Guardian’s Privacy Policy: Your Privacy Matters
Privacy Policy for Guardian News & Media Limited
Introduction
This is the privacy policy for Guardian News & Media Limited (collectively referred to as “Guardian”, “we”, “us” or “our” in this policy), our sites such as theguardian.com and our associated apps (“our sites”). Some of our other sites and services have their own policies, which will be relevant to you when you are using those sites and services.
Our values guide everything that we do – including our editorial approach and how we use personal data. We are strongly committed to keeping your personal data safe. This commitment exists throughout the lifecycle of your personal data, from the design of any Guardian service which uses personal data to the deletion of that data.
To complement our global approach to privacy protection, this policy also incorporates specific information privacy rights granted to individuals under Californian and Australian privacy law. This reflects our relationship with our readers in these locations where we provide localised editions of our editorial content.
We think carefully about our use of personal data, and below you can find the details of what we do to protect your privacy. This policy covers, among other topics:
Information about your rights, the choices available to you, and our obligations in the UK, European Union, in California, in Australia, and elsewhere.
Transparency about how we collect and use your personal data, including when and how it is shared.
Information on how we protect your personal data.
Information on how we will facilitate your rights and respond to your questions.
Find out more about how we manage your personal data below:
About this privacy policy
This privacy policy explains how we collect, use, share, transfer and sell (for California residents only) your personal data when you use the services provided on our sites or interact with us. This privacy policy also explains your data privacy rights.
Personal data is any information about you by which you can be identified or be identifiable. This can include information such as:
Your name, date of birth, gender, email address, postal address, phone number, mobile number or financial details, such as payment cards you use to purchase products or subscriptions or to support our journalism.
Information about your device (such as the IP address, which is a numerical code to identify your device that can provide information about the country, region or city where you are based).
Information relating to how you use and interact with our sites and services.
When we refer to “personal data” in this policy, we are also referencing “personal information,” as it is defined under California law, and as it is defined under Australian law.
Some of our other sites provide additional privacy information. You can read that information using these links:
Sometimes our sites may contain links to sites and services that are not part of the Guardian family of offerings. These sites and services have their own privacy policies. If you follow a link to these non-Guardian sites and apps, you should read the privacy policy shown on their site.
Who we are
Guardian News & Media Limited, Kings Place, 90 York Way, London N1 9GU is the data controller in respect of your personal data that you share with us. This means that we are responsible for deciding how and why we hold and use your personal data. If you want to contact us directly, you can find our contact details in the “Contact us for information about how we use your personal data” section below.
The types of personal data we collect about you
We collect your personal data when you visit our sites, subscribe for products or services, contribute to the Guardian or when you interact with us. We will only collect your personal data in line with applicable laws. We collect your personal data in the following ways:
Directly from you, e.g. when you sign up for our services, purchase products or services, including by signing up for newsletters or selecting specific topics you are interested in, including through My Guardian, and when you browse or use our sites.
Personal data we generate about you, e.g. personal data we use to authenticate you, or personal data we generate about you from your IP address or your preferences.
Personal data we collect from third parties, e.g. personal data that helps us to combat fraud or which we collect, with your permission, when you interact with your social media accounts and/or payment service providers (e.g. Paypal).
More details about the types of personal data we collect are provided below.
The personal data we collect when you register for a Guardian account
When you register for a Guardian account on theguardian.com, we collect:
Your name.
Your email address.
Other details such as your contact number and residential or billing address when you sign up to support us or a subscription.
Your user name, if you comment on our sites.
Your photograph, if you add one to your profile page.
Some limited data from your social media profile (further information on this is below), if you have signed in to theguardian.com using your social media details.
You can change or remove these details using the profile and settings area of your Guardian account.
Personal data we generate about you
When you register for a Guardian account or sign up for a newsletter, we assign you a unique ID number. We use this to manage your preferences, for example, the newsletters you have subscribed to. When you register for an account we use your unique ID to recognise you when you are signed in to our services. This will recognise you if you sign in using the same account on a new device or through a different application such as the Guardian app on mobile devices.
