Cookie Declaration


We care about privacy and about being clear and transparent in how we collect and use your personal data.  We use the information collected online to help us to improve your experience of visiting our website and to develop and enhance our services to you.

This policy gives you information about the cookies we use and the purposes for using those cookies.

What is a cookie?

A cookie is a small file that websites store on your computer or mobile device.  Each cookie contains anonymised information about how you use our website and applications and this allows us to improve your user experience.

Cookies and personal data

Under the GDPR, any cookie or other identifier that is uniquely attributed to a device or user and capable of identifying an individual, or treating them as unique even without actually identifying them, counts as processing of personal data.

The length of time a cookie stays on your device depends on its type.
We use two types of cookies on our website - session cookies and persistent cookies

  • Some cookies only exist whilst you remain on the site and are erased when you close your browser; these are known as session cookies.
  • Others remain on your machine or device between sessions allowing us to recognise you when you return to the site; these are known as persistent cookies.

Broadly speaking, cookies also have four different functions and can be categorised as: 'Essential' cookies, 'Analytics' cookies, 'functionality' cookies and 'targeting' or 'advertising' cookies.

You may also have heard of first and third-party cookies. Whether a cookie is 'first' or 'third' party refers to the website (domain) placing the cookie.  First-party cookies are set by a website that is being visited by the user at the time.  Third-party cookies are those set by a domain other than that being visited.

We do not use Targeting
or Advertising Cookies on our site.

We use the following types of cookies on our site, Essential and Analytic.

Essential Cookies

Essential cookies are required to navigate around our website and use its features. These cookies do not gather information about you that could be used for marketing or remembering where you've been on the internet.

Name Purpose Expiry
CFID This is a session cookie and is necessary for the operation of the site. 1 day
CFTOKEN This is a session cookie and is necessary for the operation of the site. 1 day
SBCOOKIECONSENT This cookie allows us to remember what choices you made relating to cookies you want to use on this site 1 year

Analytic Cookies
Analytic cookies collect anonymous data for statistical purposes on how visitors use our website, they don’t contain personal information, and are used to improve the user experience of a website.

Name Purpose Expiry
__UTMA Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics. 2 years from set
__UTMB Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics. 30 mins from set
__UTMC Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit. When browser closed
__UTMT Used to throttle request rate, used by Google Analytics 10 minutes
__UTMV Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics. 2 years from set
__UTMZ Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics. 6 months from set

You can decide whether to accept or reject cookies – it's your decision. A message appears on the bottom of all our websites which allows you to manage cookies.   Essential cookies remain pre-ticked as without them, the sites will not work correctly.

You can change your consent to the cookies above by clicking here

For more information on cookies, please visit the ICO website -

Privacy Policy

We care about your privacy.

Keeping your personal information safe matters to us.  We take data protection seriously because we respect the trust that you place in us to use your personal information appropriately and responsibly.

You can be confident that:
  • We will only use personal information in ways we need to and that are expected of us.
  • We will make it easy for you to tell us how you want us to communicate with you including how to opt out from future communications.
  • We will not share your information with third parties for their marketing purposes
  • We will keep your data safe.

This Policy

This policy covers how we treat the personal information that we collect when you use our website , and
It sets out how we collect the information, what we collect, how we use it, how we safeguard it, your rights under the law and in particular your rights under the General Data Protection Regulations (GDPR).

Who we are

We are Enigma Interactive (company no. 03360519) and we are registered in the Information Commissioner’s Office (ICO) Register of Data Controllers with registration no. Z7608769

Enigma Interactive
Quayside Studios
8-10 Close
Tyne and Wear
0191 261 2991

Personal Data and processing - what is it?

Personal data means information (whether stored electronically or paper based) relating to a living individual that can be used to determine their identity.  Examples include:

  • Name, address, email address, social media posts, photos, passport, personal medical information (e.g. genetic, biometric – this is 'sensitive personal data', which can only be processed under strict conditions), IP addresses, bank details, National Insurance Number etc.

Processing is any activity that involves use of personal data. It includes obtaining, recording or holding the data, organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.

Data Protection principles - what are they?

When we process your personal data we’ll be guided by the following principles:

Lawfulness, fairness and transparency

  • We'll be open about what data processing we do, what is processed will match up with how we have described it and we shall comply with the law.

Purpose limitations
  • We'll only collect or obtain data for specified, explicit and legitimate purposes which can only be used for the processing purpose that we have made you aware of. If that changes, we’ll need your consent.

Data minimisation
  • The data we collect will be adequate, relevant and limited to what is necessary.

  • Our data will be accurate and where necessary, kept up to date.

Storage limitations
  • Any personal data we keep will be kept for no longer than necessary and then removed / deleted.

Integrity and confidentiality
  • We'll put in place appropriate security measures to safeguard data and protect against unlawful processing or accidental loss, destruction or damage.

What data do we collect?

We only collect what we need to as a business.

Depending on your use of our site and the reasons you are contacting us, personal information we collect from you will include some or all of the following - your name, address, company name, job title, email address, IP address, date of birth, mobile or telephone number and information regarding what web pages are accessed on our site.

Data may be collected in the following ways:

  • when you complete our website enquiry form, email us, phone us, or submit job applications
  • by means of 'cookies' when you use our website - please see our Cookies Policy above
  • by means of 'web beacons' embedded in emails - please see our Cookies Policy above
  • in the form of 'traffic data'

We keep a record of traffic data which is logged automatically by the server hosting our website.  This includes your IP address, the website address you visited before ours and which pages you visit on our website.  We do not store or analyse traffic data in a way that identifies any individual.

