Load mobile navigation

Reach Group - Privacy Notice

We have organised this Privacy Notice based on the different ways you might interact with us and what you might want to know.

Please use the contents list below to navigate to the section of the Privacy Notice which you are interested in. At the end of each section if you want to return to the contents list please click the link: ‘Click here to go back to ‘Contents’’

Last update: 19 July 2024

CONTENTS

  1. Who we are and how to contact us
  2. About this Privacy Notice
  3. When you browse our websites and use our apps
  4. When you create or sign into your online news or other Reach account
  5. When you buy a product or service from us
  6. When you opt to receive newsletters or marketing communications
  7. When you enter a competition or prize draw
  8. When you complete a survey
  9. When you subscribe to our print, online or “e-publishing” titles, or place a classified ad
  10. When you visit or interact with us on social media
  11. When you apply for a job with us or work at other organisations we do business with
  12. Further ways we may receive, use and share your data
  13. How we keep your data secure, why we may keep it and countries we may transfer it to
  14. How we ensure we protect children's privacy
  15. UK and EU residents: your rights and how to exercise them
  16. US residents: relevant laws and rights

1. Who we are and how to contact us

We are the Reach group, which is made up of Reach plc and its subsidiaries. Reach plc is the largest national and regional news publisher in the UK with a portfolio in Ireland and the United States. We aim to create engaging, relevant content which is distributed through various channels and media including newspapers, magazines, and digital platforms – playing a central role in our audiences’ daily lives.

We are the name behind some of the UK’s most influential, iconic, and trusted news brands, such as the Daily Mirror, Daily Express, Daily Star, Daily Record and Sunday People as well as leading celebrity and entertainment magazine OK! and the online shopping site Yimbly.com. We also publish leading regional titles including the Manchester Evening News, Liverpool Echo, and Birmingham Mail, plus the Mirror US and Express US. You can see the list of websites and brands we publish here.

Depending on who you are and how you interact with us, the legal “controller” of your personal data will be one or more of our group companies, like MGN Limited, Local World Limited, Express Newspapers or Reach Publishing Services Limited (all at the address above).

We have appointed a Data Protection and Privacy Officer (DPO) to oversee our data protection and privacy practices. If you have any comments, concerns or questions, including any requests to exercise your legal rights, our DPO can be reached as follows:

If you are from the UK/EU:

If you are from the US:

Your point of contact for anything to do with how the Reach group uses your personal data is the office of our group Data Protection Officer, who you can contact by submitting the relevant form accessible within the ‘Your rights and how to exercise them’ section by emailing [email protected] or by writing to ‘The Data Protection Team’ at the address above.

*** Click here to go back to ‘Contents’ ***

2. About this Privacy Notice

This Privacy Notice tells you about the kinds of information we hold about you, what we do with it, and why.

As a broad summary, in our business we use information about people:

Some specific activities and websites might have their own additional and complementary Privacy Notices which sit alongside this one. Generally, that will be the case for very specific services such as our commercial job boards or other specialist websites, or where we have a very specific kind of relationship with you (for instance if you are a member of our group pension scheme). We try to make it obvious where that is the case.

Privacy Notice Updates

We may update this Privacy Notice from time-to-time by posting a new version on our websites. You should check this page occasionally to ensure you are happy with any changes. Where changes are material, we may also notify you of them by email.

Data Protection and Journalism

The UK

In the UK the Data Protection Act 2018 provides an exemption from data protection laws to prevent unjustified interference with the work of journalists. We are members of the Independent Press Standards Organisation (IPSO) [IPSO] and therefore subject to the Editors’ Code [Code]. If you object to a story we have published that concerns you personally then you can find our complaints policy here [UK Complaints], which explains how to raise a complaint and how we will handle it.

Ireland

In Ireland we subscribe to the Code of Practice of the Press Council of Ireland and the Press Ombudsman, which set the benchmark for high professional standards. If you believe that we have got something wrong, or that we have breached the Code of Practice, please let us know at the contact details of the publication concerned.

The Code of Practice and details of how to lodge a complaint with the Press Ombudsman are available from:

Post: 1, 2 & 3 Westmoreland Street, Dublin 2.

Website: www.pressombudsman.ie

Email: [email protected]

Telephone: 1890 208 080

Fax: 01 6740046

Journalism and our use of Artificial Intelligence

We are increasingly using Artificial Intelligence (AI) tools, to help us create and enhance our content.

Meeting the data protection requirements of our consumers is at the forefront of our AI decision making so as our uses develop we will provide more information in this Privacy Notice. For more information see our AI Notice on each website footer.

*** Click here to go back to ‘Contents’ ***

3. When you browse our websites and use our apps

When you browse our websites or use our apps, we may collect technical and/or behavioural information about your use of our websites or other content online, and the device(s) you use to access the services. For example, this information may include details about how you browse our website and the devices and technology you use to browse our website. This may also include unique online identifiers such as device ID, device type, IP address and approximate location at the time of browsing. This may also include video viewing data and may link to your activity on other sites and allow us to recognise you or your device. We may use this to build a more detailed profile of you and your interests. We may also provide you with location-based services (for example, advertising and other personalised content), where we collect geo-location data.

Our advertising partners may receive some information about the device you are using and about what you look at and interact with. We do this for the purpose of choosing which adverts to show you, as well as to make our sites and apps work properly. It also allows us to diagnose problems with them and understand how they are used so we can make them better. Sometimes, we also apply a degree of personalisation in choosing which content to show you (for example, by recommending articles similar to those you’ve viewed previously).

You can learn more about what we do with this information and why in the sections below.

3.1 Targeting by Reach

3.2 Targeting by third party advertising networks

3.3 Making our sites and apps work properly and understanding how they are used

3.4 Website Notifications (Pop ups)

3.1 Targeting by Reach

We combine the information you give to us (for example, sign up information for newsletters and competitions) with the information we receive when you use our websites and apps, and analyse it in order to help us to understand your preferences and interests. We then associate this with a unique identification number. This is then used to tailor the content and advertising that you see on our websites and in our apps, so it is more likely to be of interest to you. We don’t share this personalised analysis with anyone outside Reach. In particular, it is not shared with advertisers or with the third-party advertising networks that we work with other than in highly aggregated form so that your personal data cannot be identified.

3.1.1 The data we collect and what we do with it

The data we use for this purpose is as follows:

We will analyse this information to infer interests, preferences, and demographic characteristics, and associate it with an internal identification number. For example, if our website analytics tell us that you are located in the approximate area of Newcastle-upon-Tyne and you read our online title ChronicleLive (which is focused on local news for that area), and you sign up to receive an email newsletter about football from our national title The Mirror, then we could infer from that you are interested in things related to a local football club or to football generally.

We then divide up our identification numbers into groups based on the inferences we draw about them. Those groups are called “audience segments” or “audiences”. So, for example, an identifier associated with Newcastle, ChronicleLive and the football newsletter could be allocated to audiences likely to be interested in football, and events near Newcastle-upon-Tyne.

We then use those “audiences” to do two things: first, to help us to recommend content which is more likely to be interesting (for instance, more articles about football), and second to help us to target advertisements when advertisers buy advertising space from us directly.

The advertiser would never see the actual data that we use – it remains with Reach at all times. All we would share with them would be the criteria we used to target their advert, how many times their advert was shown and how many people clicked on it (but not who), so that they know how well the advert did and we know how much to charge them.

3.1.2 Our legal basis

Your activity on our websites and in our apps can be managed by you using our “cookie banner” and related Consent Management Platform (CMP). The vast majority are used on the basis of your consent where you provide it. Some may use our Legitimate Interest and some are Essential – Please see our Cookie Notice for further information or the ‘cog’ icon or link at the bottom of every webpage to manage your consents. When using our apps, if you want to change the settings, go to the ‘My Account’ Link at the bottom of the screen which includes ‘My Privacy’ and takes you to the CMP.

We combine that information with the other things we know about you (like your newsletter subscriptions) on the basis of our legitimate interest in understanding our readership, both to serve you better and to make us more attractive to advertisers. This helps us to secure a future for news reporting and journalism in the age of social media, especially local news reporting and journalism.

You do, of course, have an absolute right to object to this. You can always register your objection by completing the relevant form [15.5. Your right to object to what we do with your data, and to have restrictions placed upon it].

3.1.3 How long we keep it for

We keep the information about your activity on our websites and in our apps for up to up to three years since last browsing activity, with some anonymised browsing activity retained thereafter.

3.1.4 Who we share it with and why

The data which we use to create the unique identifier and our “audiences” is shared with the partners who provide us with the technology powering it, most notably Upland Software and Lotame, who host core data management platforms for us. They act as our “processors”. This means that they are bound by law and contract to do only what we tell them to do with the data, to keep it safe, and not to share it with anyone else or use it for anything other than providing their service to us.

3.1.5 Whether we send it outside the country of collection

Upland Software and Lotame are global businesses and so the data they host for us may be held outside of the country of collection. We have implemented the required safeguards as necessary (for example, standard agreements and frameworks approved by the relevant authorities).

3.2 Targeting by third party advertising networks

Digital advertising helps us to fund the news articles and content published on our sites and enables us to provide some of our content for free. We and our third-party ad partners may display digital advertising on our sites that is tailored to your interests and preferences so the online adverts you see are more relevant to you. We work with third party ad networks to fill unsold advertising space on our sites and in our apps by auctioning it automatically through a process called “real time bidding”. These ad networks bid to show their ad to you when you visit our sites or use our apps.

The ad networks exchange information through cookies, which allow them to recognise you when you visit any site that they work with (not just Reach sites). Where we use cookies on our sites for advertising purposes, we ask for prior consent. The cookie information will be used along with other information we hold about you to display digital advertising that is more relevant to you. It is important to note, however, that where you do not provide your consent for digital advertising you will still see digital advertising on our sites, but this will not be tailored to your interests and preferences.

Where you provide consent to using your data to create a profile for digital advertising we may also sell or share limited data types to our partners with whom we have a legally binding relationship for similar purposes; typically data on the page content which you have shown an interest in and online identifiers, not direct identifiers such as your email address. Captify is one such partner. They may act as an independent controller of your data, and their privacy policy is shown here: Captify Privacy Policy

3.2.1 The data collected and how it is used

On your first visit to one of our sites or apps (and on other occasions to allow you to change your mind), you will be presented with a ”cookie banner”. This asks you if you consent to the use of cookies and related technologies for the purposes of, amongst other things, selecting and delivering ads. If you do, then the ad networks will be able to recognise your device according to a unique identification number.

