Enigma

Privacy Policy

Introduction

1.     Enigma Communications Pty Ltd ABN 83 072 426 709 (“Enigma”, “we”, “our”, or “us”) are committed to respecting the privacy of your personal information. This Privacy Policy explains how we deal with your personal information that we collect, use, hold, disclose or process.

2.     We will update this Privacy Policy from time to time when we change how we deal with personal information. We will post any changes to this Privacy Policy on our Websites, so we encourage you to check this Privacy Policy from time to time.

3.     In addition to the provisions of this Privacy Policy, there may also be specific and additional privacy and consent provisions that apply to certain collection channels of personal information. Because those specific and additional provisions also relate to your privacy protection, we recommend that you review them wherever they appear. In the event of any inconsistency between the provisions of this Privacy Policy and those other specific and additional provisions, the specific and additional provisions will prevail.

Definition of personal information

4.     Throughout this Privacy Policy, we use the term 'personal information' to refer to information relating to an identified or identifiable natural person, including information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not. For example, your full name, date of birth, address, mobile telephone number, email address and credit card details are examples of information which may constitute personal information. Personal information may also include information we may collect about your individual preferences.

Problems, Complaints or Queries

5.     If you have any questions about our Privacy Policy, or any problems or complaints about how we have collected, used, stored, handled, disclosed and/or processed your personal information, please contact our privacy officer via one of the following channels:

Mail: Privacy Officer

Ground Floor, 21 Bolton Street, Newcastle NSW 2300 and Level 2, 63 Ann Street, Surry Hills NSW 2010

Email: privacy@enigma.net.au

6.     Please allow 30 days for this request to be processed. On receipt of your query, problem or complaint a review will be conducted and findings will be communicated to you where required. If you do not receive a satisfactory response to your query, problem or complaint within 30 days, you may refer your query, problem or complaint to the Office of the Australian Information Commissioner via the contact details listed at http://www.oaic.gov.au/about-us/contact-us-page, or, for individuals in the EU, to the data protection supervisory authority in your country.

On what basis do we process your data?

Lawful basis of processing

7.     Enigma will only collect, monitor, use, disclose, or process any personal information about you with your consent (which we endeavour to obtain at the same time as collecting your personal information) or if it is otherwise lawful to do so. The only personal information collected by us is what has been provided to or collected by us in accordance with this Privacy Policy or has been provided to us lawfully by third parties. We will generally deal with your personal information for the primary purposes set out in this Privacy Policy.

8.     If we collect the personal information of individuals in the European Union, Enigma may also rely on the lawful bases of contract and legitimate interest. That is, where you enter into a contract with us, Enigma will process your personal information because it is necessary for the performance of that contract with you. In some circumstances, such as fraud prevention, Enigma may also have a legitimate commercial interest in processing your personal information that is not outweighed by your interests, rights and freedoms. Enigma may also request your explicit consent to process your personal data from time to time for various purposes.

9.     Enigma reserves the right to use or disclose any information, including personal information, as needed to satisfy any law, regulation or legal request, to protect the rights or property of Enigma, any member of the Enigma group, or any member of the public, to protect the integrity of a Website, to fulfil your requests, or to cooperate in any law enforcement investigation or an investigation on a matter of public safety.

When and how do we collect personal information?

Collection Channels

10.  We (or our subcontractors) collect and combine personal information in a number of ways through the following channels (each, a Collection Channel):

b.     through physical and other ad-hoc channels of collecting personal information in relation to events, activations, or promotions (such as through paper forms or tablets);

c.     our online properties (here and after, each a “Website”), including:

        i.     our websites, including but not limited to https://enigma.net.au/, https://enigmamedia.net.au

        ii.     any related Enigma website, social media page, internal website, intranet and any Enigma mobile or tablet applications, and

d.     any other means through which an individual provides personal information to Enigma, including either physically or electronically.

