The Immediate Media Group (‘Immediate’ or ‘we’) is committed to protecting the personal data you provide to us or we collect about you when you buy any of our magazines or products, visit an event or use any of our digital platforms (our ‘services’).
- WHO ARE WE?
- TYPES OF INFORMATION WE MAY COLLECT ABOUT YOU
- HOW WE LOOK AFTER YOUR INFORMATION
- HOW AND WHY WE USE YOUR INFORMATION
- WHO WE SHARE YOUR INFORMATION WITH
- HOW LONG WE HOLD INFORMATION FOR
- YOUR RIGHTS
- HOW TO CONTACT US
You can click on any of the links above to find out more.
Please note: If you are aged 18 or under, you must get your parent/guardian’s permission before you provide us with your personal data. Unless your parent/guardian has given us this permission, please don’t give us your information.
This policy may be updated from time to time to keep up with legal and/or business developments, so please check each time you submit personal data to any of our services. The date of the most recent changes will appear at the start of each section of this policy.
Who are we?
Which companies are in the Immediate Media Group and who is your data controller?
- Immediate Media Company Limited, the parent company of the companies listed below.
- Immediate Media Company London Limited, publisher of these brands.
- Our Media Limited, publisher of these brands.
- Upper Street Limited and River Street Limited, who run live events under the “Immediate Live” trading name.
- The company responsible for your personal data (the “data controller”) will depend on the nature of your interaction with us:
- For example,
- If you have purchased a print or digital magazine subscription from us, Immediate Media Company Limited will be the data controller of your personal data.
- If you have purchased tickets to an Immediate Live event, either Upper Street Limited or River Street Limited will be the data controller (this will depend on which company is running the specific event).
- If you have signed up to one of our e-newsletters, or agreed to receive one of our marketing or promotional emails, the data controller will usually be the publisher of the magazine brand or website who is communicating with you via email.
- If you have entered one of our competitions, the publisher of the brand running the competition will usually be the data controller (please see competition T&Cs for more details).
- If you’ve signed up to, or bought tickets for, an online event (e.g., a webinar) hosted by one of our brands, the publisher of the relevant brand will be the data controller.
The contact information for all our organisations is the same, so don’t worry too much – If you have any questions about how we use your personal data, please email firstname.lastname@example.org.
Types of personal data we may collect about you
When you engage with any one of our services (our magazines, websites, apps, competitions, newsletters, online shops etc.), we may collect personal data about you. Different services may require different types of information.
Here is some examples:
- Personal data you give to us: This includes information provided at the time of buying any of our products or services, subscribing to any services or marketing, creating a user account, posting material, filling in a survey or requesting further services. We will also ask you for personal data when you enter a competition or when you report a problem with our services. This information will normally include personal data about yourself (such as your name or date of birth) and contact details (such as address, email address, telephone number etc).
- Information about your location: if you have enabled location services on your device, we may collect information about your actual location. You can disable location services at any time by updating your preferences on your device.
- Information about transactions: if you purchase something from us, we will make a record of the details of that transaction, including what products/services you have bought and details of the payment made.
- Contact information: if you contact us, we may keep a record of that correspondence.
As well as collecting information directly, we may receive personal data about you from third parties (such as our business partners) where you have provided your permission to them to share your information, or they are otherwise legally permitted or required to disclose your personal information to us. We may also collect information gathered from publicly available sources and social media platforms.
We may also compile and share aggregated data, such as statistical or demographic data. This gathers together your personal information and that of others in an aggregated, anonymous way. It does not reveal your identity.
If you don’t provide the personal data we have requested where we are required to collect this by law, or to perform our contract with you, we may be unable to perform the contract we have or are trying to enter into with you. However, we will notify you if this is the case.
How we protect your personal data
What do we do to make sure that your data is safe and used only for the purposes it was collected for?
We are committed to protecting your personal information, and we have appropriate procedures and security features in place to keep it secure and prevent unauthorised access.
Unfortunately, transmission of information via the internet is not completely secure. Although we do our best to protect your information, we cannot guarantee its security and when giving us your information you do so at your own risk.
The information that we collect from you may be transferred to, stored at, or accessed from a destination outside the European Economic Area (which consists of the EU, Iceland, Norway and Lichtenstein) by us (or by someone acting on our behalf) where it is necessary to fulfil an order, process payment details or provide you with other services. Where this is the case, we will always ensure that appropriate protection is in place to safeguard your personal information.
How and why we use your personal data
We may use your information for a number of purposes, depending on how and where we receive it. We will always do so on a lawful basis, which will normally be one of the following justifications
We may use your information for a number of purposes, depending on why we receive it. We will always do so in one or more of the lawful ways set out here:
We will explain why we would like to use your data, and ask for your permission (consent) to do this. For example, where:
- we would like to send you e-newsletters, or special offers and/or promotions from the service you are using/brand you have purchased (which may also feature relevant offers from our business partners) and/or the Immediate Group. We will send you these messages by email and/or push notification (where applicable and permitted by your app store);
- we would like to pass your information to carefully selected organisations to allow them to tell you about their special offers or products and services that may be of interest to you;
- we process more sensitive “special categories” of personal data about you, such as your health;
- we require information about an individual under the age of 18 in your care for any purpose (including running a competition, organising an event, or publishing photographs of, or artwork created by, that child); and
Where our processing of your information is based on your consent, you can withdraw this consent at any time by emailing email@example.com, by changing your account settings if you have an online account with us, or by changing your website browser or mobile device settings in relation to cookies (you can learn how to do that in our Cookies Policy.
