Privacy Statement

Enigma CCS (Limited) and Enigma Empowerment for Wellbeing and Growth (CIC) are committed to protecting your privacy. This Privacy Notice (“Notice”), together with our terms and conditions and any other documents referred to in it, sets out the types of personal information we collect, how we collect and process that information, whom we share it with about the services we provide and certain rights and options that you have in this respect.

Who is responsible for your personal data?

Enigma CCS Limited and Enigma Empowerment for Wellbeing and Growth CIC is responsible for your personal data. We are incorporated in England & Wales, registered numbers 09026631 and 14379194. Our principal registered address is 292 Wake Green Road, Birmingham, B13 9QP, United Kingdom.

You can contact us:

  • By post, using the postal address given above.
  • By Telephone, on the contact number published on our website.
  • By email using

What personal data do we collect about you?

We will always collect and use your name, and we will ask you to prove your identity when necessary. When you submit an enquiry to us via our website contact form, we will collect:

  • Your name
  • Your email address
  • Your telephone number
  • Your company and website details (if you choose to provide them)
  • Any details that you submit as part of filling out the message section of the form

If you have asked us to stop contacting you, (asked us to add you to our suppression list) we will also collect one or more of:

  • Your email address
  • Your fixed-line and/or mobile telephone numbers
  • Your social media handle(s)
  • Your postal address

We will also collect copies of any correspondence (including emails) that you share with us concerning your request.

Why do we collect this information?

We need your personal details for business purposes so that we can engage with you effectively. We rely on UK GDPR Article 6(1)a “the data subject has given consent to the processing of his or her personal data for one or more specific purposes;” As such, we can only use your data when you consent. You also have the right to withdraw that consent at any time and for any reason. If you withdraw consent, we will delete your personal data from our systems.

If you fail to provide personal data

Where we need to collect personal data by law or to process your request or perform a contract, we have with you and you fail to provide that data when requested, we may not be able to carry out your instructions or perform the contract we have or are trying to enter into with you. In this case, we may have to cancel our engagement or contract you have with us, but we will notify you if this is the case at the time.

Where did we get your information?

In the majority of cases, we obtain your personal data directly from you. If we obtain it from another source, we will inform you as soon as possible but at the latest within one month.

Who might we share your information with?

Enigma CCS Limited and Enigma Empowerment for Wellbeing and Growth (CIC) will not routinely share your personal data with another 3rd Party. We may however need to share your Personal Data for the following reasons:

  • With courts, law enforcement authorities, regulators, government officials or other parties where it is reasonably necessary for the establishment, exercise, or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process,
  • with service providers whom we engage within or outside of Enigma CCS Limited, and Enigma Empowerment for Wellbeing and Growth (CIC) domestically or abroad, e.g., shared service centres, to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only.

We will also store your Personal Data on cloud-based platforms managed by our suppliers for Data storage, record-keeping, and messaging services. Such suppliers will process your Personal Data solely at our direction and in line with a legal contract.

What do we do with your information?

We use your information to communicate with you and provide services to you. We may also need to hold your personal data to manage our subscription list so that we do market our services to you.

How long do we keep hold of your information?

Any proof of your identity will be retained until we are satisfied that we have verified your identity after which, it will be disposed of securely within one calendar month.

When added to our suppression list, your Personal Data will be retained indefinitely to help ensure that we never contact you again in the future.

Otherwise, we may retain the Personal Data you have provided when invoking your right under Data Protection legislation (including copies of your correspondence) for up to three years after we have handled your request.

What are your rights?

You can contact us at and:

  • Ask us to provide a copy of the Personal Data for you that we hold or process.
  • Request that we make a correction to the Personal Data for you that we hold or Object to our processing of your Personal Data.
  • When you have invoked one of your existing rights you then may be able to exercise further rights, including:
  • Requesting that we erase your Personal Data
  • Asking for our processing of your Personal Data to be restricted

If you wish to exercise any additional rights that are applicable, please contact us at

If you are unhappy with our processing of your Personal Data, or our handling of a related request, you can complain to the ICO at or contact them by

telephone on 0303 123 1113.

You also have the right to take legal action if you are not satisfied with our handling of your

Personal Data or, how we deal with a related request.

Will your information be transferred overseas?

When we transfer your information to other countries, we will use, share, and safeguard that information as described in this notice. To provide professional advice and other services, we may transfer the personal information we collect to countries outside of the EEA which do not provide the same level of data protection as the country in which you reside and are not recognised by the European Commission as providing an adequate level of data protection. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal information, such as European Commission approved standard contractual clauses or the UK International Data Transfer Agreement (IDTA).