1. This Privacy Notice (the “Notice”) (together with any other of our terms and conditions, and any other documents referred to in them) sets out the basis on which any personal data we collect from you, or that you provide, will be processed by us. Please read this Notice carefully to understand our views and practices regarding your Personal Data and how we will treat it. This Notice was reviewed and updated in March 2023.
2. We may update this Notice at any time, and we will provide you with a new Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your Personal Data.
3. The Editorial Hub Ltd (“TEH”) (a company registered in the UK under company number 08976631) is a data controller registered as such with the UK Information Commissioner’s Office under registration number ZB005079. You may contact us at our registered office at Whiteleaf Business Centre, 11 Little Balmer, Buckingham, MK18 1TF or by email via [email protected].
4. We will refer to TEH as “Company”, “us”, “we” or “our”, which operates http://www.theeditorialhub.com (the “Site”). The users of our Site and other business or personal contacts that we deal with as customers or suppliers are referred to as “you” or “your”. This Notice explains what happens to any personal data that you provide, or that is collected from you as part of our usual business, marketing and/or accessing our Site.
5. Personal data (“Personal Data”) means any information relating to an identified or identifiable person. We will only use your Personal Data as set out in this Notice and in a way that is fair to you. We will only collect Personal Data where it is necessary and where it is relevant to our dealings with you. We will only keep your Personal Data for as long as it is relevant to the purpose for which it was collected or for as long as we are required to keep it by law.
INFORMATION WE COLLECT
6. The majority of the data that we collect and store will be business data relating to the businesses that we are dealing with, our contractors, and contracts that are being undertaken. We may also hold Personal Data for prospective client and engaged clients.
7. As part of our business and marketing processes we will process limited Personal Data to include:
a. Your name, email address, job title, IP address, mobile phone number (where applicable).
b. Your domain name and email address, which are recognised by our servers and the pages that you visit may be noted. We shall not divulge your email address to any third party without your consent.
HOW WE USE YOUR INFORMATION
8. We can only use Personal Data if we have a proper reason, for example:
a. to comply with our legal and regulatory obligations;
b. for the performance of a contract with you or to take steps at your request before entering into a contract; or
c. for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your Personal Data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
9. We may also use Personal Data to provide you with information regarding our business and the services that we offer. We may from time to time use Personal Data to keep in touch with our contact base and to deliver targeted information-based or marketing communications. We are aware that customers and contacts will also be accessing our website and that by accessing the Site, you agree to the collection and use of information in accordance with this Notice.
10. We will use Personal Data to send updates (by email, text message, telephone or post) about our services, including exclusive offers, promotions, new services or events. In these circumstances we will be relying on a legitimate interest to use Personal Data for marketing purposes which does not usually need your consent. You have the right to opt out of marketing communications at any time by:
a. contacting us at [email protected];
b. using any available ‘unsubscribe’ link in emails or ‘STOP’ number in texts.
11. We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
12. We will always treat your Personal Data with the utmost respect and never sell it with other organisations for marketing purposes.
WHERE WE STORE YOUR PERSONAL DATA
13. All information you provide to us electronically is stored on our secure servers. We use industry standard security and firewalls on our servers and password protections.
14. Hardcopy data is stored in a secure location on our site or held in a secure archive facility.
15. We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your information. This includes only allowing authorised personnel and contractors have access to your information.
DATA SECURITY AND SHARING
16. We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
17. Since all Personal Data is confidential, access is limited to employees, contractors and agents of the Company, who have a need to know such data in carrying out their tasks. All the people who have access to your Personal Data are bound by a duty of confidentiality and subject to disciplinary actions and/or other sanctions if they fail to meet these obligations.
18. We only allow organisations to handle your Personal Data if we are satisfied they take appropriate measures to protect that data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you. We may also share Personal Data with:
a. our external auditors e.g., in relation to the audit of our accounts, in which case the recipient of the information will be bound by confidentiality obligations;
b. our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
c. law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations; or
d. other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition or asset sale or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.
19. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. However, while we strive to protect your Personal Data, in light of the inevitable risks of data transmission over the internet, we cannot guarantee full protection against any error occurring during the course of Personal Data transmission which is beyond the Company’s reasonable control.
20. Customers: we need to keep your Personal Data to allow us to ensure compliance with the contract. We keep a record of these orders for at least 6 years after the contract to ensure compliance with that contract. We may keep limited Personal Data of customers to include contact details and transactional history for longer than this 6-year period, as we have a legitimate business interest to keep such records, as many of our customers return to us several years later for our services and this assists our business to ensure that our customers are provided with the best possible service.
21. Recruitment: We hold unsolicited CVs and covering letters for no more than 12 months from the date of last contact. We hold CVs and covering letters and peripheral communications relating to candidates we have interviewed for no more than 12 months from the date of last contact although we may hold a note of our decision not to recruit for longer in order to satisfy our legal and regulatory obligations.
23. We also use Google Analytics which stores a unique value for each page visited and is used to count and track pageviews. This data is stored for 1 day. Google Analytics also uses a cookie to distinguish between unique visitors to our site by assigning them a random identifier which expires after 2 years. These tools help us to monitor engagement on our website.
24. We also use Google Universal Analytics which is used to steady the use of our website. The cookie for this tool expires after 1 minute.
25. Our website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of those websites, please note that those websites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any Personal Data to those websites.
RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
26. It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your working relationship with us.
27. Under certain circumstances, by law you have the right to:
a. Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
b. Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
c. Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
d. Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
e. Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
f. Request the transfer of your Personal Data to another party.
28. If you want to review, verify, correct or request erasure of your Personal Data, object to the processing of your Personal Data, or request that we transfer a copy of your Personal Data to another party, please contact [email protected]. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
29. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
RIGHT TO WITHDRAW CONSENT
30. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
31. You can withdraw any consent you have given us under this Notice at any time by contacting [email protected], referencing this Notice in the email subject line, using the body of the email to say what consent you are revoking. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
32. In the main we act as a data processor of Personal Data on behalf of our clients. This means we do not have autonomy over most of the Personal Data we process and we process this only on the instruction of our clients who are in the main data controllers.
33. Where we process Personal Data belonging to individuals based in the European Economic Area we do so occasionally and in a manner which does not result in a risk to the rights and freedoms of the individuals concerned. In the main we will process Personal Data as a data controller for individuals based in the EEA in their capacity as a point of contact for our client, and for this reason we have not appointed an EU Representative.
34. If you are concerned about the manner in which we are processing your Personal Data, or have interacted with you regarding our processing of your Personal Data, you should raise this with us in the first instance using the contact details given above. Ultimately, you are entitled to raise your concerns with the UK’s Information Commissioner’s Office (“the ICO”) who can be contacted by telephone (0303 123 1113) or online: https://ico.org.uk/global/contact-us/contact-us-result/. Alternatively, you may write to them at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.