This Privacy Notice (“Privacy Notice”) sets out how we, Carnyx Group Ltd, T/A The Drum (“The Drum”, “we”, “us”, “our”), collect, store and use information about you in connection with your use of our website, thedrum.com (“Website”), and provision of our services, including from the Website and otherwise (together “Services”).

This Privacy Notice applies to The Drum’s customers, suppliers, and other third parties that we interact with during the day to day provision of our Services.

Contents

Summary

This section summarises how we obtain, store and use information about you. It is intended to provide a very general overview only. It is not complete in and of itself and it must be read in conjunction with the corresponding full sections of this Privacy Notice.

This Privacy Notice explains our approach to any personal data that we might collect from you or which we have obtained about you from a third party, and the purposes for which we process your personal data. This Privacy Notice also sets out your rights in respect of our processing of your personal data.

When we talk about “personal data”, we mean any information which relates to an identified or identifiable living individual. Individuals might be identified by reference to a name, an identification number, location data, an online identifier (such as an IP address) or to other factors that are specific to them, such as their physical appearance.

This Privacy Notice informs you of the nature of the personal data about you that is processed by us and how you can request that we delete it, update it, transfer it and/or provide you with access to it. This Privacy Notice is intended to assist you in making informed decisions when using the Websites and our Services. Please take a moment to read and understand it. It should be read in conjunction with our Terms of Use and our Cookie Policy.

This Privacy Notice only applies to the use of your personal data obtained by us, whether from you directly or from a third party. It does not apply to personal data collected by third parties during your communications with those third parties or your use of their products or services (for example, where you follow links to third party websites over which we have no control, or you purchase goods or services from those third parties).

  • What personal data we collect: In the course of providing you with the Website and Services, we may collect the following types of personal data about you: contact data, registration data, payment data, behavioural data, and technical data. For more information, see What personal data we collect.
  • How we collect or obtain information about you: In the course of providing you with the Website and Services, we may collect your personal data from the following places:
    • when you provide it to us e.g. by contacting us, placing an order on our website, completing registration forms or signing up for content such as newsletters;
    • from your use of our website, using cookies; and
    • occasionally, from third parties such as mailing list providers. For more information, see How we collect and receive personal data.
  • How we use your information: we use your data for administrative and business purposes (particularly to perform the Services, contact you and process orders you place on our website, improve our business and website, to fulfil our contractual obligations, to send you marketing that we think you will enjoy, to understand your use of our website, and in to enable you to enter into awards and competitions). For more information, see How we use your personal data.
  • Disclosure of your information to third parties: We will only share your personal data with third parties where we are legally permitted to do so. We may need to share your personal data with third parties for example when they are helping us to run an event, process payments, or to fulfil any contracts we enter into with you. For more information, see Sharing your personal data.
  • Do we sell your information to third parties: No, The Drum does not sell data. However, when you register or sign up for certain types of content, your registration data can be shared with sponsors and partners. Examples of where we do this include event registrations, webinar signups or whitepaper downloads. We will always make it clear where any information provided will be shared with other parties. For more information, see Sharing your personal data.
  • How long we retain your information: We will keep your personal data for no longer than necessary, taking into account any legal obligations we have (e.g. to maintain records for tax purposes), any other legal basis we have for using your information (e.g. your consent, performance of a contract with you or our legitimate interests as a business) and certain additional factors. For more information, see How long we retain your information.
  • How we secure your information: our security measures involve using appropriate technical and organisational measures such as storing your information on secure servers, encrypting transfers of data to or from our servers using Secure Sockets Layer (SSL) technology, encrypting payments you make on or via our website using Secure Sockets Layer (SSL) technology and only granting access to your information where necessary. For more information, see How we secure your information.

Use of cookies and similar technologies: we use cookies and similar information-gathering technologies such as marketing automation tracking on our website including essential, functional, analytical and targeting cookies. For more information, please visit our cookies policy here and see Insight, analysis and retargeting through Cookies.

