Reach Group - Privacy Notice - US
We have organised this Privacy Notice based on the different ways you might interact with us and what you might want to know.
Please use the contents list below to navigate to the section of the Privacy Notice which you are interested in. At the end of each section if you want to return to the contents list please click the link: ‘Click here to go back to Contents’.
CONTENTS
1. Who we are and how to contact us
We are the Reach group, which is made up of Reach plc and its subsidiaries. Reach plc is the largest national and regional news publisher in the UK with a portfolio in Ireland and the United States. We aim to create engaging, relevant content which is distributed through various channels and media including newspapers, magazines, and digital platforms – playing a central role in our audiences’ daily lives. You can see the list of websites and brands we publish here.
Our Reach plc address is:
One Canada Square, Canary Wharf, London, E14 5AP.
With our US establishment headquartered in:
19th Floor, 200 Liberty Street, New York, NY 10281
Depending on who you are and how you interact with us, the legal “controller” of your personal data will be one or more of our group companies. Your point of contact for anything to do with how a member the Reach group uses your personal data is the office of our group Data Protection Officer, who you can contact by submitting the relevant form accessible within the 'Your rights under GDPR and how to exercise them' section or by writing to ‘The Data Protection Team’ at the address above.
*** Click here to go back to ‘Contents’ ***
2. About this Privacy Notice
This Privacy Notice tells you about the kinds of information we hold about you, what we do with it, and why.
As a broad summary, in our business we use information about people:
To carry out our work as journalists, by investigating and reporting on stories of relevance to our readers.
To deliver our features and editorial content.
To provide services such as subscriptions or newsletters that people sign up to, and to operate interactive features like competitions and surveys.
To help us to understand our readers and target our marketing and advertising that enables us to continue to finance and bring you our feature and editorial content.
To carry out back-office administration and generally run and operate our business, for instance by administering our relationships with suppliers and partner organisations, or handling job applications.
Some specific activities and websites might have their own additional and complementary privacy notices which sit alongside this one. Generally, that will be the case for very specific services such as our commercial job boards or other specialist websites, or where we have a very specific kind of relationship with you (for instance if you are an investor or a member of our group pension scheme). We try to make it obvious where that is the case.
*** Click here to go back to ‘Contents’ ***
3. When you browse our websites and use our apps
Personalised Content and Personalised Advertising:
When you browse our websites or use our apps, we and our advertising partners may receive information about the device you are using and about what you look at and interact with. We do this for the purpose of choosing which adverts to show you, as well as to make our sites and apps work properly. It also allows us to diagnose problems with them and understand how they are used so we can make them better. Sometimes, we also apply a degree of personalisation in choosing which content to show you (for example, by recommending articles similar to those you’ve viewed previously).
We do not use session replay technologies on our sites.
You can learn more about what we do with this information and why below.
3.1. Targeting by Reach
Where you have provided us with your personal information we combine the information you give to us (for example, sign up information for newsletters and competitions) with the information we receive when you use our websites and apps, and analyse it in order to help us to understand your preferences and interests. We then associate this with a unique identification number. This unique identification number is then used to help us tailor the content and advertising that you see on our websites and in our apps, so it is more likely to be of interest to you. We don’t share this personalised analysis with anyone outside of the Reach group. In particular, it is not shared with advertisers or with the third-party advertising networks that we work with other than in highly aggregated form so that your personal data cannot be identified.
3.1.1. The data we collect and what we do with it
The data we use for this purpose is as follows:
The page you view, and associated information such as the content you read and how long you spend on them.
Your approximate location, to city or town level by way of IP address.
Your email address, name and sometimes username and postcode, which we will receive when you sign up for an account on one or more of our websites or apps, when you subscribe to our newsletters, when you enter one of our competitions or when you complete one of our surveys.
The newsletters you have subscribed to, the promotions and competitions you have entered and the surveys you have completed.
We will analyse this information to infer interests, preferences, and demographic characteristics, and associate it with an internal identification number which is unique to you.
We then use those “audiences” to do two things: first, to help us to recommend content which is more likely to be interesting (for instance, more articles about football), and second to help us to target advertisements when advertisers buy advertising space from us directly.
The advertiser would never see the actual data that we use – it remains with Reach at all times. All we would share with them would be the criteria we used to target their advert, how many times their advert was shown and how many people clicked on it (but not who), so that they know how well the advert did and we know how much to charge them.
3.1.2. Our legal basis
Your activity on our websites and in our apps can be managed by you using our “cookie banner” and related Consent Management Platform (CMP). The vast majority are used on the basis of your consent where you provide it. Some may use our Legitimate Interest and some are Essential – Please see our Cookie Notice for further information or the ‘cog’ icon or link at the bottom of every webpage to manage your consents. When using our apps if you want to change the settings, go to the ‘My Account’ Link at the bottom of the screen which includes ‘My Privacy’ and takes you to the CMP.
