Introduction and contents
Our values guide everything that we do – including our editorial approach and how we use personal data. We are strongly committed to keeping your personal data safe. This commitment exists throughout the lifecycle of your personal data, from the design of any Guardian service which uses personal data to the deletion of that data.
To complement our global approach to privacy protection, this policy also incorporates specific information privacy rights granted to individuals under Californian and Australian privacy law. This reflects our relationship with our readers in these locations where we provide localised editions of our editorial content.
We think carefully about our use of personal data, and below you can find the details of what we do to protect your privacy. This policy covers, among other topics:
- Information about your rights, the choices available to you, and our obligations in the USA, in California, the UK, European Union, in Australia, and elsewhere
- Transparency about how we collect and use your personal data, including when and how it is shared
- Information on how we protect your personal data
- Information on how we will facilitate your rights and respond to your questions
Find out more about how we manage your personal data below:
Personal data is any information about you by which you can be identified or be identifiable. This can include information such as:
- your name, date of birth, gender, email address, postal address, phone number, mobile number or financial details, such as payment cards you use to purchase products or donations
- information about your device (such as the IP address, which is a numerical code to identify your device that can provide information about the country, region or city where you are based)
- information relating to how you use and interact with our site
When we refer to “personal data” in this policy, we are also referencing “personal information,” as it is defined under California law, which you can read more about here.
Who we are and how to contact us
TMC International, 6615 Grand Ave, Suite B-417, Gurnee, IL 60031, USA is the data controller in respect of your personal data that you share with us. This means that we are responsible for deciding how and why we hold and use your personal data. If you want to contact us directly, you can find our contact details in the “Contact us for information about how we use your personal data” section below.
The types of personal data we collect about you
We collect your personal data when you visit our site, subscribe for products or services, contribute to TMCI or when you interact with us. We will only collect your personal data in line with applicable laws. We collect your personal data in various ways:
- directly from you, e.g. when you sign up for our services, purchase products or services and when you browse our site
- personal data we generate about you, e.g. personal data we use to authenticate you, or personal data in the form of your IP address or your preferences
- personal data we collect from third parties, e.g. personal data that helps us to combat fraud or which we collect, with your permission, when you interact with your social media accounts
More detail about these three categories of personal data are provided below.
The personal data we collect when you register for a TMCI newsletter
When you register for a TMCI newsletter on tmcint.org, we collect:
- your name
- your email address
- other details such as your residential or billing address when you sign up for a donation
- some limited data from your social media profile (further information on this is below),
Personal data we generate about you
When you sign up for a newsletter, we assign you a unique ID number. This allows us to manage your preferences, for example, the newsletters you have subscribed to.
- your IP address – a numerical code to identify your device, together with the country, region or city where you are based
- your geolocation data – your IP address can be used to find information about the latitude, longitude, altitude of your device, its direction of travel, your GPS data and data about connection with local Wi-Fi equipment
- information on how you interact with our services
- your browsing history of the content you have visited on our sites, including how you were referred to our sites via other websites
- details of your computer, mobile, TV, tablet or other devices, for example, the unique device ID, unique vendor or advertising ID and browsers used to access our content
We will not collect special categories of data from you – such as personal data concerning your race, political opinions, religion, health or sexual orientation – unless you have chosen to provide that type of personal data to us.
How we collect personal data
We collect personal data when you:
- become a supporter on tmcint.org
- make contributions to fund and support TMCI
- make a donation or purchase any other products/services for yourself or others
- attend our events (in person and virtually)
- enter our competitions, prize draws, bids and surveys
- sign up for marketing communications
- use mobile devices to access our content
- access and interact with any of our sites
- through cookies and other similar technologies
- when you contact us via email, social media or similar technologies or when you mention us on social media
How we use your personal data
We use personal data collected through our sites only when we have a valid reason and the legal grounds to do so. We determine the legal grounds based on the purposes for which we have collected your personal data.