You will also be given a straightforward way to opt out of our emails each time you receive a communication from us – an unsubscribe button will appear in the footer of all of our e-newsletters and marketing emails. Please note that it may take up to two weeks to implement changes to your preferences.
To perform our contract with you
We need to use your personal data to provide you with the product or service you have ordered. For example, we will do this:
- to meet product orders, requests for services or information and to process payments and any other requests you make of us;
- if we need to contact you for reasons related to the service you have signed up for e.g. to provide you with password reminders, to inform you of new or improved benefits relating to the product or service, or to notify you that a particular service has been suspended for maintenance;
- to tell you about changes to our services;
- to manage our competitions and contact the winners; and
- to enable other people or businesses to carry out work on our behalf.
Sometimes we will use your personal data for specific purposes we have carefully considered, taking into account any potential impact on you and your rights, where it will help us to enhance the services we provide and benefit our customers. This may include:
- sending you editorial or promotional messages or email in relation to products and services similar to those you’ve previously purchased from us, (unless you’ve asked us not to);
- to personalise or improve our communications with you. For example, we may use your purchase or booking history with us to provide you with tailored information about other products or services which are more likely to be of interest to you (unless you’ve asked us not to);
- for statistical and analytical purposes, to help us understand our audiences, improve the products and services we offer, and to determine the price we should charge for digital advertising;
- to contact you about a submission or contribution you have made to our websites, message boards or magazines, including any content you provide;
- to invite you to participate in surveys about our services (participation is always voluntary), in order to help us improve these in future;
- to keep our records up to date, including any correspondence or communications between us;
- to administer and protect our business and websites (including troubleshooting, system maintenance, testing, reporting etc);
- to contact you by phone and/or post with details of special offers or promotions that we think may be of interest to you, where we have explained this when we collect your information and you have not opted-out of receiving such messages. We may also contact you about renewing your subscription when this has lapsed. Please note we will not contact you for these reasons if you are registered with the Telephone Preference Service (for phone) or Mailing Preference Service (for mail);
- for management and auditing of our business (including the preparation of statistics about circulation and usage of our products);
- to investigate and protect against fraudulent, unauthorised, or illegal activity; and
- providing your information to buyers in the event of a sale or potential sale of any member of the Immediate Group (or any of our assets) to a third party.
Where we process your information based on our legitimate business interests, you may object to this at any time and we will stop using it for that purpose unless we have compelling legitimate grounds or other legal reason for continuing to use it. Please see “Your rights” for further information.
We are entitled to process your personal information where we are under a legal or regulatory obligation to do so.
Who we share your personal data with
Generally, we will only use your personal data within the Immediate Media Group to provide you with the service or product you have requested, or to provide you with information about other Immediate products or services where we have your permission or a legitimate interest in doing so (see “How and why we use your information”).
We will also disclose your information to other trusted third parties with your consent, or where we have justification for doing so (see “How and why we use your information”). This may include:
- with a third party who is helping us to provide a service to you, such as payment processors, customer management and assistance, drawing competition winners, prize providers, debt collection, credit checks and/or our IT and database services;
- with a third party who is helping us develop and improve our services to you, such as analytics providers;
- with a third party who is helping us select and deliver interesting and relevant advertising to you and/or other potential customers, such as advertising networks (including the IAB’s TCF 2.0 framework), social media platforms, and search engines. We may also occasionally share anonymous data segments with advertisers to help them make their advertising outside our sites more relevant;
- with our trusted business partners to provide insight and analysis of our customers, or where you have told us you would like to receive offers/promotions from those partners;
- with third party auditing organisations such as the Audit Bureau of Circulations (ABC) for reporting purposes, and to review our policies, processes and procedures for compliance with relevant standards;
- with relevant third parties such as your employer or email or internet provider if you post or send offensive, inappropriate or objectionable content anywhere on our services, or otherwise engage in any disruptive behaviour; and
- when the disclosure is required or permitted by law (e.g. to government bodies and law enforcement agencies).
Similarly, our services may contain links to websites or apps that are owned and operated by other organisations, and which have their own privacy policies that govern their collection and use of your personal information. Your use of such websites is therefore at your own risk.
Where we pass personal information to a third party acting on our behalf (our “data processors”), in addition to the measures set out above we also require them to treat this information with at least the same protection we do. We only permit them to process your personal data for specified purposes, and in accordance with our instructions. We do not share more information with them than is necessary for the relevant purpose.
How long do we keep personal data?
