Reach Group - Privacy Notice

We have organised this Privacy Notice based on the different ways you might interact with us and what you might want to know.

Please use the contents list below to navigate to the section of the Privacy Notice which you are interested in. At the end of each section if you want to return to the contents list please click the link: ‘Click here to go back to Contents’.

CONTENTS

  1. Who we are and how to contact us

  2. About this Privacy Notice

  3. When you browse our websites and use our apps

  4. When you create or sign into your online Reach account

  5. When we communicate with you by email

  6. When you enter a competition or prize draw

  7. When you complete a survey

  8. When you subscribe to our print or “e-publishing” titles

  9. When you place a classified ad

  10. When you apply for a job with us

  11. When you work at other organisations that we do business with

  12. Site visits and CCTV at our premises

  13. Further data sharing by Reach

  14. Your rights and how to exercise them

  15. Residents of California

  16. Residents of Nevada

  17. Privacy Notice last updated


1. Who we are and how to contact us

We are the Reach group, which is made up of Reach plc and its subsidiaries. Reach plc is the largest national and regional news publisher in the UK with a leading portfolio in Ireland. We create engaging, relevant content which is distributed through newspapers, magazines, and digital platforms – playing a central role in our audiences’ daily lives. We are the name behind some of the UK’s most influential, iconic, and trusted news brands, such as the Daily Mirror, Daily Express, Daily Star, Daily Record and Sunday People as well as leading celebrity and entertainment magazine OK! We also publish leading regional titles including the Manchester Evening News, Liverpool Echo, Birmingham Mail, Western Mail and Bristol Post. You can see the list of websites and brands we publish here.

Our address is:

One Canada Square, Canary Wharf, London, E14 5AP.

Depending on who you are and how you interact with us, the legal “controller” of your personal data will be one or more of our group companies, like MGN Limited, Local World Limited or Express Newspapers (all at the address above). Your point of contact for anything to do with how the Reach group uses your personal data is the office of our group Data Protection Officer, who you can contact by submitting the relevant form accessible within the 'Your rights and how to exercise them' section or by writing to ‘The Data Protection Team’ at the address above.

*** Click here to go back to ‘Contents’ ***


2. About this Privacy Notice

This Privacy Notice tells you about the kinds of information we hold about you, what we do with it, and why.

As a broad summary, in our business we use information about people:

Some specific activities and websites might have their own additional and complementary privacy notices which sit alongside this one. Generally, that will be the case for very specific services such as our commercial job boards or other specialist websites, or where we have a very specific kind of relationship with you (for instance if you are an investor or a member of our group pension scheme). We try to make it obvious where that is the case.

Data Protection and Journalism

The UK

In the UK the Data Protection Act 2018 provides an exemption from data protection laws to prevent unjustified interference with the work of journalists. We are members of the Independent Press Standards Organisation (IPSO) and therefore subject to the Editors’ Code. If you object to a story we have published that concerns you personally then you can find our complaints policy here [UK Complaints], which explains how to raise a complaint and how we will handle it.

Ireland

In Ireland we subscribe to the Code of Practice of the Press Council of Ireland and the Press Ombudsman, which set the benchmark for high professional standards. If you believe that we have got something wrong, or that we have breached the Code of Practice, please let us know at the contact details of the publication concerned.

The Code of Practice and details of how to lodge a complaint with the Press Ombudsman are available from:

Post: 1, 2 & 3 Westmoreland Street, Dublin 2.

Website: www.pressombudsman.ie

Email: info@pressombudsman.ie

Telephone: 1890 208 080

Fax: 01 6740046

*** Click here to go back to ‘Contents’ ***


3. When you browse our websites and use our apps

When you browse our websites or use our apps, we and our advertising partners will receive some information about the device you are using and about what you look at and interact with. We do this for the purpose of choosing which adverts to show you, as well as to make our sites and apps work properly. It also allows us to diagnose problems with them and understand how they are used so we can make them better. Sometimes, we also apply a degree of personalisation in choosing which content to show you (for example, by recommending articles similar to those you’ve viewed previously).

You can learn more about what we do with this information and why below.

3.1. Targeting by Reach

We combine the information you give to us (for example, sign up information for newsletters and competitions) with the information we receive when you use our websites and apps, and analyse it in order to help us to understand your preferences and interests. We then associate this with a unique identification number. This is then used to tailor the content and advertising that you see on our websites and in our apps, so it is more likely to be of interest to you. We don’t share this personalised analysis with anyone outside Reach. In particular, it is not shared with advertisers or with the third-party advertising networks that we work with other than in highly aggregated form so that your personal data cannot be identified.

3.1.1. The data we collect and what we do with it

The data we use for this purpose is as follows:

We will analyse this information to infer interests, preferences, and demographic characteristics, and associate it with an internal identification number. For example, if our website analytics tell us that you are located in the approximate area of Newcastle-upon-Tyne and you read our online title ChronicleLive (which is focused on local news for that area), and you sign up to receive an email newsletter about football from our national title The Mirror, then we could infer from that you are interested in things related to a local football club or to football generally.

We then divide up our identification numbers into groups based on the inferences we draw about them. Those groups are called “audience segments” or “audiences”. So, for example, an identifier associated with Newcastle, ChronicleLive and the football newsletter could be allocated to audiences likely to be interested in football, and events near Newcastle-upon-Tyne.

We then use those “audiences” to do two things: first, to help us to recommend content which is more likely to be interesting (for instance, more articles about football), and second to help us to target advertisements when advertisers buy advertising space from us directly.