We combine that information with the other things we know about you (like your newsletter subscriptions) on the basis of our legitimate interest in understanding our readership, both to serve you better and to make us more attractive to advertisers. This helps us to secure a future for news reporting and journalism in the age of social media, especially local news reporting and journalism.
You do, of course, have an absolute right to object to this. You can always register your objection by completing the relevant form 10.5. Your right to object to what we do with your data, and to have restrictions placed upon it.
3.1.3. How long we keep it for
We keep the information about your activity on our websites and in our apps for up to up to three years since last browsing activity, with some anonymised browsing activity retained thereafter.
3.1.4. Who we share it with and why
The data which we use to create the unique identifier and our “audiences” is shared with the partners who provide us with the technology powering it, most notably Upland Software and Lotame, who host core data management platforms for us. They act as our “processors”. This means that they are bound by law and contract to do only what we tell them to do with the data, to keep it safe, and not to share it with anyone else or use it for anything other than providing their service to us.
3.2. Targeting by advertising networks
Digital advertising helps us to fund the news articles and content published on our sites and enables us to provide some of our content for free. We and our third-party ad partners may display digital advertising on our sites that is tailored to your interests and preferences so the online adverts you see are more relevant to you. We work with third party ad networks to fill unsold advertising space on our sites and in our apps by auctioning it automatically through a process called “real time bidding”. These ad networks bid to show their ad to you when you visit our sites or use our apps.
The ad networks exchange information through cookies, which allow them to recognise you when you visit any site that they work with (not just Reach sites). Where we use cookies on our sites for advertising purposes, we ask for prior consent. The cookie information will be used along with other information we hold about you to display digital advertising that is more relevant to you. It is important to note, however, that where you do not provide your consent for digital advertising you will still see digital advertising on our sites, but this will not be tailored to your interests and preferences.
Where you provide consent to using your data to create a profile for digital advertising we may also sell or share limited data types to our partners with whom we have a legally binding relationship for similar purposes; typically data on the page content which you have shown an interest in and online identifiers, not direct identifiers such as your email address. Captify is one such partner. They may act as an independent controller of your data, and their privacy policy is shown here: Captify Privacy Policy .
3.2.1. The data collected and how it is used
On your first visit to one of our sites or apps (and on other occasions to allow you to change your mind), you will be presented with a ”cookie banner”. This asks you if you consent to the use of cookies and related technologies for the purposes of, amongst other things, selecting and delivering ads. If you do, then the ad networks will be able to recognise your device according to a unique identification number.
We then send out a “bid request” to the advertising networks we work with. What that bid request says is, essentially, ”ID number ABC123 has landed on our website, do you want to show this user an advert?” The winner then gets to display their ad.
The auction process happens automatically, in the second or so between you requesting the page and it loading and displaying. The data used by the ad networks to select the ad to show is held by them, not us, and we never see it.
If we sell or share limited data to an ad partner, as described in 3.2, it will be used for profiling and digital marketing on Reach websites and apps, and potentially other sites & apps with whom the partner has a relationship, if you have given permission for that site or app to do so.
An important point to understand is that most of these ad networks will not know who you are in a “real world” sense. They will not know your name, or your email address, or your phone number (we may know those things because you’ve given them to us in other contexts, but we never share that information with them).
We say “most” because there are two significant exceptions, which are Facebook and Google. They may provide targeted advertising services based on the things they know about their users, and so if you are signed into your account with them on your device, they will be able to recognise you and associate your browsing history across sites that use their services.
Data Matching:
When you browse our websites or use our mobile applications and when you provide your email address on these (either to log in, or sign up to a newsletter, or similar) we may share it, in hashed, pseudonymised form, with our partner LiveRamp Inc and its group companies, acting as joint controllers. LiveRamp uses this information to create a secure online identification code for the purpose of recognising you for cross-channel advertising. This code is placed in our cookie, does not contain any of your identifiable personal data, and will not be used by LiveRamp to identify you. It may be shared with our advertising partners and other third-party advertisers globally for the purpose of enabling interest-based content or targeted advertising through Reach sites. These third parties may in turn use this code to link demographic or interest-based information you have provided in your interactions with them to the pseudonymised code. Detailed information on LiveRamp’s data processing activities is available in LiveRamp’s privacy notice and opt-out. You have the right to withdraw your consent or opt-out to the processing of your personal data at any time via our Cookie Management Platform accessed via the ‘cog’ icon or link at the bottom of every webpage.
If you accept the use of cookies in our Consent Management Platform, when you submit your email address to create an account or sign-up to a newsletter we may share your email address in a hashed form with Amazon Publisher Services (APS). APS then link the hashed email to a profile which they may already hold related to that address. The hashed email will be used in a secure, pseudonymised form within a cookie to flag to APS whenever you visit an APS enabled Reach website again. APS will use this to determine, in real-time, if any of their business customers want to market to a profile similar to yours. If this is the case they may initiate an advert which will appear to you on the Reach website concerned. You have the right to stop this processing activity at any time via the use of ‘Reject’ on our Cookie Management Platform accessed via the ‘cog’ icon or link at the bottom of every webpage, or via a form accessible from section 14 of this Privacy Notice. The APS Privacy Notice can be found at APS PN.