We then send out a “bid request” to the advertising networks we work with. What that bid request says is, essentially, ”ID number ABC123 has landed on our website, do you want to show this user an advert?” The winner then gets to display their ad.

The auction process happens automatically, in the second or so between you requesting the page and its loading and displaying. The data used by the ad networks to select the ad to show is held by them, not us, and we never see it.

If we sell or share limited data to an ad partner, as described in 3.2, it will be used for profiling and digital marketing on Reach websites and apps, and potentially other sites & apps with whom the partner has a relationship, if you have given permission for that site or app to do so.

An important point to understand is that most of these ad networks will not know who you are in a “real world” sense. They will not know your name, or your email address, or your phone number (we may know those things because you’ve given them to us in other contexts, but we never share that information with them).

We say “most” because there are two significant exceptions, which are Facebook and Google. They provide targeted advertising services based on the things they know about their users, and so if you are signed into your account with them on your device, they will be able to recognise you and associate your browsing history across sites that use their services.

Data Matching

From time to time we may allow our clients to compare their customer database to ours using partner platforms such as InfoSum. This is called data matching and allows our partners to see if they can reach their audiences on our platforms and to understand if an advertising campaign would be effective.

Generally this will be conducted at an aggregate audience level to provide insights, rather than individual level information, although your information may be used to generate these insights. For example, this could involve matching your hashed, pseudonymised email data with the same data held by our advertising clients. This then enables the advertiser to understand if you use their products and visit our sites, then to use this data to target bespoke advertising messages.

Alternatively, we may allow advertising partners to build target audiences based on predefined attributes. These ‘lookalike’ audiences may be similar to our partners’ existing audiences. For example, a sports brand may want to reach ‘football enthusiasts’. They could select audiences who have been identified as having an interest in these areas. To do this, we segment our audiences into groups depending on what we think they like or other behaviours. This helps them find the right audiences and we are able to show you more relevant advertising.

The way we match your data could also involve working with partners such as LiveRamp Inc and Tradedesk and their group companies, acting as joint controllers. These partners use this information to create a secure online identification code for the purpose of recognising you for cross-channel advertising. This code is placed in our cookie, does not contain any of your identifiable personal data, and will not be used by them to identify you. With your consent it may be shared with our advertising partners and other third-party advertisers globally for the purpose of enabling interest-based content or targeted advertising through Reach sites. These third parties may in turn use this code to link demographic or interest-based information you have provided in your interactions with them to the pseudonymised code. Detailed information on LiveRamp’s data processing activities is available in LiveRamp’s Privacy Notice and opt-out here. Information on the Trade Desk’s use and how they work with partners can be found here EUID Privacy Notice. Alternatively to withdraw consent and object to targeted advertising based on the Trade Desk EUID activity click here.

If you accept the use of cookies in our Consent Management Platform, when you submit your email address to create an account or sign-up to a newsletter or marketing we may share your email address in a hashed form with Amazon Publisher Services (APS). APS then links the hashed email to a profile which they may already hold related to that address. The hashed email will be used in a secure, pseudonymised form within a cookie to flag to APS whenever you visit an APS enabled Reach website again. APS will use this to determine, in real-time, if any of their business customers want to market to a profile similar to yours. If this is the case they may initiate an advert which will appear to you on the Reach website concerned. The APS Privacy Notice can be found at APS PN. Alternatively to withdraw consent and object to targeted advertising based on APS activity click here. You can also visit www.youradchoices.org to have more information about how to manage your ad preferences.

Withdrawing consent

You have the right to withdraw your consent or opt-out to the processing of your personal data at any time via our Cookie Management Platform accessed via the ‘cog’ icon or link at the bottom of every webpage. For example, we will only match your hashed, pseudonymised email with an advertiser in the Infosum platform, if you have consented to your data being used by our adtech provider Lotame. We will also only work with partners such as LiveRamp, as described above, if you have accepted cookies in our Consent Management Platform.

Alternatively, if you would like to stop your email being used in this way please email [email protected], stating ‘opt out of hashed email’.

3.2.2 Our legal basis

Where required by applicable law advertising networks undertake this activity on the basis of your consent, which we ask for on their behalf through the ‘cookie banner’ which appears when you first visit our site. The ‘cookie banner’ message box will reappear from time to time in case you change your mind, or when something changes (typically every 30 days). Please see our Cookie Notice for further information or the ‘cog’ icon or link at the bottom of every webpage to manage your consents. When using our apps, if you want to change the settings, go to the ‘My Account’ Link at the bottom of the screen which includes ‘My Privacy’ and takes you to the CMP.

Most of our third-party advertising partners operate within an industry framework and code of practice issued by the Internet Advertising Bureau (IAB) called the “Transparency and Consent Framework”, which sets out the technical means for your choices to be passed through the ad networks. It also requires that members adhere to IAB policies and standards of behaviour.

Advertising partners who do not work within the IAB framework are listed separately in the platform which can be viewed in our Consent Management Platform (CMP) – please see our Cookie Notice for further information or click on the ‘cog’ icon or link at the bottom of every webpage. In the Consent Management Platform popup go to the ‘Partners’ page and scroll down - IAB partners are listed first, then you'll see Non-IAB vendors and finally Google partners.

3.2.3 How long we keep it for

We do not ourselves hold a copy of the data gathered by the advertising networks. They will each have their own retention policies which you can find in their privacy notices linked through our ‘cookie banner’ – these are often short (between 30 and 60 days), because shopping interests change over time.

3.2.4 Who we share it with and why

When we participate in auctions for unsold advertising space, we send bid requests to third party advertising networks. You can find the list of third-party advertising networks who we work with by clicking on the ‘cog’ icon or link at the bottom of every webpage and reviewing our Consent Management Platform.

3.2.5 Whether we send it outside the country of collection

The digital advertising networks are global in nature and so, while we are predominantly a UK business, this data will travel across international borders, and in particular many automated advertising transactions will be processed in the USA. Where we are the ones making the transfer (typically, we are not), we have implemented the required safeguards as necessary (for example, standard agreements and frameworks approved by the relevant authorities).

3.3 Making our sites and apps work properly, and understanding how they are used

We use the information logged by our servers and certain third-party analytics tools (such as Google Analytics, Amplitude, Mpulse and Hotjar) to help us to spot problems with our digital services, such as page errors or slow loading times, as well as understanding usage patterns and watching for security problems. This may include statistical and analytical data about your visits and activity on our sites, such as the pages you view, how long for, and which links are followed. This helps us to improve the way we deliver content and the products and services offered to you. We also use this data to report on our performance, provide audience insights and measurement, and to sell advertising.

We may also collect information from your devices that tells us whether you are using an ad blocker. This is so that we can manage our compliance with the law and also determine if we are able to show you advertising. We may also ask you to suspend or whitelist our sites or platforms so that we can show you adverts.

You can find more information below.

3.3.1 The data we collect and what we do with it

We gather data for this purpose in three ways.

Firstly, our servers record certain information provided by your devices when they request content, consisting mostly of technical information about your device such as language, screen size and the features and functions it supports, but also including the internet or “IP” address from which it is connecting, and the page or data requested. The data is used for system performance, content delivery and security purposes. It is saved together with the dates and times the requests occurred into files stored on our servers called “logs” or “log files”.

Secondly, on your first visit to one of our sites or apps (and every so often again after your first visit), you will be presented with a ’cookie banner’ asking you if you consent to the use of cookies and related technologies for our use of analytics. If you do, then several “cookies” (small text files) will be stored on your device containing identification numbers. Those numbers can then be read on your subsequent visits to recognise your device, and our analytics providers will use that information to provide us with various reports and metrics on how our sites are used. We also work with the analytics provider Amplitude, who collect measurement data on our behalf, as our processor. They collect this data for us, using their cookie, and only process your personal data with your consent. If you do not consent they will only provide us with anonymised data.

Thirdly, Google also uses the data that it gathers as a result for other purposes, which you can read about in the Google Privacy Policy. If you wish to opt-out of the use of Google Analytics you can access and download the Opt-out browser add-on from here: GA Opt-Out.

To withdraw your consent for how we are using your information, please see 15.4 Your right to withdraw consent.

3.3.2 Our legal basis

We process the personal data captured in our server log files on the basis of our legitimate interest in monitoring our systems, understanding how they are used, fixing problems with them, and for security monitoring and management purposes.

We process the data for determining an adblocker, on the basis of legitimate interest. As a predominantly advertising funded business, we do rely on our ability to show you advertising to help ensure we are able to provide you with the products and services you request.

We process the personal data captured by our analytics providers on the basis of your consent, which we ask for through a “cookie banner” which appears when you first visit our site. That message box will reappear from time to time in case you change your mind (typically every thirty days), and on your first visit after we make a significant change.

3.3.3 How long we keep it for

We keep the information in our server log files for up to 90 days, depending upon the log type and purpose.

Our analytics providers will keep the information they gather from our sites and apps in line with their own privacy notices, which you can access through our ‘cookie banner’ and Consent Management Platform (see the ‘cog icon’ or link at the bottom of every webpage).

3.3.4 Who we share it with and why

We use AWS and CloudFront to help us to analyse our server log files. They act at our direction, as our “processor”.

The information gathered using Amplitude or Google Analytics is held by Amplitude or Google and is made accessible to us through various dashboards and reporting tools.

The following providers are key to providing additional website analytics or diagnostic capability:

3.3.5 Whether we send it outside the country of collection

The technology providers we use are global businesses. The data is located in Ireland with some being routed through AWS outside of the UK and EEA. We have implemented the required safeguards as necessary (for example, standard agreements and frameworks approved by the relevant authorities).

3.4 Website Notifications (Pop ups)

We provide news and updates about our sites via push notification messages or ‘pop-ups’. This is a free service. Our legal basis is consent, as the notifications are only sent to you if you have clicked on a button to allow it (you may have accidentally selected to receive notifications).

We have no control over your subscription to notifications as it is controlled by your browser and device. We do not store any recognisable data about you or your device in connection with the push notification service.

If you wish to unsubscribe from receiving notifications please follow the instructions here: Airship- https://support.airship.com/hc/en-us/articles/4446152158619-How-to-opt-out-from-the-web-notification

If you need additional assistance in relation to push notifications, please contact the team at [email protected] - with the Subject heading: Push Notifications

*** Click here to go back to ‘Contents’ ***

4. When you create or sign into your online news or other Reach account

Some elements of our websites and apps require you to create an account in order to use them; for example, the ability to leave comments under articles or to use some of the functions of “InYourArea”.