When you use our sites we may also use cookies or similar technologies to collect extra data, including:
Your IP address – a numerical code to identify your device, together with the country, region or city where you are based.
Your geolocation data – your IP address can be used to find information about the latitude, longitude, altitude of your device, its direction of travel, your GPS data and data about connection with local Wi-Fi equipment.
Information on how you interact with our services.
Your browsing history of the content you have visited on our sites, including how you were referred to our sites via other websites.
Details of your computer, mobile, TV, tablet or other devices, for example, the unique device ID, unique vendor or advertising ID and browsers used to access our content.
We will not collect special categories of data from you – such as personal data concerning your race, political opinions, religion, health or sexual orientation – unless you have chosen to provide that type of personal data to us.
When you use our apps
The Guardian apps use personal data based on the content you have viewed. Information on bugs and crashes is also sent to us when you use our apps. A list of the articles that you have recently viewed is also cached in the local storage on your device. You can delete this reading history in the settings of the app. You can choose to receive notifications on your device via the app, and manage these notifications in the settings of the app.
Using your social media details to sign into your Guardian account
When you sign in to our sites using your social media ID, we will use this personal data to form a profile for your Guardian account. If you remove the Guardian app from your Google settings or your Apple ID, we will no longer have access to this data. However, we will still have the personal data that we received when you first set up your Guardian account using your Google login, Apple ID, or any other social media sign in.
Apple
If you register or sign in with your Apple ID, you give Apple permission to share your personal data with us. This only includes your first and last name, and your email address. You can also choose to hide your email and Apple will create a random email address so your personal email can stay private. This email address will be linked to your Guardian profile and will be used to retrieve your subscribed content.
When you sign in to our sites using your Google login details, you give Google permission to share the personal data that you have made public in your Google profile. This only includes your first and last name, your email address and whether your email address has been validated, a link to your Google profile and, if you have one, your profile picture. This email address will be linked to your Guardian profile and will be used to retrieve your subscribed content.
Personal data when you post comments about the Guardian on other social media sites
If you have mentioned the Guardian in posts on social media sites, then we may collect your social media handles. For example, when you mention the Guardian in a post, we may collect your X handle.
When you post publicly (comments) on our sites
When you post on a discussion board or comment publicly on an article on one of our sites, the personal data you post, including your username and other information about yourself, are publicly accessible. This personal data can be viewed online and collected by other people. We are not responsible for the way these other people use this personal data. When contributing to a discussion, we strongly recommend you avoid sharing any personal details, including information that can be used to identify you directly such as your name, age, address and name of employer. We are not responsible for the privacy of any identifiable information that you choose to post in our online community or other public pages of the site.
How we collect personal data
We collect personal data when you:
Become a supporter or register for an account on our sites.
Make contributions to fund and support the Guardian.
Pay for a subscription or purchase any other products/services for yourself or others.
Manage your account settings (e.g. notification, preferences).
Attend our events (in person and/or virtually).
Enter our competitions, prize draws, bids and surveys.
Take part in our call-outs.
Sign up for our editorial emails.
Post or comment in our online community.
Sign up for marketing communications.
Use mobile devices to access our content.
Access and interact with any of our sites.
Contact us via email, social media, our apps or similar technologies or when you mention us on social media.
Test our products, participate in focus groups or provide us with feedback.
We also collect personal data through cookies and other similar technologies. Please refer to our cookie policy for more details on how we use cookies.
How we use your personal data
We use personal data collected through our sites only when we have a valid reason and the legal grounds to do so. We determine the legal grounds based on the purposes for which we have collected your personal data.
Legal grounds for using your personal data
The legal ground may be one of the following:
Consent: Often we will use your personal data because we have asked for your consent, which you can withdraw at any time. Please refer to the table below for examples of where we ask for your consent.