The advertiser would never see the actual data that we use – it remains with Reach at all times. All we would share with them would be the criteria we used to target their advert, how many times their advert was shown and how many people clicked on it (but not who), so that they know how well the advert did and we know how much to charge them.

3.1.2. Our legal basis

Your activity on our websites and in our apps can be managed by you using our “cookie banner” and related Consent Management Platform (CMP). The vast majority are used on the basis of your consent where you provide it. Some may use our Legitimate Interest and some are Essential – Please see our Cookie Notice for further information or the ‘cog’ icon or link at the bottom of every webpage to manage your consents. When using our apps if you want to change the settings, go to the ‘My Account’ Link at the bottom of the screen which includes ‘My Privacy’ and takes you to the CMP.

We combine that information with the other things we know about you (like your newsletter subscriptions) on the basis of our legitimate interest in understanding our readership, both to serve you better and to make us more attractive to advertisers. This helps us to secure a future for news reporting and journalism in the age of social media, especially local news reporting and journalism.

You do, of course, have an absolute right to object to this. You can always register your objection by completing the relevant form 14.5. Your right to object to what we do with your data, and to have restrictions placed upon it.

3.1.3. How long we keep it for

We keep the information about your activity on our websites and in our apps for up to up to three years since last browsing activity, with some anonymised browsing activity retained thereafter.

3.1.4. Who we share it with and why

The data which we use to create the unique identifier and our “audiences” is shared with the partners who provide us with the technology powering it, most notably Upland Software and Lotame, who host core data management platforms for us. They act as our “processors”. This means that they are bound by law and contract to do only what we tell them to do with the data, to keep it safe, and not to share it with anyone else or use it for anything other than providing their service to us.

3.1.5. Whether we send it outside the country of collection

Upland Software and Lotame are global businesses and so the data they host for us may be held outside of the country of collection. We have implemented the required safeguards as necessary (for example, standard agreements approved by the relevant authorities).

3.2. Targeting by advertising networks

Digital advertising helps us to fund the news articles and content published on our sites and enables us to provide some of our content for free. We and our third-party ad partners may display digital advertising on our sites that is tailored to your interests and preferences so the online adverts you see are more relevant to you. We work with third party ad networks to fill unsold advertising space on our sites and in our apps by auctioning it automatically through a process called “real time bidding”. These ad networks bid to show their ad to you when you visit our sites or use our apps.

The ad networks exchange information through cookies, which allow them to recognise you when you visit any site that they work with (not just Reach sites). Where we use cookies on our sites for advertising purposes, we ask for prior consent. The cookie information will be used along with other information we hold about you to display digital advertising that is more relevant to you. It is important to note, however, that where you do not provide your consent for digital advertising you will still see digital advertising on our sites, but this will not be tailored to your interests and preferences.

Where you provide consent to using your data to create a profile for digital advertising we may also sell or share limited data types to our partners with whom we have a legally binding relationship for similar purposes; typically data on the page content which you have shown an interest in and online identifiers, not direct identifiers such as your email address. Captify is one such partner. They may act as an independent controller of your data, and their privacy policy is shown here: Captify Privacy Policy .

3.2.1. The data collected and how it is used

On your first visit to one of our sites or apps (and on other occasions to allow you to change your mind), you will be presented with a ”cookie banner”. This asks you if you consent to the use of cookies and related technologies for the purposes of, amongst other things, selecting and delivering ads. If you do, then the ad networks will be able to recognise your device according to a unique identification number.

We then send out a “bid request” to the advertising networks we work with. What that bid request says is, essentially, ”ID number ABC123 has landed on our website, do you want to show this user an advert?” The winner then gets to display their ad.

The auction process happens automatically, in the second or so between you requesting the page and it loading and displaying. The data used by the ad networks to select the ad to show is held by them, not us, and we never see it.

If we sell or share limited data to an ad partner, as described in 3.2, it will be used for profiling and digital marketing on Reach websites and apps, and potentially other sites & apps with whom the partner has a relationship, if you have given permission for that site or app to do so.

An important point to understand is that most of these ad networks will not know who you are in a “real world” sense. They will not know your name, or your email address, or your phone number (we may know those things because you’ve given them to us in other contexts, but we never share that information with them).

We say “most” because there are two significant exceptions, which are Facebook and Google. They may provide targeted advertising services based on the things they know about their users, and so if you are signed into your account with them on your device, they will be able to recognise you and associate your browsing history across sites that use their services.

Data Matching:

When you browse our websites or use our mobile applications and when you provide your email address on these (either to log in, or sign up to a newsletter, or similar) we may share it, in hashed, pseudonymised form, with our partner LiveRamp Inc and its group companies, acting as joint controllers. LiveRamp uses this information to create a secure online identification code for the purpose of recognising you for cross-channel advertising. This code is placed in our cookie, does not contain any of your identifiable personal data, and will not be used by LiveRamp to identify you. It may be shared with our advertising partners and other third-party advertisers globally for the purpose of enabling interest-based content or targeted advertising through Reach sites. These third parties may in turn use this code to link demographic or interest-based information you have provided in your interactions with them to the pseudonymised code. Detailed information on LiveRamp’s data processing activities is available in LiveRamp’s privacy notice and opt-out. You have the right to withdraw your consent or opt-out to the processing of your personal data at any time via our Cookie Management Platform accessed via the ‘cog’ icon or link at the bottom of every webpage.

