Name Privacy Policy
Version 2023/1
Governance Committee Approval on behalf of the Board 17th April 2023

 

This privacy notice provides information on how each Group Company collects and processes your personal data when you interact with us, as a representative of a business, as an individual, as a market research responder, the provider or subject of journalistic material.

  • Company Personnel: all employees, workers, contractors, agency workers, consultants, directors, members and others.
  • Consent: agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear positive action, signify agreement to the Processing of Personal Data relating to them.
  • Data Subject: a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.
  • UK GDPR: the UK General Data Protection Regulation as defined in the Data Protection Act 2018. Personal Data is subject to the legal safeguards specified in the UK GDPR.
  • Group Company: the companies listed in Clause 1.
  • ICO: the information Commissioner’s office, the UK regulator responsible for data protection and privacy.
  • Personal Data: any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Special Categories of Personal Data and Pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour. Personal Data specifically includes, but is not limited to, the categories of data set out in the attached Schedule.
  • Personal Data Breach: any act or omission that compromises the security, confidentiality, integrity or availability of Personal Data or the physical, technical, administrative or organisational safeguards that we or our third-party service providers put in place to protect it. The loss, or unauthorised access, disclosure or acquisition, of Personal Data is a Personal Data Breach.
  • Privacy by Design: implementing appropriate technical and organisational measures in an effective manner to ensure compliance with the UK GDPR.
  • Privacy Notices (also referred to as Fair Processing Notices) or Privacy Policies: separate notices setting out information that may be provided to Data Subjects when the Company collects information about them. These notices may take the form of:
    1. general privacy statements applicable to a specific group of individuals (for example, employee privacy notices or the website privacy policy); or
    2. stand-alone, one-time privacy statements covering Processing related to a specific purpose.
  • Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.
  • Special Categories of Personal Data: information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.
  1. Important information and who we are

The SWNS group of companies comprises SWNS Media Group Ltd, South West News Service Ltd and 72 Point Ltd (collectively referred to in this document as “SWNS/”we”/”us”).

 

Each Group Company is separately registered with the ICO as follows:

 

Company ICO Registration Number
SWNS Media Group Ltd ZB343649
South West News Service Ltd Z1433952
72 Point Ltd Z8020853

 

We can be contacted in relation to data protection and privacy (including subject access requests) at:

Data Protection

SWNS Media Group Ltd

Media Centre,

Unit A Abbey Wood Business Park,

Emma-Chris Way,

Bristol,

BS34 7JU

 

privacy@swnsmediagroup.com

 

Our Group Chief Financial Officer is responsible for data protection/privacy, and for ensuring our compliance with the Data Protection Laws. Day to day operation of the policy has been delegated to relevant managers.

  1. The data we collect about you

We may collect, use, store and transfer different kinds of personal data about you as follows:

Identity Data                                  Contact Data                           Financial Data

Transaction Data                          Technical Data                        Profile Data

Website Usage Data                     Marketing and Communications Data

We explain these categories of data, the lawful basis for processing, and retention periods,  in the Schedule attached to this notice.

 

 

We collect Personal Data through:

Correspondence, and contact with Data Subjects, and/or their employers

Journalistic activities

Social media

Our websites

Purchased marketing mailing/contact lists

  1. How we use your Personal Data

We will only use your personal data for the purpose for which we collected it which include the following:

  • To register you as a client
  • To process your requests and deliver services to you
  • To manage your relationship with us
  • To enable you to participate in market research surveys
  • To improve our websites, services, marketing or client relationships
  • To recommend services which may be of interest to you
  • For journalistic purposes (including Special Categories of Personal Data as permitted by law)

When processing Personal Data for journalistic purposes, we adhere to the IPSO Editors’ Code of Practice (www.ipso.co.uk/editors-code-of-practice).

  1. How we protect your Personal Data

We have in place physical and logical measures to prevent unauthorised access to Personal Data, and to protect it from loss or corruption. These measures include password protection of segregated data areas in our IT systems, and regular system backups.

Our staff who access personal data are trained in data protection and the requirements of the GDPR, and are encouraged to raise concerns and suggestions about our systems and the processing of Personal Data.

Company Personnel are trained to identify and report any potential Personal Data Breach. All such reports are investigated by senior managers, affected Data Subjects, and regulatory authorities notified.

  1. How we share your Personal Data

We may share your Personal Data with other Group Companies. We may also share your Personal Data with third parties such as financial services providers, or professional advisors. We ensure that each third party understands their legal obligations in respect of Personal Data, and has in place adequate technical and operation measures to protect Personal Data.

We will not sell your Personal Data e.g. to mailing lists.

  1. International transfers

We may transfer, store and process your personal data outside the UK. Each entity to whom we export Personal Data is required to enter into a binding contract setting out their compliance UK data protection laws including the GDPR.

  1. Accuracy of Personal Data

We do our best to ensure that all Personal Data we process is up to date and accurate. It is important therefore that you do notify us of any change to your Personal Data e.g. a new telephone number, or address.