  • Transfers of your information outside the UK / European Economic Area: in certain circumstances we transfer your information outside of the UK / European Economic Area , including to the United States. Where we do so, we ensure appropriate safeguards are in place. For more information, see Transfers of your information outside the UK / European Economic Area.
  • Use of profiling: we use automated decision making and profiling to understand our users better through web and marketing analytics, provide targeted advertising and deliver a personalised user experience.
  • Your rights in relation to your information: you have the following rights in relation to your personal data:
    • to access your information and to receive information about its use
    • to have your information corrected and/or completed
    • to have your information deleted
    • to restrict the use of your information
    • to receive your information in a portable format
    • to object to the use of your information
    • to withdraw your consent to the use of your information
    • to complain to a supervisory authority.

    For more information, including how to exercise these rights, see Your rights in relation to your information.

Our details

The Sites and our Services are made available by Carnyx Group Ltd t/a The Drum, and we are the data controller responsible for your personal data.

Carnyx Group Ltd, (company registration number: SC093166) is a company with its registered office at 4th Floor The Mercat Building, 26 Gallowgate, Glasgow, G1 5AB.

If you have any questions about this Privacy Notice, you can contact us by writing to our data protection officer, Nick Creed at the address above, or by sending an email to data@thedrum.com.

What personal data we collect

In the course of providing you with Sites and Services, we may collect the following types of personal data about you:

  • Contact Data, such as your:
    • name;
    • address;
    • email address;
    • social media handle; and
    • the name of your organisation and your job function;
  • Registration Data, such as your:
    • first name and last name;
    • gender;
    • country;
    • username; and
    • any other personal data you may provide when you register or open an account with us;
  • Payment Data, such as your:
    • Bank and account details; and
    • transaction history;
  • Profile Data, such as:
    • your contact preferences;
    • whether you have participated in any promotions or competitions; and
    • information about any of our events that you have attended;
  • Behavioural Data, such as:
    • information about how you use the Website (e.g. which pages you have viewed, the time when you view them and what you clicked on); and
    • other data relating to your browsing activity [or interaction with our emails] through the use of cookies, pixel tags and other similar technologies; and
  • Technical Data, such as your:
    • IP address,
    • information about your computer or device (e.g. device and browser type),
    • the geographical location from which you accessed the Website (based on your IP address); and
    • transaction history.

How we collect and receive personal data

  • Personal data you provide to us

    You may give us your personal data directly. This will be the case when, for example, you contact us with enquiries, complete forms on our Website, enter the awards or competitions we run, subscribe to receive our marketing communications or provide feedback to us.

  • Personal data we collect using cookies and other similar technologies

    When you access and use our Website, we will collect certain Behavioural Data or Technical Data. We collect this personal data by using cookies and other similar technologies (see the "Insight, analysis and retargeting through Cookies" section below).

  • Personal data received from third parties

    From time to time, we will receive personal data about you from third parties. Such third parties may include analytics providers, payment providers, clients on behalf of whom we invite you to events, and third parties that provide technical services to us so that we can operate our Website and provide our Services. This may be because sharing your personal data with us is necessary in order for the third party to perform a contract it has in place with you, or because you have asked the third party to share your personal data with us.

  • Publicly available personal data.

    From time to time we may collect personal data about you (Contact Data or Profile Data) from publicly available sources (including open source data sets), media reports or that you or a third party may otherwise make publicly available (for example through speeches at events or publishing articles or other news stories or posts on social media platforms).

Who we collect personal data about

We collect and process personal data from the following people:

  • Site visitors: If you browse our Website, register as a member on our Website, contact us with an enquiry through our Website, submit a complaint through our Website or use any Services available on our Website, we will collect and process your personal data in connection with your interaction with us and our Website.
  • Customers: If you buy services from us, we may collect and process your personal data in connection with the supply of services to you.
  • Event attendees: If you attend one of our events, we will process personal data about you in connection with your attendance at the event. For example, we may ask you to complete a registration or feedback form, or other document relating to the event.
  • Personnel that work for our partners and suppliers: If you (or your organisation) supply products or services to us or otherwise partner with us, we may collect and process your personal data in connection with our receipt of those products and services and/or partnership. This may include personal data included in any email or telephone communications or recorded on any document relating to an order for the products or services, such as your Contact Data.
  • Job applicants: If you apply for a job with us whether through the Websites or otherwise, we will collect and process your personal data in connection with your application.