If you accept the use of cookies in our Consent Management Platform, when you submit your email address to create an account or sign-up to a newsletter we may share your email address in a hashed form with Amazon Publisher Services (APS). APS then link the hashed email to a profile which they may already hold related to that address. The hashed email will be used in a secure, pseudonymised form within a cookie to flag to APS whenever you visit an APS enabled Reach website again. APS will use this to determine, in real-time, if any of their business customers want to market to a profile similar to yours. If this is the case they may initiate an advert which will appear to you on the Reach website concerned. You have the right to stop this processing activity at any time via the use of ‘Reject’ on our Cookie Management Platform accessed via the ‘cog’ icon or link at the bottom of every webpage, or via a form accessible from section 14 of this Privacy Notice. The APS Privacy Notice can be found at APS PN.

3.2.2. Our legal basis

Where required by applicable law, advertising networks undertake this activity on the basis of your consent, which we ask for on their behalf through the ‘cookie banner’ which appears when you first visit our site. The ‘cookie banner’ message box will reappear from time to time in case you change your mind, or when something changes (typically every 30 days). Please see our Cookie Notice for further information or the ‘cog’ icon or link at the bottom of every webpage to manage your consents. When using our apps if you want to change the settings, go to the ‘My Account’ Link at the bottom of the screen which includes ‘My Privacy’ and takes you to the CMP.

Most of our third-party advertising partners operate within an industry framework and code of practice issued by the Internet Advertising Bureau (IAB) called the “Transparency and Consent Framework”, which sets out the technical means for your choices to be passed through the ad networks. It also requires that members adhere to IAB policies and standards of behaviour.

Advertising partners who do not work within the IAB framework are listed separately in the platform which can be viewed in our Consent Management Platform (CMP) – please see our Cookie Notice for further information or click on the ‘cog’ icon or link at the bottom of every webpage. In the Consent Management Platform popup go to the ‘Partners’ page and scroll down - IAB partners are listed first, then you'll see Non-IAB vendors and finally Google partners.

3.2.3. How long we keep it for

We do not ourselves hold a copy of the data gathered by the advertising networks. They will each have their own retention policies which you can find in their privacy notices linked through our ‘cookie banner’ – these are often short (between 30 and 60 days), because shopping interests change over time.

3.2.4. Who we share it with and why

When we participate in auctions for unsold advertising space, we send bid requests to third party advertising networks. You can find the list of third-party advertising networks who we work with by clicking on the ‘cog’ icon or link at the bottom of every webpage and reviewing our Consent Management Platform.

3.2.5. Whether we send it outside the country of collection

The digital advertising networks are global in nature and so, while we are predominantly a UK business, this data will travel across international borders, and in particular many automated advertising transactions will be processed in the USA. Where we are the ones making the transfer (typically, we are not), we have implemented the required safeguards as necessary (for example, standard agreements approved by the relevant authorities).

3.3. Making our sites and apps work properly, diagnosing problems with them, and understanding how they are used so we can make them better

We use the information logged by our servers and certain third-party analytics tools (such as Google Analytics, Mpulse and Hotjar) to help us to spot problems with our digital services, such as page errors or slow loading times, as well as understanding usage patterns and watching for security problems. You can find more information below.

3.3.1. The data we collect and what we do with it

We gather data for this purpose in two ways.

Firstly, our servers record certain information provided by your devices when they request content, consisting mostly of technical information about your device such as language, screen size and the features and functions it supports, but also including the internet or “IP” address from which it is connecting, and the page or data requested. The data is used for system performance, content delivery and security purposes. It is saved together with the dates and times the requests occurred into files stored on our servers called “logs” or “log files”.

Secondly, on your first visit to one of our sites or apps (and every so often again after your first visit), you will be presented with a ’cookie banner’ asking you if you consent to the use of cookies and related technologies for our use of analytics. If you do, then several “cookies” (small text files) will be stored on your device containing identification numbers. Those numbers can then be read on your subsequent visits to recognise your device, and our analytics providers will use that information to provide us with various reports and metrics on how our sites are used. Google also uses the data that it gathers as a result for other purposes, which you can read about in Google’s Privacy Policy.

If you wish to opt-out of the use of Google Analytics you can access and download the Opt-out browser add-on from here: GA Opt-Out.

3.3.2. Our legal basis

We process the personal data captured in our server log files on the basis of our legitimate interest in monitoring our systems, understanding how they are used, fixing problems with them, and for security monitoring and management purposes.

We process the personal data captured by our analytics providers on the basis of your consent, which we ask for through a “cookie banner” which appears when you first visit our site. That message box will reappear from time to time in case you change your mind (typically every thirty days), and on your first visit after we make a significant change.

3.3.3. How long we keep it for

We keep the information in our server log files for up to 90 days, depending upon the log type and purpose.

Our analytics providers will keep the information they gather from our sites and apps in line with their own privacy notices, which you can access through our ‘cookie banner’ and Consent Management Platform (see the ‘cog icon’ or link at the bottom of every webpage) .

3.3.4. Who we share it with and why

We use AWS and CloudFront to help us to analyse our server log files. They act at our direction, as our “processor”.

The information gathered using Google Analytics is held by Google and is made accessible to us by Google through various dashboards and reporting tools.

The following providers are key to providing additional website analytics or diagnostic capability:

3.3.5. Whether we send it outside the country of collection

The technology providers we use are global businesses. The data is located in Ireland with some being routed through AWS outside of the UK and EEA. We have implemented the required safeguards as necessary (for example, standard agreements approved by the relevant authorities).