3.2.2. Our legal basis
Where required by applicable law, advertising networks undertake this activity on the basis of your consent, which we ask for on their behalf through the ‘cookie banner’ which appears when you first visit our site. The ‘cookie banner’ message box will reappear from time to time in case you change your mind, or when something changes (typically every 30 days). Please see our Cookie Notice for further information or the ‘cog’ icon or link at the bottom of every webpage to manage your consents. When using our apps if you want to change the settings, go to the ‘My Account’ Link at the bottom of the screen which includes ‘My Privacy’ and takes you to the CMP.
Most of our third-party advertising partners operate within an industry framework and code of practice issued by the Internet Advertising Bureau (IAB) called the “Transparency and Consent Framework”, which sets out the technical means for your choices to be passed through the ad networks. It also requires that members adhere to IAB policies and standards of behaviour.
Advertising partners who do not work within the IAB framework are listed separately in the platform which can be viewed in our Consent Management Platform (CMP) – please see our Cookie Notice for further information or click on the ‘cog’ icon or link at the bottom of every webpage. In the Consent Management Platform popup go to the ‘Partners’ page and scroll down - IAB partners are listed first, then you'll see Non-IAB vendors and finally Google partners.
3.2.3. How long we keep it for
We do not ourselves hold a copy of the data gathered by the advertising networks. They will each have their own retention policies which you can find in their privacy notices linked through our ‘cookie banner’ – these are often short (between 30 and 60 days), because shopping interests change over time.
3.2.4. Who we share it with and why
When we participate in auctions for unsold advertising space, we send bid requests to third party advertising networks. You can find the list of third-party advertising networks who we work with by clicking on the ‘cog’ icon or link at the bottom of every webpage and reviewing our Consent Management Platform.
3.3. Making our sites and apps work properly, diagnosing problems with them, and understanding how they are used so we can make them better
We use the information logged by our servers and certain third-party analytics tools (such as Google Analytics, Mpulse and Hotjar) to help us to spot problems with our digital services, such as page errors or slow loading times, as well as understanding usage patterns and watching for security problems. You can find more information below.
3.3.1. The data we collect and what we do with it
We gather data for this purpose in two ways.
Firstly, our servers record certain information provided by your devices when they request content, consisting mostly of technical information about your device such as language, screen size and the features and functions it supports, but also including the internet or “IP” address from which it is connecting, and the page or data requested. The data is used for system performance, content delivery and security purposes. It is saved together with the dates and times the requests occurred into files stored on our servers called “logs” or “log files”.
Secondly, on your first visit to one of our sites or apps (and every so often again after your first visit), you will be presented with a ’cookie banner’ asking you if you consent to the use of cookies and related technologies for our use of analytics. If you do, then several “cookies” (small text files) will be stored on your device containing identification numbers. Those numbers can then be read on your subsequent visits to recognise your device, and our analytics providers will use that information to provide us with various reports and metrics on how our sites are used. Google also uses the data that it gathers as a result for other purposes, which you can read about in Google’s Privacy Policy.
If you wish to opt-out of the use of Google Analytics you can access and download the Opt-out browser add-on from here: GA Opt-Out.
3.3.2. Our legal basis
We process the personal data captured in our server log files on the basis of our legitimate interest in monitoring our systems, understanding how they are used, fixing problems with them, and for security monitoring and management purposes.
We process the personal data captured by our analytics providers on the basis of your consent, which we ask for through a “cookie banner” which appears when you first visit our site. That message box will reappear from time to time in case you change your mind (typically every thirty days), and on your first visit after we make a significant change.
3.3.3. How long we keep it for
We keep the information in our server log files for up to 90 days, depending upon the log type and purpose.
Our analytics providers will keep the information they gather from our sites and apps in line with their own privacy notices, which you can access through our ‘cookie banner’ and Consent Management Platform (see the ‘cog icon’ or link at the bottom of every webpage) .
3.3.4. Who we share it with and why
We use AWS and CloudFront to help us to analyse our server log files. They act at our direction, as our “processor”.
The information gathered using Google Analytics is held by Google and is made accessible to us by Google through various dashboards and reporting tools.
The following providers are key to providing additional website analytics or diagnostic capability:
Akamai Mpulse (https://www.akamai.com/legal/privacy-and-policies)
Chartbeat (https://chartbeat.com/privacy/)
Hotjar (https://www.hotjar.com/privacy/)
Viafoura (https://viafoura.com/privacy-policy/)
*** Click here to go back to ‘Contents’ ***
4. When you create or sign into your online Reach account
Some elements of our websites and apps require you to create an account in order to use them; for example, the ability to leave comments under articles. We use your email address and the other information that you give to us as part of the account creation process to operate your account and provide those functions. When you are signed in with your Reach account, we will also have the ability to associate your account details with the information we gather through our analytics tools about how you use our sites.
4.1. The data we collect and what we do with it
When you create an account we may collect your name and email address.
