Privacy Policy

This privacy policy (the “Privacy Policy”) governs the rules which apply to Enigma’s data protection, collection, handling/transfer and usage practices.

By accessing or using Enigma’s services, you acknowledge and agree to the terms of this Privacy Policy. It is intended to protect the rights of all users, ensure responsible usage, and support the secure and reliable operation of our systems. This Privacy Policy may be updated from time to time and applies in addition to Enigma’s Standard Terms.

Any reference to Enigma services or product shall also include Third-Party Licences or any affiliated connections or networks, as appropriate. Any capitalised terms not otherwise defined herein, shall have the meanings ascribed to them in the Standard Terms.

Except where expressly stated otherwise, this Privacy Policy is subject to and governed by Enigma’s Standard Terms. In the event this document is silent on any matter, the relevant provisions of the Standard Terms shall apply and shall govern that subject matter accordingly.

1) GENERAL

1.1) Our policy is broadly to:

  1. Protect your privacy and the data you entrust us with;
  2. Limit the amount of your private information we have access to, with such data required to operate our business or provide a service;
  3. Not to buy or sell your private information;
  4. Protect the privacy of visitors to our website and the privacy of customers, contacts and other individuals whose personal data we handle.

1.2) Without our prior written approval, you must not (and must not permit anyone else to) use our Services to store, transfer or process any personal or sensitive data including patient, medical or other protected health or sensitive information regulated by the Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulations (GDPR), Payment Card Industry Data Security Standard (PCI DSS) or California Consumer Privacy Act (CCPA).

2) DATA PROTECTION

2.1) In this clause 2 of this Privacy Policy, the defined term “Data Protection Legislation” means the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications Regulations 2003 (PECR), and all subordinate legislation, guidance, and rulings from the Information Commissioner’s Office. and any other applicable data protection legislation and all rules made under any of the DPA98, the DPA18, the GDPR and the PECR by any competent body, including the “Information Commissioner’s Office” in the United Kingdom.

2.2) The Parties agree that on the date of signing of these Standard Terms no ‘personal data’ is intended to be transferred. To the extent that either Party intends to process ‘personal data’, the Parties shall enter into a separate data processing agreement incorporating the mandatory provisions of Article 28(3) UK GDPR before any personal data is processed. . In doing so, the Parties shall also implement appropriate technical and organisational measures which meet the requirements of applicable data protection law (in particular GDPR), and these Standard Terms.

3) ENIGMA’S COMMITMENT

3.1) Enigma is built upon a foundation of security, privacy and trust, with our core elements including:

  1. We cannot access the data you transfer through our network.
  2. We apply industry standard 128-bit AES encryption (or higher) to all data transferred
  3. Our payment systems are run by authorised third-party providers.
  4. Our websites’ logs do not store any personally identifiable data
  5. We do not buy, sell or trade your data

4) PERSONAL DATA PRIVACY

4.1) Any collection and use of your personal information will depend on the particular relationship and arrangements in place between us. Of the limited data collected or stored, Enigma only use or share information where it is necessary to meet our legitimate interests.

4.2) We explicitly do not collect or store the following data:

  1. Any information about the applications, services or websites used by our customers
  2. Users’ IP addresses visiting our websites
  3. Users’ IP addresses upon service connection
  4. DNS queries whilst connected

4.3) We believe protection of personal data is a fundamental right. Access to information held by us is restricted and we have systems and procedures in place to protect information and keep it confidential. We monitor and revise the appropriateness of these security measures on a regular basis.

4.4) We process personal data in relation to:

  1. To undertake comparison tests
  2. Maintain an account with us
  3. Purchasing services and/or products

What type of personal data is collected and processed by us, and on what basis?

4.5) We limit the collection of personal data to information which we can process pursuant to a lawful basis, namely a contractual necessity, a legal obligation or to meet our legitimate interests. We seek to limit data collection as follows:

Account Data

  1. Name
  2. Email address
  3. Contact details for marketing, communications, purchase receipts and occasional product news
  4. Email confirmed
  5. Confirmation that your email address is valid
  6. Payment transactions

4.6) Customer payment information is handled by third-party payment providers; however, Enigma may access limited non-sensitive payment-related data necessary for verification and customer support.

Operational Data

4.7) We do collect and store some “Operational Data” required to operate our services. This is data that we collect and store when we collect and store when you connect to our network, such as:

  1. OS Version (e.g. iOS 7)
  2. Enigma’s product version (e.g. PC version 2.1.1)
  3. Active this month (e.g. 1 or 0), upgraded to paid subscription, online advertising referrals

4.8) Total data used this month (e.g. 22.34 GB)

4.9) What do we use it for?