How we use your personal data

Use of our Website and fulfilling our Services

We use your personal data to enable you to use the Website and to enable us to fulfil our Service in the following ways:

  • Your use of our Website

    We collect and maintain personal data that you submit to us during your use of our Website in the following ways:

    • Registering and accessing your member’s account
    • Our Website and Services provided through our Website may enable or require you to register a member’s account with us in order to gain access to additional features and/or receive exclusive member offers. We will ask all prospective applicants to complete the registration form, providing a username, email address and password as well as certain other Registration Data.

      We will use your personal data in order to process your application for a member’s account. Once you are registered, we will process your username and password to identify you when you login to your account and the secure areas of our Website. We will also process your login information and certain Technical Data, so that we can administer your account and contact you about your account.

      Your access to and use of our Website, including any secure member’s area, is subject at all times to our Terms of Use.

      Our legal basis for processing

      It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the relevant Services, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the relevant Services requested by you and others in a secure and effective way, and to provide you with access to content.

    • Using our Website and the features we provide on the Sites.
    • Once you have created your member account and are registered with us, you are able to use various features on our Website, which we offer as a part of the Services we provide to you.

      We will collect and use personal data about you when you use these features, for instance we will process your Profile Data, and certain Behavioural Data and Technical Data so that you can be searched for by other members.

      Your access to and use of our Website is subject at all times to our Terms of Use.

      Our legal basis for processing

      It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Services, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the relevant Services requested by you and others in a secure and effective way.

    • Your contributions to our Website and content that you post.
    • If you write an article or blog for us or contribute in any other way to publications we send to our members and/or publish on our Website or in print, we may use your personal data (such as your Contact Details) to credit you for your contribution. If you provide photographs or other images in support of your article or blog, we may publish one or more of those images alongside your article or blog.

      If you submit any other content to us, including via our Website, such as photographs, quotes or testimonials, we may process any personal data comprised within that content for the purposes of making available particular Services via our Website and promoting our Website and Services.

      We may also allow third parties to use the articles or blogs that you contribute, or the content that you submit. If the use of such content would involve the use of your personal data, we may use your Contact Details to ask your permission to use the relevant content, unless we are satisfied that we have a lawful right to use the content without your permission.

      Our legal basis for processing

      Where we use your content in connection with Services that we provide via our Website, it is in our legitimate interest to use any personal data that you provide to us to ensure that we provide the relevant Service in an effective way.

      Where we permit a third party to use your personal data contained within content that you submit, we will do so without your permission if we are satisfied that it is within our or the third party’s legitimate interest to use your personal data, including to promote our Services or services offered by the third party. If it is not within our legitimate interest, we will contact you to ask your permission, in which case our processing of such personal data will be based on your consent.

    • Linking to social media sites and interacting with our social media pages.
    • If you click on one of the social media links on our Website or otherwise interact with our social media pages such as on Facebook or Instagram (including interacting with any ‘like’ or similar embedded features on our Website or social media accounts) we and the relevant social media platform may receive information relating to such interaction and may share your personal data in connection with this purpose, such as certain Behavioural Data and Technical Data. For more information about how we use this personal data, please see the ‘Insight, analysis and retargeting through Cookies’ section below.

      Please note that the relevant social media platform may also be a controller in respect of the personal data that is collected via your use of our social media pages and may use that personal data for additional purposes. For details of how the relevant social media platform uses your personal data, please see the privacy policy of the relevant social media platform.

      Our legal basis for processing

      It is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Site and our Services in an effective way and to promote our Website and our Services via social media.

  • Fulfilment of our Services
  • We collect and maintain personal data that you submit to us for the purpose of supplying Services. We may collect and process your personal data whether you are interacting with us on your own behalf or on behalf of any organisation you represent.