*** Click here to go back to ‘Contents’ ***

4. When you create or sign into your online Reach account

Some elements of our websites and apps require you to create an account in order to use them; for example, the ability to leave comments under articles or to use some of the functions of “InYourArea”. We use your email address and the other information that you give to us as part of the account creation process to operate your account and provide those functions. When you are signed in with your Reach account, we will also have the ability to associate your account details with the information we gather through our analytics tools about how you use our sites.

4.1. The data we collect and what we do with it

When you create an account we may collect your name and email address.

For services that provide local information (like InYourArea) we will also collect your postcode and any associated areas of local interest that you want to be updated about.

Some services may let you upload your own content to our sites, such as comments or pictures. Those things will, by the nature of the service, be generally visible on the site. Your comments may be used in print, online or on the social pages for brands owned and published by Reach plc. We may also record what types of content you have commented on, and associate this with our profile of you. Please do not provide any personal data which you do not want to be published. Comments will be subject to moderation checks before publication.

We use this information to operate your account and to enable you to log in and use our services; for example, on InYourArea we use your postcode to identify the correct local information to display to you.

You may also be invited during the account creation process to subscribe to one or more of our newsletters, or to opt in to receive certain special offers and promotions. You can read more about that by navigating to the appropriate section of this Privacy Notice via the ‘Contents’ list.

Unless you object, we will also associate your online account sign-up data with the other things we know about you, like your page views. You can learn more about that, including how to object, here.

4.2. Our legal basis

We process your email address and the other information you give to us in order to provide the relevant function or service of our sites on the legal basis of consent. We associate the data which you provide on sign-up with the profile created from your browsing activity on the basis of our legitimate interest. If you wish to object to this, where permitted by applicable law, please see section 'Targeting by Reach'.

Our legal basis for any resulting email marketing is your consent – see here for further information.

4.3. How long we keep it for

We will keep your account active for as long as you continue to use it, and for up to 3 years afterwards.

4.4. Who we share it with and why

We use a technology provider called LoginRadius [LoginRadius] to handle the technical aspects of operating your account on our behalf. They host your email address and password. They act as our “processor”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.

4.5. Whether we send it outside the country of collection

Our user account technology provider LoginRadius is based in California and India, and so your personal data will be processed from those locations as part of their provision of their service to us. We have implemented the required safeguards as necessary (for example, standard agreements approved by the relevant authorities).

*** Click here to go back to ‘Contents’ ***

5. When we communicate with you by email

When you give us your email address we will use that email address to communicate with you for the purpose you provided it; for example, if you sign up for a newsletter then we will use the email address you provide to send you that newsletter. These may include special offers and promotions.

The links in our emails are unique to your email address, and so if you click on them our servers will attribute that click to your email address and that information will be associated with your unique identifier (3.1. Targeting by Reach). If you choose to allow your email program to load the images in our emails, we will also be able to see that you opened the email. You can find out more about each of these activities below.

5.1. Sending you the newsletters you subscribe for

When you subscribe to one of our email newsletters, we will send those newsletters to the email address you provided. If you want us to stop, the easiest way is to click on the “unsubscribe” link which you will find at the bottom of every email. You can find more details below.

In some jurisdictions outside of the EU/UK, and where permitted by applicable law, we may purchase/rent lists of persons who may be interested in our products and services. We may contact such persons by email.

5.1.1. The data we collect and what we do with it

We collect your name and email address in order to send you the newsletters you subscribe to. When you sign up for newsletters from our “In Your Area” local information website, we will also collect your postcode in order to provide the correct local information.

Sometimes, our newsletters will contain advertisements.

Unless you object, we will also associate your newsletter subscription with the other things we know about you, like your page views. You can learn more about that here.

5.1.2. Our legal basis

We use your email address to send you the newsletters you subscribe for on the basis of your consent. You can withdraw that consent at any time. The easiest way to do so is to click on the “unsubscribe” link at the bottom of every newsletter we send.

We associate your email subscription with the other things we know about you on the basis of our legitimate interests. You can learn more about that here.

5.1.3. How long we keep it for

We will keep your email address on the subscription list for the relevant newsletters until you unsubscribe from them. Furthermore, we will stop sending you a newsletter if we see no activity (e.g. no links clicked on) for a period of time, and generally but not exhaustively, after 24 months.

5.1.4. Who we share it with and why

Processors provide the technology platforms which we use to administer our email lists and to manage the adverts in our emails. They act as our “processors”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.

5.1.5. Whether we send it outside the country of collection

Email administration data is hosted within the EEA. Advert management services data is processed from the UK and EEA.

5.2 Sending you special offers and promotions, with your consent

When you give us your email address, we will sometimes also ask you if you would also like to receive promotions and special offers from us. If you agree, then we will send you occasional offers and promotions to the email address that you gave us. You can unsubscribe at any time.

5.2.1. The data we collect and what we do with it

We will use the email address you give to us to send our offers and promotions to you. It will always be clear who the offer or promotion has come from, and we don’t sell or give our email lists to anyone else.

5.2.2 Our legal basis

We do this on the basis of your consent. You can withdraw that consent at any time. The easiest way to do that is to click on the “unsubscribe” link which you will find at the bottom of every email.

5.2.3. How long we keep it for

We will keep your email address on the list for promotions and special offers until you unsubscribe from them. We will also stop sending you promotions and special offers if we see no activity (e.g. no links clicked on) in 24 months.

