Privacy Policy

Bristol 24/7 CIC

PRIVACY POLICY

This policy explains how we will collect and handle your personal data, including personal data from your use of this website, in line with our obligations under data protection law, in particular, the General Data Protection Regulation (GDPR).

We may make changes to this policy to reflect changes in our data processing practices. You are advised to review this policy regularly. However where we make any changes to this policy that affect your rights or interests, we will take steps to draw this to your attention.

Who are we?

Bristol 24/7 CIC is a limited company registered in England and Wales, registration number 08904329 and is registered as a controller in relation to personal data with the Information Commissioner’s Office (ICO). Our registered office is at 7 Queen Square, Bristol, BS1 4JE and our main office is located at Unit 2.4 Paintworks, Arnos Vale, Bristol, BS4 3EH.

What personal data will we collect?

We will only collect personal data from you that are relevant to the purposes we intend to use it for. In particular, we you may provide us with the following personal data from which is defined as ‘personal data’:

  • Identity and contact details (such as your name, email address, telephone number and postal address)
  • Financial details (such as your bank account and payment card details if you sign up for Bristol 24/7 membership, though our payment system will not enable us to view these details as they are encrypted)
  • Communications (such as the content of any messages you exchange with us by email and any posts or message directed to us on social media)
  • Technical data (such as the IP address assigned to the device used to access this website, the type of device, operating software, browser version and plug-ins, screen resolution and time-zone setting)
  • Usage data (such as how you browsed and searched our website including how you arrived at our website, the time and frequency of your visits, the time spent by you on each page, how you interacted with the website, the links that you click, documents you download and content that you view)

When you register for Bristol24/7 membership, we assign you a unique ID number that we use to recognise you when you are signed in to our services. This will recognise you if you sign in using the same account on a new device.

We may also collect and use data that is derived from your personal data but which does not directly or indirectly reveal your identity. This data may be combined with data collected about other visitors to our website to calculate the percentage of visitors that view a particular page or the most popular time of day when our website is viewed, for example. This is not considered personal data unless we combine it with other data that can be used to directly or indirectly identify you.

How do we use your personal data?

We use your personal data for many reasons, from understanding how our users engage with our journalism to informing our marketing and advertising. Ultimately, this allows us to publish the journalism that you read on our platforms.

These are the main purposes why we collect and use data about our users:

  • To show you journalism that is relevant to you and to improve your experience on our site
  • To provide the services you sign up for, such as membership
  • To carry out marketing analysis and send you communications when we have your permission, or when permitted by law
  • To enable us to show relevant advertising on our website.

In relation to each of these purposes we must be able to rely on one or more legal grounds for processing your personal data. The grounds that we rely upon for each purpose are as follows:

Purpose Type(s) of personal data Legal ground
To register you as a member and manage payments Identity and contact details, financial and transactional details Entering into and performing our contract with you
Managing our relationship with you, including notifying you about changes to our terms or privacy policy Identity and contact details, communications, usage data Performing our contract with you; complying with our legal obligations; necessary for our legitimate interests (keeping our records updated and understanding how members use our website)
Enabling you to use the interactive features of our website Identity and contact details, communications Performing our contract with you; necessary for our legitimate interests (promoting engagement with the content on our website)
Asking you to provide reviews or take surveys Identity and contact details, communications Necessary for our legitimate interests (understanding how members use our website)
Enabling you to take part in prize draws, competitions or surveys Identity and contact details, communications, usage data Performing our contract with you; necessary for our legitimate interests (understanding how you use our website to improve it and grow our business)
Protecting our website Identity and contact details, technical data Necessary for our legitimate interests (to ensure the security of our network, website and data and prevent fraud); complying with our legal obligations
Delivering relevant content and advertisements and understanding the effectiveness of the advertising we serve to you Identity and contact, usage data Necessary for our legitimate interests (to understand how you use our website to improve it, inform our strategy and grow our business )
Using analytics data to improve our website, products/services, marketing, member relationships and experiences Technical data, usage data Necessary for our legitimate interests (to optimise and improve our website and its content, inform our strategy and grow our business)
Suggesting and recommending products/services that may be of interest to you Identity and contact data, technical data, usage data Necessary for our legitimate interests (to develop our products/services and grow our business)

Commenting

Posting comments on our sites

When you post information on a discussion board or comment publicly on an article on one of our sites, the information you post and your username are publicly accessible. This information can be viewed online and collected by other people. We are not responsible for the way these other people use this information. When contributing to a discussion, we strongly recommend you avoid sharing any personal details, and especially information that can be used to identify you directly such as your name, age, address and name of employer. We are not responsible for the privacy of any identifiable information that you post in our online community or other public pages of the site.

Who will we share your personal data with?

While we may use personal data to improve the effectiveness of paid-for advertising on our website as described above, we do not sell any personal data for commercial purposes

Under our Code of Conduct there are very strict rules about who we can share your personal data with and this will normally be limited to other people who will assist with your matter.

We may share you personal data with:

  • service providers including our hosting provider, payment services provider, email marketing platform, online survey provider and analytics providers
  • any agencies or freelancers that help us to develop and maintain our website
  • HM Revenue & Customs, regulators and other authorities
  • any third parties to whom we may choose to sell, transfer or merge parts of our business or assets or third parties we may seek to acquire or merge with (if any change happens to our business, the new owners may use your personal data in the same way as set out in this policy)
  • if you do not make any payments in respect of your membership, debt collection agencies and other third parties as necessary to recover such payments.

How long will we keep your information for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. Further information about our retention periods can be provided on request.

Where will your personal data be transferred?

Where your personal data are used by us for our internal business purposes, the data will generally be stored in the United Kingdom. However many of our service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is applied to it by ensuring that any third party is based in a country that is recognised by the European Commission as providing such protection; entering into specific contracts approved by the European Commission to ensure that such protection is applied; or, in the case of third parties based in the USA, checking whether they are part of the EU-US Privacy Shield Framework.

How do we keep your personal data secure?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so What rights do you have?

Under certain circumstances, you have the following rights under the GDPR:

  • Right to be informed
  • Right of access
  • Right of rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Rights concerning automated decision making and profiling

To find out more information about your rights and how to exercise them, you should visit the ICO’s ‘Your data matters’ website.

Who can you complain to?

If you are unhappy about how we are using your information or how we have responded to your request the initially you should contact us by email at [email protected]. If your complaint remains unresolved then you can make a complaint to the ICO.