  1. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your Personal Data, including the right to:

receive a copy of the Personal Data we hold about you

correct inaccuracies in Personal Data we hold

in certain circumstances, to have Personal Data deleted

To exercise these rights, you should contact us as set out in Clause 1 above.

You also have the right to make a complaint at any time to the ICO (www.ico.org.uk).

  1. Journalistic activities

A free press is recognised as an intrinsic element in a functioning democratic society. For that reason there exist derogations from many of the provisions of the UK GDPR when Personal Data are processed for journalistic purposes with a view to publication. In undertaking journalistic activities we may rely on any or all of these derogations.

  1. Further details – websites

If you are looking for more information on how we process your Personal Data through this websites, please click here.

 

Schedule

 

Data Element Lawful Basis of Processing Note
Forename, surname Contractual performance

Legitimate interest

 

To enable us to identify you
Email address(es) Contractual performance

Legitimate Interest

To enable us to contact you. This may include a personal email address if you have provided it.
Contact address Contractual performance

Legitimate interest

To enable us to contact you by post.
Contact telephone numbers Contractual performance

Legitimate interest

Consent

To enable us to contact you by telephone. This may include a personal telephone number if you have provided it.
Financial information Contractual performance

Legitimate interest

 

Only obtained if you, as an individual, wish to enter into a contractual arrangement with us when the information is used to determine credit worthiness and make/receive payments.
Social media ID Contractual performance

Legitimate interest

 

To enable us to manage our relationship with you in respect of news and PR related activities
Employer name Contractual performance

Legitimate interest

 

To enable us to contact you as a representative of your employer
Job Title Contractual performance

Legitimate interest

 

To enable us to make appropriate contact with you as a representative of your employer
Images, video Contractual performance

Legitimate interest

Consent

For journalistic purposes with a view to publication

For PR purposes by consent or under a contractual obligation

Sensitive personal data Legitimate interest For journalistic purposes with a view to publication when disclosure is in the public interest
Sensitive Personal Data (Market Research Responders) Consent To enable us to identify the correct demographic for a particular survey

 

Cookie derived data Refer to separate Cookie Policy
Retention Periods
Data Subject Retention Period Reason
All Data Subjects unless otherwise specified 6 years from the date of last transaction Limitation period for litigation; statutory requirement to retain records
Market Research Responder
Website User Duration of website use
Journalistic Subject Indefinitely Journalistic articles and journalistic research material may be held indefinitely in order to ensure accuracy and integrity of the materials, and availability of published articles.

Privacy Notice – SWNS.rocks ® Website

This is an addendum to the SWNS Media Group privacy policy.

When you interact with our website we will collect personal information about you through cookies (see our cookie policy), and from information you enter. Some cookies are necessary for the website to function, and you may control optional cookies through the cookie popup.

We will use this information to improve your experience in using our website, to provide analytical data about use of our website. If you have an account or otherwise make a purchase through our website, we will use the information you provide to manage or account, to process payments, and to provide you with goods and services your have requested.

We do not retain credit card / payment details on file unless you are an account holder, and have consented to your payment details being held in our accounting system (which is totally separate from our website).

We may transfer your personal information to other companies in our group who provide use with support functions such as IT and finance, or who we believe may be able to provide services of benefit to you. We will not otherwise sell or transfer your personal information to third parties.

In using our website, you expressly consent to us processing your personal information in this way. If you do not consent to us processing your personal information in this way you must not use our website.

Schedule

 

Data Element Lawful Basis of Processing Note
Forename, surname Contractual performance

Legitimate interest

 

To enable us to identify you
Email address(es) Contractual performance

Legitimate Interest

To enable us to contact you. This may include a personal email address if you have provided it.
Contact address Contractual performance

Legitimate interest

To enable us to contact you by post.
Contact telephone numbers Contractual performance

Legitimate interest

Consent

To enable us to contact you by telephone. This may include a personal telephone number if you have provided it.
Financial information Contractual performance

Legitimate interest

 

Only obtained if you, as an individual, wish to enter into a contractual arrangement with us when the information is used to determine credit worthiness and make/receive payments.
Social media ID Contractual performance

Legitimate interest

 

To enable us to manage our relationship with you in respect of news and PR related activities
Employer name Contractual performance

Legitimate interest

 

To enable us to contact you as a representative of your employer
Job Title Contractual performance

Legitimate interest

 

To enable us to make appropriate contact with you as a representative of your employer
Images, video Contractual performance

Legitimate interest

Consent

For journalistic purposes with a view to publication

For PR purposes by consent or under a contractual obligation

Sensitive personal data Legitimate interest For journalistic purposes with a view to publication when disclosure is in the public interest
Sensitive Personal Data (Market Research Responders) Consent To enable us to identify the correct demographic for a particular survey

 

Cookie derived data Refer to separate Cookie Policy
Retention Periods
Data Subject Retention Period Reason
All Data Subjects unless otherwise specified 6 years from the date of last transaction Limitation period for litigation; statutory requirement to retain records
Market Research Responder
Website User Duration of website use
Journalistic Subject Indefinitely Journalistic articles and journalistic research material may be held indefinitely in order to ensure accuracy and integrity of the materials, and availability of published articles.