5.2.4. Who we share it with and why

A processor provides the technology platform which we use to administer our email lists. So, they will host the data containing your email address on our behalf. They act as our “processor”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.

5.2.5. Whether we send it outside the country of collection

The data is hosted and processed within the EEA.


5.3. Tracking technologies used in our emails

If you tell your email application to load images we will know when you open one of our emails. When you click on links in our emails, we will know that it was you who clicked on it. We use this information to inform the content of future newsletters (by looking at what’s popular), and to understand whether you continue to be interested in receiving them.

Unless you have previously objected, we will also associate that information with other things we know about you. You can learn more about that here.

5.3.1. The data we collect and what we do with it

We track engagement with our emails in two ways.

Firstly, as for most email newsletters and promotions worldwide, our emails don’t attach any pictures they use to the email itself, but instead load them from a remote server on demand. By default, most email programs don’t load remote images automatically, but only when you click on the button or link in the program to “show images” (or similar wording). When you do that, the images linked in the email are downloaded from our technology provider’s server so they can be displayed in your email program.

If the images are downloaded, our technology provider can tell us that you opened the email.

Secondly, the links in our emails to articles and other external content are personalised, such that if you click through to the content using the link in our email, we will know that it was you who clicked it (or at least, someone reading the email we sent to you).

We do this to help us to understand how you engage with our emails.

5.3.2. Our legal basis

We record the opening of emails on the basis of your consent. You can withdraw your consent at any time either by configuring your email client not to load images, or by unsubscribing from the relevant email.

We use the personalised URLs for links to external content on the basis of our legitimate interest in understanding how you engage with our emails and which kinds of content are of most interest to you. You can object to this use of your personal data by completing the relevant form 14.5. Your right to object to what we do with your data, and to have restrictions placed upon it.

5.3.3. How long we keep it for

The data gathered to understand email opening and interests related to articles and links within the emails is retained for as long as you continue to engage with our emails, and for a period of up to 3 years afterwards.

5.3.4. Who we share it with and why

Third party processors provide the technology platforms which we use to administer our email lists and to manage the adverts in our emails. They act as our “processors”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.

5.3.5. Whether we send it outside the country of collection

The data is hosted in the Republic of Ireland, the UK and Denmark.

*** Click here to go back to ‘Contents’ ***

6. When you enter a competition or prize draw

From time to time we run competitions and prize draws which require you to provide your name and contact details. We use that information to administer the competition or prize draw and to communicate with you about it (for example if you win a prize).

We may also use that email address to send you occasional special offers and promotions, if you opted in to receive them. See here for more information on that and how to unsubscribe.

Unless you have objected, we will associate the fact that you entered the competition with the other things we know about you, like your page views. You can learn more about that here. We may also run some competitions or prize draws for which we utilise your declared responses to build into our profile about you. When we do so, this will be communicated in the associated text, and you will be asked to either consent to this use or will be given the option to ‘object’ via a tick box.

6.1 The data we collect and what we do with it

When you enter a competition or prize draw we will collect the information you provide to us, such as your name, email address and answers to any questions. We will use that information to run the competition or prize draw. If you happen to win a prize, we may ask you for additional information, such as an address to send the prize to. As highlighted above, we may also retain your responses as part of a profile about you.

6.2 Our legal basis

We do this on the basis that it is necessary to fulfil the contract formed with you when you enter the competition or prize draw. Use of your declared data for profiling purposes will be based either upon consent (via tick box) or our legitimate interest, for which you will be given the option to ‘object’.

6.3 How long we keep it for

We will keep your competition entry for the duration of the competition and for up to 90 days after the closing date. Data utilised for profiling will be retained for up to 3 years.

6.4. Who we share it with and why

Information about competition and prize draw entries is only shared with the service providers who provide us with the technology powering our systems and – if you win a prize – with the companies who supply and deliver the prize to you. The technology providers act as our “processors”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.

6.5. Whether we send it outside the country of collection

Our online form technology provider may process your personal data outside of the UK and EEA. We have implemented safeguards to secure and limit the processing of the data, including standard agreements approved by the relevant authorities.

*** Click here to go back to ‘Contents’ ***

7. When you complete a survey

Sometimes we run surveys to help us to understand more about our readership or about public opinion generally. We use your answers to those surveys to produce anonymous statistics which we use to inform our editorial content and, to an extent, our advertising. For example, if a majority of survey respondents express a preference for one TV show over another, then we might write an entertainment piece based on that or factor it in when deciding which adverts appear where.

We may also run some surveys for which we utilise your declared responses to build into our profile about you. When we do so, this will be communicated in the associated text, and you will be asked to either consent to this use or will be given the option to ‘object’ via a tick box.

Occasionally, those surveys might ask you about things which the law considers to be especially sensitive, such as your voting intentions or your religious beliefs. Where that’s the case, we’ll ask clearly for your permission first, and we’ll always provide a “prefer not to say” or similar option. We don’t use that kind of information for advertising purposes.

7.1. The data we collect and what we do with it

We will collect your answers to the survey questions and use them to compile anonymous statistics along the lines of “35% of people preferred X over Y”. Some surveys may also ask for your email address, for example if we are offering entry into a prize draw for completing it. Go here to learn more about how we use your data for prize draws. As highlighted above, we may also retain your responses as part of a profile about you.

When you have completed a survey, you may be invited to subscribe to a newsletter or to receive special offers and promotions from us.

Sometimes we may operate “panels” of people who we send survey questions to periodically. If you join one of those panels then there may be additional kinds of information about you which we will receive, in which case we will provide further information to you before you sign up to the panel.

