Archant Community Media Limited is a privately owned media company serving geographical and specialist interest communities with over 140 brands and associated websites.
We have a large portfolio of UK-based regional newspapers with titles in East Anglia, London, Kent and the South West. Our collection of more than 60 news brands includes the Eastern Daily Press in Norfolk, the East Anglian Daily Times in Suffolk and the Ham & High in London.
We are the largest publisher of regional and local lifestyle magazines and associated digital media in the UK. Our portfolio of 75 magazine titles includes county, specialist interest and wedding magazines as well as client contract magazines. In recent years we have extended our activities into exhibitions, events and digital media.
Archant Community Media Limited is part of the Archant Limited Group (the “Group”). This privacy notice is to let you know how companies within the Group promise to look after your personal information. This includes what you tell us about yourself, what we learn by having you as a customer, and the choices you give us about what marketing you want us to send you. This notice explains how we do this and tells you about your privacy rights and how the law protects you.
We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated in May 2018.
We are only allowed to use your personal data if we have a one or more of the following reasons to do so:
Here is a list of all the ways that we may use your personal information and the reason from the list above which we are relying on. If we are relying on a legitimate interest this is also detailed below:
What we use your personal information for | Our reasons | Our legitimate interests |
• To manage our relationship with you or your business. • To develop new ways to meet our customers’ needs and to grow our business. • To develop and carry out marketing activities. • To study how our customers use products and services from us and other organisations. • To provide advice or guidance about our products and services. |
• Your consent. • Fulfilling contracts. • Our legitimate interests. • Our legal duty. |
• Keeping our records up to date, working out which of our products and services may interest you and telling you about them. • Developing products and services, and what we charge for them. • Defining types of customers for new products or services. • Seeking your consent when we need it to contact you. |
• To develop and manage our brands, products and services. • To test new products. • To manage how we work with other companies that provide services to us and our customers. |
• Fulfilling contracts. • Our legitimate interests. • Our legal duty. |
• Developing products and services, and what we charge for them. • Defining types of customers for new products or services. • Being efficient about how we fulfil our legal and contractual duties. |
• To make and manage customer payments. • To collect and recover money that is owed to us. |
• Fulfilling contracts. • Our legitimate interests. • Our legal duty. |
• Being efficient about how we fulfil our legal and contractual duties. • Complying with regulations that apply to us. |
• Developing products and services, and what we charge for them. • Defining types of customers for new products or services. |
• Fulfilling contracts. • Our legitimate interests. |
• Complying with regulations that apply to us. • Being efficient about how we fulfil our legal and contractual duties. |
• To serve you targeted advertising that we believe are more relevant to your interests. |
• Our legitimate interests. |
• Developing products and services, and what we charge for them. • Defining types of customers for new products or services. |
• To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance, and audit. |
• Our legitimate interests. • Our legal duty. |
• Complying with regulations that apply to us. • Being efficient about how we fulfil our legal and contractual duties. |
• To exercise our rights set out in agreements or contracts. |
• Fulfilling contracts. • Our legitimate interests. |
• Complying with regulations that apply to us. • Being efficient about how we fulfil our legal and contractual duties. |
• To maintain statutory records. |
• Our legal duty • Our legitimate interests. |
• Complying with regulations that apply to us • Being efficient about how we fulfil our legal and contractual duties. |
We use many different kinds of personal information:
Type of personal information |
Description |
Financial |
Your financial position when you open a business account with us via credit reference agencies. |
Contact |
Where you live and how to contact you. |
Transactional |
Details about payments including to and from your accounts with us. |
Contractual |
Details about the products or services we provide to you. |
Locational |
Data we get about where you are, such as may come from your mobile phone, the address where you connect a computer to the internet. |
Behavioural |
Details about how you use our products and services. |
Technical |
Details on the devices and technology you use. |
Communications |
What we learn about you from letters, emails and conversations between us. |
Usage Data |
Other data about how you use our products and services. |
Consents |
Any permissions, consents or preferences that you give us. This includes things like how you want us to contact you. |
We may collect personal information about you (or your business) from other companies within the Archant Group. We may also receive data from third parties where you have consented for your details to be given to third parties.