We may also collect information about you in other ways:

  • during face-to-face meetings
  • when you provide us with your business card
  • if you are a client of ours - through our client relationship and contract
  • indirectly, through one of our staff, a client of ours or a third party
  • if you are a supplier of ours - through that relationship and any contract that is in place
  • via a recruitment agent - if you are put forward for a vacancy

How we use your data and legal basis for processing your data

There are six lawful bases for processing personal data and we will always use the most appropriate bases depending on our purpose for processing and our relationship with you.

  1. Consent - when you give clear consent for us to process your personal data for a specific purpose
  2. Contract - the data processing is necessary for a contract that we have with you, or you have asked us to take specific steps before entering into a contract
  3. Legal obligation - the data processing is necessary for us to comply with the law - not including contractual obligations
  4. Vital interests - the data processing is necessary for us to protect an individual's life
  5. Public task - the data processing is necessary for us to perform a task in the public's interest or for our company's official functions, and the task or function has a clear basis in law
  6. Legitimate interests - the data processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data that overrides those legitimate interests

We'll only process your information, where:
  • you have given your consent to such processing (which you may withdraw at any time)
  • the processing is necessary to provide our services to you
  • the processing is necessary for compliance with our legal obligations
  • the processing is necessary for our legitimate interests

Legitimate interests

When we use the basis 'legitimate interests' this means that we will process your information when we have a genuine and legitimate reason to do so but that we are not harming or infringing on any of your rights.

Using great care, we shall consider and balance any potential impact on you and your rights.

Some typical examples of when we might use the approach are for preventing fraud, direct marketing, maintaining the security of our system, data analytics, enhancing, modifying or improving our services.  We use personal data in this way to run and operate our business and planning for strategic growth.

More examples of how we use data are below.

We use the data we collect for a range of purposes including:

  • to provide, operate and maintain our services
  • to set up a contact and company record
  • to process and send invoices
  • to manage our clients' use of services i.e. to respond to queries or comments and provide support;
  • for administration and reporting purposes, statistical analysis and testing
  • to improve our website to ensure content is presented in the most effective manner for you and your device;
  • to analyse use of our website
  • to keep our website secure
  • for purposes made clear at the time you shared the information – for example, to fulfil a request for information on our services or to sign up to our newsletter
  • for HR and recruitment purposes

With your consent, or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email, phone or post with information, or news on our services.
  • We will not send you any unsolicited marketing or SPAM.
  • You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.

How long do we keep your data?

We store your personal information for varying lengths depending on the purpose for which it was collected.

We will keep some records permanently, if we are legally required to do so.  We may keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of 7 years to support HMRC audits.  In general, we will endeavour to keep data only for as long as we need it.  This means that we may delete it when it is no longer needed.

How we keep your data safe

We know how important it is to protect your personal data.

We use computer safeguards such as firewalls and data encryption and we enforce physical access controls to our offices to keep this data safe. Access to data is given to appropriate employees who need it to carry out their job responsibilities.

However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us.

In regard to the services we provide, all data that we process on behalf of our clients is done under SSL and personal data will be securely stored. We take pride in ensuring all our system, client and customer data is protected and private.

How do we share and disclose information to 3rd parties

We will never sell or share your personal information with organisations for their marketing activities.

Nor do we sell any information about your web browsing activity.

Depending on our relationship with you, we share your information with a few selected organisations we work with or on our behalf and will make sure that they also comply with the current laws and GDPR (e.g. hosting provider, payroll and pension providers).

We will not transfer your information outside the EEA. The EEA comprises certain countries within Europe (including the EU) which have similar laws on data protection. Other countries outside the EEA may not give the same level of protection to your information.

Finding out more about your rights

When it comes to your personal data, you have the following rights:

  • The right to be informed about our collection and use of personal data.
  • The right of access to the personal data we hold about you.
  • The right to correct data, if what we hold is inaccurate or incomplete.
  • The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you.
  • The right to restrict (i.e. prevent) the processing of your personal data.
  • The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation – in a machine readable format e.g. csv).
  • The right to object to us using your personal data for particular purposes.
  • Rights with respect to automated decision making and profiling.
  • The right to make a complaint with the Information Commissioners Office (ICO), if you feel that we have not complied with our obligations to you and your rights.

How else can you control your data?

As well as the rights above, when you share personal data with us, you will be given the choice to restrict our use of it.  This applies in particular to direct marketing purposes.   We will always give you the option to opt-out of receiving emails from us.

It’s important to remember that if you request that we restrict or stop using your personal data, or you withdraw a consent you have previously given to the processing that information, this may affect our ability to provide services to you or negatively impact the services we can provide.  It may also mean we cannot perform our statutory or contractual obligations.

Children and their personal data

We do not offer our services directly to Children.

Occasionally, we get enquiries from children under the age of 16 regarding work experience placements.  If you are 16 years or younger, please get your parent’s or guardian's consent before you provide us with personal information.

Who to contact and to access your data

We're happy to answer your questions.

Under GDPR, you have the right to ask for a copy of your personal information held by us.

If you want to know about your personal information, or privacy and data protection in general, please contact our data champion at 


Write to us at our Newcastle HQ:

Enigma Interactive, Quayside Studios, 8-10 Close, Newcastle upon Tyne NE1 3RE

What happens if our business changes hands?

In the unlikely event that this happens, any personal data that we hold on you will, where it is relevant to the transfer or sale of our business, remains under the terms of this Privacy Policy, and permitted use of that data will only be for the original purposes for which it was collected

Changes to our policy

We always strive to improve our website and services so we may change and update this Privacy Policy from time to time.  We will also do so, if the law requires it. 

All changes will be posted on our website with the date that it was last updated.

May 2018

Powerful website solutions tailored to the needs of independent pharmacies
0333 231 0333

Website design by SiteBuilder Bespoke