This section covers the following:

4.1 Online News account

We use your email address and the other information that you give to us as part of the account creation process to operate your account and provide those functions. When you are signed in with your Reach account, we will also have the ability to associate your account details with the information we gather through our analytics tools about how you use our sites.

4.1.1 The data we collect and what we do with it

When you create an account we may collect your name and email address.

For services that provide local information (like InYourArea) we will also collect your postcode and any associated areas of local interest that you want to be updated about. If you subscribe to a paid version of our sites such as Premium or Privacy Plus (without personalised advertising and tracking) we will collect your payment details, in order for us to fulfil your subscription. For more information on subscriptions see 9. When you subscribe to our print or “Digital Edition” titles.

Some services may let you upload your own content to our sites, such as comments or pictures. Those things will, by the nature of the service, be generally visible on the site and may be attributed to user names. Your comments may be used in print, online or on the social pages for brands owned and published by Reach plc. We may also record what types of content you have commented on, and associate this with our profile of you. Please do not provide any personal data which you do not want to be published. Comments will be subject to moderation checks before publication.

We use this information to operate your account and to enable you to log in and use our services; for example, on InYourArea we use your postcode to identify the correct local information to display to you.

You may also be invited during the account creation process to subscribe to one or more of our newsletters, or to opt in to receive certain special marketing offers and promotions. You can read more about that by navigating to the appropriate section of this Privacy Notice via the ‘Contents’ list. Click here to go back to ‘Contents’.

Unless you object, we will also associate your online account sign-up data with the other things we know about you, like your page views. You can learn more about that, including how to object, here.

4.1.2 Our legal basis

We process your email address and the other information you give to us in order to provide the relevant function or service of our sites on the legal basis of consent. We associate the data which you provide on sign-up with the profile created from your browsing activity on the basis of our legitimate interest. If you wish to object to this, where permitted by applicable law, please see section Targeting by Reach.

Our legal basis for any resulting email marketing is your consent – see here for further information.

4.1.3 How long we keep it for

We will keep your account active for as long as you continue to use it, and for up to 3 years afterwards.

4.1.4 Who we share it with and why

We use a technology provider called LoginRadius to handle the technical aspects of operating your account on our behalf. They host your email address and password. They act as our “processor”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.

4.1.5 Whether we send it outside the country of collection

Our user account technology provider LoginRadius is based in California and India, and so your personal data will be processed from those locations as part of their provision of their service to us. We have implemented the required safeguards as necessary (for example, standard agreements and frameworks, approved by the relevant authorities).

4.2 Specialist Site Accounts

This section covers when you create an account and use our services on the Funeral Notices, Bookanad, Marketplacelive, and Family Notices sites.

4.2.1 The data we collect and what we do with it

In order to use many of our website features you will have to create an account, for example, if you wish to post a funeral notice, upload a tribute to a notice, post an announcement, place an advertisement, or place a notice.

When you create an account we will collect, at a minimum, your name and email address. In some circumstances, we may also collect your address and your telephone number. We use personal data as part of the account creation process, and to ensure ongoing operation of your account, and access to the services available on our websites.

We use all this personal data to (i) operate your account and to enable you to log in and use our services, (ii) manage and administer your notice, announcement, and/or advertisement, and (iii) provide you with some of the features and functionalities that are reserved for account holders.

Some examples of using the personal data you provide include:

When you post a notice and/or an announcement and, as part of this post, provide personal data that relates to a living third party, you are responsible for making sure that you have obtained the appropriate permissions for sharing their personal data. For example, uploading a photograph or a video to a notice that contains the image of another person(s).

Some of our services may allow you to upload your own content to our websites, for example any comments, pictures, or videos uploaded as part of an advertisement or a notice. Such content, by the nature of our service, will be visible on the website to other users and the general public. When creating a new notice or announcement, or interacting with an existing one, please do not provide any personal data which you do not want to be published and accessible by the general public.

The “controller” for advertising activities on some of our websites is Proweb. See 4.2.7.

4.2.2 Funeral Notices Pay-to-use services

Once you have created an account on Funeral Notices, our products/services will be made available for purchase.

When you purchase a product/service, either online, via our website, or offline, via our call centre, we will use the personal data that you have provided during the account creation process to administer the sale of the product/service you have selected. We may also collect additional personal data in order to enable the sale, including the processing of payment information provided by you during the checkout process.

4.2.3 Funeral Notices Free-to-use services

Some of our Funeral Notice services are made available for free, and may allow you to upload your own content to our websites, for example any comments, pictures, or videos uploaded as part of a tribute. Such content, by the nature of our service, will be visible on the website to other users and the general public.

Once you have created an account, some of our products/services may enable the disclosure of information typically viewed as sensitive, for example providing information about your religious beliefs when dedicating a prayer or a religious notice to a loved one.

When uploading information to our websites, please do not provide any personal data which you do not want to be published. It is also important to note that all comments on active notices will be subject to moderation checks before publication.

When you request either of the above Funeral Notices services and, as part of this service, provide information concerning a living third party, you are responsible for making sure that you have obtained the appropriate permissions for sharing this information. For example, uploading a photograph or a video to a tribute that contains the image of a large number of individuals.

4.2.4 Notices placed by Funeral Directors

We offer Funeral Directors across the UK the option to use our service, and to post funeral notices for publication on the relevant area of our website.

If you instruct your Funeral Director to post an online funeral notice on our website, then the information that you provide your Funeral Director will be posted on our website.

Please note that when collecting information to inform their funeral notice, Funeral Directors will do so as “data controllers”. This means that they are responsible for how they handle and use the personal data that they collect from you.

4.2.5 Our legal basis

We process your email address and the other personal data provided during the account creation process so that we may fulfil the contractual obligations owed for the sale of a product/provision of a service, e.g., the posting of an online and/or in-print advertisement and/or notice. This includes the processing of any payment information that is required to facilitate the sale of such products/services.

We process your email address and the other personal data you provide during the account creation process on the basis of your consent for us to provide and operate an account on your behalf.

We process any personal data that you upload to our websites to deliver notices on the basis of our legitimate interest in operating an online obituary service. Please note that, when uploading content, you are in complete control of what you post.

We process your payment information in order to fulfil contractual obligations owed for the sale of a product/provision of a service, e.g., the posting of an online and/or print funeral notice.

We process any sensitive information you provide regarding your religious beliefs on the condition that, by making a post on a generally accessible website, you have manifestly made the information public.

The posting of a funeral notice, by a Funeral Director, is always performed based on the instructions that are provided to individual Funeral Directors by the families of the deceased, and in accordance with the performance of the contract that you have entered into with the Funeral Director.

4.2.6 How long we keep it for

As a general principle, we will only retain your personal data for as long as it is necessary. More information on particular retention periods is provided below.

Website data

Our analytics providers will keep the information they gather from our websites in line with their own privacy notices, which you can access through our ‘cookie banner’ and Consent Management Platform (see the ‘cog icon’ at the bottom left of every webpage)

Account data

Bookanad - When you make a booking through our bookanad website, we will keep your account active for as long as you continue to use it, and it will remain active until you request its deletion, or an inactive period of 7 years has elapsed.

Funeral Notices, Family Notices, and Marketplacelive - When you register for a new account on Funeral Notices, Family Notices, and Marketplacelive, we will keep your account active for as long as you continue to use it, and it will remain active until you request its deletion.

If you have made a purchase, we will keep a record of your transactions for a period of 7 years post-transaction.

Funeral Notice data

All funeral notices, posted by Funeral Directors and the general public, will remain accessible on our website indefinitely, so that the passing of a loved one may remain remembered forever. This will include any tributes posted on a funeral notice, and all other related services, for example remembrances.

4.2.7 Sharing your personal data with third parties

We will only share your personal data with a third party if there is an appropriate contract in place that binds that third party to act in accordance with our instructions.

Further information regarding the third parties that we share your personal data with is detailed below.

Proweb. We use a third-party provider called Proweb to handle the technical aspects of operating an account on our behalf, managing bookings made through Bookanad, and administering our email lists. In order to provide us with this service, they will process the personal data that you provide when you create an account and place a booking, in addition to other information that is captured from your use of our website.

When providing these services, they act as our “data processor”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.

On two of our websites, Marketplacelive and Family Notices, Proweb manages the online advertisements that are displayed on-site. These advertisements will be personalised to you, based on your use of the site, if you have accepted the placement of advertising cookies on-site. For this activity, Proweb will be acting as a data controller; their Privacy Notice can be accessed here: Proweb Privacy Statement.

Donatis. We use a third-party provider called Donatis to manage all of the charitable donations made through our Funeral Notices website. Please note that Donatis are a “data controller”, therefore, all on-site donations will be processed in accordance with their own Privacy Notice, and Terms and Conditions.

When you write a message to accompany your donation, this message will be posted as a tribute on the funeral notice and, once the donation period has closed, this message will be shared with the Funeral Director that posted the notice, so that they may share all of the donation messages with the family of the deceased. If, when writing a message, you choose to make it private then, once the donation period has closed, this message will be shared with the Funeral Director and the family. A private message will not be posted on our website.

When you make a donation, and select Gift Aid, we will share some personal data with the relevant charity. This will include your name, email address, and donation amount. This information enables the chosen charity to avail of the UK Government’s tax relief program, meaning that they receive more of your donation than they otherwise would. Please note that Gift Aid is only available to UK tax residents; further information regarding Gift Aid can be found here.

Marketplacelive When you decide to place an advertisement on Marketplace Live, through our Bookanad website, the information that you have provided will be shared with Marketplace Live, so that the publication and administration of your advertisement may be effectively managed.

InYourArea. When you elect to place a notice on the InYourArea website, through our Bookanad website, the information that you have provided when creating an account, and a notice, will be shared with InYourArea so that they may manage and administer your online post. For information about how InYourArea will handle your personal data, please see their own published Privacy Notice.

Payment processors. We use third party payment processors to handle payments made through our websites. These third party payment processors may act as both a “data controller”, meaning that they define why and how to process the payment information you provide, and a “data processor”, meaning that they act in accordance with our specific instructions when processing your transactional data.