Some services may let you upload your own content to our sites, such as comments or pictures. Those things will, by the nature of the service, be generally visible on the site. Your comments may be used in print, online or on the social pages for brands owned and published by Reach plc. We may also record what types of content you have commented on, and associate this with our profile of you. Please do not provide any personal data which you do not want to be published. Comments will be subject to moderation checks before publication.
You may also be invited during the account creation process to subscribe to one or more of our newsletters, or to opt in to receive certain special offers and promotions. You can read more about that by navigating to the appropriate section of this Privacy Notice via the ‘Contents’ list.
Unless you object, we will also associate your online account sign-up data with the other things we know about you, like your page views. You can learn more about that, including how to object, here.
4.2. Our legal basis
We process your email address and the other information you give to us in order to provide the relevant function or service of our sites on the legal basis of consent. We associate the data which you provide on sign-up with the profile created from your browsing activity on the basis of our legitimate interest. If you wish to object to this, where permitted by applicable law, please see section 'Targeting by Reach'.
Our legal basis for any resulting email marketing is your consent – see here for further information.
4.3. How long we keep it for
We will keep your account active for as long as you continue to use it, and for up to 3 years afterwards.
4.4. Who we share it with and why
We use a technology provider called LoginRadius [LoginRadius] to handle the technical aspects of operating your account on our behalf. They host your email address and password. They act as our “processor”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.
*** Click here to go back to ‘Contents’ ***
5. When we communicate with you by email
When you give us your email address we will use that email address to communicate with you for the purpose you provided it; for example, if you sign up for a newsletter then we will use the email address you provide to send you that newsletter. These may include special offers and promotions.
The links in our emails are unique to your email address, and so if you click on them our servers will attribute that click to your email address and that information will be associated with your unique identifier (3.1. Targeting by Reach). If you choose to allow your email program to load the images in our emails, we will also be able to see that you opened the email. You can find out more about each of these activities below.
5.1. Sending you the newsletters you subscribe for
When you subscribe to one of our email newsletters, we will send those newsletters to the email address you provided. If you want us to stop, the easiest way is to click on the “unsubscribe” link which you will find at the bottom of every email. You can find more details below.
In some jurisdictions outside of the EU/UK, and where permitted by applicable law, we may purchase/rent lists of persons who may be interested in our products and services. We may contact such persons by email.
5.1.1. The data we collect and what we do with it
We collect your name and email address in order to send you the newsletters you subscribe to. When you sign up for newsletters from our “In Your Area” local information website, we will also collect your postcode in order to provide the correct local information.
Sometimes, our newsletters will contain advertisements.
Unless you object, we will also associate your newsletter subscription with the other things we know about you, like your page views. You can learn more about that here.
5.1.2. Our legal basis
We use your email address to send you the newsletters you subscribe for on the basis of your consent. You can withdraw that consent at any time. The easiest way to do so is to click on the “unsubscribe” link at the bottom of every newsletter we send.
We associate your email subscription with the other things we know about you on the basis of our legitimate interests. You can learn more about that here.
5.1.3. How long we keep it for
We will keep your email address on the subscription list for the relevant newsletters until you unsubscribe from them. Furthermore, we will stop sending you a newsletter if we see no activity (e.g. no links clicked on) for a period of time, and generally but not exhaustively, after 24 months.
5.1.4. Who we share it with and why
Processors provide the technology platforms which we use to administer our email lists and to manage the adverts in our emails. They act as our “processors”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.
5.2 Sending you special offers and promotions, with your consent
When you give us your email address, we will sometimes also ask you if you would also like to receive promotions and special offers from us. If you agree, then we will send you occasional offers and promotions to the email address that you gave us. You can unsubscribe at any time.
5.2.1. The data we collect and what we do with it
We will use the email address you give to us to send our offers and promotions to you. It will always be clear who the offer or promotion has come from, and we don’t sell or give our email lists to anyone else.
5.2.2 Our legal basis
We do this on the basis of your consent. You can withdraw that consent at any time. The easiest way to do that is to click on the “unsubscribe” link which you will find at the bottom of every email.
5.2.3. How long we keep it for
We will keep your email address on the list for promotions and special offers until you unsubscribe from them. We will also stop sending you promotions and special offers if we see no activity (e.g. no links clicked on) in 24 months.
5.2.4. Who we share it with and why
A processor provides the technology platform which we use to administer our email lists. So, they will host the data containing your email address on our behalf. They act as our “processor”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.
5.3. Tracking technologies used in our emails
If you tell your email application to load images we will know when you open one of our emails. When you click on links in our emails, we will know that it was you who clicked on it. We use this information to inform the content of future newsletters (by looking at what’s popular), and to understand whether you continue to be interested in receiving them.
Unless you have previously objected, we will also associate that information with other things we know about you. You can learn more about that here.
5.3.1. The data we collect and what we do with it
We track engagement with our emails in two ways.