    The personal data we process may include your Contact Data, Registration Data, and Payment data (where applicable). We process this information so that we can fulfil the supply of Services, maintain our user databases and to keep a record of how our Services are being used.

    The personal data we process may include your Contact Data, Registration Data, and Payment data (where applicable). We process this information so that we can fulfil the supply of Services, maintain our user databases and to keep a record of how our Services are being used.

    Our legal basis for processing

    It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Services in an effective, safe and efficient way.

When you contact us for customer service or other general enquiries

Our Website features a “Contact” page which invites you to submit general enquiries about our Website and our Services by email, telephone or by post. You may also be able to submit specific enquiries on other pages of our Website in relation to particular Services offered via those pages.

When you make an enquiry, we will collect and process your Contact Data and certain Profile Data, as well as any other personal data that is relevant to your enquiry. We use this information to manage and respond to your enquiry.

We also record (including voice recordings of telephone conversations) and use the information referred to above to train our personnel so that they can effectively deal with enquiries.

Our legal basis for processing

It is in our legitimate interest to use your personal data in the ways described above to ensure that we are able to help you with your enquiry and provide a good standard of service to you.

Hosting and managing events

From time to time, we may organise and host events. We may process your Contact Data to communicate with you about such events where you have specifically requested information about such events or where we have another lawful basis for sending that information to you.

If you attend one of our events, we may use your Contact Data and certain Profile Data to record your attendance at the event and for related record-keeping purposes and, if relevant, we may collect and process any dietary requirements you may have. You may also feature in photographs taken at our events and such photographs may appear in publications that we make available.

Our legal basis for processing

It is necessary for us to use your personal data in this way to perform our obligations in accordance with any contract that we may have with you where you have signed up to attend an event, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that the event is operated in an effective way.

We may specifically ask your permission to use your photographs, quotes, testimonials, or other content that you make available or publish at the event. Where this is the case, our processing of your such personal data will be based on consent.

Surveys and feedback

From time to time, we will invite you to provide feedback about us, our Website or our Services in the form of online and other surveys. We will collect and process your Contact Data, certain Profile Data, and any other personal data you choose to volunteer in your survey response or other feedback.

We use this information to help us to monitor and improve our Website and Services , to assist with the selection of future product and service lines, and to train our personnel.

You can also voluntarily provide feedback by contacting our Customer Service team. Please see the ‘Customer service and general enquiries’ section above for more information.

Our legal basis for processing

It is in our legitimate interest to use the personal data provided by you so that we can improve our Services and provide them in an effective way.

Prize draws, prize competitions and Awards

From time to time, we may run prize draws, prize competitions and other promotions on our Website and/or on our social media accounts, such as The Drum Awards. For the purposes of administering such draws, competitions and promotions, we may process your Contact Data, Payment Data (if relevant), Profile Data, and any other personal data volunteered by you in your prize draw, competition or promotion entry.

Our prize draw, competition and promotions may be subject to separate terms and conditions which you may be required to accept as a condition of entry.

Our legal basis for processing

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you (e.g. the terms and conditions applicable to the prize draw, competition or promotions to which you may be asked to agree) or it is in our legitimate interest to use your personal data to enable us to administer the applicable prize draws, prize competitions or promotion.

Insight, analysis and retargeting through Cookies

We and our third party partners use cookies, web beacons, pixel tags and other similar technologies (which we generically refer to as “Cookies”) to collect data from the device(s) that you use to access our Website. The data that is collected includes Behavioural Data and Technical Data, and certain Profile Data.

Please see our Cookie Policy for further information, including details of the third party partners that are used, and how to change your browser and cookie settings.