7.2 Our legal basis

We collect and compile your survey answers on the basis of your consent, which we ask for in each survey. Use of your declared data for profiling purposes will be based either upon consent (via tick box) or our legitimate interest, for which you will be given the option to ‘object’.

7.3. How long we keep it for

We retain your survey responses for however long the survey runs for, and for up to 90 days afterwards. The resulting statistics may be kept longer, but those are always anonymous and don’t contain your personal data. Data utilised for profiling will be retained for up to 3 years.

7.4. Who we share it with and why

We typically publish the overall results of our surveys, and often share those results with the brands involved (if any), but those results are always anonymous and statistical in nature (“50% of respondents thought X”) and don’t contain your personal data. Actual survey responses are only shared with the service providers who provide us with the technology powering our systems. They act as our “processors”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.

7.5. Whether we send it outside the country of collection

Our online form technology providers may process your personal data outside of the UK and EEA. We have implemented safeguards to secure and limit the processing of the data, including standard agreements approved by the relevant authorities.

*** Click here to go back to ‘Contents’ ***

8. When you subscribe to our print or “Digital Edition” titles

When you subscribe to one of our print titles, we will collect your name, address other contact details, and payment information. We will use that information to administer your subscription. We do this on the basis that it is necessary in order to provide the subscription to you with the support of our provider. We will retain this information for as long as you maintain your subscription, and for a period thereafter, in case of disputes or problems.

When you subscribe to our digital edition titles your subscription is also processed via our provider and this information is retained for as long as you maintain your subscription, and for a period thereafter, in case of disputes or problems.

As part of the subscription process you may be asked if you want to receive other products or services from Reach. Where this is the case you will be asked to consent to each product or service type. Such activities are managed in accordance with the relevant sections elsewhere in this Privacy Notice.

*** Click here to go back to ‘Contents’ ***


9. When you place a classified ad

When you place a classified ad in one of our print titles, we will collect your name and contact details, your payment information, and of course the content of your ad. We will use that information to publish and administer your ad, and to communicate with you about it. The content of your ad will be published and therefore accessible to the public. We do this on the basis that it is necessary to fulfil the contract agreed with you when you place your ad.

We will retain the contact details of private individuals for up to 6 years from the point of last interaction, and trade contact details for as long as we have a business purpose. We do not store personally identifiable payment card information.

Your ad itself will be retained indefinitely, on the basis of our legitimate interest, in order to maintain our archive and back issues services.

*** Click here to go back to ‘Contents’ ***

10. When you apply for a job with us

When you apply for a job with us, we will process the information you or the recruitment agency gives to us in order to consider your application and to communicate with you (or the agency) about it.

If we offer you a position and you accept it, then we will use your information to liaise with you about start dates, contracts, arranging induction and so on, and we may ask you for additional information to that end. That information will then be handled in accordance with our internal HR policies and Employee Privacy Notice.

If we don’t offer you a position or we do but you don’t accept it, then we will keep your application on file for 12 months in case of future queries or issues.

We process your data on the basis that it is necessary in order to take steps to enter into an employment contract with you. We process information relating to unsuccessful applications or job offers that are not accepted on the basis of our legitimate interest in keeping records of job applications.

*** Click here to go back to ‘Contents’ ***

11. When you work at other organisations that we do business with

For all of our customers and other organisations we do business with, we will have the business contact details of the people we work with at those organisations, and we will use them to manage and administer our relationship with that organisation. We do this on the basis of our legitimate interest in managing and administering those relationships.

If you work at a current or prospective advertising or publishing services client or related agencies, revenue sharing partners (for the sale of your products or services) or are users of Reach software we will also contact you from time to time using your work contact details to promote our services. We will have those contact details either because we have worked with you before, you shared them with us for this purpose, because we or our agencies have looked them up from publicly available information, or because you have attended an event we have hosted. We do this on the basis of our legitimate interest in promoting our advertising and publishing services to businesses. We will always stop contacting you for this purpose if you ask us to. Typically, the best way to do that is to respond to the person contacting you, but you can also make the request by completing the relevant form Your rights and how to exercise them.

We keep the details of our contacts at organisations we do business with for as long as we continue to have a business relationship, and for a period thereafter for business development purposes and in case of issues or disputes.

*** Click here to go back to ‘Contents’ ***

12. Site visits and CCTV at our premises

When you visit a Reach site we will record your name, the date, and in some locations your company name. This information is retained for one week.

In some circumstances, non-employees may be provided with a site pass. Where this applies, the personal data obtained, including a photograph of you, will be retained for the duration of your visit or contract with Reach and for 7 years thereafter for fraud, security, and financial reporting purposes.

We use CCTV systems at our premises on the basis of our legitimate interest in protecting the safety and security of our staff and our property.

*** Click here to go back to ‘Contents’ ***

13. Further data sharing by Reach

Further to the data sharing described elsewhere in this Privacy Notice, Reach will disclose your information and co-operate with appropriate bodies and authorities in good faith where we are required to by law, a court order, a regulatory authority, or otherwise, including with the police, trading standards, regulatory authorities, other relevant authorities, or credit reference agencies.

Where permitted by applicable laws, where you interact with us, we may monitor, record, and retain all associated data, correspondence, and communications, such as written letters, telephone call recordings, emails, text messages, social media messages, in person meetings and any other communications. We will do this to, (i) comply with our legal and regulatory obligations, (ii) prevent, or detect crime, (iii) maintain appropriate evidential records, (iv) protect the security of our communications systems and (v) for training and quality purposes. Where necessary, we will also use your personal information to defend ourselves from any legal claims brought by you in connection with the provision of our products and services.