Active Information Collection

11.  Personal information may be collected and combined via our Collection Channels if you:

b.     subscribe to any newsletters, updates, alerts or news and media releases, or request launch or event information or information about our products or services or other information services as well as third party products or services;

c.     have previously provided us with personal information prior to this Privacy Policy coming into effect, either directly from you personally or via a third party;

d.     complete and submit any forms or surveys provided to Enigma, either physically or electronically;

e.     conspicuously publish or provide on request your personal information to Enigma;

f.       contact us or our clients directly in person or via any medium including mail, telephone, social media and commercial electronic messages (SMS (Short Message Service), MMS (Multimedia Message Service), IM (Instant Messaging) and email) including via the contact details listed on a Website;

g.     participate in any events, offers, promotions, competitions or marketing activities of Enigma, or our clients or service providers; 

h.     interact with a Website for a specific purpose; or

i.       interact with or browse a Website generally.

12.  We may also collect your information through other legitimate third party sources including list brokers, social media organisations, and other data providers or organisations that share data in circumstances where it is lawful and/or you have given permission for them to do so.

13.  We may collect personal information from you in a passive manner including through the use of cookies and other tracking tools such as internet tags, tracking pixels, web beacons and unique device identifiers. For further information about the use of passive personal information collection, see paragraph 36 below. 

What kinds of personal information does Enigma collect?

14.  We may collect personal information including:

a.     your full name, contact details (such as your email address, phone number, address, contact preferences), location, and passwords you create;

b.     information about your preferences, interests, opinions, feedback and experiences with our products or services or the products and services of our clients;

c.     social media account usernames and information published on your social media accounts;

d.     information regarding your personal and professional interests and your networks;

e.     information regarding your relationship history with Enigma and Enigma’s clients;

f.       information about your employment history and future plans, and documents relating to your employment;

g.     information about your education and qualifications, skills and experience;

h.     enquiry and complaint details;

i.       information about your experience with Enigma’s products or services or third party products or services. This information is requested including in order to tailor our subsequent communications to you and continuously improve our products and services;

j.       the contact details of third parties. If you are asked to provide details about other people, please ensure that these individuals are happy for their details to be given to Enigma and used for the purposes set out in this policy (which may include using their details for marketing purposes);

k.     financial details, if you have provided them to us, such as your bank account, credit card, Paypal or other online payment system details (where you purchase any products or services from us);

l.       When you visit a Website, we may also collect personal information about you in the following general categories:

        i.     usage and preference information: we collect information about how you interact with the Enigma website, including the pages you visit, your preferences and settings that you choose. We may do this through the use of cookies and other similar technologies that uniquely identify you;

        ii.     device information: we may collect information about your mobile device such as the hardware model, operating system, preferred language, unique device identifier and mobile network; and

        iii.     other information: we may also collect and log information such as your IP address, access dates and times, browser type and pages visited when you interact with a website.

m.    any other personal information you provide directly to us. Where you provide us with unsolicited personal information, we will retain this information where it falls within our primary purposes for collection of personal information (as stated in this Privacy Policy).

n.     any other personal information requested or required by a Collection Channel.

Sensitive Information

15.  We do not seek to collect sensitive information (or “special categories” of information under the GDPR).

16.  If we do collect sensitive information, we will only do so with your consent and where you provide it to us directly. Where you provide us with any sensitive information (including, but not limited to, information about your sexual orientation, religious beliefs, medical and/or criminal history), we will only use this information for the purposes stated at the time of collection and will only share this information with our trusted third parties in the manner stated in this Privacy Policy.

Consequences of not providing personal information

17.  No-one is obliged to provide personal information. However, failure to do so may result in Enigma or our clients being unable to provide you with Enigma’s or our clients’ goods, services, information, upcoming opportunity, promotion, event or product information, and other content, including as requested by you.

For what purposes does Enigma collect, hold, use and disclose your personal information?