We and our third party partners use this data, in combination with your Contact Data, for the following purposes:

    • for the purposes described in the ‘Online personalised advertising’ section below;
    • to analyse how you use, and the effectiveness of, our Website and Services, including:
    • to count users who have visited our Website or opened an email and collect other types of information, including insights about our visitors’ browsing habits, which helps us to improve our Website, Services and the effectiveness of our emails;
    • to measure the effectiveness of our content;
    • to learn what pages of our Website are most attractive to our visitors, which parts of our Website are the most interesting and what kind of features and functionalities our visitors like to see; and
    • to help us with the selection of future product and service lines, website design and to remember your preferences.

In some of our email messages, we use a “click-through URL” linked to websites. We may track click-through data to assist in determining interest in particular topics and measure the effectiveness of these communications.

Our legal basis for processing

Where your data is collected through the use of non-essential cookies we rely on consent to collect your data and for the onward processing purpose. Please see our Cookie Policy for further details.

However, in certain circumstances we may rely on other legal basis when we use your personal data that has been collected via the use of Cookies for the purposes described in this section. When you use our Website and Services, it is in our legitimate interest to use your personal data in such a way to improve our Website and our Services.

Where we use this personal data for the purposes described in the ‘Online personalised advertising’ section of this Privacy Notice, please see that section to see the legal basis that we rely on.

Advertising and Marketing activities

We carry out the following marketing activities using your personal data:

    • Email marketing:

      We use your, Contact Data and Profile Data to send you (or the organisation you represent) marketing communications by email/SMS. Our marketing will include press releases and information about us, our Site, our Products and Services, any events we may hold and the offers and promotions we offer from time to time.

      Our marketing communications may include personalised and non-personalised marketing. Personalised marketing has been specifically tailored to you and will include content that we think is most relevant to you, based on what we know about you. Non-personalised marketing is marketing that is not tailored to you.

      Where we are sending you personalised marketing, we may also use Behavioural Data and Technical Data to help us decide what sort of personalised marketing to send you (please see the “Insight, analysis and retargeting through Cookies” section above for more details).

      Our legal basis for processing

      It is in our legitimate interest to use your personal data for marketing purposes, for example to decide what marketing content we think may appeal to you.

      It is in our legitimate interest to use your personal data to send our marketing to you by post.

      However, we will only send marketing communications to you by email and/or SMS where you have consented to receive such content by email and/or SMS, or where we have another lawful right to send marketing to you using email and/or SMS. For example, in certain circumstances we may rely on our legitimate interest to send marketing by email and/or SMS to consumers who have purchased our Products and Services. We may also rely on our legitimate interest to send marketing by email and/or SMS to certain business users of our Site and our Products and Services. You can opt out of receiving marketing communications at any time via emailing us at data@thedrum.com, or through the ‘Unsubscribe’ links included in each of our marketing communications.

    • Online personalised advertising.

      We and our third party partners use may use your Behavioural Data, Profile Data and Technical Data and other data that is collected through your interactions with third party Sites and Services to provide you with, and analyse the effectiveness of, personalised ads when you visit other websites and/or use other services.

      By ‘personalised ads’, we mean advertisements for products and services that you have shown an interest in when you have used our Website or which you otherwise might be interested in based on your browsing habits, although our third party partners may use the data that is collected to show personalised ads for products and services offered by third parties.

      Our legal basis for processing

      Please see the ‘Insight, analysis and retargeting through Cookies' section above to learn about the legal basis that we rely on to collect data via the use of Cookies.

      Where we use your personal data to display online personal advertising to you, we rely on the consent that you have provided in respect of the collection of such data, or it is otherwise in our legitimate interests to promote our Website and our Services to you.

      Our third party partners may rely on a different lawful basis in respect of their use of your personal data. Please read the privacy policy of the relevant third party provider, as set out in our Cookie Policy.

    • Advertising to you on social media and other platforms.

      We may share your email address and other relevant data (usually in an encrypted or ‘hashed’ form) with third party providers of social media platforms and other services, such as Facebook, Snapchat, (“Platforms”), so that the third party providers can try to ‘match’ your data with the data of their registered users of their Platforms.

      Where there is a successful match, we will display our advertising to you when you use the relevant Platform. This is known as ‘custom audience’ advertising, because we ‘customise’ the audience that we want to reach on the relevant service.

