We have organised this Privacy Notice based on the different ways you might interact with us and what you might want to know.
Please use the contents list below to navigate to the section of the Privacy Notice which you are interested in. At the end of each section if you want to return to the contents list please click the link: ‘Click here to go back to ‘Contents’’.
We are the Reach group, which is made up of Reach plc and its subsidiaries. Reach plc is the largest national and regional news publisher in the UK with a leading portfolio in Ireland. We create engaging, relevant content which is distributed through newspapers, magazines, and digital platforms – playing a central role in our audiences’ daily lives. We are the name behind some of the UK’s most influential, iconic, and trusted news brands, such as the Daily Mirror, Daily Express, Daily Star, Daily Record and Sunday People as well as leading celebrity and entertainment magazine OK! We also publish leading regional titles including the Manchester Evening News, Liverpool Echo, Birmingham Mail, Western Mail and Bristol Post. You can see the list of websites and brands we publish here.
Our address is:
One Canada Square, Canary Wharf, London, E14 5AP.
Depending on who you are and how you interact with us, the legal “controller” of your personal data will be one or more of our group companies, like MGN Limited, Local World Limited or Express Newspapers (all at the address above). Your point of contact for anything to do with how the Reach group uses your personal data is the office of our group Data Protection Officer, who you can contact at email@example.com or by writing to ‘The Data Protection Team’ at the address above.
This Privacy Notice tells you about the kinds of information we hold about you, what we do with it, and why.
As a broad summary, in our business we use information about people:
To carry out our work as journalists, by investigating and reporting on stories of relevance to our readers.
To deliver our features and editorial content.
To provide services such as subscriptions or newsletters that people sign up to, and to operate interactive features like competitions and surveys.
To help us to understand our readers and target our marketing and advertising that enables us to continue to finance and bring you our feature and editorial content.
To carry out back-office administration and generally run and operate our business, for instance by administering our relationships with suppliers and partner organisations, or handling job applications.
Some specific activities and websites might have their own additional and complementary privacy notices which sit alongside this one. Generally, that will be the case for very specific services such as our commercial job boards or other specialist websites, or where we have a very specific kind of relationship with you (for instance if you are an investor or a member of our group pension scheme). We try to make it obvious where that is the case.
Data Protection and Journalism
In the UK the Data Protection Act 2018 provides an exemption from data protection laws to prevent unjustified interference with the work of journalists. We are members of the Independent Press Standards Organisation (IPSO) and therefore subject to the Editors’ Code. If you object to a story we have published that concerns you personally then you can find our complaints policy here [UK Complaints], which explains how to raise a complaint and how we will handle it.
In Ireland we subscribe to the Code of Practice of the Press Council of Ireland and the Press Ombudsman, which set the benchmark for high professional standards. If you believe that we have got something wrong, or that we have breached the Code of Practice, please let us know at the contact details of the publication concerned.
The Code of Practice and details of how to lodge a complaint with the Press Ombudsman are available from:
Post: 1, 2 & 3 Westmoreland Street, Dublin 2.
Telephone: 1890 208 080
Fax: 01 6740046
When you browse our websites or use our apps, we and our advertising partners will receive some information about the device you are using and about what you look at and interact with. We do this for the purpose of choosing which adverts to show you, as well as to make our sites and apps work properly. It also allows us to diagnose problems with them and understand how they are used so we can make them better. Sometimes, we also apply a degree of personalisation in choosing which content to show you (for example, by recommending articles similar to those you’ve viewed previously).
You can learn more about what we do with this information and why below.
We combine the information you give to us (for example, sign up information for newsletters and competitions) with the information we receive when you use our websites and apps, and analyse it in order to help us to understand your preferences and interests. We then associate this with a unique identification number. This is then used to tailor the content and advertising that you see on our websites and in our apps, so it is more likely to be of interest to you. We don’t share this personalised analysis with anyone outside Reach. In particular, it is not shared with advertisers or with the third-party advertising networks that we work with other than in highly aggregated form so that your personal data cannot be identified.