18.  Personal information that Enigma collects will be used for the following primary purposes:

Providing services to Enigma’s clients

b.     To render services related to Enigma or our clients, including providing our professional services to our clients;

Managing relationships

c.     to carry out any purchases you make and otherwise manage our or our clients’ commercial and trading relationship with you including identifying you in our system and contacting you, invoicing you correctly, sending you our products and to address your expectations of us in respect of how we conduct our business;

d.     to ensure that your personal information remains up-to-date and complete;

e.    to provide you with information about your accounts, transactions, content, services and products involving Enigma or Enigma’s clients;

f.       to facilitate payments from you;

g.     to contact you, including sending you any technical, administrative or legal notices relevant to Enigma, our clients or a Website;

h.     to otherwise maintain our relationship with you or the relationship between you and our clients, including providing after sales services and responding to enquiries;

Special offers, marketing and advertising

i.       to provide you with early access to new releases, exclusive events, special offers, newsletters, events, promotions and activations of Enigma, its clients or its trusted partners;

j.       to otherwise market to you (with direct marketing materials), via any medium including mail, telephone, commercial electronic messages (such as SMS, MMS, instant messaging, email, social media, mobile applications), or any other form of electronic, emerging, digital or conventional communications channel.;

k.     to provide you with relevant and targeted advertising, including when you browse third party websites;

Enigma’ Website

l.       to maintain the functionality of a Website, including customising the Website based on your preferences; providing information to you relating to the content available on a Website; to improve the Website and system administration;

Improving offerings to you and conducting research

m.    to better understand and meet your needs and interests, to enable us to improve the nature of the goods and services we or our clients provide, to more accurately market our or our clients’ goods and services, and to research our or our clients’ customers;

n.     to obtain opinions or comments about products and/or services and to conduct other research and development;

o.     to record and analyse statistical and de-identified data for analysis including marketing analysis;

p.     to conduct market research including identifying likeminded individuals including through third party vendors such as Facebook or other social media websites;

Miscellaneous

q.     to share personal information with our group companies and their related bodies corporate and agents, and other trusted third parties in the manner described in this Privacy Policy;

r.      for any further purposes stated in a particular Collection Channel;

s.     to undertake recruitment for Enigma (if applicable);

t.       any other purpose as may be deemed reasonably necessary by Enigma in the circumstances;

u.     as needed to satisfy any law, regulation or legal request; to protect the rights or property of Enigma, Enigma’s clients’, or any member of the public; to protect the integrity of Websites; to fulfill your requests; or to cooperate in any law enforcement investigation or an investigation on a matter of public safety.

Contact by Enigma

19.  Enigma group companies (and their directors, servants and agents), Enigma’s promotional partners, Enigma’s clients or trusted third parties (and other selected service providers and other non-Enigma companies or professionals) either in Australia or overseas, may contact you via telephone, SMS (Short Message Service), MMS (Multimedia Messaging Service), IM (Instant Messaging), email, post or any other form of electronic, emerging, digital or conventional communications channel using the information provided in order to contact you in respect of the primary purposes for collection of personal information as stated above.

20.  Enigma does not send advertising or marketing information without obtaining prior consent, for example consent provided by you when you accept this Privacy Policy. If you receive communications from Enigma which you do not wish to receive, you may remove your name from the database either by using the functional unsubscribe facility (if the communication is via commercial electronic message) or by contacting Enigma‘ Privacy Officer as described above. Please allow 30 days for this request to be processed.

21.  Despite removing your name from the database from receiving future advertising and marketing information, Enigma may send you non-commercial “Administrative Emails”. Administrative Emails relate to your account with Enigma or Enigma’s clients (if applicable) and may include administrative and transaction confirmations, requests and inquiries or information about a particular account. If you do not wish to receive such communications from Enigma, you may remove your name from the database by contacting Enigma’s Privacy Officer. Please allow 30 days for this request to be processed.

Automated decision-making

22.  Enigma does not make decisions that produce significant effects on you which are solely based on automated decision making.

How do we share your personal information?

23.  For the purposes described above, personal information may be shared with the entities below including their directors, servants and agents and related bodies corporate:

a.     our clients;

b.     our or our clients’ marketing and email sending partners;

c.     technical service providers, such as mail carriers, hosting providers, IT companies and communications agencies; and

d.     other trusted service providers, promotional partners and third parties.