      Some of the advertising that you see may be personalised to you. The data that we use to personalise our advertising, such as your Behavioural Data and Profile Data, will not be provided to the third party providers of the Platforms. Please see the ‘Insight, analysis and retargeting through Cookies’ section above to learn more about how we personalise advertising to you.

      This activity is also subject to the privacy choices you have elected to make on such Platforms.

      Our legal basis for processing

      We will only share your personal data with the third-party providers of the Platforms so that we can advertise our Services to you when you use those Platforms, where you have provided your consent or where it is otherwise in our legitimate interests to do so in order to promote our Services.

      Where this activity is undertaken through the use of Cookies please see the Insight, analysis and retargeting through Cookies section above) to learn about the legal basis that we rely on.

      You can opt-out of our sharing of your personal information with the third party providers of the Platforms by exercising your rights as set out below.

    • Advertising to other people who share similar interests and characteristics to you.

      We will provide your personal data to third party providers of other services as described in the Advertising to you on social media and other platforms and the ‘Insight, analysis and retargeting through the use of Cookies’ sections above. If you are a user of those third party services, we may ask the third party providers of those services to find other registered users of their services who share similar interests and characteristics to you, which will be based on information that the third party holds about you and its other registered users.

      This is known as ‘lookalike’ audience advertising because we are trying to show our advertising to people who ‘look like’ you.

      Please note that such activity is also subject to the privacy choices you have elected to make on such services.

      Our legal basis for processing

      It is in our legitimate interests to share your personal data with the third-party providers of other services so that we can advertise our Services to other individuals that use those services and share similar interests and characteristics with you, although where this activity is undertaken through the use of Cookies please see the “Insight, analysis and retargeting through Cookies” section above to learn about the legal basis that we rely on.

      You can opt-out of our sharing of your personal information with the third-party providers by exercising your rights as a data subject as set out below.

Recruitment

We use your personal data for recruitment purposes, in particular, to assess your suitability for any of our positions that you apply for, whether such application has been received by us online, by email or by hard copy and whether submitted directly by you or by a third party recruitment agency on your behalf. We also use your Contact Data to communicate with you about the recruitment process, to keep records about our recruitment process and to comply with our legal and regulatory obligations in relation to recruitment.

We will process any personal data about you that you volunteer, including during any interview, when you apply for a position with us. We may also process your personal data obtained from any third parties we work with in relation to our recruitment activities, including without limitation, recruitment agencies, your referees, and (subject to relevant laws) background check providers and credit reference agencies.

The personal data we process may include your Contact Data Registration Data, details of your education, qualifications and employment history, any other personal data which appears in your curriculum vitae or application, any personal data that you volunteer during an interview or your interactions with us, or any personal data which is contained in any reference about you that we receive. Such information may also include special categories of personal data (such as information about your health, any medical conditions and your health and sickness records) and information relating to criminal convictions and offences if that information is relevant to the role you are applying for and subject to relevant laws.

We may also use your personal data for the purposes of reviewing our equal opportunity profile in accordance with applicable legislation. Further information would be provided on collection. We do not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation. All employment-related decisions are made entirely on merit.

Our legal basis for processing

Where we use your personal data in connection with recruitment, it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment decisions. We may also use personal data to comply with our legal obligations.

We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.

Receipt of services from suppliers

If we have engaged you or the organisation you represent to provide us with products or services (for example, if you or the organisation you represent provide us with services such as IT support or financial advice), we will collect and process your personal data in order to manage our relationship with you or the organisation you represent, to receive products and services from you or the organisation you represent and, where relevant, to provide our Services to others.

The personal data we collect from you may include your Contact Data and certain Payment Data, and any other personal data you volunteer which is relevant to our relationship with you or the organisation you represent.

Our legal basis for processing

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we have an effective working relationship with you or the organisation you represent and are able to receive the services that you or your organisation provides, and provide our Services to others, in an effective way.

Security

    • Security on our physical premises:
    • We have security measures in place at our offices, including CCTV and building access controls. There are signs in place showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).