3.1.1. The data we collect and what we do with it
The data we use for this purpose is as follows:
The page you view, and associated information such as how long you spend on them.
Your approximate location, to city or town level.
Your email address, name and sometimes username and postcode, which we will receive when you sign up for an account on one or more of our websites or apps, when you subscribe to our newsletters, when you enter one of our competitions or when you complete one of our surveys.
The newsletters you have subscribed to, the promotions and competitions you have entered and the surveys you have completed.
We will analyse this information to infer interests, preferences, and demographic characteristics, and associate it with an internal identification number. For example, if our website analytics tell us that you are located in the approximate area of Newcastle-upon-Tyne and you read our online title ChronicleLive (which is focused on local news for that area), and you sign up to receive an email newsletter about football from our national title The Mirror, then we could infer from that you are interested in things related to a local football club or to football generally.
We then divide up our identification numbers into groups based on the inferences we draw about them. Those groups are called “audience segments” or “audiences”. So, for example, an identifier associated with Newcastle, ChronicleLive and the football newsletter could be allocated to audiences likely to be interested in football, and events near Newcastle-upon-Tyne.
We then use those “audiences” to do two things: first, to help us to recommend content which is more likely to be interesting (for instance, more articles about football), and second to help us to target advertisements when advertisers buy advertising space from us directly.
The advertiser would never see the actual data that we use – it remains with Reach at all times. All we would share with them would be the criteria we used to target their advert, how many times their advert was shown and how many people clicked on it (but not who), so that they know how well the advert did and we know how much to charge them.
3.1.2. Our legal basis
We capture your activity on our websites and in our apps on the basis of your consent, which we ask for through our “cookie banner” and related Consent Management Platform (CMP) – Please see our Cookie Notice for further information or the ‘cog’ icon at the bottom left of every webpage to manage your consents. When using our apps if you want to change the settings, go to the ‘My Account’ Link at the bottom of the screen which includes ‘My Privacy’ and takes you to the CMP.
We combine that information with the other things we know about you (like your newsletter subscriptions) on the basis of our legitimate interest in understanding our readership, both to serve you better and to make us more attractive to advertisers. This helps us to secure a future for news reporting and journalism in the age of social media, especially local news reporting and journalism.
You do, of course, have an absolute right to object to this. You can always register your objection by contacting firstname.lastname@example.org.
3.1.3. How long we keep it for
We keep the information about your activity on our websites and in our apps for up to up to three years since last browsing activity, with some anonymised browsing activity retained thereafter.
3.1.4. Who we share it with and why
The data which we use to create the unique identifier and our “audiences” is only shared with the partners who provide us with the technology powering it, most notably Upland Software and Lotame, who host core data management platforms for us. They act as our “processors”. This means that they are bound by law and contract to do only what we tell them to do with the data, to keep it safe, and not to share it with anyone else or use it for anything other than providing their service to us.
3.1.5. Whether we send it abroad
Upland Software and Lotame are global businesses and so the data they host for us may be held abroad. We have implemented the required safeguards as necessary (for example, standard agreements approved by the relevant authorities).
3.2. Targeting by third party advertising networks
Digital advertising helps us to fund the news articles and content published on our sites and enables us to provide some of our content for free. We and our third-party ad partners may display digital advertising on our sites that is tailored to your interests and preferences so the online adverts you see are more relevant to you. We work with third party ad networks to fill unsold advertising space on our sites and in our apps by auctioning it automatically through a process called “real time bidding”. These ad networks bid to show their ad to you when you visit our sites or use our apps. We do not share identifiable information about you with our third-party ad partners.
3.2.1. The data collected and how it is used
We then send out a “bid request” to the advertising networks we work with. What that bid request says is, essentially, ”ID number ABC123 has landed on our website, do you want to show this user an advert?” The winner then gets to display their ad.
The auction process happens automatically, in the second or so between you requesting the page and it loading and displaying. The data used by the ad networks to select the ad to show is held by them, not us, and we never see it.
An important point to understand is that most of these ad networks will not know who you are in a “real world” sense. They will not know your name, or your email address, or your phone number (we may know those things because you’ve given them to us in other contexts, but we never share that information with them).