Legal grounds for using your personal data
The legal ground may be one of the following:
- Consent: Often we will use your personal data because we have asked for your consent, which you can withdraw at any time. Examples of where we ask for your consent include:
- to send marketing emails to you, when we have asked your permission. You can withdraw your consent to receiving these emails at any time by clicking on the “unsubscribe” link at the bottom of the email
- to place non-essential cookies that allow us to personalise the advertising that you see.
- to analyse your registration data and data collected from cookies to personalise advertising. We do this by analysing your data to predict what you might be interested in. We will also compare your registration data with trusted partners.
- Performance of a contract with you (or in order to take steps prior to entering into a contract with you): We will use your personal data if we need to in order to perform a contract with you. For example, where you have purchased a subscription from us, we will need to use your contact details and payment data in order to process your order and deliver your subscription or we may contact you directly via social media or email if you enter competitions, prize draws, bids or respond to call-outs.
- Compliance with law: In some cases, we may have a legal obligation to use or keep your personal data.
- Our legitimate interests: We may process your personal data where it is necessary for our legitimate interests in a way that might be expected as part of running TMCI and in a way which does not materially impact your rights and freedoms. For example, it is in our legitimate interests for us to understand our followers, promote our services and operate our sites. Examples of when we rely on our legitimate interests to use your personal data include:
- when we analyse what content has been viewed on our sites, so that we can understand how they are used and improve our content.
- to monitor the number of blog articles that users read
- to show you more relevant advertising based on that analysis by creating “segments” of particular types of audiences so that we can show you advertisements that may be more relevant to you and the ‘’segments’’ you may be in.
- to keep you informed about TMCI if you have subscribed or supported us in the past, and have not opted out from receiving our communications.
- for internal administrative purposes related to our services – such as our accounting and records.
- to inform you of any changes to our services, such as updates to our terms and conditions.
- to collect and log IP addresses to improve and manage our site
- enabling you to share our content with others using social media or email.
- when we respond to your queries and to resolve complaints.
- to test changes to our site we may vary the personal data that is collected and how it is used. This allows us to see the impact on users and how users interact with different options on our sites and apps.
Personal data that we receive about you from other organisations
Adding to or combining the personal data you provide to us
When you sign up to our services we may add to the personal data you give us by combining it with other personal data shared with us by other trusted organisations. This includes, for example, the region that you are located in, so that we can show you the prices for subscriptions or other products in your local currency. We may also add personal data to improve the accuracy of your delivery address when we send out mail. We may also obtain your personal data from partners whose offers we include in some of our marketing communications and we use this personal data to ensure that we do not send you irrelevant marketing and to ensure the accuracy of the information we hold.
Personal data shared by event partners
When you register or book a ticket for a TMCI event organised by an event partner, your registration data may be shared with us by the event partner.
Children’s personal data
We do not aim any of our products or services directly at children under the age of 13 and we do not knowingly collect personal data about children under 13 in providing our services.
We also note and comply with the California law which prohibits sale of personal data of consumers between 13-16 years of age unless their guardian has authorised the sale.
Security of your personal data
We have implemented appropriate technical and organisational controls to protect your personal data against unauthorised processing and against accidental loss, damage or destruction. Unfortunately, sending any information, including personal data, via the internet is not completely secure. We cannot guarantee the security of any personal data sent to our site while still in transit and so you provide it at your own risk.