We may share your personal information with companies within the Archant Group and these organisations:
We may need to share your personal information with other organisations to provide you with the product or service you have chosen.
We may also share your personal information if the make-up of Archant Group changes in the future:
For business customers we carry out credit and identity checks when you apply for an account. We may use Credit Reference Agencies (CRA's) to help us with this.
We will share your personal information with CRA's and they will give us information about you. The data we exchange can include:
We'll use this data to:
We will only send your data outside of the European Economic Area ('EEA') to:
If we do transfer information to our agents or advisers outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We'll use one of these safeguards:
We may need to collect personal information by law, or under the terms of a contract we have with you.
If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services. It could mean that we cancel a product or service you have with us.
We may use your personal information to tell you about relevant products and offers. This is what we mean when we talk about 'marketing'.
The personal information we have for you is made up of what you tell us and data we collect when you use our services, or from third parties we work with where you have consented to data being passed to us
We can only use your personal information to send you marketing messages if we have either your consent or a 'legitimate interest'. That is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you.
You can ask us to stop sending you marketing messages by contacting us at any or using the unsubscribe button on the marketing material
If you choose to stop receiving marketing material you may still receive certain things such as invoices from us which we need to send you for contractual or other legal purposes.
We will keep your personal information for as long as you are a customer of Archant Group or you continue to use our services.
After you stop being a customer/user, we may keep your data for up to 6 years to enable us to respond to any questions or complaints and to show that we treated you fairly.
We may keep your data for longer than 6 years if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.
You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the 'right to object' and 'right to erasure', or the 'right to be forgotten'.
There may be legal or other official reasons why we need to keep or use your data. But please tell us if you think that we should not be using it.
You can also ask us to restrict the use of your personal information if:
If you want to object to how we use your data, or ask us to delete it or restrict how we use it or, please contact us.
If you withdraw your consent, we may not be able to provide certain products or services to you. If this is so, we will tell you.
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information please see the subject access request procedure below.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate using the contact details above.
To find out more about how we use cookies please see our cookie policy.
Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies
Please let us know if you are unhappy with how we have used your personal information. You can contact us at DPO@archant.co.uk or Data Protection Officer, Prospect House, Rouen Road, Norwich, Norfolk NR1 1RE.
You also have the right to complain to the Information Commissioner's Office. Find out on their website how to report a concern.
If you wish to contact us with regard to your data, our Data Protection Officer is Tara Cross and can be contacted by:
Email:
DPO@archant.co.uk
Post:
Data Protection Officer
Prospect House
Rouen Road
Norwich
NR1 1RE
Telephone:
01603 628311
This procedure document supplements the subject access request (SAR) provisions set out Archants’ (hereinafter referred to as the “Company”) Data Protection Policy & Procedures and provides the process for individuals to use when making an access request, along with the protocols followed by the Company when such a request is received.
The Company needs to collect personal information to effectively and compliantly carry out our everyday business functions and services and in some circumstances, to comply with the requirements of the law and/or regulations.
As the Company processes personal information regarding individuals (data subjects), we are obligated under the General Data Protection Regulation (GDPR) and Data Protection Bill to protect such information, and to obtain, use, process, store and destroy it, only in compliance with the GDPR and its principles.
The General Data Protection Regulation (GDPR) gives individuals the right to know what information is held about them, to access this information and to exercise other rights, including the rectification of inaccurate data.
Information protected under the GDPR is known as “personal data” and is defined as: - “Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Further information on what constitutes personal information and your rights under the data protection regulation and laws can be found on the Information Commissioners Office (ICO).
Under GDPR, an individual has the right to obtain from the controller, confirmation as to whether personal data concerning them is being processed. We are committed to upholding the rights of individuals and have dedicated processes in place for providing access to personal information. Where requested, we will provide the following information: -
A subject access request (SAR) is a request for access to the personal information that the Company holds about you, which we are required to provide under the GDPR.
You can make this request in writing using the form at appendix one, or you can submit your access request electronically. Where a request is received by electronic means, we will provide the requested information in electronic form (unless otherwise request by you).
Identity Verification
Subject Access Requests (SAR) are passed to the Data Protection Officer as soon as received and a record of the request is made, who will use reasonable measures to verify the identity of the individual making the access request, especially where the request is made electronically.