We say “most” because there are two significant exceptions, which are Facebook and Google. They make their money by providing targeted advertising services based on the things they know about their users, and so if you are signed into your account with them on your device, they will be able to recognise you and associate your browsing history across sites that use their services.
Additionally, when you browse our websites or use our mobile applications and when you provide your email address on these (either to log in, or sign up to a newsletter, or similar) we may share it, in hashed, pseudonymised form, with our partner LiveRamp Inc and its group companies, acting as joint controllers. LiveRamp uses this information to create a secure online identification code for the purpose of recognising you for cross-channel advertising. This code is placed in our cookie, does not contain any of your identifiable personal data, and will not be used by LiveRamp to identify you. It may be shared with our advertising partners and other third-party advertisers globally for the purpose of enabling interest-based content or targeted advertising through Reach sites. These third parties may in turn use this code to link demographic or interest-based information you have provided in your interactions with them to the pseudonymised code. Detailed information on LiveRamp’s data processing activities is available in LiveRamp’s privacy notice and opt-out. You have the right to withdraw your consent or opt-out to the processing of your personal data at any time via our Cookie Management Platform accessed via the ‘cog’ icon at the bottom left of every webpage.
3.2.2. Our legal basis
The advertising networks undertake this activity on the basis of your consent, which we ask for on their behalf through the ‘cookie banner’ which appears when you first visit our site. The ‘cookie banner’ message box will reappear from time to time in case you change your mind, or when something changes (typically every 30 days). Please see our Cookie Notice for further information or the ‘cog’ icon at the bottom left of every webpage to manage your consents. When using our apps if you want to change the settings, go to the ‘My Account’ Link at the bottom of the screen which includes ‘My Privacy’ and takes you to the CMP.
Most of our third-party advertising partners operate within an industry framework and code of practice issued by the Internet Advertising Bureau (IAB) called the “Transparency and Consent Framework”, which sets out the technical means for your choices to be passed through the ad networks. It also requires that members adhere to IAB policies and standards of behaviour.
Advertising partners who do not work within the IAB framework are listed separately in the platform which can be viewed in our Consent Management Platform (CMP) – please see our Cookie Notice for further information or click on the ‘cog’ icon at the bottom left of every webpage. In the Consent Management Platform popup go to the ‘Partners’ page and scroll down - IAB partners are listed first, then you'll see Non-IAB vendors and finally Google partners.
3.2.3. How long we keep it for
We do not ourselves hold a copy of the data gathered by the advertising networks. They will each have their own retention policies which you can find in their privacy notices linked through our ‘cookie banner’ – these are often short (between 30 and 60 days), because shopping interests change over time.
3.2.4. Who we share it with and why
When we participate in auctions for unsold advertising space, we send bid requests to third party advertising networks. You can find the list of third-party advertising networks who we work with by clicking on the ‘cog’ icon at the bottom left of every webpage and reviewing our Consent Management Platform.
3.2.5. Whether we send it abroad
The digital advertising networks are global in nature and so, while we are predominantly a UK business, this data will travel across international borders, and in particular many automated advertising transactions will be processed in the USA. Where we are the ones making the transfer (typically, we are not), we have implemented the required safeguards as necessary (for example, standard agreements approved by the relevant authorities).
3.3. Making our sites and apps work properly, diagnosing problems with them, and understanding how they are used so we can make them better
We use the information logged by our servers and certain third-party analytics tools (such as Google Analytics, Mpulse and Hotjar) to help us to spot problems with our digital services, such as page errors or slow loading times, as well as understanding usage patterns and watching for security problems. You can find more information below.
3.3.1. The data we collect and what we do with it
We gather data for this purpose in two ways.
Firstly, our servers record certain information provided by your devices when they request content, consisting mostly of technical information about your device such as language, screen size and the features and functions it supports, but also including the internet or “IP” address from which it is connecting, and the page or data requested. The data is used for system performance, content delivery and security purposes. It is saved together with the dates and times the requests occurred into files stored on our servers called “logs” or “log files”.