Ancestry. Ancestry is a sponsor of our Funeral Notices website. A link to their website can be found on the sponsorship icon visible on all funeral notices. Please note that by clicking on the ancestry sponsorship area of the funeral notice page, you will be taken to Ancestry’s own website, where an automatic search will be performed on the name of the deceased. This search will be performed based on the URL that you have visited Ancestry from. We do not share any of your personal data with Ancestry; however, if you register for an Ancestry account, after following a link within a notice, Ancestry will be able to identify that you came from our website.

AddThis (Oracle). We have installed a tool called AddThis, provided by Oracle, on various pages of our websites. This tool provides you with the ability to share a notice on social media platforms of your choice. When you interact with the AddThis tool, and decide to share a notice on social media, AddThis will collect some personal data from your interaction. AddThis collects your personal data as a “data controller”, meaning that they will use it for their own purposes. Further information on how AddThis uses personal data can be found in their Privacy Policy.

4.2.8 Working at an organisation that we do business with

For all of our customers and other organisations we do business with, we will have the business contact details of the people we work with at those organisations, and we will use them to manage and administer our relationship with that organisation. We do this on the basis of our legitimate interest in managing and administering those relationships.

We keep the details of our contacts at organisations we do business with for as long as we continue to have a business relationship, and for a period thereafter for business development purposes and in case of issues or disputes.

4.2.9 Advertising as a company that we do business with

When you place an ad, e.g. as a funeral director, we will collect your name and contact details, your postcode, your payment information, and of course the content of your ad. We will use that information to publish and administer your ad, and to communicate with you about it. The content of your ad will be published and therefore accessible to the public. We do this on the basis that it is necessary to fulfil the contract agreed with you when you place your ad.

We will retain the contact details of private individuals for up to 7 years from the point of last interaction, and trade contact details for as long as we have a business purpose.

Your ad itself will be retained indefinitely, on the basis of our legitimate interest, in order to maintain our archive and back issues services.

*** Click here to go back to ‘Contents’ ***

5. When you buy a product or service from us

At Reach, we manage two main online e-commerce platforms: Yimbly.com and OK! Beauty Box. In addition we run a number of ecommerce sites associated with our newspaper brands such as Reach Sport Shop or our Regional Newspaper Shop.

For information on how we process your data on these sites see below. For information on discount codes, vouchers, cashback accounts and affiliate sites see 12. Further ways we may receive, use and share your data

When you place an order for a product or service with us, it is necessary to share specific personal details to ensure the seamless fulfilment of your order. This information may be gathered during the registration process or by placing an order via our checkout. In certain situations, we share with a third party that will collect and process this information on our behalf to fulfil your order.

5.1 The data we collect and what we do with it

We may collect and use data in a number of ways when you buy a product or service from us. These include:

5.2 Our legal basis

The regulations on data protection outline various reasons for which a company may gather and process your personal data, including:

Consent: In specific instances, we may collect and process your data with your explicit consent. This can happen, for example, when you willingly opt into marketing communications or create an account with us. When gathering your personal data, we will always communicate clearly which data is essential for a particular service.

Contractual Obligations: Under certain circumstances, we may require your personal data to fulfil our contractual obligations. For instance, when you place an order for delivery, we will collect your address, billing/delivery, mobile and name to ensure the successful delivery of your purchase, sharing these details with a courier as needed.

Legal Compliance: If mandated by law, we may be compelled to collect and process your data. For instance, we might share information about individuals involved in fraudulent or criminal activities impacting us or our sellers with law enforcement.

Legitimate Interest: In specific scenarios, we may require your data to pursue our legitimate interests in a manner that is reasonably expected in the course of operating our business, and that does not significantly affect your rights, freedom, or interests. For example:

5.3 How long we keep it for

Reach will retain your personal data in accordance with the law and relevant regulations and will store the data for as long as is necessary to fulfil the purpose for which it was collected. The period for which we keep your personal data will be determined by the purpose for which we are using the data, and our legal and regulatory obligations.

5.4 Who we share it with and why

We use Klevu, Shopify and Mirakl to manage and connect the different parts of our Yimbly.com and OK! Beauty Box ecommerce sites. They act at our discretion, as our “processor”. For more information on what each processor specifically does please see below:

We will also share your name, address, email and payment details with our sellers in order to fulfil an order. Our legal basis for doing this would be contractual as it is necessary in order for you to receive your goods.

We may also provide sellers with information that allows them to serve you with more useful and relevant ads and to see how effective they are. We would not share your name or other information that directly identifies you when we do this. Instead, we use an advertising identifier like a cookie, a device identifier, or a code that would anonymise information like an email address. Our legal basis for doing this would be consent. We would attain your consent when you accept our use of cookies on our site and you have the right to opt out at any time. For more information see section 3. When you browse our websites and use our apps

Generative AI Tools

We may share personal data with Generative tools like OpenAI on a 30 day or zero data retention basis for the purposes of:

We may also use AI, although not involving personal data, for Business intelligence purposes, to identify patterns, spot inconsistencies, predict trends, and deliver insights that lead to a better understanding of our business across all functions. Our legal basis for doing this would be legitimate interest. To opt out of your data being shared in this way email [email protected], stating ‘opt out of AI Tools’.

5.6 Whether we send it outside the country of collection

From time to time we may transfer your personal data to service providers based outside of the UK and EEA for the purposes described in this Privacy Notice. In particular, we do this in regard to our email and SMS service providers, managing our marketing activities and for the processing of orders, subscriptions and payments. Where these transfers take place, your personal data will continue to be subject to safeguards set out in the law and we have mechanisms in place to ensure your data receives equivalence in protection to that within the UK and EEA. An example safeguard is standard agreements that have been approved by the relevant authorities. For more information see section 13: How we keep your data secure, why we may keep it and countries we may transfer it to.

*** Click here to go back to ‘Contents’ ***

6. When you opt to receive newsletters or other marketing communications

We use the information you provide us with, such as email, address, or phone number, to communicate with you for the purpose you provided it, either based on your consent or where we have legitimate grounds to do so. For example, if you sign up for a newsletter or other marketing communication then we will use the email address you provide to send you that newsletter or marketing, and we may also send you text messages if you have opted in to receive these. These may include special offers and promotions. Alternatively, If you have bought a product from us, from one of our ecommerce sites [see 5. When you buy a product from our ecommerce sites], we may send you emails about similar products and services, from the brand you purchased the product from, provided you didn’t opt out when we collected your data.

The links in our emails are unique to your email address, and so if you click on them our servers will attribute that click to your email address and that information will be associated with your unique identifier. If you choose to allow your email program to load the images in our emails, we will also be able to see that you opened the email. You can find out more about each of these activities below. You can update your marketing preferences at any time. If you would like to unsubscribe (or opt-out) of receiving these emails please click the links on the emails you receive, text STOP to opt out of text messages, or contact [email protected].

Working with Partner Companies

When you give us your email address for marketing purposes, we may convert it into a hashed, pseudonymous form, and subsequently share it with selected partners who use this information to create an online identification code, for the purpose of recognising you on your device.This code does not contain any of your identifiable personal data and cannot be used to re-identify you.

We convert your email based on legitimate interest and you can opt out of your email being shared in this way by emailing [email protected], and stating ‘opt out of hashed email’. For more information on how these partners may subsequently use this code to serve you targeted advertising, with your consent, please see section Data Matching.

In addition, we may work with a partner company to send our communications to you. For example, you may have consented to an email from Reach via the Substack platform. For these emails Substack are the controllers of your data, and you will have agreed to their Privacy Notice when you signed up. You can opt out of receiving their newsletters at any time via the email you receive or by emailing [email protected].

6.1 Sending you the newsletters and marketing you subscribe for

We will use the email address you give to us to send newsletters or our marketing offers and promotions to you.

When you subscribe to one of our email newsletters, or marketing emails, we will send those newsletters (or marketing emails) to the email address you provided. It will always be clear who the newsletter or marketing offer or promotion has come from, and we don’t sell or give our email lists to anyone else.

If you want us to stop, the easiest way is to click on the “unsubscribe” link which you will find at the bottom of every email, text STOP to opt out of text messages, or contact [email protected].

In some jurisdictions outside of the EU/UK, and where permitted by applicable law, we may purchase/rent lists of persons who may be interested in our products and services. We may contact such persons by email.

6.1.1 The data we collect and what we do with it

We collect your email address in order to send you the newsletters or marketing you subscribe to. When you sign up for newsletters from our “In Your Area” local information website, we will also collect your postcode in order to provide the correct local information.

Sometimes, our newsletters will contain advertisements.

Unless you object, we will also associate your newsletter and marketing subscription with the other things we know about you, like your page views. You can learn more about that here.

6.1.2 Our legal basis

We use your email address to send you the newsletters and marketing you subscribe for on the basis of your consent. You can withdraw that consent at any time. The easiest way to do so is to click on the “unsubscribe” link at the bottom of every newsletter we send.

We associate your email subscription with the other things we know about you on the basis of our legitimate interests. You can learn more about that here.

6.1.3 How long we keep it for

We will keep your email address on the subscription list for the relevant newsletters or marketing emails until you unsubscribe from them. Furthermore, we will stop sending you a newsletter (or marketing email) if we see no activity (e.g. no links clicked on) for a period of time, and generally but not exhaustively, after 24 months.

6.1.4 Who we share it with and why

Processors provide the technology platforms which we use to administer our email lists and to manage the adverts in our emails. They act as our “processors”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.

6.1.5 Whether we send it outside the country of collection

Email administration data is hosted within the EEA. Advert management services data is processed from the UK and EEA.

6.1.6 Whether we send it abroad

The data is hosted and processed within the EEA.

6.2 Tracking technologies used in our emails

If you tell your email application to load images we will know when you open one of our emails. When you click on links in our emails, we will know that it was you who clicked on it. We use this information to inform the content of future newsletters or marketing (by looking at what’s popular), and to understand whether you continue to be interested in receiving them.

Unless you have previously objected, we will also associate that information with other things we know about you. You can learn more about that here in Targeting by Reach.

6.2.1 The data we collect and what we do with it

We track engagement with our emails in two ways.

Firstly, as for most email newsletters and promotions worldwide, our emails don’t attach any pictures they use to the email itself, but instead load them from a remote server on demand. By default, most email programs don’t load remote images automatically, but only when you click on the button or link in the program to “show images” (or similar wording). When you do that, the images linked in the email are downloaded from our technology provider’s server so they can be displayed in your email program.

If the images are downloaded, our technology provider can tell us that you opened the email.