Firstly, as for most email newsletters and promotions worldwide, our emails don’t attach any pictures they use to the email itself, but instead load them from a remote server on demand. By default, most email programs don’t load remote images automatically, but only when you click on the button or link in the program to “show images” (or similar wording). When you do that, the images linked in the email are downloaded from our technology provider’s server so they can be displayed in your email program.
If the images are downloaded, our technology provider can tell us that you opened the email.
Secondly, the links in our emails to articles and other external content are personalised, such that if you click through to the content using the link in our email, we will know that it was you who clicked it (or at least, someone reading the email we sent to you).
We do this to help us to understand how you engage with our emails.
5.3.2. Our legal basis
We record the opening of emails on the basis of your consent. You can withdraw your consent at any time either by configuring your email client not to load images, or by unsubscribing from the relevant email.
We use the personalised URLs for links to external content on the basis of our legitimate interest in understanding how you engage with our emails and which kinds of content are of most interest to you. You can object to this use of your personal data by completing the relevant form 10.5. Your right to object to what we do with your data, and to have restrictions placed upon it.
5.3.3. How long we keep it for
The data gathered to understand email opening and interests related to articles and links within the emails is retained for as long as you continue to engage with our emails, and for a period of up to 3 years afterwards.
5.3.4. Who we share it with and why
Third party processors provide the technology platforms which we use to administer our email lists and to manage the adverts in our emails. They act as our “processors”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.
*** Click here to go back to ‘Contents’ ***
6. When you complete a survey
Sometimes we run surveys to help us to understand more about our readership or about public opinion generally. We use your answers to those surveys to produce anonymous statistics which we use to inform our editorial content and, to an extent, our advertising. For example, if a majority of survey respondents express a preference for one TV show over another, then we might write an entertainment piece based on that or factor it in when deciding which adverts appear where.
We may also run some surveys for which we utilise your declared responses to build into our profile about you. When we do so, this will be communicated in the associated text, and you will be asked to either consent to this use or will be given the option to ‘object’ via a tick box.
Occasionally, those surveys might ask you about things which the law considers to be especially sensitive, such as your voting intentions or your religious beliefs. Where that’s the case, we’ll ask clearly for your permission first, and we’ll always provide a “prefer not to say” or similar option. We don’t use that kind of information for advertising purposes.
6.1. The data we collect and what we do with it
We will collect your answers to the survey questions and use them to compile anonymous statistics along the lines of “35% of people preferred X over Y”. Some surveys may also ask for your email address, for example if we are offering entry into a prize draw for completing it. Go here to learn more about how we use your data for prize draws. As highlighted above, we may also retain your responses as part of a profile about you.
When you have completed a survey, you may be invited to subscribe to a newsletter or to receive special offers and promotions from us.
Sometimes we may operate “panels” of people who we send survey questions to periodically. If you join one of those panels then there may be additional kinds of information about you which we will receive, in which case we will provide further information to you before you sign up to the panel.
6.2 Our legal basis
We collect and compile your survey answers on the basis of your consent, which we ask for in each survey. Use of your declared data for profiling purposes will be based either upon consent (via tick box) or our legitimate interest, for which you will be given the option to ‘object’.
6.3. How long we keep it for
We retain your survey responses for however long the survey runs for, and for up to 90 days afterwards. The resulting statistics may be kept longer, but those are always anonymous and don’t contain your personal data. Data utilised for profiling will be retained for up to 3 years.
6.4. Who we share it with and why
We typically publish the overall results of our surveys, and often share those results with the brands involved (if any), but those results are always anonymous and statistical in nature (“50% of respondents thought X”) and don’t contain your personal data. Actual survey responses are only shared with the service providers who provide us with the technology powering our systems. They act as our “processors”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.
*** Click here to go back to ‘Contents’ ***
7. When you apply for a job with us
When you apply for a job with us, we will process the information you or the recruitment agency gives to us in order to consider your application and to communicate with you (or the agency) about it.
If we offer you a position and you accept it, then we will use your information to liaise with you about start dates, contracts, arranging induction and so on, and we may ask you for additional information to that end. That information will then be handled in accordance with our internal HR policies and Employee Privacy Notice.
If we don’t offer you a position or we do but you don’t accept it, then we will keep your application on file for 12 months in case of future queries or issues.
We process your data on the basis that it is necessary in order to take steps to enter into an employment contract with you. We process information relating to unsuccessful applications or job offers that are not accepted on the basis of our legitimate interest in keeping records of job applications.
*** Click here to go back to ‘Contents’ ***
8. When you work at other organisations that we do business with
For all of our customers and other organisations we do business with, we will have the business contact details of the people we work with at those organisations, and we will use them to manage and administer our relationship with that organisation. We do this on the basis of our legitimate interest in managing and administering those relationships.
If you work at a current or prospective advertising or publishing services client or related agencies, revenue sharing partners (for the sale of your products or services) or are users of Reach software we will also contact you from time to time using your work contact details to promote our services. We will have those contact details either because we have worked with you before, you shared them with us for this purpose, because we or our agencies have looked them up from publicly available information, or because you have attended an event we have hosted. We do this on the basis of our legitimate interest in promoting our advertising and publishing services to businesses. We will always stop contacting you for this purpose if you ask us to. Typically, the best way to do that is to respond to the person contacting you, but you can also make the request by completing the relevant form Your rights under GDPR and how to exercise them.
