Privacy policy
Glamorgan Star Ltd policy for GDPR
Last updated: 27th November 2024
The government has strengthened the rights of individuals to protection of their data with the Data Protection Bill, called ‘General Data Protection Regulation’ or GDPR, which became law on 25th May 2018.
Privacy Policy:
Glamorgan Star Ltd. want you to feel assured any personal information you share with Glamorgan Star Ltd. is handled and stored in a correct manner. This privacy policy sets out how the company collects, uses and stores individuals’ information – this is a reflection of information that could identify, or does identify individuals.
Who are we?
Glamorgan Star Ltd. is committed to protecting your personal information and making every effort to ensure that personal information is processed in a fair, open and transparent manner.
Glamorgan Star Ltd. is a ‘data controller’ for the purposes of the DPA 1988, which means we are responsible for, and control the processing of, your personal information.
If you wish to contact us, you can do so by use of the contact us tab found on the newspaper’s website – www.glamorganstar.co.uk. The company contact details are always published within the printed and digital editions of the fortnightly newspaper.
Our obligations under the act:
If you hold and process personal information about your clients, employees or suppliers, you are legally obliged to protect that information.
Only collect information that you need for a specific purpose.
Collect and use information about people fairly and lawfully, without unwarranted harm or intrusion into their private life.
Do not use the information for any non-company purpose.
Ensure the information is adequate, relevant and not excessive for publishing purposes
Keep the information secure and maintain records of data that is stored.
Ensure the information is relevant and up to date.
Only hold as much as you need and for as long as you need it.
Do not send the information to anyone not authorised to receive it.
Allow the subject of the information to see it on request.
Who is responsible?
Our data controller is the Managing Director for the newspaper. He/she is legally responsible for the information that is stored and protected.
Employees who collect, store and use information are data processors under the act are aware of the terms of, and comply with, GDPR.
Freelance journalists or bloggers are themselves counted as data controllers and will be responsible for the information they provide to newspapers.
Obtaining information:
We will be open and honest about the information we are collecting, processing and storing. People should know if we are collecting information about them or from them, unless journalistic reasons preclude this.
Those with whom we do business will be told what data is being retained and how their data is going to be stored.
For the commercial side of the business, there will be an audit trail to show that consent has been given for use of details and retention.
Where possible, journalists will have an audit trail to show that consent has been given for use of details and retention. Covert methods will only be used if we are confident this is justified in the public interest.
Where controversial decisions are made, there is appropriate record-keeping to show justification for this. Such decisions are made by the data controller.
We will only collect information about someone’s health, sex life or criminal behaviour if we are confident it is relevant and the public interest in doing so sufficiently justifies the intrusion into their privacy.
Retaining and storing information:
We will keep personal information to do with the commercial side of our business only if it is necessary and only as much as is necessary. However, for the editorial side of the business, often this will need to be kept forever for journalistic purposes.
Data retained and processed for the commercial side of the business will include names, addresses, telephone numbers and e-mail addresses if we have been given permission to retain them. You can opt out or ask for data to be removed at any time by contacting the Data Controller.
For journalistic purposes, data will be used for the researching, compiling and publishing of articles in print and online.
Such information will need to be retained for legal reasons, for follow-up articles, for a paper trail for correspondence, for points of contact, and for other reasons associated with the running of a newspaper and its associated website.
Articles will be published on our website and then archived.
Commercial and editorial information will be stored on computers, on servers, on phones and in the cloud, all of which will be password-protected. Some information will also be stored in notebooks which will be securely locked away or kept safe.
We will review the information from time to time to ensure it’s still relevant and up-to-date and delete any we no longer need. If asked, we will be able to show that this is being done.
We will keep personal information only if it is necessary and only as much as is necessary.
Accuracy:
For journalistic work, we follow the IPSO Code of Conduct to ensure compliance with the GDPA.
We will be able to show that we have taken reasonable steps to check facts and record personal information correctly.
If the published story, in print or online, is later shown to be inaccurate, records will be updated to avoid repetition and online archives will have a correction attached. Where the information has been passed to a third party we will make sure that they are informed of the inaccuracy.
Security:
We will make sure that information about people is secure by taking reasonable steps to stop it being lost, stolen or misused.
We have password protection on computers, phones, laptops and tablet.
All information is either locked away, password-protected or encrypted. Any redundant computers are wiped of all personal information.
All staff have knowledge of, and are compliant with, Glamorgan Star Ltd., security policies and procedures.
Subject access requests:
Individuals can make a written request to find out what information our newspapers hold about them, where it was obtained from and ask for copies of information and to see the complete data trail. This will be complied with within 30 days and will not usually incur a charge.
Such request will be dealt with by the Data Controller and should be made in writing by e-mail or post to that person.
We will refuse or charge for requests which are manifestly unfounded or excessive. If we are refusing, we will tell the individual why and tell them they have the right to complain to the supervisory authority.