Secondly, the links in our emails to articles and other external content are personalised, such that if you click through to the content using the link in our email, we will know that it was you who clicked it (or at least, someone reading the email we sent to you). This is because we use web beacons in our emails to track the success of our marketing campaigns. Our web beacons don’t store any information on your computer but, by communicating with our cookies on your computer, they can help us to understand how you engage with our emails.

6.2.2 Our legal basis

We record the opening of emails on the basis of your consent. You can withdraw your consent at any time either by configuring your email client not to load images, or by unsubscribing from the relevant email.

We use the personalised URLs for links to external content on the basis of our legitimate interest in understanding how you engage with our emails and which kinds of content are of most interest to you. You can object to this use of your personal data by completing the relevant form Your right to object to what we do with your data, and to have restrictions placed upon it.

6.2.3 How long we keep it for

The data gathered to understand email opening and interests related to articles and links within the emails is retained for as long as you continue to engage with our emails, and for a period of up to 3 years afterwards.

6.2.4 Who we share it with and why

Third party processors provide the technology platforms which we use to administer our email lists and to manage the adverts in our emails. They act as our “processors”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.

6.2.5 Whether we send it outside the country of collection

The data is hosted in the Republic of Ireland, the UK and Denmark.

*** Click here to go back to ‘Contents’ ***

7. When you enter a competition or prize draw

From time to time we run competitions and prize draws which require you to provide your name and contact details. We use that information to administer the competition or prize draw and to communicate with you about it (for example if you win a prize).

We may also use that email address to send you occasional special offers and promotions, if you opted in to receive them. See here for more information on that and how to unsubscribe.

Unless you have objected, we will associate the fact that you entered the competition with the other things we know about you, like your page views. You can learn more about that here. We may also run some competitions or prize draws for which we utilise your declared responses to build into our profile about you. When we do so, this will be communicated in the associated text, and you will be asked to either consent to this use or will be given the option to ‘object’ via a tick box.

7.1 The data we collect and what we do with it

When you enter a competition or prize draw we will collect the information you provide to us, such as your name, email address and answers to any questions. We will use that information to run the competition or prize draw. If you happen to win a prize, we may ask you for additional information, such as an address to send the prize to. As highlighted above, we may also retain your responses as part of a profile about you.

7.2 Our legal basis

We do this on the basis that it is necessary to fulfil the contract formed with you when you enter the competition or prize draw. Use of your declared data for profiling purposes will be based either upon consent (via tick box) or our legitimate interest, for which you will be given the option to ‘object’.

7.3 How long we keep it for

We will keep your competition entry for the duration of the competition and for up to 12 months after the closing date. Data utilised for profiling will be retained for up to 3 years.

7.4 Who we share it with and why

Information about competition and prize draw entries is only shared with the service providers who provide us with the technology powering our systems and – if you win a prize – with the companies who supply and deliver the prize to you. The technology providers act as our “processors”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.

7.5 Whether we send it outside the country of collection

Our online form technology provider may process your personal data outside of the UK and EEA. We have implemented safeguards to secure and limit the processing of the data, including standard agreements, and frameworks, approved by the relevant authorities.

*** Click here to go back to ‘Contents’ ***

8. When you complete a survey

Sometimes we run surveys to help us to understand more about our readership or about public opinion generally. They can also help us better understand the underlying motivations behind the trends we are seeing, response to new content ideas and formats we are developing and how we can improve the service we currently offer.

These surveys could be in the form of online surveys, polls, video projects, diary studies and discussion groups, and we record the responses (answers) of those who take part.

If you take part, we use your answers to those surveys to produce anonymous statistics which we use to inform our editorial content and, to an extent, our advertising. For example, if a majority of survey respondents express a preference for one TV show over another, then we might write an entertainment piece based on that or factor it in when deciding which adverts appear where.

We may also run some surveys for which we utilise your declared responses to build into our profile about you. When we do so, this will be communicated in the associated text, and you will be asked to either consent to this use or will be given the option to ‘object’ via a tick box.

Occasionally, those surveys might ask you about things which the law considers to be especially sensitive, such as your voting intentions or your religious beliefs. Where that’s the case, we’ll ask clearly for your permission first, and we’ll always provide a “prefer not to say” or similar option. We don’t use that kind of information for advertising purposes.

8.1 The data we collect and what we do with it

The types of information we collect and process about you when you take part in a survey may include:

We will collect your answers to the survey questions and use them to compile anonymous statistics along the lines of “35% of people preferred X over Y”. Some surveys may also ask for your email address, for example if we are offering entry into a prize draw for completing it. Go here to learn more about how we use your data for prize draws. As highlighted above, we may also retain your responses as part of a profile about you.

When you have completed a survey, you may be invited to subscribe to a newsletter or to receive special offers and promotions from us.

Sometimes we may operate “panels” of people who we send survey questions to periodically. If you join one of those panels then there may be additional kinds of information about you which we will receive, in which case we will provide further information to you before you sign up to the panel.

8.2 Our legal basis

We collect and compile your survey answers on the basis of your consent, which we ask for in each survey. Use of your declared data for profiling purposes will be based either upon consent (via tick box) or our legitimate interest, for which you will be given the option to ‘object’.

8.3 How long we keep it for

We retain your survey responses for however long the survey runs for, and for up to 90 days afterwards. If you participated in our research panel we may keep your data for up to a year, for the purposes of insight and tracking responses over time.

The resulting statistics may be kept longer, but those are always anonymous and don’t contain your personal data. Data utilised for profiling will be retained for up to 3 years.

8.4 Who we share it with and why

We typically publish the overall results of our surveys, and often share those results with the brands involved (if any), but those results are always anonymous and statistical in nature (“50% of respondents thought X”) and don’t contain your personal data. Actual survey responses are only shared with the service providers who provide us with the technology powering our systems. They act as our “processors”, meaning that they are bound by law and contract to keep your data safe, and to do only what we tell them to do with it.

Once we’ve gathered your survey responses, we will combine them with the answers from other respondents and turn them into valuable insights which may be shared with third parties. Unless specifically stated at the start of the research activity and with your explicit permission, this information will only be disclosed to third parties in anonymised or aggregated form, stripped of any identifiable data (example forms of anonymised / aggregate data include: “X% of males from Birmingham agree that…” or “a 35 year male from Birmingham said …”)

Please be aware that if you disclose information on forums it may be possible for other research participants to use this information. We are not responsible for the disclosure of any information you post in this way.

8.5 Whether we send it outside the country of collection

Our online form technology providers may process your personal data outside of the UK and EEA. We have implemented safeguards to secure and limit the processing of the data, including standard agreements and frameworks approved by the relevant authorities.

*** Click here to go back to ‘Contents’ ***

9. When you subscribe to our print, online or “e-publishing” titles, or place a Classified Ad

9.1 When you subscribe to our print, online or “Digital Edition” titles.

We will collect your name, address other contact details, and payment information. We will use that information to administer your subscription. We do this on the basis that it is necessary in order to provide the subscription to you with the support of our provider. We will retain this information for as long as you maintain your subscription, and for a period thereafter, in case of disputes or problems.

When you subscribe to our digital edition titles your subscription is also processed via our provider and this information is retained for as long as you maintain your subscription, and for a period thereafter, in case of disputes or problems.

As part of the subscription process you may be asked if you want to receive other products or services from Reach. Where this is the case you will be asked to consent to each product or service type. Such activities are managed in accordance with the relevant sections elsewhere in this Privacy Notice.

Privacy Plus Subscription

On some of our websites we offer you a Privacy Plus subscription service for tracking-free access. This Privacy Plus subscription provides a reading option free of personalised advertising, where we completely forego advertising tracking and only serve basic advertising. For a monthly fee, a Privacy Plus subscription enables you to access the same content, without sharing your personal data for advertising purposes.

This means:

The Privacy Plus "anti-tracking" subscription:

If you subscribe to this service, you can still choose to subsequently consent, for example to personalised editorial content recommendations, however without this express consent we will only analyse your usage exclusively for our own essential site operation purposes (such as fraud prevention and to assess our editorial content e.g. to determine which articles are particularly popular). Selecting this option means we do not pass your data to advertising providers and do not pass on any personalised usage data to third parties.

In order to be able to offer you this service on our website, we will collect online identifiers such as device type, IP address, language settings, approximate location at the time of browsing, and your logged in user id. This will be used to enable us to verify you as a Privacy Plus subscriber, to technically run the service and for security and anti-fraud purposes. We won't process information to identify or track you.

9.2 When you place a classified ad

When you place a classified ad in one of our print titles, we will collect your name and contact details, your payment information, and of course the content of your ad. We will use that information to publish and administer your ad, and to communicate with you about it. The content of your ad will be published and therefore accessible to the public. We do this on the basis that it is necessary to fulfil the contract agreed with you when you place your ad.

We will retain the contact details of private individuals for up to 6 years from the point of last interaction, and trade contact details for as long as we have a business purpose. We do not store personally identifiable payment card information.

Your ad itself will be retained indefinitely, on the basis of our legitimate interest, in order to maintain our archive and back issues services.

*** Click here to go back to ‘Contents’ ***

10. When you visit or interact with us on Social Media

We operate accounts on different social media platforms, and you may choose to visit or to interact with us through these channels. If you choose to do so, we can usually only see information stored in your public profile on the social media platform, when you are logged in to your profile, while visiting our social media account; although we may process data that you provide to us when you contact us (for example: if you create a post, or send us a private message via Facebook).

The social media platform also provides us with anonymous usage statistics, which we use to improve user experience and understand activity across our sites. We do not have access to the usage data that the operator of the social network collects to create these statistics.

The operator of the social media platform also processes your data, regardless of whether you yourself have a profile on the platform. In addition, some social media platforms, such as Facebook, use cookies that are stored on your terminal device when you visit our social media account, even if you do not have your own profile in the network or are not logged in. These cookies enable the social media platform to create user profiles based on your preferences and interests and to show you advertising tailored to these.

For information on the cookies we use, and the social media operators and their privacy policies please see our Cookie Notice. For further information on how we may receive, use and share your data see 12.4 Social media platforms.

*** Click here to go back to ‘Contents’ ***

11. When you apply for a job with us or work at other organisations we do business with

11.1 When you apply for a Job with us

When you apply for a job with us, we will process the information you or the recruitment agency gives to us in order to consider your application and to communicate with you (or the agency) about it.