3.3.2. Our legal basis
We process the personal data captured in our server log files on the basis of our legitimate interest in monitoring our systems, understanding how they are used, fixing problems with them, and for security monitoring and management purposes.
We process the personal data captured by our analytics providers on the basis of your consent, which we ask for through a “cookie banner” which appears when you first visit our site. That message box will reappear from time to time in case you change your mind (typically every thirty days), and on your first visit after we make a significant change.
3.3.3. How long we keep it for
We keep the information in our server log files for up to 90 days, depending upon the log type and purpose.
Our analytics providers will keep the information they gather from our sites and apps in line with their own privacy notices, which you can access through our ‘cookie banner’ and Consent Management Platform (see the ‘cog icon’ at the bottom left of every webpage) .
3.3.4. Who we share it with and why
We use AWS and CloudFront to help us to analyse our server log files. They act at our direction, as our “processor”.
The information gathered using Google Analytics is held by Google and is made accessible to us by Google through various dashboards and reporting tools.
The following providers are key to providing additional website analytics or diagnostic capability:
Akamai Mpulse (https://www.akamai.com/legal/privacy-and-policies)
3.3.5.Whether we send it abroad
The technology providers we use are global businesses. The data is located in Ireland with some being routed through AWS outside of the UK and EEA. We have implemented the required safeguards as necessary (for example, standard agreements approved by the relevant authorities).
Some elements of our websites and apps require you to create an account in order to use them; for example, the ability to leave comments under articles or to use some of the functions of “InYourArea”. We use your email address and the other information that you give to us as part of the account creation process to operate your account and provide those functions. When you are signed in with your Reach account, we will also have the ability to associate your account details with the information we gather through our analytics tools about how you use our sites.
4.1. The data we collect and what we do with it
When you create an account we may collect your name and email address.
For services that provide local information (like InYourArea) we will also collect your postcode and any associated areas of local interest that you want to be updated about.
Some services may let you upload your own content to our sites, such as comments or pictures. Those things will, by the nature of the service, be generally visible on the site. Your comments may be used in print, online or on the social pages for brands owned and published by Reach plc. We may also record what types of content you have commented on, and associate this with our profile of you. Please do not provide any personal data which you do not want to be published. Comments will be subject to moderation checks before publication.
We use this information to operate your account and to enable you to log in and use our services; for example, on InYourArea we use your postcode to identify the correct local information to display to you.
You may also be invited during the account creation process to subscribe to one or more of our newsletters, or to opt in to receive certain special offers and promotions. You can read more about that by navigating to the appropriate section of this Privacy Notice via the ‘Contents’ list.
Unless you object, we will also associate your online account sign-up data with the other things we know about you, like your page views. You can learn more about that, including how to object, here.
4.2. Our legal basis
We process your email address and the other information you give to us in order to provide the relevant function or service of our sites on the legal basis of consent. We associate the data which you provide on sign-up with the profile created from your browsing activity on the basis of our legitimate interest. If you wish to object to this please see section 'Targeting by Reach'.
Our legal basis for any resulting email marketing is your consent – see here for further information.
4.3. How long we keep it for
We will keep your account active for as long as you continue to use it, and for up to 3 years afterwards.
4.4. Who we share it with and why
We use a third-party technology provider called LoginRadius [LoginRadius] to handle the technical aspects of operating your account on our behalf. They host your email address and password. They act as our “processor”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.
4.5. Whether we send it abroad
Our user account technology provider LoginRadius is based in California and India, and so your personal data will be processed from those locations as part of their provision of their service to us. We have implemented the required safeguards as necessary (for example, standard agreements approved by the relevant authorities).
When you give us your email address we will use that email address to communicate with you for the purpose you provided it; for example, if you sign up for a newsletter then we will use the email address you provide to send you that newsletter. These may include special offers and promotions.
The links in our emails are unique to your email address, and so if you click on them our servers will attribute that click to your email address and that information will be associated with your unique identifier (3.1. Targeting by Reach). If you choose to allow your email program to load the images in our emails, we will also be able to see that you opened the email. You can find out more about each of these activities below.