We keep the details of our contacts at organisations we do business with for as long as we continue to have a business relationship, and for a period thereafter for business development purposes and in case of issues or disputes.
*** Click here to go back to ‘Contents’ ***
9. Further data sharing by Reach
Further to the data sharing described elsewhere in this Privacy Notice, Reach will disclose your information and co-operate with appropriate bodies and authorities in good faith where we are required to by law, a court order, a regulatory authority, or otherwise, including with the police, trading standards, regulatory authorities, other relevant authorities, or credit reference agencies.
Where permitted by applicable laws, where you interact with us, we may monitor, record, and retain all associated data, correspondence, and communications, such as written letters, telephone call recordings, emails, text messages, social media messages, in person meetings and any other communications. We will do this to, (i) comply with our legal and regulatory obligations, (ii) prevent, or detect crime, (iii) maintain appropriate evidential records, (iv) protect the security of our communications systems and (v) for training and quality purposes. Where necessary, we will also use your personal information to defend ourselves from any legal claims brought by you in connection with the provision of our products and services.
We will also use personal information to manage and administer our business generally.
We will share information with security consultants and IT security system providers, where necessary, to monitor and manage data security and the security of our sites and networks, and to develop security threat intelligence data.
We may also share information to facilitate the sale of one or more parts of our business, including if we are approached by a potential buyer or the restructuring of one or more parts of our business and with auditing organisations such as the Audit Bureau of Circulation.
*** Click here to go back to ‘Contents’ ***
10. Your rights under GDPR and how to exercise them
The law gives you certain rights over your personal information.
You can exercise your rights by contacting our group Data Protection Officer’s team through the use of the relevant forms provided below. It is helpful to be as specific as possible about what you want us to do or what information you are looking for, because it enables us to respond to you more quickly.
Depending on your request, we may ask you to prove your identity to us first, in order to make sure that someone isn’t impersonating you. For example, if you contact us about your Reach account using a different email address, we may first require you to prove that you control the email address which you used to set up the account. If you want information about a subscription or some other paid service then we may ask you to provide the last four digits of the credit card used to pay for it.
Most of your rights do have exceptions to them, designed to protect the rights of others or to ensure that we can comply with the law and operate our business in a prudent manner (for example, by keeping certain records). If we decline all or part of your request on the basis of one or more of those exceptions, we will tell you that we are doing so, and we will explain our reasons. We may also reject your request entirely if it is excessive or unfounded.
10.1. Your right to access the information we hold about you
You have the right to have access to the information we hold about you. There are a few exceptions to that right, designed to protect the rights of other people.
To exercise this right please use our right of access request form.
10.2. Your right to have inaccurate information about you rectified
If we hold information about you that is factually inaccurate (for example, we have spelled your name wrong) then you have the right to have it corrected. This right does not extend to matters of opinion; for example, moderation decisions we might make about your comments on our websites.
To exercise this right please use our other rights request form.
10.3. Your right to have your information erased in some circumstances
You may have the right to have some or all of your information deleted, principally if the information you want deleted is no longer needed or if we don’t have a legal basis to continue using it (for example, if we are using it on the basis of your consent and you withdraw your consent).
To exercise this right please use our right to erasure request form.
10.4. Your right to withdraw your consent
If we’re relying on your consent to do something with your information (for example, to send you newsletters) then you have the right to withdraw that consent at any time.
For newsletters and other email communications, you can do this by clicking the “unsubscribe” link at the bottom of the message.
To withdraw your consent for how we are using your information, please use our unsubscribe request form.
For targeted advertising on our websites, you can access the screen to do this by clicking the “Privacy” tag with the ‘cog’ icon or link at the bottom of every webpage to go to the Consent Management Platform (CMP).
For targeted advertising in our apps, you will be presented with the CMP on initial download and whenever it is updated thereafter. You can also change your CMP settings by navigating to ‘My Account’ at the bottom of the app screen and clicking on ‘My Privacy’.
10.5. Your right to object to what we do with your data, and to have restrictions placed upon it
If we are doing something with your data not on the basis of your consent but on the basis of our “legitimate interest”, then you have the right to object to what we are doing, and we must stop unless we can show that there is a compelling and legitimate reason to continue or what we are doing relates to a legal claim. Activities such as fraud prevention will fall into that category.
In the case of direct marketing and profiling, your right to object is absolute. Regardless of what other mechanisms we may make available, you can always object by unsubscribing from marketing emails and by rejecting the use of cookies on our websites (see the Privacy ‘cog’ or link at the bottom of every webpage). When using our apps if you want to change the settings, go to the ‘My Account’ Link at the bottom of the screen which includes ‘My Privacy’ and takes you to the Consent Management Platform (CMP).
