Introduction and purpose

Newsdirect (UK) Ltd and Newsdirect (Wales) Ltd (‘we’, ‘our’, ‘us’, ‘the companies’) are committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect and use information about you. By using your information, we hope we can provide the news, content, products and services you’re interested in. The use of your information helps us understand what your needs and interests are, provide you with relevant content, and let you know about our events and services.

Who we are

Newsdirect (UK) Ltd and Newsdirect (Wales) Ltd make up a political information bureau based in Edinburgh and Cardiff known as Newsdirect

Newsdirect UK’s registered company address is 11/2 Tweeddale Court, 14 High Street, EDINBURGH EH1 1TE. Its company registration number is SC244267. Its VAT number is 809154039

Newsdirect Wales’ registered company address is Suite 2, 33-35 West Bute Street, CARDIFF, CF10 5LE. Its company registration number is 07781074. Its VAT number is 172675192.

Newsdirect UK’s ICO registration number is ZA242195.

Because we collect personal information from people and then decide how to use that information, for the purposes of the General Data Protection Regulation (GDPR), effective from 25 May 2018, we are what is called a ‘Data Controller’.

This means that we are responsible for deciding how we hold and use personal information. We are required under data protection laws to notify you of the information contained in this policy.

For the purposes of this policy:

‘Clients’ includes natural persons who have engaged us to provide advice to them in their personal capacity or on behalf of a company, partnership, charity, trust, estate, agency, department, corporate body of any description or any other group or organisation; and

‘Subscribers’ includes natural persons that have signed up to our marketing communications, briefings or blogs, have attended or registered to attend one of our events, or follow us on social media.

This policy applies to the personal information of past and present clients and subscribers. Please note that you may fall in to more than one of these categories so we may hold your personal information in a number of capacities.

If you are a past or present employee or subcontractor to the company, we will hold further personal information about you. For further details please contact admin@newsdirect-uk.com or speak to your line manager.

This policy does not form part of any contract that you may have with the company. It is provided for information purposes only.

For information about the cookies that we use on our website and in our communications, please see our cookie policy.

Data Protection Contact

We have a nominated Data Protection Officer to oversee compliance with this policy. If you have any questions about this policy or how we handle personal information, please contact our Data Protection Officer in writing using the details below.

Email address: admin@newsdirect-uk.com

Postal address:

Data Protection Officer
Newsdirect (UK) Ltd
11/2 Tweeddale Court
14 High Street
EDINBURGH EH1 1TE

Changes to this policy

We reserve the right to update this policy at any time and we will provide you with a new policy when we make substantial updates.

1. The Data Protection Principles

We will comply with data protection law. The law says that the personal information that we hold must be:

Used in a lawful, fair and transparent way.

Collected only for valid purposes that we have clearly explained and not used in any way that is incompatible with those purposes.

Relevant to the purposes for which it was collected and limited only to those purposes.

Accurate and kept up to date.

Kept only as long as necessary for the purposes for which it was collected.

Kept securely.

The kind of information that we hold

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (such as anonymous data).

There are some ‘special categories’ of more sensitive personal data which require a higher level of protection.

We collect, store and use some or all of the following categories of personal information about clients:

(i) Client contract/financial information: name, title, job title, company, address, telephone number, email address, bank account details.

(ii) Relationship information: name, title, job title, company, address, telephone number, email address, client relationship details (length of relationship, company contacts engaged with, meetings, calls and other engagement with the company), services details, career history, other biographical information, and dietary preferences.

(iii) Marketing information: name, title, job title, address, telephone number, email address, company, engagement details (click-throughs, open rates, bounce rates, return to sender notifications), event attendance history, dietary preferences, professional career history, payment details and marketing preferences.

(iv) Social media information: username, company details and engagement details (likes, retweets, shares, reactions, comments).

4. How we collect personal information

We collect personal information in category (i), (ii) and (iii) directly from clients as part of our initial sign-up process and through phone calls, email correspondence, meetings and other contractual dialogue. We collect personal information in category (iv) either from clients directly or from social media platforms when clients engage with our social media accounts on Facebook, Twitter, Medium and Linkedin.

5. How we use personal information

We will only use personal information when the law allows us to. The law says that we must identify a lawful basis for each use of personal data. We rely on a number of lawful bases, including:

1. Where we have obtained freely given, specific, informed and unambiguous consent from you to use your personal information in certain ways.