Where we are unable to verify your details, we may contact you for further information, or ask you to provide evidence of your identity prior to actioning any request. This is to protect your information and rights.
If a third party, relative or representative is requesting the information on your behalf, we will verify their authority to act for you and again, may contact you to confirm their identity and gain your authorisation prior to actioning the any request.
Information Gathering
If you have provided enough information in your SAR to collate the personal information held about you, we will gather all documents relating to you and ensure that the information required is provided in an acceptable format. If we do not have enough information to locate your records, we may contact you for further details. This will be done as soon as possible and within the timeframes set out below.
Information Provision
Once we have collated all the personal information held about you, we will send this to you in writing (or in a electronic form if requested). The information will be in a concise, transparent, intelligible and easily accessible format, using clear and plain language.
Whilst we provide the information requested without a fee, further copies requested by the individual may incur a charge to cover our administrative costs.
The Company always aim to provide the requested information at the earliest convenience, but at a maximum, 30 days from the date the request is received. However, where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months. If this is the case, we will write to you within 30 days and keep you informed of the delay and provide the reasons.
Under the GDPR, you have the right to request rectification of any inaccurate data held by us. Where we are notified of inaccurate data, and agree that the data is incorrect, we will amend the details immediately as directed by you and make a note on the system (or record) of the change and reason(s).
We will rectify any errors within 30-days and inform you in writing of the correction and where applicable, provide the details of any third-party to whom the data has been disclosed.
If for any reason, we are unable to act in response to a request for rectification and/or data completion, we will always provide a written explanation to you and inform you of your right to complain to the Information Commissioner and to seek a judicial remedy.
In certain circumstances, you may also have the right to request from the Company, the erasure of personal data or to restrict the processing of personal data where it concerns your personal information; as well as the right to object to such processing. You can use the form at appendix one make such requests.
The GDPR contains certain exemptions from the provision of personal information. If one or more of these exemptions applies to your subject access request or where the Company does not act upon the request, we shall inform you at the earliest convenience, or at the latest, within 30 days of receipt of the request.
Where possible, we will provide you with the reasons for not acting.
To submit your SAR, you can contact us at DPO@archant.co.uk or you can submit your request in writing using the form in Appendix 1, sending the request to: -
Data Protection Officer
Archant
Prospect House
Rouen Road
Norwich
NR1 1RE
01603 628311
If you are unsatisfied with our actions or wish to make an internal complaint please use the details above.
If you remain dissatisfied with our actions, you have the right to lodge a complaint with The Information Commissioner’s Office (ICO) who can be contacted at: -
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
Fax: 01625 524 510
Email: enquiries@ico.org.uk
Under the General Data Protection Regulation, you are entitled as a data subject to obtain from the Company, confirmation as to whether we are processing personal data concerning you, as well as to request details about the purposes, categories and disclosure of such data. You can use this form to request information about, and access to any personal data we hold about you. Details on where to return the completed form can be found at the end of the document. |
||||||||
1. Personal Details: |
||||||||
Data Subject’s Name: |
DOB: ______/______ /________ |
|||||||
Home Telephone No: |
Email: |
|||||||
Data Subject’s Address: |
||||||||
Any other information that may help us to locate your personal data: |
||||||||
2. Specific Details of the Information Requested: |
||||||||
3. Representatives (only complete if you are acting as the representative for a data subject) [Please Note: We may still need to contact the data subject where proof of authorisation or identity are required] |
||||||||
Representative’s Name: |
Relationship to Data Subject: |
|||||||
Telephone No: |
Email: |
|||||||
Representative’s Address: |
||||||||
I confirm that I am the authorised representative of the named data subject: |
||||||||
Representative’s Name: ______________________ |
Signature: ____________________ |
|||||||
4. Confirmation |
||||||||
Data Subject’s Name: ________________________ [print name] |
||||||||
Signature: ____________________ |
Date:______/______ /________ |
|||||||
5. Completed Forms |
||||||||
For postal requests, please return this form to: Tara Cross Data Protection Officer Archant Prospect House Rouen Road Norwich NR1 1RE For email requests, please return this form to: Tara Cross at DPO@archant.co.uk. |
© Archant Ltd 2013