To exercise this request please use our other rights request form.
10.6. Your right to restrict what we do with your information in some circumstances
In certain circumstances, you have the right to restrict our use of your information to simply storing it and using it only for legal claims, protecting the rights of others and matters of important public interest. Those circumstances are: if you dispute the accuracy of information we hold about you; if we do something unlawful with your information but you don’t want us to delete it; if we don’t need the information anymore but you want us to preserve it in connection with a legal claim; or for the duration of the period in which we are considering a valid objection you have raised under your right to object discussed above.
To exercise this right please use our other rights request form.
10.7. Your right to portability
You have the right to receive the personal data concerning you which you have provided to a controller in a portable electronic format, or have it transmitted to another controller, where processing is based upon consent and undertaken by automated means.
To exercise this right please use our other rights request form.
10.8. How to Complain
If you have a complaint or disagree with a decision we have made, we ask that you discuss it with us first by contacting the group Data Protection Officer using our data protection complaints form or via the address given at the top of this Privacy Notice.
You also have the right to complain to your data protection supervisory authority.
In the UK this is the Information Commissioner’s Office:
The ICO’s contact information is:
Information Commissioner’s Office Wycliffe House Wilmslow Cheshire SK95AF
ICO website: https://ico.org.uk
Helpline Number: 0303 123 1113
In the Republic of Ireland, it is the Data Protection Commissioner:
21 Fitzwilliam Square South Dublin 2 D02 RD28 Ireland
The phone number is 01 7650100 / 1800437 737
If you are based in another EU country, you can find the details of your local supervising authority here.
*** Click here to go back to ‘Contents’ ***
11. Residents of California
Information provided in this section of the notice applies solely to residents of California and their rights under the California Privacy Rights Act of 2022 and related regulations (the “CPRA”). This section should be read in conjunction with the rest of this notice which provides further details on the nature of our data processing. Terminology and definitions in this section are reflective of the CPRA. As the CPRA uses the term “personal information” and not “personal data,” in this section, for consistency with the CPRA, we are using the term “personal information,” which has the meaning set forth in the CPRA.
11.1. Notice of Collection
The table below provides a summary of the categories of your personal information Reach may have collected, the sources of that data, the reasons for collection and who we may have disclosed the data to over the last twelve months. The information gathered in this table may apply to you in different ways depending on how you have interacted with us.
Please see the keys below the table to inform the second and third column:
Category | Business Purpose for Disclosure | Categories of Recipients of Disclosures | Do we share this data? |
Identifiers such as name, email address, billing information, username, any provided phone numbers, such as home, or mobile, online screen name, security questions and password. | P1, P2, P3, P4, P5, P6, P7 | D1, D2, D3, D4, D5, D6, D7, D8 | No |
Commercial Data such as records of your purchases and transaction data. | P1, P2, P3, P4, P6, P7 | D1, D2, D3, D6, D7, D8 | No |
Customer Records such as financial or payment information to process payments and information about your transactions and purchases with us. | P1, P7 | D2, D6, D7, D8 | No |
Internet & electronic network activity information including, but not limited to browsing history, search history, and information regarding interactions with an internet website, application, or advertisement, including other usage data related to your use of any of our Services or other online services. Please see our Cookie Notice for further information. | P1, P2, P3, P4, P5, P6, P7 | D1, D2, D3, D4, D5, D6, D7, D8 | Yes |
Geolocation Data such as general location, and, if you provide permission, precise GPS location. | P1, P2, P3, P4, P6, P7 | D1, D2, D3, D4, D5, D6, D7, D8 | Yes |
Sensory Data such as audio recordings if you call our customer service or volunteer this information as part of using our services and photographs in connection with your social media account. | P1, P2, P5, P7 | D1, D2, D6, D7, D8 | No |
Inference Data including inferences drawn from any of the information identified above to create a profile reflecting a consumer’s preferences, characteristics, behavior or attitudes. | P1, P2, P3, P4, P6, P7 | D1, D2, D3, D5, D6, D7, D8 | No |
11.2. Notice of Collection: Key
Purposes
P1 - Performing services; including but not limited to customer service and related requests, processing orders or other transactions, managing and maintaining your account, marketing or advertorial services, analytics.
P2 - Analysis and improvement; reviewing our activities to enhance either services offered or improve commercial capabilities such as by improving the positioning or quality of our adverts and developing of new functionality and tools.
P3 - Commercial interests; including but not limited to the promotion of goods and services and to drive engagement, page views, subscriptions, registrations, purchases and similar.
P4 - Ephemeral; data processed in a transient manner and not retained by Reach.
P5 - Editorial; to support the production of editorial content across Reach titles.
P6 - Repairs; review of assets and management of debugging and other fixes to maintain and improve functionality.
P7 - Security, fraud and legal compliance; actions deemed necessary to protect and defend Reach assets against illegal, malicious and damaging activity.
Disclosures
D1 - Reach subsidiaries and affiliates; we may disclose information in order to deliver services in the ways described in this privacy notice. Marketing will only be sent to you where the necessary consent has been provided.