When you subscribe to one of our email newsletters, we will send those newsletters to the email address you provided. If you want us to stop, the easiest way is to click on the “unsubscribe” link which you will find at the bottom of every email. You can find more details below.
5.1.1. The data we collect and what we do with it
We collect your name and email address in order to send you the newsletters you subscribe to. When you sign up for newsletters from our “In Your Area” local information website, we will also collect your postcode in order to provide the correct local information.
Sometimes, our newsletters will contain advertisements.
Unless you object, we will also associate your newsletter subscription with the other things we know about you, like your page views. You can learn more about that here.
5.1.2. Our legal basis
We use your email address to send you the newsletters you subscribe for on the basis of your consent. You can withdraw that consent at any time. The easiest way to do so is to click on the “unsubscribe” link at the bottom of every newsletter we send.
We associate your email subscription with the other things we know about you on the basis of our legitimate interests. You can learn more about that here.
5.1.3. How long we keep it for
We will keep your email address on the subscription list for the relevant newsletters until you unsubscribe from them. Furthermore, we will stop sending you a newsletter if we see no activity (e.g. no links clicked on) for a period of time, and generally but not exhaustively, after 24 months.
5.1.4. Who we share it with and why
Third party processors provide the technology platforms which we use to administer our email lists and to manage the adverts in our emails. They act as our “processors”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.
5.1.5. Whether we send it abroad
Email administration data is hosted within the EEA. Advert management services data is processed from the UK and EEA.
5.2 Sending you special offers and promotions, with your consent
When you give us your email address, we will sometimes also ask you if you would also like to receive promotions and special offers from us. If you agree, then we will send you occasional offers and promotions to the email address that you gave us. You can unsubscribe at any time.
5.2.1. The data we collect and what we do with it
We will use the email address you give to us to send our offers and promotions to you. It will always be clear who the offer or promotion has come from, and we don’t sell or give our email lists to anyone else.
5.2.2 Our legal basis
We do this on the basis of your consent. You can withdraw that consent at any time. The easiest way to do that is to click on the “unsubscribe” link which you will find at the bottom of every email.
5.2.3. How long we keep it for
We will keep your email address on the list for promotions and special offers until you unsubscribe from them. We will also stop sending you promotions and special offers if we see no activity (e.g. no links clicked on) in 24 months.
5.2.4. Who we share it with and why
A 3rd party processor provides the technology platform which we use to administer our email lists. So, they will host the data containing your email address on our behalf. They act as our “processor”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.
5.2.5. Whether we send it abroad
The data is hosted and processed within the EEA.
5.3. Tracking technologies used in our emails
If you tell your email application to load images we will know when you open one of our emails. When you click on links in our emails, we will know that it was you who clicked on it. We use this information to inform the content of future newsletters (by looking at what’s popular), and to understand whether you continue to be interested in receiving them.
Unless you have previously objected, we will also associate that information with other things we know about you. You can learn more about that here.
5.3.1. The data we collect and what we do with it
We track engagement with our emails in two ways.
Firstly, as for most email newsletters and promotions worldwide, our emails don’t attach any pictures they use to the email itself, but instead load them from a remote server on demand. By default, most email programs don’t load remote images automatically, but only when you click on the button or link in the program to “show images” (or similar wording). When you do that, the images linked in the email are downloaded from our technology provider’s server so they can be displayed in your email program.
If the images are downloaded, our technology provider can tell us that you opened the email.
Secondly, the links in our emails to articles and other external content are personalised, such that if you click through to the content using the link in our email, we will know that it was you who clicked it (or at least, someone reading the email we sent to you).
We do this to help us to understand how you engage with our emails.
5.3.2. Our legal basis
We record the opening of emails on the basis of your consent. You can withdraw your consent at any time either by configuring your email client not to load images, or by unsubscribing from the relevant email.
We use the personalised URLs for links to external content on the basis of our legitimate interest in understanding how you engage with our emails and which kinds of content are of most interest to you. You can object to this use of your personal data by contacting email@example.com .