2. Where we need to perform a contract that we have entered into.

3. Where we need to comply with a legal obligation.

4. Where it is necessary for us to use personal information to pursue our legitimate interests (or those of a third party) and we believe that using personal information in that way is not overridden by the interests or fundamental rights of the person to whom the information relates.

Below, we have set out the purposes for which we use each category of personal data and the lawful bases which are relevant to those purposes.

We use your client file information for communicating with you in the course of our engagement, as necessary, to perform our duties under a contract with you, or with a view to entering into a contract with you, to provide you with services. This includes taking your instructions, providing a contracted service and invoicing our fees and disbursements.

We use your marketing information for marketing purposes, this includes contacting you with relevant briefings, blogs, information about our services and events, and measuring engagement with our communications to ensure that the content that we create is relevant and useful. Our lawful basis for this is your consent. You have the right to withdraw this consent or amend your marketing preferences at any time by contacting admin@newsdirect-uk.com.

We hold your social media information in the course of operating our social media accounts on Twitter, Facebook, Medium and LinkedIn. Our lawful basis for this is that it is necessary in order to pursue our legitimate interest in maintaining a visible, engaging and relevant social media presence.

6. Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the lawful basis which allows us to do so.

7. Data sharing

We may occasionally share your data with third parties, including third-party service providers, partner firms, or clients. We require all third parties to respect the security of your data and to treat it in accordance with the law.

Third-party service providers require access to your personal data in the course of providing their services to us. We engage third parties to provide the following services: IT support, customer relationship management systems, design services, event hosting services, email marketing management systems, market research services and media monitoring.

All third parties are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow third parties to use your personal data for their own purposes. We only permit them to access your personal data for specific purposes and in accordance with our instructions.

We may share your personal information with other third parties, for example with a potential purchaser in the context of a potential sale or restructuring of the business. We may also need to share your personal information with a regulator to comply with the law.

We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.

Some of our third party service providers are based in the United States of America and host their services on servers based there. This means that your data may be transferred to the US as part of a technical process or for storage. The European Commission has issued an adequacy decision in relation to transfers to the US made under the EU-US Privacy Shield framework. You can find more information about the Privacy Shield here.

Transfers will always be subject to adequate safeguards.

These safeguards may take the form of an adequacy decision. Adequacy decisions are made by the European Commission in respect of certain countries. An adequacy decision means that the countries to which we transfer your data are deemed to provide an adequate level of protection for your personal information.

To ensure that your personal information does receive an adequate level of protection in the absence of an adequacy decision, we will put in place binding corporate rules or standard contractual clauses approved by the European Commission or the ICO to ensure that your personal information is treated by those third parties in a way that is consistent with and respects the EU and UK laws on data protection. If you require further information about these protective measures, please contact our Data Protection Officer by emailing admin@newsdirect-uk.com

8. Data security

We have put in place appropriate security measures to protect your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those people who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

9. Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal accounting, or reporting requirements.

We retain client information (i) and relationship information (ii) for the period of our relationship with you and for five years afterwards.

We retain marketing information (iii) for the period of our relationship with you and for five years afterwards.

We retain social media information (iv) for the period during which we are connected on any given social media platform only.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Where you have chosen to unsubscribe from our marketing communications, we will retain your contact details to ensure that you are not sent any further communications. This information will be held indefinitely.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

10. Changes to your data

It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes during your working relationship with us. If your personal information changes, please let us know by emailing admin@newsdirect-uk.com

11. Your rights

Under certain circumstances, by law you have the right to:

Request access to your personal information. This is commonly known as a subject access request. This enables you to receive a copy of the personal information we hold about you and to check that we are processing it lawfully.

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal information to another party.

Request the reconsideration of an automated decision. This enables you to ask us to reconsider a decision that was made solely by automated means or to ask for human intervention.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, request that we transfer a copy of your personal information to another party or request the reconsideration of an automated decision, please contact our Data Protection Officer by emailing admin@newsdirect-uk.com

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

12. Withdrawal of consent

Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer on admin@newsdirect-uk.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to.

13. Complaints

If you have any concerns over how we use your data, please contact our Data Protection Officer in the first instance on admin@newsdirect-uk.com.

If you are not satisfied that we have addressed your concerns adequately, you have the right to lodge a complaint with the ICO. Their contact details are below:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Web: www.ico.org.uk