When we share your personal data
With external organisations
We share your personal data with other organisations that are not directly linked to us under the following circumstances:
Service providers – We may share your data with other organisations that provide services on our behalf. We may do this to perform a contract we have entered into with you, where it is in our legitimate interests or with your consent. Examples of when we may share your data with service providers include sharing with:
- online payments processors who process credit and debit card transactions on our behalf
- fraud management providers that help us to identify and prevent online fraud
- internet and cloud hosting services providers
- life-cycle engagement platforms such as Google and Facebook, to help us build and manage our campaigns
- service providers that help us carry out analytics, facilitate audience creation and segmentation and to measure our audience engagement. For example, Google provides us with data management platform services
- service providers that help provide us with insights and analytics that help us to improve our products and services. For example, we use Google Analytics to understand how visitors engage with our sites or apps
- Google ReCaptcha, which we use to protect our sites and apps from fraudulent users
- data management companies, such as Thinkific or Basecamp, that help us collect data via online forms and surveys
- service providers that allow us to deliver personalised advertising to your device
- service providers that allow us to compare your personal data with information held by advertising partners and identify if you are know to both us and our advertising partner
Agencies and authorities if required by law – We may reveal your personal data to any law enforcement agency, court, regulator, government authority, or in connection with any legal action if we are required to do so to meet a legal or regulatory obligation, where the request is proportionate, or otherwise to protect our rights or the rights of anyone else (for example, in response to a valid and properly served legal process such as subpoena or warrant). If we have your contact details, we will take reasonable steps to attempt to notify you prior to disclosing your data unless (i) prohibited by applicable law from doing so, or (ii) there are clear indications of unlawful conduct in connection with your use of TMCI services.
Event sponsors and partners – We may share your personal data with sponsors of TMCI events and partners who we hold events with for marketing purposes when you have given your permission for us to do so. We may also share your personal data with these sponsors and partners for event administration purposes.
Prize draws, competitions and bids – We may share your personal data with sponsors and partners for the purposes of selecting and notifying winners when you participate in any of our prize draws, competitions and bids. We may also share your data with entities offering any prize you have won in order for that entity to contact you about such a prize.
Social media organisations – We may share your personal data with other organisations when our web pages use social plug-ins from these organisations (such as the “Facebook Recommend” function, Twitter’s retweet function, Google+ function). These other organisations may receive and use personal data about your visit to our sites or apps. If you browse our site or view content on our apps, personal data they collect may be connected to your account on their site. For more information on how these organisations use personal data, please read their privacy policies.
When we share your personal data, as specified above, with any organisation which accesses your data in the course of providing services on our behalf, they will be governed by strict contractual restrictions to make sure that they protect your data and comply with applicable law. We may also independently audit these service providers to make sure that they meet our standards.
California resident – Do not sell
These transfers to third parties may constitute “sale” of your personal information under California law. A California resident can halt these sales at any time by pressing the “California resident – Do not sell” link that is located in the footer of every page on our site. Third-parties do not sell personal information that has been sold to them by TMCI unless you have first received explicit notice and are provided an opportunity to exercise the right to opt out. You can read further about your California rights here.
International data transfers
Whenever we transfer your personal data out of the US and into the UK or the European Economic Area (EEA), we ensure similar protection and put in place at least one of these safeguards:
- We will only transfer your personal data to countries that have been found to provide an adequate level of protection for personal data.
- We may also use specific approved contracts that use Standard Contractual Clauses for the protection of personal data where appropriate, with our service providers that are based in countries outside the US, including those based in the UK or the EEA. These contracts give your personal data the same protection it has in the US or the EEA.
If you are located in the UK or the EEA, you may contact us for a copy of the safeguards which we have put in place for the transfer of your personal data outside the UK or the EEA.
How long we keep your personal data
How we may contact you
From time to time we may send you service emails, for example, telling you your subscription is coming to an end or thanking you when you contribute or place an order with us.
Marketing communications and editorial newsletters
If we have your permission or you have not opted out, we may send you materials we think may interest you, such as new TMCI offers and updates. Depending on your marketing preferences, this may be by email, phone, SMS or post.
You can decide not to receive these emails at any time and will be able to “unsubscribe” directly by clicking a link in the email.
Responding to your queries or complaints
If you have raised a query or a complaint with us, we may contact you to answer your query or to resolve your complaint.