5.3.3. How long we keep it for
The data gathered to understand email opening and interests related to articles and links within the emails is retained for as long as you continue to engage with our emails, and for a period of up to 3 years afterwards.
5.3.4. Who we share it with and why
Third party processors provide the technology platforms which we use to administer our email lists and to manage the adverts in our emails. They act as our “processors”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.
5.3.5. Whether we send it abroad
The data is hosted in the Republic of Ireland, the UK and Denmark.
From time to time we run competitions and prize draws which require you to provide your name and contact details. We use that information to administer the competition or prize draw and to communicate with you about it (for example if you win a prize).
We may also use that email address to send you occasional special offers and promotions, if you opted in to receive them. See here for more information on that and how to unsubscribe.
Unless you have objected, we will also associate the fact that you entered the competition with the other things we know about you, like your page views. You can learn more about that here.
6.1 The data we collect and what we do with it
When you enter a competition or prize draw we will collect the information you provide to us, such as your name, email address and answers to any questions. We will use that information to run the competition or prize draw. If you happen to win a prize, we may ask you for additional information, such as an address to send the prize to.
6.2 Our legal basis
We do this on the basis that it is necessary to fulfil the contract formed with you when you enter the competition or prize draw.
6.3 How long we keep it for
We will keep your competition entry for the duration of the competition and for up to 90 days after the closing date.
6.4. Who we share it with and why
Information about competition and prize draw entries is only shared with the service providers who provide us with the technology powering our systems and – if you win a prize – with the companies who supply and deliver the prize to you. The technology providers act as our “processors”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.
6.5. Whether we send it abroad
Our online form technology provider may process your personal data outside of the UK and EEA. We have implemented safeguards to secure and limit the processing of the data, including standard agreements approved by the relevant authorities.
Sometimes we run surveys to help us to understand more about our readership or about public opinion generally. We use your answers to those surveys to produce anonymous statistics which we use to inform our editorial content and, to an extent, our advertising. For example, if a majority of survey respondents express a preference for one TV show over another, then we might write an entertainment piece based on that or factor it in when deciding which adverts appear where.
Occasionally, those surveys might ask you about things which the law considers to be especially sensitive, such as your voting intentions or your religious beliefs. Where that’s the case, we’ll ask clearly for your permission first, and we’ll always provide a “prefer not to say” or similar option. We don’t use that kind of information for advertising purposes.
7.1. The data we collect and what we do with it
We will collect your answers to the survey questions and use them to compile anonymous statistics along the lines of “35% of people preferred X over Y”. Some surveys may also ask for your email address, for example if we are offering entry into a prize draw for completing it. Go here to learn more about how we use your data for prize draws.
When you have completed a survey, you may be invited to subscribe to a newsletter or to receive special offers and promotions from us.
Sometimes we may operate “panels” of people who we send survey questions to periodically. If you join one of those panels then there may be additional kinds of information about you which we will receive, in which case we will provide further information to you before you sign up to the panel.
7.2 Our legal basis
We collect and compile your survey answers on the basis of your consent, which we ask for in each survey.
7.3. How long we keep it for
We retain your survey responses for however long the survey runs for, and for up to 90 days afterwards. The resulting statistics may be kept longer, but those are always anonymous and don’t contain your personal data.
7.4. Who we share it with and why
We typically publish the overall results of our surveys, and often share those results with the brands involved (if any), but those results are always anonymous and statistical in nature (“50% of respondents thought X”) and don’t contain your personal data. Actual survey responses are only shared with the service providers who provide us with the technology powering our systems. They act as our “processors”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.
7.5. Whether we send it abroad
Our online form technology providers may process your personal data outside of the UK and EEA. We have implemented safeguards to secure and limit the processing of the data, including standard agreements approved by the relevant authorities.
When you subscribe to one of our print titles, we will collect your name, address other contact details, and payment information. We will use that information to administer your subscription. We do this on the basis that it is necessary in order to provide the subscription to you with the support of our provider. We will retain this information for as long as you maintain your subscription, and for a period thereafter, in case of disputes or problems.