  1. User support, troubleshooting and product planning
  2. Customer satisfaction, support, network demand planning, granting free user data
  3. Operational events (e.g. created an account, complete bonus, made a payment, upgraded to paid subscription, online ad referrals, etc)
  4. Troubleshooting account and payment related issues and tracking where sales come from

4.10) We note that such events are not related to the time, activity or usage of Enigma products.

Personal and Financial Data Collected at Payment

4.11) Making a purchase on any service will result in personal data being exchanged with our payment processors. We currently do not accept payment by Bitcoin or other cryptocurrencies as this would involve the collection of additional personal data including additional checks on whether individuals are politically exposed persons (PEPs) or a close relative thereof.

4.12) Payment card transactions – payment information is processed securely through our third party payment providers. Such providers may store personal data (associated with such financial transactions) outside of your jurisdiction.

4.13) When you pay with a payment card, we may obtain the following payment data:

  1. Cardholder last name (e.g. Smith)
  2. Date of card use (e.g. 2022/01/01)
  3. Last four numbers of credit card (e.g. 4567)
  4. Card Billing address
  5. Card Expiry
  6. Session information (e.g. device type, operating system, IP address at time of payment)

4.14) What do we use it for?

  1. To operate, evaluate and improve our business
  2. To carry out auditing, accounting and other internal functions
  3. To prevent credit card fraud
  4. To carry out security maintenance over Enigma’s systems
  5. To monitor compliance with applicable laws and regulations.

4.15) Enigma can securely log-in and view the data stored by our third party payment providers, albeit such viewable information is limited as described above. We adopt all available security and available multi-factor authentication measures.

4.16) Whilst processing this information does not override your rights, we have a legitimate interest in using it as it could potentially assist Enigma to further develop our business.

4.17 ) Direct marketing procedures are currently limited to periodic updates sent to a very and limited distribution list of business Contacts. Recipients of these emails are given the opportunity to opt-out from distribution lists so that their information is not used for such a purpose. The use of personal data for regular updates is targeted and proportionate in accordance with the guidelines issued by the Information Commissioner’s Office regarding the GDPR provision of “legitimate interest”.

Cookies and Persistent Trackers

4.18) In building our websites and apps, we have tried to limit the use of cookies in your browser.

4.19) Unlike many of our competitors, we do not use any tracking tools for any purposes.

How do we obtain Personal Data?

4.20) We collect personal data in a number of ways, including:

  1. Information provided directly from a customer and/or an end user, or business contact
  2. Information received from third-party providers in relation to services, including fraud prevention or employment or other background checks
  3. Data collected automatically from our systems when someone visits our website
  4. From publicly available sources, such as company websites, press and online search engines

Transferring Information Overseas

4.21) Personal data may be stored or transferred to systems located in the UK, EU, Canada, or USA, subject to adequate safeguards in accordance, including adequacy decisions or standard contractual clauses.

4.22) Electronically stored information may be transferred outside your jurisdiction. When such transfers take place, we ensure to transfer the information to:

  1. A country or organisation which has been categorised as adequate by the European Commission or UK authorities and/or meets the same standards of data protection as the UK
  2. An organisation pursuant to a contract between us and the third-party on terms that contain data privacy provisions approved by the European Commission or UK authorities.

Sharing Information with Third Parties

4.23) We only share personal data with third parties pursuant to the legitimate interests as described.

4.24) We do not sell or buy personal data.

4.25) We may be required to share information with other entities by law, in connection with any legal proceedings or in response to an enforcement action or investigation carried out by an authority or regulator (which, we would remind our customers, is effectively on a limited basis due to the levels of data we receive and/or store).

4.26) We would not transfer such information to third parties for their own marketing purposes without requesting your express consent. We may, however, be required to send certain information to third-party providers who operate services that help us with customer support, email, hosting, protecting and securing our infrastructure and data, DDoS prevention, payment processing, as well as understanding website analytics, app analytics, account and payment related service usage.

How long will the information be stored?

4.27)  We retain data for as long as it is considered necessary for the purpose for which it was collected, subject to the applicable laws and regulations. The retention period is determined on the type of information, the nature of the activity and the rules and regulations applicable at the time. In general, we have policies and procedures in place to retain records for up to seven years.

4.28) We may have to retain personal data for longer periods, especially where Enigma has been ordered to withhold destruction of the information by the Courts or an authority or agency.

What are your rights?

4.29) Should you wish to contact us in relation to any of your rights under the GDPR, you can contact our support team quoting GDPR in the subject heading.