Special Note to California Users
If you elect to use the “California resident – Do not sell” button, we will not recontact you about that choice for at least 12 months.
Cookies and similar technologies
When you visit our sites, we may collect personal data from you automatically using cookies or similar technologies.
Your privacy and data protection rights with regard to the personal data that we hold about you
You have a number of rights with regard to the personal data that we hold about you and you can contact us with regard to the following rights in relation to your personal data:
- You have the right to receive a copy of the personal data we hold about you
- You have the right to correct the personal data we hold about you
- Where applicable, you may also have a right to receive a machine-readable copy of your personal data
- You also have the right to ask us to delete your personal data or restrict how it is used. There may be exceptions to the right to erasure for specific legal reasons which, if applicable, we will set out for you in response to your request
- Where applicable, you have the right to object to processing of your personal data for certain purposes
- Where you have provided us with consent to use your personal data, you can withdraw this at any time
- If you do not want us to use your personal data for marketing analysis, you can change this in the cookie settings
If you would like to exercise any of your rights specified above, please email [email protected]
We may need verification of your identity to proceed with a request. If you provide us with proof of identity containing information that does not match our records, we may request further proof of identity from you.
If your request is complicated or if you have made a large number of requests, it may take us longer. We will let you know if we need longer than one month to respond. You will not have to pay a fee to obtain a copy of your personal data (or to exercise any of the other rights). However, for any further copies requested by you, we may charge a reasonable fee based on administrative costs.
Your California privacy rights
Under the California Consumer Privacy Act, California Civil Code Section 1798.100, if you are a resident of California you may contact us with regard to the following rights in relation to your personal data:
- Right of Access: You have a right to request access to the personal data we may hold on you for the past twelve (12) months. You may submit up to two (2) requests per year of access to your personal data.
- Right to Opt-In/Opt-Out of Sale of Personal Data: For individuals sixteen (16) years or older, you have the right to opt-out of sale of personal data we may hold on you. You can exercise this right at any time by pressing the “California resident – Do not sell” link in the footer of every page on our site. For individuals between thirteen (13) to sixteen (16) years old, you have the right to opt-in to the sale of personal data we may hold on you.
- Right to Deletion: You also have the right to ask us to delete personal data we may hold on you or restrict how it is used. There may be exceptions to the right to deletion which, if applicable, we will set out for you in response to your request.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your California Consumer Privacy Act rights.
If you want to make any of these requests, please contact [email protected] We will deal with requests for access to your personal data within forty-five (45) days for California-specific requests.
To help us respond as you expect, please specify that you are making a request under the California Consumer Privacy Act. We may need to request specific information from you to help us confirm your identity. If you provide us with proof of identity containing information that does not match our records, we may request further proof of identity from you.
Your rights under the Australian Privacy Act
The Australian privacy Act has rules around how we handle your personal information that may be different to rules in other regions. These rules are set out in the Australian Privacy Principles in force under the Privacy Act 1988 (Cth) (the Australian Privacy Act). We are required to treat your personal information in line with those principles, including to disclose to you what personal information we collect and how we use it, to store your information securely and to support you in exercising your rights.
Personal information we collect and use
When we refer to “personal data” throughout this policy, we are also referencing “personal information,” as it is defined under Australian law, which you can read about here.
Your rights to privacy are also protected by the Australian Privacy Act, including your:
- Right of access to the personal information held about you; and
- Right of correction to correct your information when it is incorrect.
Opt out of personalised advertising
Under the Australian Privacy Act, you have the right to opt out of the use of your personal information for the purpose of direct marketing, including in relation to personalised advertising. You can opt out of personalised advertising across our website and apps at any time by going to the Privacy settings link on our sites in the footer of every page. You will still see non-personalised advertising.
Contact us for information about how we use your personal data
If you have any questions about how we use your personal data or if you have a concern about how your personal data is used, please contact [email protected]
Complaints will be dealt with by the Data Protection Team, and will be responded to within 30 days.