When you subscribe to our digital edition titles your subscription is also processed via our provider and this information is retained for as long as you maintain your subscription, and for a period thereafter, in case of disputes or problems.
As part of the subscription process you may be asked if you want to receive other products or services from Reach. Where this is the case you will be asked to consent to each product or service type. Such activities are managed in accordance with the relevant sections elsewhere in this Privacy Notice.
When you place a classified ad in one of our print titles, we will collect your name and contact details, your payment information, and of course the content of your ad. We will use that information to publish and administer your ad, and to communicate with you about it. The content of your ad will be published and therefore accessible to the public. We do this on the basis that it is necessary to fulfil the contract agreed with you when you place your ad.
We will retain the contact details of private individuals for up to 6 years from the point of last interaction, and trade contact details for as long as we have a business purpose. We do not store personally identifiable payment card information.
Your ad itself will be retained indefinitely, on the basis of our legitimate interest, in order to maintain our archive and back issues services.
When you apply for a job with us, we will process the information you or the recruitment agency gives to us in order to consider your application and to communicate with you (or the agency) about it.
If we offer you a position and you accept it, then we will use your information to liaise with you about start dates, contracts, arranging induction and so on, and we may ask you for additional information to that end. That information will then be handled in accordance with our internal HR policies and Employee Privacy Notice.
If we don’t offer you a position or we do but you don’t accept it, then we will keep your application on file for 12 months in case of future queries or issues.
We process your data on the basis that it is necessary in order to take steps to enter into an employment contract with you. We process information relating to unsuccessful applications or job offers that are not accepted on the basis of our legitimate interest in keeping records of job applications.
For all of our customers and other organisations we do business with, we will have the business contact details of the people we work with at those organisations, and we will use them to manage and administer our relationship with that organisation. We do this on the basis of our legitimate interest in managing and administering those relationships.
If you work at a current or prospective advertising or publishing services client or related agencies, revenue sharing partners (for the sale of your products or services) or are users of Reach software we will also contact you from time to time using your work contact details to promote our services. We will have those contact details either because we have worked with you before, you shared them with us for this purpose, because we or our agencies have looked them up from publicly available information, or because you have attended an event we have hosted. We do this on the basis of our legitimate interest in promoting our advertising and publishing services to businesses. We will always stop contacting you for this purpose if you ask us to. Typically, the best way to do that is to respond to the person contacting you, but you can also make the request to firstname.lastname@example.org.
We keep the details of our contacts at organisations we do business with for as long as we continue to have a business relationship, and for a period thereafter for business development purposes and in case of issues or disputes.
When you visit a Reach site we will record your name, the date, and in some locations your company name. This information is retained for one week.
In some circumstances, non-employees may be provided with a site pass. Where this applies, the personal data obtained, including a photograph of you, will be retained for the duration of your visit or contract with Reach and for 7 years thereafter for fraud, security, and financial reporting purposes.
We use CCTV systems at our premises on the basis of our legitimate interest in protecting the safety and security of our staff and our property.
Further to the data sharing described elsewhere in this Privacy Notice, Reach will disclose your information and co-operate with appropriate bodies and authorities in good faith where we are required to by law, a court order, a regulatory authority, or otherwise, including with the police, trading standards, regulatory authorities, other relevant authorities, or credit reference agencies.
Where permitted by applicable laws, where you interact with us, we may monitor, record, and retain all associated data, correspondence, and communications, such as written letters, telephone call recordings, emails, text messages, social media messages, in person meetings and any other communications. We will do this to, (i) comply with our legal and regulatory obligations (ii), prevent, or detect crime (iii), maintain appropriate evidential records (iv), protect the security of our communications systems and (v) for training and quality purposes. Where necessary, we will also use your personal information to defend ourselves from any legal claims brought by you in connection with the provision of our products and services.
We will also use personal information to manage and administer our business generally.
We will share information with security consultants and IT security system providers, where necessary, to monitor and manage data security and the security of our sites and networks, and to develop security threat intelligence data.
We may also share information to facilitate the sale of one or more parts of our business, including if we are approached by a potential buyer or the restructuring of one or more parts of our business and with auditing organisations such as the Audit Bureau of Circulation.
