, transactions, content, services and products involving Enigma or Enigma’s clients;
f. to facilitate payments from you;
g. to contact you, including sending you any technical, administrative or legal notices relevant to Enigma, our clients or a Website;
h. to otherwise maintain our relationship with you or the relationship between you and our clients, including providing after sales services and responding to enquiries;
Special offers, marketing and advertising
i. to provide you with early access to new releases, exclusive events, special offers, newsletters, events, promotions and activations of Enigma, its clients or its trusted partners;
j. to otherwise market to you (with direct marketing materials), via any medium including mail, telephone, commercial electronic messages (such as SMS, MMS, instant messaging, email, social media, mobile applications), or any other form of electronic, emerging, digital or conventional communications channel.;
k. to provide you with relevant and targeted advertising, including when you browse third party websites;
l. to maintain the functionality of a Website, including customising the Website based on your preferences; providing information to you relating to the content available on a Website; to improve the Website and system administration;
Improving offerings to you and conducting research
m. to better understand and meet your needs and interests, to enable us to improve the nature of the goods and services we or our clients provide, to more accurately market our or our clients’ goods and services, and to research our or our clients’ customers;
n. to obtain opinions or comments about products and/or services and to conduct other research and development;
o. to record and analyse statistical and de-identified data for analysis including marketing analysis;
p. to conduct market research including identifying likeminded individuals including through third party vendors such as Facebook or other social media websites;
r. for any further purposes stated in a particular Collection Channel;
s. to undertake recruitment for Enigma (if applicable);
t. any other purpose as may be deemed reasonably necessary by Enigma in the circumstances;
u. as needed to satisfy any law, regulation or legal request; to protect the rights or property of Enigma, Enigma’s clients’, or any member of the public; to protect the integrity of Websites; to fulfill your requests; or to cooperate in any law enforcement investigation or an investigation on a matter of public safety.
Contact by Enigma
19. Enigma group companies (and their directors, servants and agents), Enigma’s promotional partners, Enigma’s clients or trusted third parties (and other selected service providers and other non-Enigma companies or professionals) either in Australia or overseas, may contact you via telephone, SMS (Short Message Service), MMS (Multimedia Messaging Service), IM (Instant Messaging), email, post or any other form of electronic, emerging, digital or conventional communications channel using the information provided in order to contact you in respect of the primary purposes for collection of personal information as stated above.
21. Despite removing your name from the database from receiving future advertising and marketing information, Enigma may send you non-commercial “Administrative Emails”. Administrative Emails relate to your account with Enigma or Enigma’s clients (if applicable) and may include administrative and transaction confirmations, requests and inquiries or information about a particular account. If you do not wish to receive such communications from Enigma, you may remove your name from the database by contacting Enigma’s Privacy Officer. Please allow 30 days for this request to be processed.
22. Enigma does not make decisions that produce significant effects on you which are solely based on automated decision making.
How do we share your personal information?
23. For the purposes described above, personal information may be shared with the entities below including their directors, servants and agents and related bodies corporate:
a. our clients;
b. our or our clients’ marketing and email sending partners;
c. technical service providers, such as mail carriers, hosting providers, IT companies and communications agencies; and
d. other trusted service providers, promotional partners and third parties.
24. Some of the recipients of your personal information may be located overseas. These recipients may be engaged by Enigma to perform a variety of functions, such as legal and accounting services, data storage, support services, conducting market research, processing credit card payments, assisting with promotions and providing technical services for our websites. These companies may have access to personal information if needed to perform such functions.
25. Enigma employees, data processors and other trusted third parties are obliged to respect the confidentiality of any personal information held by Enigma. However, security of communications over the Internet cannot be guaranteed, and therefore absolute assurance that information will be secure at all times cannot be given. Enigma will not be held responsible for events arising from unauthorised access to personal information except to the extent required by the relevant privacy laws.
26. The recipients of your personal information are located in Australia or oversea, including in the United States.
27. For individuals in the EU, please note that the recipients of your personal information may be located in countries in which the privacy or data protection laws differ from those of the European Union, and which are not the subject of an adequacy decision by the European Commission. For recipients of your personal information in Australia, appropriate or suitable safeguards over your personal data will be put in place, including through the standard data protection contract clauses approved by the European Commission. Please contact our Privacy Officer for more information.
How do we hold, and how long do we hold your personal information?
28. Enigma takes appropriate security measures to keep personal information secure and to prevent unauthorised access, disclosure, modification, misuse, interference or loss of personal information. Enigma, its employees and its subcontractors are obliged to respect the confidentiality of any personal information held by Enigma.