If we offer you a position and you accept it, then we will use your information to liaise with you about start dates, contracts, arranging induction and so on, and we may ask you for additional information to that end. That information will then be handled in accordance with our internal HR policies and Employee Privacy Notice.

If we don’t offer you a position or we do but you don’t accept it, then we will keep your application on file for 12 months in case of future queries or issues.

We process your data on the basis that it is necessary in order to take steps to enter into an employment contract with you. We process information relating to unsuccessful applications or job offers that are not accepted on the basis of our legitimate interest in keeping records of job applications.

11.2 If you work at other organisations that we do business with

For all of our customers and other organisations we do business with, we will have the business contact details of the people we work with at those organisations, and we will use them to manage and administer our relationship with that organisation. We do this on the basis of our legitimate interest in managing and administering those relationships.

If you work at a current or prospective advertising or publishing services client or related agencies, revenue sharing partners (for the sale of your products or services) or are users of Reach software we will also contact you from time to time using your work contact details to promote our services. We will have those contact details either because we have worked with you before, you shared them with us for this purpose, because we or our agencies have looked them up from publicly available information, or because you have attended an event we have hosted. We do this on the basis of our legitimate interest in promoting our advertising and publishing services to businesses. We will always stop contacting you for this purpose if you ask us to. Typically, the best way to do that is to respond to the person contacting you, but you can also make the request by completing the relevant form.

We keep the details of our contacts at organisations we do business with for as long as we continue to have a business relationship, and for a period thereafter for business development purposes and in case of issues or disputes.

11.3 Site visits and CCTV

When you visit a Reach site we will record your name, the date, and in some locations your company name. This information is retained for one week.

In some circumstances, non-employees may be provided with a site pass. Where this applies, the personal data obtained, including a photograph of you, will be retained for the duration of your visit or contract with Reach and for 7 years thereafter for fraud, security, and financial reporting purposes.

We use CCTV systems at our premises on the basis of our legitimate interest in protecting the safety and security of our staff and our property.

*** Click here to go back to ‘Contents’ ***

12. Further ways we may receive, use and share your data

This section covers the following:

12.1 Further data sharing by Reach

We may pass your information to our processors – companies that we use to provide services on our behalf, for example for home delivery services, event management, prize fulfilment agencies, market research or other purposes mentioned in this Privacy Notice such as analytics, direct marketing or online advertising. These processors can only use your information in accordance with our instructions and for no other purpose

In addition, further to the data sharing described elsewhere in this Privacy Notice, Reach will disclose your information and co-operate with appropriate bodies and authorities in good faith where we are required to by law, a court order, a regulatory authority, or otherwise, including with the police, trading standards, regulatory authorities, other relevant authorities, or credit reference agencies.

Where permitted by applicable laws, where you interact with us, we may monitor, record, and retain all associated data, correspondence, and communications, such as written letters, telephone call recordings, emails, text messages, social media messages, in person meetings and any other communications. We will do this to, (i) comply with our legal and regulatory obligations (ii), prevent, or detect crime (iii), maintain appropriate evidential records (iv), protect the security of our communications systems and (v) for training and quality purposes. Where necessary, we will also use your personal information to defend ourselves from any legal claims brought by you in connection with the provision of our products and services.

We will also use personal information to manage and administer our business generally.

We will share information with security consultants and IT security system providers, where necessary, to monitor and manage data security and the security of our sites and networks, and to develop security threat intelligence data.

We may also share information to facilitate the sale of one or more parts of our business, including if we are approached by a potential buyer or the restructuring of one or more parts of our business and with auditing organisations such as the Audit Bureau of Circulation.

When we share information with third parties, we only permit them to process this data for specified purposes. We do not share more information with them than is necessary for the relevant purpose and we require them to treat this information with at least the same protection we do.

12.2 Links to other websites and third-party affiliates

Our websites may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and, when you leave our website, we encourage you to read the Privacy Notice of every website you visit.

We may monetise some of these links through the use of third-party affiliate programmes. These affiliate links help pay the costs of producing our websites and ensure that the content is free to you. However, it doesn’t mean that we are in any way indebted to Amazon or any other company. Nor do they or any other company have any influence over editorial coverage, how we rate products, or whether they get a positive review. Notwithstanding such affiliate programmes, we are not responsible for the content or privacy policies of these websites or for third-party advertisers, nor for the way in which they use the information they collect about you.

12.3 Behavioural remarketing services

After you have visited our site, we may use remarketing services provided by companies such as Facebook and Google and Bing, to show you advertising on third-party websites, based on your browsing patterns and interactions. For this purpose, visitors are grouped by certain actions on our services, for example, by duration of visit. This enables us to understand your preferences and to show you personalised advertising even if you are currently on another website within the network.

12.4 Social media platforms

We may also share de-identified information with social media platforms for advertising and analysis purposes. For example, we may share a hashed, non-identifiable version of your email with, for example, Facebook or Google, with the aim of showing you advertising on those platforms, or to exclude you from seeing our advertising on those platforms.

Combined with the use of their respective pixels/advanced matching and Conversions/Events APIs (a secure server-to-server interface that allows us to share specific actions you take on our website directly with Meta and TikTok), this enables us to better understand how you interact with our website, measure the impact of our advertising and website conversions, deliver relevant advertising that may be of interest to you and protect your privacy.

Processing your data in this way enables us to deliver relevant advertising that may be of interest to you and protect your privacy. It also enables us to measure the impact of our advertising and website conversions, improve targeted advertising, improve marketing attribution and improve conversion tracking.

To opt out of your email being shared in this way by email [email protected], and stating ‘opt out of hashed email’. You have the right to withdraw your consent or opt-out to the processing of your personal data at any time via our Cookie Management Platform accessed via the ‘cog’ icon or link at the bottom of every webpage.

12.5 WhatsApp Instant messaging platform

When you sign up to one of our Whats App communities to receive the latest updates, exclusives and comments straight to your phone. As part of this process you are allowing WhatsApp to receive and share data with us, including your phone number. The use of your data will be in accordance with this Privacy Notice, and also WhatsApp Privacy Notice here.

You can exit the Community you joined at any time by going to the Communities tab of your Whatsapp account, and following these instructions: How to exit a community.

12.6 Chatbots and other onsite data collection

If you engage with chatbots on our sites to communicate with us and ask questions, your information will be used in accordance with this Privacy notice, and specifically to:

Please note that our chatbots may leverage third party generative AI platforms. Where this is the case, we will:

Where our chatbots leverage third party generative AI platforms, the information you disclose via the chatbot may be shared with the provider of the AI platform for its purposes, over which we have no control. Please do not submit any information with our chatbots that you would not be willing to share publicly. For more information see our AI Notice on our websites.

12.7 Discount codes, vouchers and cashback accounts

Some of our sites offer discount codes. When you use one of our discount codes we will collect information about how you use our site. For example, when you redeem a voucher we’ll record details of the offer, the date and time and the device you’ve redeemed it on. Although we do not share your data with the code providers, when you claim your code your personal data may be collected.

The legal “controller” of your personal data is Reach plc, and we rely on the performance of a contract for the application of discount codes. However, our discount websites are managed on our behalf by Widilo who also act as a data controller should you create an account or sign up to their newsletters.

Reach is not responsible for the content or use of personal data on third party websites linked to from our sites which offer Discount Codes. When you navigate to and use these sites, for example to redeem a discount code, we would recommend that you check the Privacy Notice associated with that site for more information on how those sites process your information.

Similarly if you create a Cashback account, as part of the registration your data will be shared directly by you with our cashback partner in line with their terms and conditions which are provided to you at the point of registration. The legal “controller” of your personal data is Reach plc, and we rely on the performance of a contract for the management of Cashback accounts. They are administered by Widilo, also as a data controller, and are subject to their terms and conditions which are provided at the point of registration. For more information on how cashback partners use your data we recommend you check their Privacy Notice for more information.

For anything to do with how Widilo uses your personal data, please see their privacy notice here.

12.8 Affiliate Sites, such as Mirror Bingo

Reach Gaming Affiliates is a website operated by Reach, to promote our Gaming Affiliate programs, and provide users with the ability to join the program. We provide direct links to our nationally recognised and trusted gaming brands on our Reach Gaming Affiliates webpage, such as Mirror Bingo, OK! Bingo and Express Wins. We also provide links to web pages where you can submit your information in order to join our Reach Gaming Affiliates Account.

Please note that we do not directly collect any personal data, concerning your browsing behaviour or your participation in our affiliate program, on this website.

When you navigate to these web pages, please note that our partner, Jumpman, will be the data controller for the personal data that you provide, and Reach will be the data processor. The information we share will be used in accordance with our partner’s privacy policy, which you should read when you sign up with the partner. For more information about how your Affiliate data will be used, please see the Jumpman Privacy Notice here.

12.9 How we work with Group Companies

Reach receives information from, and shares information with, other companies within the Reach Group to help operate, provide, improve, understand, customise, support, and market our services and their offerings. This includes:

In addition, a key way we share data across systems and Group companies is for advertising and targeting purposes. This can be based on your online behaviour on our sites, for example:

12.10 Transfer as part of the sale of our business

If we sell part or all of our business, personal information may be one of the transferred business assets. If this happens, your information may be disclosed to any successors of our business for them to use for the purpose set out in this Privacy Notice.

*** Click here to go back to ‘Contents’ ***

13. How we keep your data secure, why we may keep it, and countries we may transfer it to

13.1 How we keep your data secure.

We are committed to protecting the personal data we hold and keep your information secure by taking appropriate technical and organisational measures, including for example encryption techniques and access control, to protect personal and sensitive data against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.

Where we use third-party service providers to store data, we have appropriate agreements in place to ensure that your personal data is protected. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. We also require any third parties to whom we may transfer personal data to have appropriate security measures in place. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

Our websites may permit you to create an account, or have the facility for an account to be created on your behalf. When this happens, you may be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorised by you. You should notify us of any unauthorised use of your password or account. In the unlikely event of a breach we will notify the affected individuals in a timely manner, as required by law. If you believe your account has been compromised, please contact us at [email protected], or if you are in the US email [email protected] stating which state you are a resident of.

13.2 Reason for keeping it

We hold personal data for a variety of different purposes and the length of time we keep your data will vary depending on the services or products we are providing our customers with.

We will only keep your data for a reasonable period of time, which is based on the purpose for which we are using your data. For example, we review our marketing contact lists and delete those contacts where there has been no activity for three years. In addition, by law, for tax and other purposes, we may have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers. We may also need to keep information to evidence a contract or prevent fraud.