The law gives you certain rights over your personal information.
You can exercise your rights by contacting our group Data Protection Officer’s team on email@example.com. It is helpful to be as specific as possible about what you want us to do or what information you are looking for, because it enables us to respond to you more quickly.
Depending on your request, we may ask you to prove your identity to us first, in order to make sure that someone isn’t impersonating you. For example, if you contact us about your Reach account using a different email address, we may first require you to prove that you control the email address which you used to set up the account. If you want information about a subscription or some other paid service then we may ask you to provide the last four digits of the credit card used to pay for it.
Most of your rights do have exceptions to them, designed to protect the rights of others or to ensure that we can comply with the law and operate our business in a prudent manner (for example, by keeping certain records). If we decline all or part of your request on the basis of one or more of those exceptions, we will tell you that we are doing so, and we will explain our reasons. We may also reject your request entirely if it is excessive or unfounded.
14.1. Your right to access the information we hold about you
You have the right to have access to the information we hold about you. There are a few exceptions to that right, designed to protect the rights of other people.
14.2. Your right to have inaccurate information about you rectified
If we hold information about you that is factually inaccurate (for example, we have spelled your name wrong) then you have the right to have it corrected. This right does not extend to matters of opinion; for example, moderation decisions we might make about your comments on our websites.
14.3. Your right to have your information erased in some circumstances
You may have the right to have some or all of your information deleted, principally if the information you want deleted is no longer needed or if we don’t have a legal basis to continue using it (for example, if we are using it on the basis of your consent and you withdraw your consent).
14.4. Your right to withdraw your consent
If we’re relying on your consent to do something with your information (for example, to send you newsletters) then you have the right to withdraw that consent at any time.
For newsletters and other email communications, you can do this by clicking the “unsubscribe” link at the bottom of the message.
For targeted advertising on our websites, you can access the screen to do this by clicking the “Privacy” tag with the ‘cog’ icon in the bottom-left of the screen to go to the Consent Management Platform (CMP).
For targeted advertising in our apps, you will be presented with the CMP on initial download and whenever it is updated thereafter. You can also change your CMP settings by navigating to ‘My Account’ at the bottom of the app screen and clicking on ‘My Privacy’.
14.5. Your right to object to what we do with your data, and to have restrictions placed upon it
If we are doing something with your data not on the basis of your consent but on the basis of our “legitimate interest”, then you have the right to object to what we are doing, and we must stop unless we can show that there is a compelling and legitimate reason to continue or what we are doing relates to a legal claim. Activities such as fraud prevention will fall into that category.
14.6. Your right to restrict what we do with your information in some circumstances
In certain circumstances, you have the right to restrict our use of your information to simply storing it and using it only for legal claims, protecting the rights of others and matters of important public interest. Those circumstances are: if you dispute the accuracy of information we hold about you; if we do something unlawful with your information but you don’t want us to delete it; if we don’t need the information anymore but you want us to preserve it in connection with a legal claim; or for the duration of the period in which we are considering a valid objection you have raised under your right to object discussed above.
14.7. Your right to portability
You have the right to receive the personal data concerning you which you have provided to a controller in a portable electronic format, or have it transmitted to another controller, where processing is based upon consent and undertaken by automated means.
14.8. How to Complain
If you have a complaint or disagree with a decision we have made, we ask that you discuss it with us first by contacting the group Data Protection Officer at firstname.lastname@example.org or via the address given at the top of this Privacy Notice.
You also have the right to complain to your data protection supervisory authority.
In the UK this is the Information Commissioner’s Office:
The ICO’s contact information is:
Information Commissioner’s Office Wycliffe House Wilmslow Cheshire SK95AF
ICO website: https://ico.org.uk
Helpline Number: 0303 123 1113
In the Republic of Ireland, it is the Data Protection Commissioner:
21 Fitzwilliam Square South Dublin 2 D02 RD28 Ireland
The phone number is 01 7650100 / 1800437 737
If you are based in another EU country, you can find the details of your local supervising authority here.