D2 - Service partners; we may disclose information where we work in partnership to provide you with products or services.
D3 - Commercial partners; we may disclose information with third parties to provide you with relevant content and advertising on websites and mobile apps where we have the necessary permissions to do so. We may also disclose information to enable you to receive marketing you have asked to receive.
D4 - Social media; we may disclose information with social media networks where we have the necessary permission to do so.
D5 - Analytics providers; we may disclose information with data analytic providers to review, evaluate and improve our services.
D6 - Security; we may disclose information where it is necessary to do so in order to protect the rights, assets, employees and customers of Reach.
D7 - Legal requirements; we may disclose information where necessary to comply with our legal obligations or if we believe it is required in relation to the investigation or prevention of suspected or actual illegal activity.
D8 - Business Development; we may disclose information for the purpose of business transfers, mergers, acquisitions, bankruptcy proceedings or similar.
Sale of your data
- The only data which may be sold is to advertising partners with whom we have a contractual agreement to limit usage to those online marketing related purposes agreed by you via Reach’s Consent Management Platform (CMP). The data types include an online identifier, URLs from Reach pages, a referrer identifier, and a truncated IP address.
11.3. Sources of Personal Information.
In general, we may collect the categories of personal information identified in the table above from the following categories of sources:
- Directly from you and your devices.
- Through your use of our services.
- From third parties and service providers, including affiliates, commercial partners, social media networks, analytic providers, credit reference agencies.
11.4. California Residents’ Rights
Under the CPRA, California residents have the following rights (subject to certain limitations):
- To opt out of sales. The right to opt-out of our sale of their personal information.
- Deletion. The right to the deletion of their personal information that we have collected, subject to certain exceptions.
- To know/access. The right to know what personal information we have collected about them, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about them.
- Non-discrimination. The right not to be subject to discriminatory treatment for exercising their rights under the CPRA.
11.5. Do Not Share My Personal Information
California residents may opt out of the “sharing” of their personal information. We share, as defined below, information to third parties to provide you with opportunities that may be of interest to you.
Under the CPRA, sharing may include the disclosure of information such as cookies and device or browser information to third parties. This enables you to be served with more relevant and appropriate advertising content. Digital advertising helps us to fund the news articles and content published on our sites and enables us to provide some of our content for free.
Depending on what Services you use, we may provide the following categories of personal information to third parties for these purposes:
- For online targeted advertising purposes: demographic and statistical information, contact and registration information device information and identifiers, browser and usage data, geolocation, and social media information.
Reach does not knowingly share the personal information of children under the age of 16 without the necessary permissions as required by the CPRA.
You have the right under CPRA to opt out of these purposes by selecting the ‘Do Not Share My Personal Information’ link on our homepage. You may also submit a request directly using the contact information provided within sections 1 or by submitting the following form. We reserve the right to ask for evidence of your residency in California before processing your request.
Please note that a ‘Do Not Share My Personal Information’ request does not cover information that has previously been disclosed to third parties for these purposes and does not prevent the ongoing disclosure of data to our service providers.
11.6. Personal Information Access and Deletion
California residents wishing to exercise their right to access their personal information or request that we delete it can do so using the following form.
We will take steps to verify your request by (i) sending you an email confirmation to which you must respond to confirm your request; and (ii) matching the information provided by you with the information we have in our records. You must complete all required fields on our webform or otherwise provide us with such information to verify your request. We will process your request based upon the personal information in our records that is linked or reasonably linkable to the information provided in your request. In some cases, we may request additional information in order to verify your request or where necessary to process your request. If we are unable to adequately verify a request, we will notify the requestor.
11.7. Authorized Agents
Authorized agents may initiate a request on behalf of another individual by providing evidence of authority from the individual; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.
11.8. Shine The Light
California residents may request and obtain a list of any third parties that we have disclosed personal information to over the previous calendar year for the purposes of sending you direct marketing about the third party’s own products and services. If you would like to request this information please contact us using our rights requests form in section 10, the postal address in section 1, or email dataprotection@reachplc.com..
11.9. Financial Incentives
At this time, Reach does not offer any financial incentives for the provision of personal information.
*** Click here to go back to ‘Contents’ ***
12. Nevada Residents
Reach does not currently sell your personal data, as defined by Nevada Law, for monetary compensation to third parties for their own purposes. Nevada residents, however, may request that we include their name on a do-not-sell list in the event Reach were to do so in the future. Please email us at dataprotection@reachplc.com if you want to place your name on the do not sell list.
*** Click here to go back to ‘Contents’ ***
13. Other US state residents with applicable legislation
For residents covered by local state data protection or privacy legislation please use the our rights request form, to submit a request in relation to your data rights.
*** Click here to go back to ‘Contents’ ***
14. Privacy Notice last updated: 26 July 2023
We may update this Privacy Notice from time to time by posting a new version on our websites. You should check this page occasionally to ensure you are happy with any changes. Where changes are material, we may also notify you of them by email.