We collect all personal information for one or more specific purpose (see “How and why we use your information”). This means that we hold your information on our systems for as long as is necessary to fulfil the purpose, or as long as is set out in any relevant contract you hold with us. Once that purpose has been fulfilled, we will securely delete the data, unless we are required to keep the data longer for legal, tax or accounting reasons. For example, if you change your registration profile to opt-out of receiving communications from us, your relevant details will stay on the system so we can ensure that we do not contact you in the future.
Alternatively we will anonymise your information, so that we (or anyone else) can no longer tell that the data relates to you, at which point your information will cease to be considered personal information.
Your rights and further information
UK/Europe – GDPR
If you live in the United Kingdom or Europe, you have the following rights in relation to the personal data we hold about you:
- Access – you can ask us for a copy of any personal information that we hold about you. You can make a “data subject access request” (DSAR) by emailing our data protection team at firstname.lastname@example.org. Please title your email as “DSAR Request” and provide the following details: your name; the email address to which your data is likely to be associated (this may be different to the address you are contacting us on); your subscription number or other ID number (this will help us to identify your account, and prepare your data for disclosure quicker); and details of the specific information you would like to receive. A copy of your data will be provided electronically and we will send you instructions on how to securely access this by email. If you require a hard copy of your data, please just let us know.
- Withdrawal of consent – where you have given us your consent to process your personal data for a particular purpose (or purposes), you can withdraw this permission at any time by letting us know – either by clicking “unsubscribe” in our e-newsletters and marketing emails, or by emailing our data protection team at email@example.com
- Objection – you can tell us that you object to the processing of your personal data where, for example, we are using it for direct marketing purposes, or we are processing it on the grounds of “legitimate interests” (see above) and you feel it impacts on your rights in a negative way. If we feel we have compelling reason to carry on this processing we will let you know, otherwise we will no longer use it for that purpose.
- Deletion – we use reasonable efforts to delete your data when we no longer need it (see “How long we hold your information for” ). However, you can also ask us to delete your personal data from our records in certain circumstances – for example, where you have withdrawn your consent for us to use it (see above). Data deletion, or “Right to Be Forgotten”, requests can be made by emailing firstname.lastname@example.org. In some circumstances, deleting your data from our records may result in the cancellation of subscriptions or other services – we will let you know if this is the case so that you can consider your options. If we are unable to comply with your request for legal reasons, we will tell you this.
- Corrections – we use reasonable efforts to keep personal information we hold about you up to date, but you can request that we amend any inaccurate or incomplete personal data that we hold.
- Restriction – you can request that we suspend the processing of your personal data where, for example, you object to our processing of it (see below) or while we correct any inaccuracies.
- Transfer – you can ask for any personal data you have previously provided to us to be transferred to you in a usable electronic format, or to a third party (where this is technically feasible), so you can use it elsewhere.
We try to respond to all legitimate requests as quickly as possible, and in any event within one month -unless your request is particularly complex or you have made a number of requests, in which case it may take longer. If this is the case, we will keep you updated.
California – California Consumer Privacy Act (CCPA)
If you live in California, you have the following rights in relation to any personal data we hold about you. Please note, these rights are not absolute, and in certain cases we may not be in a position to comply with your request.
- Access: You have the right to request access to the personal data we’ve been holding about you for the past twelve months and we must comply with requests within forty-five days. In practice, we will usually be able to provide data beyond 12 months and respond to your request within one month, as we do for our UK/European users. Please note that requested data will be sent to you electronically. Please see “Your Rights: UK/Europe – GDPR” for details on how to make an access request.
- Deletion: Similar to UK and European users, you have the right to ask us to delete personal data we may hold about you. Please see “Your Rights: UK/Europe – GDPR” for details on how to make a deletion request.
- Right to Opt-Out of Sale of Personal Data: We may share your data with third parties in the following circumstances, which California law classifies as a “sale” of your personal data:
- sharing your data with third parties with your express consent (e.g. where you opt in to receive third party marketing or where you have requested to be contacted by a third party);
- with third-party marketing partners for commercial use, including for digital and programmatic advertising purposes; and
- supplying attendee data to third parties who provide services in connection with our events, and sending your data to suppliers of certain products and services (where you have consented to hear from such third parties).
If you’d like to opt-out of any of the above uses of data, please contact us on email@example.com.
- Non-Discrimination: We will not discriminate against you for exercising any of your California Consumer Privacy Act rights.
We will deal with requests for access to your personal data within forty-five (45) days for California-specific requests.
To help us respond as you expect, please specify that you are making a request under the California Consumer Privacy Act or CCPA. We may need to request specific information from you to help us confirm your identity.
How to contact the DPO
The Data Protection Officer, Vineyard House, 44 Brook Green, Hammersmith, London, W6 7BT, United Kingdom
It would be very helpful for us if you could include your full name, user name or subscription number (if applicable), your postcode, details of the service you are using and/or your magazine subscription information when contacting us.
If you are unhappy with the way we have handled your personal data, or how we have responded to any request, please let us know using the contact details set out above. We’d like to have the opportunity to resolve any of your concerns. However, if you’re still not satisfied, you may also contact the Information Commissioner’s Office (www.ico.org.uk).
Last updated: 29/07/2022