Performance of a contract with you (or in order to take steps prior to entering into a contract with you): We will use your personal data if we need to in order to perform a contract with you. For example, where you have purchased a subscription from us, we will need to use your contact details and payment data in order to process your order and deliver your subscription or we may contact you directly via social media or email if you enter competitions, prize draws, bids or respond to call-outs.
Compliance with law: In some cases, we may have a legal obligation to use or keep your personal data, for example to disclose salary details to HMRC.
Our legitimate interests: We may process your personal data where it is necessary for our legitimate interests in a way that might be expected as part of running the Guardian and in a way which does not materially impact your rights and freedoms. For example, it is in our legitimate interests for us to understand our readers, promote our services and ways to support us, and operate our sites and apps efficiently for the creation, publication and distribution of news, media and related journalistic content both online and in print form, globally. Please refer to the table below for examples of when we rely on our legitimate interests to use your personal data.
In addition to the above, we also rely on the legitimate interests below to use your personal data:
For internal administrative purposes related to our services – such as our accounting and records.
To inform you of any changes to our services, such as updates to our terms and conditions.
To enable you to share our content with others using social media or email.
When we respond to your queries and to resolve complaints.
When we moderate comments under our community standards and participation guidelines.
To troubleshoot technical issues on our sites and their functionalities.
When we de-identify or anonymise personal data.
For security and fraud prevention, and to ensure that our sites are safe and secure and used in line with our terms of use.
To contact you directly via social media or email if you send us emails or engage with the Guardian on social media or contact us.
Where we rely on cookies to collect any personal data please see our cookie policy for more information and how to manage your cookie choices through our “Privacy Settings” link on our sites in the footer of every page.
Where personal data has been de-identified or anonymised, it will not be used in order to re-identify individuals.
The Guardian is a media organisation and publisher. Data protection law includes certain exemptions when personal data is processed for the purposes of journalism. Those exemptions apply to some of the ways the Guardian uses personal data. This privacy policy does not cover personal data that the Guardian processes for the purposes of journalism.
Access permissions when you are using the Guardian app
When you use the Guardian app, we will ask for permissions to access particular functions of your mobile device. When we ask for permissions will depend on the operating system of your mobile device, but can include:
When you decide to store content including photographs on your mobile device to read or use when offline. We will need your permission to save content to your mobile device.
Asking permission to access your contact details/profile on your mobile device, so that we can add or find your Guardian account on your phone.
If you decide to submit content, such as photographs, to the Guardian. We will ask permission to access your camera or photographs.
Updating your personal data and your profile page on our sites
When you register for an account with theguardian.com, you have access to a profile page. Under “edit profile” you can review and update what personal data is public when you comment on our articles, or if people look up your profile. For more information on how to manage your account please see https://manage.theguardian.com/help-centre.
You may also update your marketing preferences in the “Emails and marketing” and/or “Data privacy” tabs in your account.
Personal data that we receive about you from other organisations
Adding to or combining the personal data you provide to us
When you sign up to our services we may add to the personal data you give us by combining it with other personal data shared with us by other trusted organisations. This includes, for example, the region that you are located in, so that we can show you the prices for subscriptions or other products in your local currency. We may also add personal data to improve the accuracy of your delivery address when we send out mail. We may also obtain your personal data from partners whose offers we include in some of our marketing communications and we use this personal data to ensure that we do not send you irrelevant marketing and to ensure the accuracy of the information we hold.
We also use personal data based on the content you have viewed on our sites and your interaction with the content to add you to groups with similar interests and preferences, so that we can make our online advertising more relevant. Sometimes we use data about your interests or demographics that some of our global third parties have collected from you online to add you to these groups, such as Comscore and Nielsen. Please refer to our cookie policy for more information on how we use cookies.
Personal data shared by event partners
When you register or book a ticket for a Guardian event organised by an event partner, your registration data may be shared with us by the event partner.
Children’s personal data
We do not aim any of our products or services directly at children under the age of 13 and we do not knowingly collect personal data about children under 13 in providing our services. Some of our services may have a higher age restriction and this will be shown at the point of registration.