We will also use personal information to manage and administer our business generally.

We will share information with security consultants and IT security system providers, where necessary, to monitor and manage data security and the security of our sites and networks, and to develop security threat intelligence data.

We may also share information to facilitate the sale of one or more parts of our business, including if we are approached by a potential buyer or the restructuring of one or more parts of our business and with auditing organisations such as the Audit Bureau of Circulation.

*** Click here to go back to ‘Contents’ ***


14. Your rights and how to exercise them

The law gives you certain rights over your personal information.

You can exercise your rights by contacting our group Data Protection Officer’s team through the use of the relevant forms provided below. It is helpful to be as specific as possible about what you want us to do or what information you are looking for, because it enables us to respond to you more quickly.

Depending on your request, we may ask you to prove your identity to us first, in order to make sure that someone isn’t impersonating you. For example, if you contact us about your Reach account using a different email address, we may first require you to prove that you control the email address which you used to set up the account. If you want information about a subscription or some other paid service then we may ask you to provide the last four digits of the credit card used to pay for it.

Most of your rights do have exceptions to them, designed to protect the rights of others or to ensure that we can comply with the law and operate our business in a prudent manner (for example, by keeping certain records). If we decline all or part of your request on the basis of one or more of those exceptions, we will tell you that we are doing so, and we will explain our reasons. We may also reject your request entirely if it is excessive or unfounded.

14.1. Your right to access the information we hold about you

You have the right to have access to the information we hold about you. There are a few exceptions to that right, designed to protect the rights of other people.

To exercise this right please use our right of access request form.

14.2. Your right to have inaccurate information about you rectified

If we hold information about you that is factually inaccurate (for example, we have spelled your name wrong) then you have the right to have it corrected. This right does not extend to matters of opinion; for example, moderation decisions we might make about your comments on our websites.

To exercise this right please use our other rights request form.

14.3. Your right to have your information erased in some circumstances

You may have the right to have some or all of your information deleted, principally if the information you want deleted is no longer needed or if we don’t have a legal basis to continue using it (for example, if we are using it on the basis of your consent and you withdraw your consent).

To exercise this right please use our right to erasure request form.

14.4. Your right to withdraw your consent

If we’re relying on your consent to do something with your information (for example, to send you newsletters) then you have the right to withdraw that consent at any time.

For newsletters and other email communications, you can do this by clicking the “unsubscribe” link at the bottom of the message.

To withdraw your consent for how we are using your information, please use our unsubscribe request form.

For targeted advertising on our websites, you can access the screen to do this by clicking the “Privacy” tag with the ‘cog’ icon or link at the bottom of every webpage to go to the Consent Management Platform (CMP).

For targeted advertising in our apps, you will be presented with the CMP on initial download and whenever it is updated thereafter. You can also change your CMP settings by navigating to ‘My Account’ at the bottom of the app screen and clicking on ‘My Privacy’.

14.5. Your right to object to what we do with your data, and to have restrictions placed upon it

If we are doing something with your data not on the basis of your consent but on the basis of our “legitimate interest”, then you have the right to object to what we are doing, and we must stop unless we can show that there is a compelling and legitimate reason to continue or what we are doing relates to a legal claim. Activities such as fraud prevention will fall into that category.

In the case of direct marketing and profiling, your right to object is absolute. Regardless of what other mechanisms we may make available, you can always object by unsubscribing from marketing emails and by rejecting the use of cookies on our websites (see the Privacy ‘cog’ or link at the bottom of every webpage). When using our apps if you want to change the settings, go to the ‘My Account’ Link at the bottom of the screen which includes ‘My Privacy’ and takes you to the Consent Management Platform (CMP).

To exercise this request please use our other rights request form.

14.6. Your right to restrict what we do with your information in some circumstances

In certain circumstances, you have the right to restrict our use of your information to simply storing it and using it only for legal claims, protecting the rights of others and matters of important public interest. Those circumstances are: if you dispute the accuracy of information we hold about you; if we do something unlawful with your information but you don’t want us to delete it; if we don’t need the information anymore but you want us to preserve it in connection with a legal claim; or for the duration of the period in which we are considering a valid objection you have raised under your right to object discussed above.

To exercise this right please use our other rights request form.

14.7. Your right to portability

You have the right to receive the personal data concerning you which you have provided to a controller in a portable electronic format, or have it transmitted to another controller, where processing is based upon consent and undertaken by automated means.

To exercise this right please use our other rights request form.

14.8. How to Complain

If you have a complaint or disagree with a decision we have made, we ask that you discuss it with us first by contacting the group Data Protection Officer using our data protection complaints form or via the address given at the top of this Privacy Notice.

You also have the right to complain to your data protection supervisory authority.

In the UK this is the Information Commissioner’s Office:

The ICO’s contact information is:

Information Commissioner’s Office Wycliffe House Wilmslow Cheshire SK95AF

ICO website: https://ico.org.uk

Helpline Number: 0303 123 1113

In the Republic of Ireland, it is the Data Protection Commissioner:

21 Fitzwilliam Square South Dublin 2 D02 RD28 Ireland

https://www.dataprotection.ie

The phone number is 01 7650100 / 1800437 737

If you are based in another EU country, you can find the details of your local supervising authority here.