24.  Some of the recipients of your personal information may be located overseas. These recipients may be engaged by Enigma to perform a variety of functions, such as legal and accounting services, data storage, support services, conducting market research, processing credit card payments, assisting with promotions and providing technical services for our websites. These companies may have access to personal information if needed to perform such functions.

25.  Enigma employees, data processors and other trusted third parties are obliged to respect the confidentiality of any personal information held by Enigma. However, security of communications over the Internet cannot be guaranteed, and therefore absolute assurance that information will be secure at all times cannot be given. Enigma will not be held responsible for events arising from unauthorised access to personal information except to the extent required by the relevant privacy laws.

26.  The recipients of your personal information are located in Australia or oversea, including in the United States.

27.  For individuals in the EU, please note that the recipients of your personal information may be located in countries in which the privacy or data protection laws differ from those of the European Union, and which are not the subject of an adequacy decision by the European Commission. For recipients of your personal information in Australia, appropriate or suitable safeguards over your personal data will be put in place, including through the standard data protection contract clauses approved by the European Commission. Please contact our Privacy Officer for more information.

How do we hold, and how long do we hold your personal information?

Security

28.  Enigma takes appropriate security measures to keep personal information secure and to prevent unauthorised access, disclosure, modification,  misuse, interference or loss  of personal information. Enigma, its employees and its subcontractors are obliged to respect the confidentiality of any personal information held by Enigma.

29.  Enigma also takes reasonable steps to keep personal information accurate, up to date, complete and relevant. Enigma takes reasonable steps to ensure only those necessary have access to your personal information.  Personal information is stored on secure servers that are protected in controlled facilities. This service may be performed on our behalf and data may be hosted by our selected data storage providers. In some cases these facilities may be overseas, including in the United States. Enigma retains your information only for as long as necessary for the purposes listed in this Privacy Policy. Enigma will inform you about serious data breaches in accordance with the Privacy Act.

Your privacy rights

30.  You have a number of rights under the Australian Privacy Law and, if applicable, the GDPR. These include:

a.     (access) to request access to your personal information from us, in a commonly used electronic format. On a case by case basis, Enigma may determine that it is not legally required to give an individual access to personal information, in which case Enigma will provide you with a written notice of its refusal to provide access;

b.     (correction) to request that we correct your personal information;

c.     (withdrawing consent) to withdraw your consent for us to use your personal information. Please note that you can also opt-out of online marketing communications at any time by using the unsubscribe feature in each electronic commercial message;

d.     (complaint) to complain about a breach of the Australian Privacy Principles.

31.  If you are an individual in the EU, you have additional rights under the GDPR that you can exercise against the “controller” of your data. Where we are the controller of your data, your rights include:

a.     (access) to request that we transfer your personal information to another service provider of your choosing;

b.     (erasure) to request that we erase your personal data. All reasonable steps to delete the information will be made, except where it is required for legal reasons. Deletion of information may result in us being unable to facilitate or provide you with information about certain services (including the uploading, access to, and receipt of content on a Website);

c.      (objection and restriction) in some circumstances, to object to the use of your personal data by us and request that we restrict our use of your personal information; and

d.     (complaint) to lodge a complaint in relation to our processing of your personal data with a data protection supervisory authority under the GDPR.

32.  To exercise these rights, please contact us at the contact details listed at the beginning of this Privacy Policy. Please allow for a reasonable amount of time for us to process your request, which will generally be up to 30 days.

Miscellaneous

Anonymity and Pseudonymity

33.  Where practicable, Enigma will allow you to deal with us on an anonymous or pseudonymous basis. If this is practicable, our collection channels will only seek information in this way. However, where it is not practicable for the purposes for which information is collected, we will seek the personal information identified above. It will not be practicable to deal with you on an anonymous or pseudonymous basis when we wish to send you direct marketing materials or need to provide you with goods or services requested by you.

