Tech City News Limited, the publisher behind the technology news outlet UKTN, has released a comprehensive update to its privacy policy, effective 4 February 2024. The revised document aims to inform website visitors and subscribers about how their personal information is handled, in compliance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

The policy applies to all individuals who interact with the UKTN website, including those who sign up for newsletters, purchase subscriptions, participate in competitions, or simply browse the site. It replaces previous versions and is designed to be layered, allowing users to click through to specific sections of interest.

Who Is Responsible for Your Data?

The data controller is Tech City News Limited, registered at 124 City Road, London, EC1V 2NX. The company has appointed Marco Callegari as Data Protection Officer (DPO). Users can reach the DPO via email at mydata@wearemvi.com or by phone at 0208 150 8286. The policy encourages users to contact the DPO with any questions or concerns before raising issues with the Information Commissioner’s Office (ICO), the UK’s data protection authority.

What Personal Data Is Collected?

UKTN collects several categories of personal data, grouped under Identity Data (such as name, title, date of birth), Contact Data (including email address and phone number), Financial Data (bank account and payment card details), Transaction Data (payment history and purchased products), Technical Data (IP address, browser type, operating system), Profile Data (username, preferences, survey responses), Usage Data (how the website is used), and Marketing and Communications Data (marketing preferences).

The policy explicitly states that special categories of data (e.g., race, religion, health, biometrics) and criminal conviction data are not collected. Aggregated statistical data may be derived from personal data but is considered anonymous and can be used for any purpose.

How Is Your Data Collected?

Data is gathered through three main channels. First, direct interactions: when a user fills in forms, creates an account, subscribes, or provides feedback. Second, automated interactions: through cookies and similar technologies that collect Technical Data as users browse. UKTN uses a cookie policy that users can review. Third, from third parties: including analytics providers like Google and advertising networks like Google DoubleClick for Publishers, which may transmit Technical Data to UKTN.

How Is Your Data Used?

The lawful bases for processing personal data include performance of a contract (e.g., delivering paid subscriptions), legitimate interests (e.g., improving the website, marketing, fraud prevention), and compliance with legal obligations. The policy includes a detailed table listing each purpose, the data types involved, and the legal basis. For example, processing payments relies on contract performance, while sending relevant advertisements relies on legitimate interests. Consent is primarily used for third-party direct marketing via email or text message, and users can withdraw consent at any time.

Marketing communications are sent only to users who have requested information, purchased a product, or entered a promotion and have not opted out. Users can opt out by adjusting their account settings or following unsubscribe links in messages. The policy notes that opting out of marketing does not affect processing for transactional or service-related purposes.

Data Sharing and International Transfers

UKTN may share personal data with internal third parties (other companies within its group) and external third parties such as service providers (IT, administration), professional advisers (lawyers, accountants, auditors), and regulators like HM Revenue & Customs. The company requires all third parties to respect data security and only process data for specified instructions. If a business sale, merger, or acquisition occurs, personal data may be transferred to new owners under the same policy terms.

Regarding international data transfers, UKTN states that it does not transfer data outside the European Economic Area (EEA). However, in certain cases where service providers are used, it relies on European Commission adequacy decisions or standard contractual clauses. For US-based providers, the Privacy Shield framework is referenced.

Data Security and Retention

The company has implemented appropriate security measures to prevent unauthorized access, loss, or alteration. Access to personal data is limited to employees and contractors with a business need. Procedures are in place to handle data breaches, with notifications to affected users and regulators where legally required. Data retention follows legal obligations: basic customer information (contact, identity, financial, transaction) is kept for six years after the customer relationship ends for tax purposes. Some data may be anonymized for research or statistics and retained indefinitely.

Your Legal Rights

The policy outlines several rights under UK data protection law. Users can request access to their personal data (subject access request), request correction of inaccurate data, request erasure (subject to exceptions), object to processing based on legitimate interests or direct marketing, request restriction of processing in specific circumstances (e.g., contesting accuracy), request data portability in a machine-readable format, and withdraw consent at any time where processing is based on consent.

Requests are generally free, though a reasonable fee may be charged for unfounded or excessive requests. UKTN may ask for identity verification and will respond within one month, extending to two months for complex requests. The policy advises users to contact the DPO directly with any requests.

In the event that a user fails to provide mandatory data required by law or contract, UKTN may be unable to fulfill the contract or provide services, and will notify the user if cancellation is necessary.

The privacy policy also includes a glossary defining terms such as 'legitimate interest', 'performance of contract', and 'compliance with legal obligation', which helps users understand the legal framework. Third parties are categorized as internal or external, with examples of roles and jurisdictions.

Overall, this updated policy reflects current data protection standards and reaffirms UKTN's commitment to transparent data handling. Users are encouraged to read the full policy and contact the DPO with any questions. The policy does not cover linked third-party websites, and users should review those sites' separate privacy notices.

The UKTN website remains a popular source for technology news in the UK, and this policy update ensures that its data processing practices are aligned with regulatory requirements and user expectations. As the digital landscape evolves, such policies play a crucial role in maintaining trust between publishers and their audiences.

Source: UKTN News