*** Click here to go back to ‘Contents’ ***

15. Residents of California

Information provided in this section of the notice applies solely to residents of California and their rights under the California Consumer Privacy Act of 2018 and related regulations (the “CCPA”). This section should be read in conjunction with the rest of this notice which provides further details on the nature of our data processing. Terminology and definitions in this section are reflective of the CCPA.

As the CCPA uses the term “personal information” and not “personal data,” in this section, for consistency with the CCPA, we are using the term “personal information,” which has the meaning set forth in the CCPA.

15.1. Notice of Collection

The table below provides a summary of the categories of your personal information Reach may have collected, the sources of that data, the reasons for collection and who we may have disclosed the data to over the last twelve months. The information gathered in this table may apply to you in different ways depending on how you have interacted with us.

Please see the keys below the table to inform the second and third column:

Category

Business Purpose for Disclosure

Categories of Recipients of Disclosures

Do we sell this data?

Identifiers

such as name, email address, billing information, username, any provided phone numbers, such as home, or mobile, online screen name, security questions and password.

P1, P2, P3, P4, P5, P6, P7

D1, D2, D3, D4, D5, D6, D7, D8

No

Commercial Data

such as records of your purchases and transaction data.

P1, P2, P3, P4, P6, P7

D1, D2, D3, D6, D7, D8

No

Customer Records

such as financial or payment information to process payments and information about your transactions and purchases with us.

P1, P7

D2, D6, D7, D8

No

Internet & electronic network activity information

including, but not limited to browsing history, search history, and information regarding interactions with an internet website, application, or advertisement, including other usage data related to your use of any of our Services or other online services. Please see our Cookie Notice for further information.

P1, P2, P3, P4, P5, P6, P7

D1, D2, D3, D4, D5, D6, D7, D8

Yes

Geolocation Data

such as general location, and, if you provide permission, precise GPS location.

P1, P2, P3, P4, P6, P7

D1, D2, D3, D4, D5, D6, D7, D8

Yes

Sensory Data

such as audio recordings if you call our customer service or volunteer this information as part of using our services and photographs in connection with your social media account.

P1, P2, P5, P7

D1, D2, D6, D7, D8

No

Inference Data

including inferences drawn from any of the information identified above to create a profile reflecting a consumer’s preferences, characteristics, behavior or attitudes.

P1, P2, P3, P4, P6, P7

D1, D2, D3, D5, D6, D7, D8

No

15.2. Notice of Collection: Key

Purposes


Disclosures

Sale of your data

15.3. Sources of Personal Information.

In general, we may collect the categories of personal information identified in the table above from the following categories of sources:

15.4. California Residents’ Rights

Under the CCPA, California residents have the following rights (subject to certain limitations):

15.5. Do Not Sell My Personal Information

California residents may opt out of the “sale” of their personal information. We sell, as defined below, information to third parties to provide you with opportunities that may be of interest to you.

Under the CCPA, a sale may include the disclosure of information such as cookies and device or browser information to third parties. This enables you to be served with more relevant and appropriate advertising content. Digital advertising helps us to fund the news articles and content published on our sites and enables us to provide some of our content for free.

Depending on what Services you use, we may provide the following categories of personal information to third parties for these purposes:

Reach does not knowingly sell the personal information of children under the age of 16 without the necessary permissions as required by the CCPA.

You have the right under CCPA to opt out of these purposes by selecting the ‘Do Not Sell My Personal Information’ link on our homepage. You may also submit a request directly using the contact information provided elsewhere in this notice within sections 1 and 14. We reserve the right to ask for evidence of your residency in California before processing your request.

Please note that a ‘Do Not Sell My Personal Information’ request does not cover information that has previously been disclosed to third parties for these purposes and does not prevent the ongoing disclosure of data to our service providers.

15.6. Personal Information Access and Deletion

California residents wishing to exercise their right to access their personal information or request that we delete it can do so using our rights requests form in section 14.

We will take steps to verify your request by (i) sending you an email confirmation to which you must respond to confirm your request; and (ii) matching the information provided by you with the information we have in our records. You must complete all required fields on our webform or otherwise provide us with such information to verify your request. We will process your request based upon the personal information in our records that is linked or reasonably linkable to the information provided in your request. In some cases, we may request additional information in order to verify your request or where necessary to process your request. If we are unable to adequately verify a request, we will notify the requestor.

15.7. Authorized Agents

Authorized agents may initiate a request on behalf of another individual by providing evidence of authority from the individual; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

15.8. Shine The Light

California residents may request and obtain a list of any third parties that we have disclosed personal information to over the previous calendar year for the purposes of sending you direct marketing about the third party’s own products and services. If you would like to request this information please contact us using our rights requests form in section 14.

15.9. Financial Incentives

At this time, Reach does not offer any financial incentives for the provision of personal information.

*** Click here to go back to ‘Contents’ ***

16. Nevada Residents

Reach does not currently sell your personal data, as defined by Nevada Law, for monetary compensation to third parties for their own purposes. Nevada residents, however, may request that we include their name on a do-not-sell list in the event Reach were to do so in the future. Please email us at dataprotection@reachplc.com if you want to place your name on the do not sell list.

*** Click here to go back to ‘Contents’ ***

17. Privacy Notice last updated: 31/10/2022

We may update this Privacy Notice from time-to-time by posting a new version on our websites. You should check this page occasionally to ensure you are happy with any changes. Where changes are material, we may also notify you of them by email.

*** Click here to go back to ‘Contents’ ***