Once the purpose has been fulfilled, we will securely delete that data or anonymise your information (so that we, or anyone else, can no longer tell that data relates to you) unless we are required to retain the data longer for legal, tax or accounting reasons.

13.3 Countries we may transfer your data to

When you provide information to us, we may transfer your personal information to our group companies and processors who are based in a country other than your country of residence. For example, if you are a UK citizen you may find your data is processed by a supplier or service based outside the UK or EEA, such as in the United States. If such a transfer requires us to apply additional safeguards to your personal information under, for example, UK or European data protection laws, we will do so.

These steps may include implementing the UK’s International Data Transfer Agreement clauses or European Commission’s Standard Contractual Clauses, with additional UK-specific clauses for transfers of personal information to our service providers and business partners. Alternatively we will ensure the third parties we work with will offer an adequate level of protection by meeting the legally agreed requirements of the EU-US Data Privacy Framework, and the UK extension, as appropriate.

To the extent applicable, we may rely on derogations as set forth in Article 49 of the GDPR for the transfer and onward transfer of personal information collected from individuals in the UK or EEA to the United States, and other countries that the EU views as not providing adequate data protection. Specifically, we may transfer such information to another party in accordance with our lawful basis for processing.

By using our website, products or services or by interacting with us in the ways described in this Privacy Notice, you consent to the transfer, storage and processing of your personal information outside your country of residence, including out of the EEA, in the circumstances set out in this Privacy Notice. If you do not want your information to be transferred in this way you should not use our website, applications or services.

*** Click here to go back to ‘Contents’ ***

14. How we ensure we protect children’s privacy

Our products and services are for a general audience and not aimed at children, although we recognise that some of the content of our publications may appeal to a younger audience, for example our football content and Curiously site.

Across our portfolio, we have taken active measures to ensure we comply with all relevant laws and regulations, and do not knowingly collect any personal information from children under the age of sixteen or send any marketing communications to children.

If we are running a competition, for example, which might be of interest to children, our competition rules specify that a parent or guardian must consent to entry (if the child is under eighteen). You must also be at least eighteen to purchase products or services from us. If you are under the age of eighteen, you must ensure that your parent or guardian purchases the products or services on your behalf.

If, in the future, we collect personally identifiable information from children in connection with our products and services, we will do so in compliance with all relevant laws and regulations including, without limitation, obtaining parental consent where necessary. If you are a parent or guardian and are concerned that we may be processing personal data related to your child, please contact [email protected].

*** Click here to go back to ‘Contents’ ***

15. UK and EU residents: Your rights and how to exercise them

The law gives you certain rights over your personal information.

You can exercise your rights by contacting our group Data Protection Officer’s team through the use of the relevant forms provided below. It is helpful to be as specific as possible about what you want us to do or what information you are looking for, because it enables us to respond to you more quickly.

Depending on your request, we may ask you to prove your identity to us first, in order to make sure that someone isn’t impersonating you. For example, if you contact us about your Reach account using a different email address, we may first require you to prove that you control the email address which you used to set up the account. If you want information about a subscription or some other paid service then we may ask you to provide the last four digits of the credit card used to pay for it.

If you are making a request on behalf of someone else, you must include proof of their permission for you to do so, or provide evidence of a power of attorney, court order, or health professional evidence that they are unable to provide consent.

Most of your rights do have exceptions to them, designed to protect the rights of others or to ensure that we can comply with the law and operate our business in a prudent manner (for example, by keeping certain records). If we decline all or part of your request on the basis of one or more of those exceptions, we will tell you that we are doing so, and we will explain our reasons. We may also reject your request entirely if it is excessive or unfounded.

15.1 Your right to access the information we hold about you

You have the right to have access to the information we hold about you. There are a few exceptions to that right, designed to protect the rights of other people.

To exercise this right please use our right of access request form.

15.2 Your right to have inaccurate information about you rectified

If we hold information about you that is factually inaccurate (for example, we have spelled your name wrong) then you have the right to have it corrected. This right does not extend to matters of opinion; for example, moderation decisions we might make about your comments on our websites.

To exercise this right please use our other rights request form.

15.3 Your right to have your information erased in some circumstances

You may have the right to have some or all of your information deleted, principally if the information you want deleted is no longer needed or if we don’t have a legal basis to continue using it (for example, if we are using it on the basis of your consent and you withdraw your consent).

To exercise this right please use our right to erasure request form.

15.4 Your right to withdraw your consent

If we’re relying on your consent to do something with your information (for example, to send you newsletters) then you have the right to withdraw that consent at any time.

For newsletters and other email communications, you can do this by clicking the “unsubscribe” link at the bottom of the message.

To withdraw your consent for how we are using your information, please use our unsubscribe request form

For targeted advertising on our websites, you can access the screen to do this by clicking the “Privacy” tag with the ‘cog’ icon or link at the bottom of every webpage to go to the Consent Management Platform (CMP).

For targeted advertising in our apps, you will be presented with the CMP on initial download and whenever it is updated thereafter. You can also change your CMP settings by navigating to ‘My Account’ at the bottom of the app screen and clicking on ‘My Privacy’.

15.5 Your right to object to what we do with your data, and to have restrictions placed upon it

If we are doing something with your data not on the basis of your consent but on the basis of our “legitimate interest”, then you have the right to object to what we are doing, and we must stop unless we can show that there is a compelling and legitimate reason to continue or what we are doing relates to a legal claim. Activities such as fraud prevention will fall into that category.

In the case of direct marketing and profiling, your right to object is absolute. Regardless of what other mechanisms we may make available, you can always object by unsubscribing from marketing emails and by rejecting the use of cookies on our websites (see the Privacy ‘cog’ or link at the bottom of every webpage). When using our apps, if you want to change the settings, go to the ‘My Account’ Link at the bottom of the screen which includes ‘My Privacy’ and takes you to the Consent Management Platform (CMP).

To exercise this request please use our other rights request form.

15.6 Your right to restrict what we do with your information in some circumstances

In certain circumstances, you have the right to restrict our use of your information to simply storing it and using it only for legal claims, protecting the rights of others and matters of important public interest. Those circumstances are: if you dispute the accuracy of information we hold about you; if we do something unlawful with your information but you don’t want us to delete it; if we don’t need the information anymore but you want us to preserve it in connection with a legal claim; or for the duration of the period in which we are considering a valid objection you have raised under your right to object discussed above.

To exercise this right please use our other rights request form.

15.7 Your right to portability

You have the right to receive the personal data concerning you which you have provided to a controller in a portable electronic format, or have it transmitted to another controller, where processing is based upon consent and undertaken by automated means.

To exercise this right please use our other rights request form.

15.8 How to Complain

If you have a complaint or disagree with a decision we have made, we ask that you discuss it with us first by contacting the group Data Protection Officer using our data protection complaints form or via the address given at the top of this Privacy Notice.

You also have the right to complain to your data protection supervisory authority.

In the UK this is the Information Commissioner’s Office:

The ICO’s contact information is:

Information Commissioner’s Office
Wycliffe House
Wilmslow
Cheshire
SK9 5AF

ICO website: https://ico.org.uk/
Helpline Number: 0303 123 1113

In the Republic of Ireland, it is the Data Protection Commissioner:

21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland

DPC IE website: https://www.dataprotection.ie/
DPC IE phone number is 01 7650100 / 1800437 737

If you are based in another EU country, you can find the details of your local supervising authority here. EU SAs

*** Click here to go back to ‘Contents’ ***

16. US and Canadian Residents: relevant laws and rights

Privacy legislation in the US and Canada is evolving and as a result there are special rights for residents of certain states. This section details the existing state laws and consumer privacy rights and will be updated as the new laws are introduced.

We have appointed a Privacy Officer to oversee our data protection and privacy practices, in the US and Canada. Our Data Protection Officer holds this position. If you have any comments, concerns, or questions, including any requests to exercise your legal rights, you can contact our Privacy Officer as follows:

It would be very helpful for us if you could include your full name, your postcode, details of the service you are using and/or account information when contacting us.

This section covers the following:

16.1 California Residents data collection, use and sharing, and privacy rights

16.2 Residents of US states with applicable privacy legislation specific information and privacy rights

16.3 Residents of other states and territories with applicable legislation

16.1 California Residents

This section applies to California residents. It describes how we collect, use and share Personal Information of California residents when operating our business, and their rights with respect to that Personal Information. This section should be read in conjunction with the rest of this Privacy Notice which provides further details on the nature of our data processing.

For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) and amended by the California Privacy Rights Act of 2020 (”CPRA”). It does not include: (i) information that is lawfully made available from federal, state or local government records; (ii) de-identified or aggregated data; or (iii) information excluded from the scope of the CCPA/CPRA.

On some occasions, in order to provide our Services to our clients, we may process service data that we receive from or on behalf of our clients. If you are a California resident, you may have certain CCPA rights with regards to this information. Under the CCPA, when we act as a "service provider" (as opposed to a "business" or a "third party") over such information, we only process your information in a way required to provide our services to our clients, at our clients' direction. If you wish to exercise any of your rights under CCPA regarding such information, please contact the relevant business that collected the information from you, as they control and determine how your information is processed.

16.1.1 Personal Information that we collect, use and share

The table below provides a summary of the categories of your personal information Reach may have collected, the sources of that data, the reasons for collection and who we may have disclosed the data to over the last twelve months. The information gathered in this table may apply to you in different ways depending on how you have interacted with us.

Please see the keys below the table to inform the second and third column:

Category

Business Purpose for Disclosure

Categories of Recipients of Disclosures

Do we share this data?

Personal Information

Identifiers

such as name, email address, billing information, username, any provided phone numbers, such as home, or mobile, online screen name, security questions and password.

P1, P2, P3, P4, P5, P6, P7

D1, D2, D3, D4, D5, D6, D7, D8

No

Commercial Data

such as records of your purchases and transaction data.

P1, P2, P3, P4, P6, P7

D1, D2, D3, D6, D7, D8

No

Customer Records

such as financial or payment information to process payments and information about your transactions and purchases with us.

P1, P7

D2, D6, D7, D8

No

Internet & electronic network activity information

including, but not limited to browsing history, search history, and information regarding interactions with an internet website, application, or advertisement, including other usage data related to your use of any of our Services or other online services. Please see our Cookie Notice for further information.