We also note and comply with the California law which prohibits sale of personal data of consumers between 13-16 years of age unless their guardian has authorised the sale.
Security of your personal data
We have implemented appropriate technical and organisational controls to protect your personal data against unauthorised processing and against accidental loss, damage or destruction. You are responsible for choosing a secure password when we ask you to set up a password to access parts of our sites or apps. You should keep this password confidential and you should choose a password that you do not use on any other site. You should not share your password with anyone else, including anyone who works for us. Unfortunately, sending any information, including personal data, via the internet is not completely secure. We cannot guarantee the security of any personal data sent to our site while still in transit and so you provide it at your own risk.
When we share your personal data
Within the Guardian group of companies
Depending on where you live, we may share your personal data within the Guardian group of companies in the UK, US, or Australia. We may share it in order to perform a contract with you, for administrative purposes, or when we have a legitimate interest in doing so. For example:
If you book an event held in Australia, at first we may hold your data on our systems in the UK and then we may share it with the Guardian in Australia for administration purposes.
Sometimes we may receive a letter, email or another form of communication from you that we consider to be significant to the history of the Guardian. We may decide to share this with the Guardian Archive run by the Guardian Foundation for historic and archiving purposes.
We may share your data to understand how you interact across our group products or to tailor and offer relevant advertising to you.
With external organisations
We share your personal data with other organisations that are not directly linked to us under the following circumstances:
Service providers – We may share your data with other organisations that provide services on our behalf. We may do this to perform a contract we have entered into with you, where it is in our legitimate interests or with your consent. Examples of when we may share your data with service providers include sharing with:
Companies that help deliver newspapers and subscription vouchers, such as i-Movo.
Online payments processors who process credit and debit card transactions on our behalf.
Fraud management providers that help us to identify and prevent online fraud.
Internet and cloud hosting services providers, such as Amazon Web Services (AWS).
Life-cycle engagement platforms such as Braze, to help us build and manage our campaigns and send our email communications, including newsletters.
Software service providers such as Salesforce that assist us with our customer relationship management.
Communications services providers, such as our podcast service provider called Acast.
Error tracking software providers, such as Sentry and Google Firebase, to help us diagnose and fix errors and optimise the performance of our website and apps.
Service providers that help carry out analytics, facilitate audience creation and segmentation and to measure our audience engagement. For example, Permutive provides us with data management platform services.
Service providers that help provide insights and analytics that help us to improve our products and services. For example, we use Google Analytics to understand how visitors engage with our sites.
Google ReCaptcha, which we use to protect our sites from fraudulent users.
Data management companies, such as Formstack, that help us collect data via online forms and surveys.
Service providers that help provide online identity-as-a-service and access management services such as Okta.
Service providers that allow us to deliver personalised advertising to your device, such as Criteo.
Service providers that allow us to compare your personal data with information held by advertising partners and identify if you are known to both us and our advertising partner,
The Guardian News & Media Limited has recently updated its privacy policy to ensure the protection of personal data. This policy covers various aspects, including the collection, use, and sharing of personal data. The Guardian is committed to keeping personal data safe and secure throughout its lifecycle.
Some key points from the updated privacy policy include:
– Information about your rights, choices, and obligations in different regions, including the UK, European Union, California, and Australia.
– Transparency in how personal data is collected, used, and shared.
– Details on how personal data is protected and how rights are facilitated.
– The types of personal data collected, such as name, email address, and browsing history.
– How personal data is collected, including directly from users, generated data, and data from third parties.
– The use of personal data for various purposes, such as marketing, analytics, and service communications.
– The rights of individuals regarding their personal data, including access, correction, deletion, and objection.
– The handling of personal data for California and Australian residents, in accordance with specific privacy laws.
The Guardian encourages users to review the updated privacy policy to understand how their personal data is managed and protected. The policy reflects the Guardian’s commitment to privacy and data protection for its readers worldwide.