Sale of the company

34.  If Enigma merges with, or is acquired by, another company, or sells all or a portion of its assets, your personal information may be disclosed to our advisers and any prospective purchaser’s adviser, and may be among the assets transferred. However, personal information will always remain subject to this Privacy Policy.

Children

35.  Personal information will not be collected from any person who is known by Enigma to be under the age of sixteen (16) without the consent of a parent or legal guardian or as has been provided to us lawfully by third parties, including our clients. Persons under age sixteen (16) may only use our Websites with the involvement and consent of a parent or legal guardian.

Passive Information Collection

36.  As with many commercial websites (and mobile and tablet applications), Enigma and Enigma’s clients may also collect information which tells us about visitors to our websites. For example, we may collect information about the date, time and duration of visits and which pages of a Website are most commonly accessed. This information is generally not linked to the identity of visitors, except where a Website is accessed via links in an email we have sent or where we are able to uniquely identify the device or user accessing a website. By accessing a Website via links in an email we have sent and/or by accessing a Website generally including when you are logged into an account, you consent to the collection of such information where it is personal information.

37.  As you navigate through our websites, certain information can be passively collected (that is, gathered without you actively providing the information) using various technologies, such as Unique Device Identifiers (UDI), cookies, Internet tags or web beacons, and navigational data collection (log files, server logs, clickstream). In certain circumstances, this information may be considered anonymous information or personal information under the Privacy Act 1988 (Cth) and the GDPR, dependent on the device used and the method by which an individual connects to the Internet. Your Internet browser automatically transmits to the website you are browsing some of this anonymous information or personal information, such as the URL of the website you just came from, the Internet Protocol (IP) address, the UDI (if applicable) and the browser version your device is currently using. Our websites may also collect anonymous information or personal information from your device through cookies and Internet tags or web beacons. You may set your browser to notify you when a cookie is sent or to refuse cookies altogether, but certain features of a website might not work without cookies and this may limit the services provided by a website. Cookies and other technical methods may involve the transmission of information either directly to us or to another party authorised by us to collect information on our behalf.

38.  Our Websites may use and combine such passively collected anonymous information or personal information and/or information from various third party sources, including as described above, and may combine this anonymous information or personal information with other personal information collected from you to provide better service to website visitors and users, customise a website based on your preferences, compile and analyse statistics and trends, provide you with relevant advertising when you visit a Website or a third party Website, and otherwise administer and improve a Website for your use. We may combine your visitor session information or other information collected through tracking technologies with personally identifiable information from time to time in order to understand and measure your online experiences and to determine what products, promotions and services are likely to be of interest to you. By accessing a Website, you consent to information about you being collected, compiled and used in this way.

39.  For more information about cookies and how you can opt out, you can visit http://www.youronlinechoices.com.au/.

Enigma and other websites

40.  Our Websites may, from time to time, contain links to the websites of other organisations which may be of interest to you. Their inclusion cannot be taken to imply any endorsement or validation by us of the content of the third party website. Linked websites are responsible for their own privacy practices and you should check those websites for their respective privacy statements. Enigma is not responsible, nor does it accept any liability, for the conduct of companies linked to our Websites.

41.  We may use third party advertisements on our Websites. All third party advertising, if paid for, is paid for by the relevant third party advertisers and are not recommendations or endorsements by Enigma or any of its affiliates. Enigma is not responsible for the content (including representations) of any third party advertisement on a website. Cookies may be associated with these advertisements to enable the advertiser to track the number of anonymous users responding to the campaign. We do not have access to or control of cookies placed by third parties.

User submissions

42.  Enigma may provide areas on a Website where you can upload user-generated content, post or provide information about yourself, communicate with other users, provide reviews for content, products and/or services or interact with or vote on particular content. This information may be shared with others and may be publicly posted on our Websites, including without limitation, other social media platforms and other public forums in which you choose to participate. This information may become publicly available and may be read, collected and used by others outside of our Websites. Enigma is not responsible for the conduct of others who may read, collect and use this information.