Oxon Hoath policy for GDPR
Who are we
Tindle Newspapers Limited are committed to protecting your personal information and making every effort to ensure that personal information is processed in a fair, open and transparent manner.
TNL are a ‘data controller’ for the purposes of the DPA 1988 and from 25 May 2018 the EU GDPR 2016/679, which means we are responsible for, and control the processing of, your personal information.
If you wish to contact us, you can do so by post to Tindle Newspapers Limited, Old Court House, Farnham, Surrey GU9 or use our contact page here
Our obligations under the act:
- If you hold and process personal information about your clients, employees or suppliers, you are legally obliged to protect that information.
- Only collect information that you need for a specific purpose.
- Collect and use information about people fairly and lawfully, without unwarranted harm or intrusion into their private life.
- Don’t use the information for any non-journalistic purpose.
- Ensure the information is adequate, relevant and not excessive for publishing purposes
- Keep the information secure and maintain records of data that is stored.
- Ensure the information is relevant and up to date.
- Only hold as much as you need and for as long as you need it.
- Don’t send the information to anyone not authorised to receive it.
- Allow the subject of the information to see it on request.
Who is responsible?
Our data controller is the General Manager for the newspaper located at each centre, you can find their contact details here. They are legally responsible for the information that is stored and protected.
All our staff who collect, store and use information are data processors under the act. They are aware of the terms of, and will comply with, GDPR.
Freelance journalists or bloggers are themselves counted as data controllers and will be responsible for the information they provide to newspapers.
We will be open and honest about the information we are collecting, processing and storing. People should know if we are collecting information about them or from them, unless journalistic reasons preclude this.
Those with whom we do business will be told what data is being retained and how their data is going to be stored.
For the commercial side of the business, there will be an audit trail to show that consent has been given for use of details and retention.
Where possible journalists will have an audit trail to show that consent has been given for use of details and retention. Covert methods will only be used if we are confident this is justified in the public interest.
Where controversial decisions are made, there is appropriate record-keeping to show justification for this. Such decisions are made by the data controller.
We will only collect information about someone’s health, sex life or criminal behaviour if we are confident it’s relevant and the public interest in doing so sufficiently justifies the intrusion into their privacy.
Retaining and storing information:
We will keep personal information to do with the commercial side of our business only as long as it is necessary and only as much as is necessary. However, for the editorial side of the business, often this will need to be kept forever for journalistic purposes.
Data retained and processed for the commercial side of the business will include names, addresses, telephone numbers and e-mail addresses if we have been given permission to retain them. You can opt out or ask for data to be removed at any time by contacting the data controller.
For journalistic purposes, data will be used for the researching, compiling and publishing of articles in print and online.
Such information will need to be retained for legal reasons, for follow-up articles, for a paper trail for correspondence, for points of contact, and for other reasons associated with the running of a newspaper and its associated website.
Articles will be published on our website and then archived. Published newspapers are also stored in libraries and our e-editions of newspapers are stored through our websites.
Commercial and editorial information will be stored on computers, on servers, on phones and in the cloud, all of which will be password-protected. Some information will also be stored in notebooks which will be securely locked away or kept safe when away from the office.
We will review the information from time to time to ensure it’s still relevant and up-to-date and delete any we no longer need. If asked, we will be able to show that this is being done.
We will keep personal information only as long as it is necessary and only as much as is necessary.
For journalistic work, we follow the IPSO Code of Conduct to ensure compliance with the GDPA.
We will be able to show that we have taken reasonable steps to check facts and record personal information correctly.
If the published story, in print or online, is later shown to be inaccurate, records will be updated to avoid repetition and online archives will have a correction attached. Where the information has been passed to a third party (such as SWNS) we will make sure that they are informed of the inaccuracy.
We will make sure that information about people is secure by taking reasonable steps to stop it being lost, stolen or misused.
We have password protection on computers, phones, laptops and tablets. Notebooks, folders and memory sticks are kept secure at all times – locked in cupboards in work and not left unsecured if away from the office.
All information is either locked away, password-protected or encrypted. Any redundant computers are wiped of all personal information.
All staff have knowledge of, and are compliant with, Tindle Newspapers’ security policies and procedures.
Our Privacy Notice can be viewed on our website by going to www.tindlenews.co.uk
Subject access requests:
Individuals can make a written request to find out what information our newspapers hold about them, where it was obtained from and ask for copies of information and to see the complete data trail. This will be complied with within 30 days and will not usually incur a charge.
Such request will be dealt with by the data controller and should be made in writing by e-mail or post to that person.
We will refuse or charge for requests which are manifestly unfounded or excessive. If we are refusing, we will tell the individual why and tell them they have the right to complain to the supervisory authority.
Digital Partner Privacy Policies used my Tindle Newspapers Ltd.
Please contact the General Manager via our contacts page here should you wish a link to any of our digital partners privacy policies.