P1, P2, P3, P4, P5, P6, P7

D1, D2, D3, D4, D5, D6, D7, D8

Yes

Device information and identifiers

such as IP address; browser type and language; operating system; platform type; device type; software and hardware attributes; and unique device, advertising, and app identifiers.

P1, P2, P3, P4, P6, P7

D1, D2, D3, D4, D5, D6, D7, D8

Yes

Geolocation Data

such as general location, and, if you provide permission, precise GPS location.

P1, P2, P3, P4, P6, P7

D1, D2, D3, D4, D5, D6, D7, D8

Yes

Sensory Data

such as audio recordings if you call our customer service or volunteer this information as part of using our services and photographs in connection with your social media account

P1, P2, P5, P7

D1, D2, D6, D7, D8

No

Financial Data

such as credit or debit card number, verification number, and expiration date, to process payments and information about your transactions and purchases with us.

P1, P7

D2, D6, D7, D8

No

Social media information

(which may include personal identifiers, photos, location, user generated content, demographic information). If you link your account or access the Services through a third-party connection or log-in, we may have access to any information you provide to that social network depending on your privacy settings, such as your name, email address, photo, location, and current city; and information you provide to us directly through our pages on social networking and blogging platforms (e.g., Facebook, Instagram, YouTube, and Twitter).

P1, P2, P3, P4, P5, P6, P7

D1, D2, D3, D4, D5, D6, D7, D8

No

Research, survey, or sweepstakes information

(including personal identifiers and user generated content) collected if you participate in a survey or sweepstakes; includes information needed for you to participate (such as contact information), and to fulfil your prize.

P1, P2, P3, P4, P5, P6, P7

D1, D2, D3, D5, D6, D7, D8

No

Inference Data

including inferences drawn from any of the information identified above to create a profile reflecting a consumer’s preferences, characteristics, behaviour or attitudes.

P1, P2, P3, P4, P6, P7

D1, D2, D3, D5, D6, D7, D8

No

Sensitive Personal Information

Account log-in in combination with any required security questions or password collected if you create an account with us.

P1, P2, P7

D2, D6, D7, D8

No

Data collection key

Purposes

Disclosures

16.1.2 Sharing of your data

16.1.3 Sources of Personal Information.

In general, we may collect the categories of personal information identified in the table above from the following categories of sources:

16.1.4 California Residents’ Rights.

As a California resident, you have the following rights (subject to certain limitations):

In the past 12 months, we have shared your Personal Information with third parties in the following circumstances:

16.1.5 Do Not “Sell” or “Share” My Personal Information

California residents may opt out of the “sale” or “sharing” of their personal information.

To opt out of the “sale” and “sharing” of your information.

Please note that a ‘Do Not Sell or Share My Personal Information’ request does not cover information that has previously been disclosed to third parties for these purposes and does not prevent the ongoing disclosure of data to our service providers.

16.1.6 Limit the use of your Sensitive Personal Information.

California residents have the right to limit the use or disclosure of their sensitive personal information ("SPI") if we are using your SPI beyond what is reasonable and proportionate to provide the requested goods or services. While we recognise opt-out preference signals (aka, Global Privacy Controls) when required to do so by law, given the specific methods by which Reach may collect your SPI in the limited circumstances it collects SPI, opt-out preference signals would be an ineffective and technologically impractical means for honouring limit the use requests. Therefore, please make your request to limit the use of your SPI using the rights request form or by emailing [email protected] quoting ‘California Privacy Rights-(insert name of Reach Group brand)’ in the subject header and state ‘Limit the use of Sensitive Data’. We reserve the right to ask for evidence of your residency in California before processing your request.

16.1.7 Exercising your rights to Information Access and Deletion

California residents wishing to exercise their right to access their personal information or request that we delete it can do so using the rights request form or by emailing [email protected] quoting ‘California Privacy Rights-(insert name of Reach Group brand)’ in the subject header and state which right(s) you wish to exercise.

We will take steps to verify your request by (i) sending you an email confirmation to which you must respond to confirm your request; and (ii) matching the information provided by you with the information we have in our records. You must complete all required fields on our webform (or otherwise provide us with such information to verify your request.

We will process your request based upon the personal information in our records that is linked or reasonably linkable to the information provided in your request. In some cases, we may request additional information in order to verify your request or where necessary to process your request. If we are unable to adequately verify a request, we will notify the requestor.

16.1.8 Our Response Time to Your Request

We will make every effort to respond to your request within forty-five (45) days from when you contacted us. If you have a complex request, the CPRA allows us up to ninety (90) days to respond. We will still contact you within forty-five (45) days from when you contacted us to let you know we need more time to respond and the reason for the extension.

16.1.9 Authorised Agents

Authorised agents may initiate a request on behalf of another individual by providing evidence of authority from the individual; authorised agents will be required to provide proof of their authorisation and we may also require that the relevant consumer directly verify their identity and the authority of the authorised agent.

16.1.10 Shine The Light

California residents may request and obtain a list of any third parties that we have disclosed personal information to over the previous calendar year for the purposes of sending you direct marketing about the third party’s own products and services. If you would like to request this information please contact us using the rights request form or by emailing [email protected] quoting ‘California Privacy Rights-(insert name of Reach Group brand)’ in the subject header and state which right(s) you wish to exercise.

*** Click here to go back to ‘Contents’ ***

16.2 Residents of US states with applicable privacy legislation

This section applies solely to individual residents of States with applicable privacy legislation including, but not limited to Virginia, Colorado, Connecticut, Utah, Oregon and Texas. It describes how we collect, use and share Personal Information of residents when operating our business, and their rights with respect to that Personal Information. This section should be read in conjunction with the rest of this Privacy Notice which provides further details on the nature of our data processing.

16.2.1 Personal Information We Collect

We may collect the following types of Personal Information about you as described below:

A. Personal Information You Provide to Us

In using our Products, you may provide us with Personal Information, which may include (the examples provided are illustrative and not intended to be exhaustive):

You agree that you will provide to us only your own Personal Information, or the Personal Information of those whom you have the legal right to provide (such as in your capacity as a legal guardian). You agree to provide us with accurate Personal Information.

B. Personal Information We May Automatically Collect About You

Our Products may automatically collect certain Personal Information about you. This Personal Information may include the following (the examples provided are illustrative and not intended to be exhaustive). Any of this information may be combined with other Personal Information we may have or obtain about you from your use of our Products or from third parties as described below in “Personal Information We May Receive from Third Parties.”

C. Personal Information We May Receive from Third Parties

We may collect or receive additional Personal Information about you from third-party websites and apps, social media platforms and video viewing platforms, such as, but not limited, to Facebook, Twitter, TikTok, Instagram, SnapChat and YouTube (“Social Media Platforms”), third party data providers, and sources providing publicly-available Personal information (e.g., from the U.S. postal service) for the purposes described in “How We Use Personal Information” section below.

Personal Information we may access from Social Media Platforms may include, but is not limited to:

Please keep in mind that when you provide Personal Information to us via a third-party website or platform (for example, via our applications on a mobile device or by logging into any of our Products via a social media account), the Personal Information you provide to us may be separately collected by the third-party website or platform or the Social Media Platform. Please review the privacy policies of the applicable third-party or Social Media Platform for their privacy practices. Also, please be aware that if you are logged into your social media account when you are visiting our Products, the Social Media Platform you are logged into may track your activities on our Products.

16.2.2 How we Use Personal Information

A. Use and Purpose of Processing Your Personal Information

We use and process your Personal Information for the following types of purposes (the examples provided are illustrative and not intended to be exhaustive).

B. Disclosing Your Personal Information to Other Parties

We may disclose your Personal Information to other parties, including:

In order to provide advertisements and content that are more relevant to you, we and our advertising and content providers may collect certain types of Personal Information when you use our Products (such as, by way of example, your email, the IP address of your device, the identifier on your mobile device, or cookies stored on your device). We may combine this information with other information we have, or that we collect through other sources, and may share the information we collect with third parties to provide interest based or targeted advertising and content, including textual and/or audio-visual ads or content. In addition, our advertising partners and Social Media Platforms may use information received from us to combine it with other information they may have obtained about you through other sources or through your relationship with them. If you would like to opt out from this use, or for more information, please see our Cookie Policy for more information. We do not sell your sensitive personal data.

16.2.3 Residents Rights

Privacy laws in some US states give residents certain rights with respect to their personal data.

These rights include:

16.2.4 Exercising these Rights

How to exercise your right to information, access, and deletion

You may exercise your privacy rights by submitting the rights request form or by emailing [email protected] quoting ‘US Privacy Rights (insert name of Reach Group brand)’ in the subject header and detail which right(s) you wish to exercise, and the US state you live in.

How to exercise your right to opt-out of the “sale or sharing” of your Personal Information

16.2.5 Our Response Time to Your Request

We will make every effort to respond to your request within forty-five (45) days from when you contacted us. If you have a complex request, the legislation allows us up to ninety (90) days to respond. We will still contact you within forty-five (45) days from when you contacted us to let you know we need more time to respond and the reason for the extension.

Residents of certain states, including Virginia, Colorado, Connecticut, Oregon and Texas may appeal a refusal to take action on a request by contacting us by emailing [email protected].

*** Click here to go back to ‘Contents’ ***

16.3 Other residents with applicable legislation

Residents may be covered by other local state data protection or privacy legislation. To exercise these rights please use the rights request form, to submit a request in relation to your data rights.

16.3.1 Nevada Privacy Rights

Reach does not currently sell your personal data, as defined by Nevada Law, for monetary compensation to third parties for their own purposes. Nevada residents, however, may request that we include their name on a do-not-sell list in the event Reach were to do so in the future. Please email us at [email protected] if you want to place your name on the do not sell list.

16.3.2 Canadian Residents

Federal and provincial laws in Canada, such as the Personal Information Protection and Electronic Documents Act 2000 (PIPEDA) and Quebec’s Bill 64 (Law 25) give residents certain rights with respect to their personal data.

Your Rights and Choices.

If you are a Canadian resident you may be able to exercise certain rights with respect to your personal information that we collect and control:

We may need to verify your identity before processing your request, which may require us to request additional personal information from you. In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or locate your information in our systems, or as permitted by law.

We will attempt to respond to your request within thirty (30) days. We will advise you in writing if we cannot meet your request within this time limit.

To exercise these rights please use the our rights request form or contact us by emailing [email protected].

*** Click here to go back to ‘Contents’ ***