Your privacy rights
30. You have a number of rights under the Australian Privacy Law and, if applicable, the GDPR. These include:
a. (access) to request access to your personal information from us, in a commonly used electronic format. On a case by case basis, Enigma may determine that it is not legally required to give an individual access to personal information, in which case Enigma will provide you with a written notice of its refusal to provide access;
b. (correction) to request that we correct your personal information;
c. (withdrawing consent) to withdraw your consent for us to use your personal information. Please note that you can also opt-out of online marketing communications at any time by using the unsubscribe feature in each electronic commercial message;
d. (complaint) to complain about a breach of the Australian Privacy Principles.
31. If you are an individual in the EU, you have additional rights under the GDPR that you can exercise against the “controller” of your data. Where we are the controller of your data, your rights include:
a. (access) to request that we transfer your personal information to another service provider of your choosing;
b. (erasure) to request that we erase your personal data. All reasonable steps to delete the information will be made, except where it is required for legal reasons. Deletion of information may result in us being unable to facilitate or provide you with information about certain services (including the uploading, access to, and receipt of content on a Website);
c. (objection and restriction) in some circumstances, to object to the use of your personal data by us and request that we restrict our use of your personal information; and
d. (complaint) to lodge a complaint in relation to our processing of your personal data with a data protection supervisory authority under the GDPR.
Anonymity and Pseudonymity
33. Where practicable, Enigma will allow you to deal with us on an anonymous or pseudonymous basis. If this is practicable, our collection channels will only seek information in this way. However, where it is not practicable for the purposes for which information is collected, we will seek the personal information identified above. It will not be practicable to deal with you on an anonymous or pseudonymous basis when we wish to send you direct marketing materials or need to provide you with goods or services requested by you.
Sale of the company
35. Personal information will not be collected from any person who is known by Enigma to be under the age of sixteen (16) without the consent of a parent or legal guardian or as has been provided to us lawfully by third parties, including our clients. Persons under age sixteen (16) may only use our Websites with the involvement and consent of a parent or legal guardian.
Passive Information Collection
36. As with many commercial websites (and mobile and tablet applications), Enigma and Enigma’s clients may also collect information which tells us about visitors to our websites. For example, we may collect information about the date, time and duration of visits and which pages of a Website are most commonly accessed. This information is generally not linked to the identity of visitors, except where a Website is accessed via links in an email we have sent or where we are able to uniquely identify the device or user accessing a website. By accessing a Website via links in an email we have sent and/or by accessing a Website generally including when you are logged into an account, you consent to the collection of such information where it is personal information.
38. Our Websites may use and combine such passively collected anonymous information or personal information and/or information from various third party sources, including as described above, and may combine this anonymous information or personal information with other personal information collected from you to provide better service to website visitors and users, customise a website based on your preferences, compile and analyse statistics and trends, provide you with relevant advertising when you visit a Website or a third party Website, and otherwise administer and improve a Website for your use. We may combine your visitor session information or other information collected through tracking technologies with personally identifiable information from time to time in order to understand and measure your online experiences and to determine what products, promotions and services are likely to be of interest to you. By accessing a Website, you consent to information about you being collected, compiled and used in this way.
39. For more information about cookies and how you can opt out, you can visit http://www.youronlinechoices.com.au/.
Enigma and other websites
40. Our Websites may, from time to time, contain links to the websites of other organisations which may be of interest to you. Their inclusion cannot be taken to imply any endorsement or validation by us of the content of the third party website. Linked websites are responsible for their own privacy practices and you should check those websites for their respective privacy statements. Enigma is not responsible, nor does it accept any liability, for the conduct of companies linked to our Websites.
41. We may use third party advertisements on our Websites. All third party advertising, if paid for, is paid for by the relevant third party advertisers and are not recommendations or endorsements by Enigma or any of its affiliates. Enigma is not responsible for the content (including representations) of any third party advertisement on a website. Cookies may be associated with these advertisements to enable the advertiser to track the number of anonymous users responding to the campaign. We do not have access to or control of cookies placed by third parties.
42. Enigma may provide areas on a Website where you can upload user-generated content, post or provide information about yourself, communicate with other users, provide reviews for content, products and/or services or interact with or vote on particular content. This information may be shared with others and may be publicly posted on our Websites, including without limitation, other social media platforms and other public forums in which you choose to participate. This information may become publicly available and may be read, collected and used by others outside of our Websites. Enigma is not responsible for the conduct of others who may read, collect and use this information.