4.30) Irrespective of the nature of your GDPR request, we will respond to you within thirty (30) days of receipt of your initial notification to confirm whether we can take any action If we determine your request cannot be fulfilled under GDPR, such as where it is manifestly unfounded or excessive, we will notify you in writing with the applicable legal basis.

4.31) The right to access your data: If you would like to receive a copy of the personal information that we hold on you, you can contact us as per the above instructions. We may need to verify your identity before we can take any further steps in response to your request.

4.32) The right to rectify your data: If you believe that Enigma holds inaccurate information on you, you can request us to rectify and update it. We may have to withhold the processing of your personal data until the new information has been verified and updated on Enigma’s systems.

4.33) The right to erase your data: If you believe that Enigma is processing your data unlawfully, at a time when it no longer needs to or for the purpose for which it was provided, you can request for your personal data to be erased. However, this request is not absolute under the GDPR and depending on the circumstances, Enigma may not be able to meet your request.

4.34) The right to restrict the processing of your data: You may wish to ask Enigma to limit the processing of your data if you believe that the information is being unlawfully processed and/or we no longer need it for a particular purpose. This request is not absolute under the GDPR and Enigma’s ability to meet it will depend on the circumstances.

4.35) The right to data portability: You have the right to receive a copy of the personal data that we hold on you, and/or ask us to transfer your personal data to someone else. Either way, we will seek to provide you with the information on a portable format which is safe and machine-readable.

4.36) The right to object to the processing of your data and/or direct marketing: You have the right to object to the processing of your personal data by us. However, please note that this right is not absolute under the GDPR. It is therefore subject to certain record-keeping requirements. Applicable laws and regulations may restrict our ability to meet any request to stop processing your information. However, you retain an absolute right to ask us to stop processing your information for direct marketing purposes. Should wish you to notify us of such a request, please contact us using the details set out above. In the event that we rely on your permission to use your information for a particular purpose, you retain the right to withdraw your consent at any time.

4.37) The right to withdraw your consent: As set out in this Privacy Policy and depending on the nature of our relationship with you, we rely on our legitimate interests in order to process personal information. We do not rely on express consents as a lawful basis for processing your information. We may therefore not be in a position to meet a request to stop processing it. However, should you wish to withdraw your permission in relation to our periodic updates, please contact us with your request and we will stop using your data for the purpose of direct marketing.

4.38) The right to lodge a complaint with the regulator: Should you wish to complain about the way we use your personal data or handled your request pursuant to your rights under the GDPR, please contact our Data Compliance Officer in the first instance. He will investigate the matter and aim to address your concerns within thirty (30) days of receipt of your complaint. You can also lodge a complaint with the Information Commissioner’s Office (ICO). For more information, please visit the Information Commissioner’s Office’s website.

Residents of California and Nevada

4.39) Residents of California – We do not share information that identifies you personally with non-affiliated third parties for our own marketing use without your permission.

4.40) California Consumer Privacy Act – If you are a resident of California, you may exercise your rights to personal data by contacting our support team quoting “California Consumer Privacy Act” in the subject heading to request access to, receive (port), seek rectification, or request erasure of personal data held about you. For the purposes of the California Consumer Privacy Act, we do not “sell” your personal data.

4.41) Residents of Nevada – We do not sell information that identifies you personally with non-affiliated third parties. We do not sell or trade personal data for commercial purposes.

Data Protection

4.42) When using our products and services, your data is protected by our patented multiplexing obfuscation technology and multiple layers of data protection and security measures that ensure the privacy of our users whilst affording optimised, efficient and secure data transfer.

4.43) Enigma is committed to treating information and data (in all forms; written, verbal, electronic, personnel and materials) with care and confidentiality as it is of the highest value to the organisation, stakeholders and clients. We ensure data is gathered in a transparent way and only with the full co-operation and knowledge of interested parties. It is transferred, stored, and handled transparently, respecting individual rights.

4.44) Data will not be:

  1. Communicated informally or without the owner’s consent
  2. Stored for more than a specified amount of time
  3. Transferred to organizations, states or countries that do not have adequate data protection policies
  4. Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)

4.45) This policy is an affirmation of Enigma’s commitment to safeguarding data protection, privacy and maintaining data integrity. Data entrusted to us will be protected against any unauthorized or illegal access by internal or external parties and will be processed within legal and moral boundaries.

Changes to our Policies

4.46) We may need to change our policies from time to time and all updates will be posted online. Your continued use of our products/devices and/or services after the effective date of such changes constitutes your acceptance of such changes. These policies are effective from the date of amendment (set out below) and are subject to periodic review.

Contact Information

4.47) If you have any questions in relation to this Privacy Policy or how Enigma processes personal data, please contact our Data Compliance Officer via the support team.