      We may require visitors to our premises to sign in on arrival and where that is the case we will keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need-to-know basis (e.g. to look into an incident).

    • Security on our Website:
    • We collect and store server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analysing log files to help identify and prevent unauthorised access to our network, the distribution of malicious code, denial of services attacks and other cyber attacks, by detecting unusual or suspicious activity.

Our legal basis for processing

It is in our legitimate interests to process your personal data so that we can keep our office premises secure and provide a safe environment for our personnel and visitors to our offices, and so that we can operate our Website in a safe and efficient way. It is also necessary for our compliance with certain legal obligations (for example in relation to health and safety, and data protection).

Business administration and legal compliance

We use your personal data for the following business administration and legal compliance purposes:

  • to comply with our legal obligations;
  • to enforce our legal rights;
  • to protect the rights of third parties; and
  • in connection with a business transition such as a merger, reorganisation, acquisition by another company, or sale of all or a portion of our assets.

Our legal basis for processing

Where we use your personal data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we have a legal obligation to use your personal data to comply with any legal obligations imposed upon us such as a court order.

We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.

Any other purposes for which we wish to use your personal data that are not listed above, or any other changes we propose to make to the existing purposes, will be notified to you using the contact details we hold for you.

Where we receive information about you in error

If we receive information about you from a third party in error and/or we do not have a legal basis for processing that information, we will delete your information.

If you fail to provide your personal data

Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Services you have requested from us or to process an application for employment with us. In this case, we may have to cancel your application or the provision of the relevant Services to you, in which case we will notify you.

Where our use of your personal data requires consent, you can provide such consent:

  • at the time we collect your personal data following the instructions provided; or
  • by informing us using the contact details set out in the “Our Details” section above.

This Privacy Notice does not apply to your interaction with services provided by third parties.

Our Website may contain links to third party websites and services.

When you use a link to go from our Website to another website (even if you don’t leave our Website) or you request a service from a third party, this Privacy Notice shall not apply to the processing of your personal data carried out by the relevant third party provider.

Your browsing and interactions on any other websites, or your dealings with any other third party service provider, is subject to that website’s or third party service provider’s own rules and policies. For example, our website invites you to connect with us on social media platforms such as Facebook and Instagram. When you click on the links we provide to such platforms, you will be transferred from our website to the relevant platform and the privacy notice (and other terms and conditions) of that platform will apply to you.

We do not monitor, control or endorse the privacy practices of any third parties.

We encourage you to become familiar with the privacy practices of every website you visit or third party service provider that you use in connection with your interaction with us and to contact them if you have any questions about their respective privacy notices and practices.

This Privacy Notice applies solely to personal data processed by us through your use of our Website, your receipt of our Services and/or in connection with our business operations. It does not apply to the processing of your personal data by these third party websites and third party service providers.

Disclosure and additional uses of your information

We will only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations This section sets out the circumstances in which we may share your personal data with third parties and any related purposes for which we use your information.

Third-party organisations that provide applications/functionality, data processing or IT services: We share personal data with third parties who support us in providing our Services and help provide, run and manage our internal IT systems. Such third parties may include, for example, providers of information technology, cloud-based software, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating our cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them. We also share your personal data with third-party service providers to assist us with insight analytics.

These providers include Amazon Web Services, Microsoft Office 365, Salesforce, and 3CX.

If you would like further information about our sharing of your personal data with our service providers, please contact us directly by email.

Members of The Drum group of companies:  Where necessary we will also disclose your personal data to other members of our group, for business administration and management purposes.

Agencies and partner companies:  Where necessary in order to provide our Services, we may share your personal data with agencies and companies with whom we work.

Payment providers and banks:  We share personal data with third parties who assist us with the processing of payments and refunds.

Event partners and suppliers:  When we run events, we will share your personal data with third-party services providers that are assisting us with the operation and administration of that event, such as event registration. If we are running an event in partnership with other organisations, we will share your personal data with such organisations for use in relation to the event.

Advertising partners:  We share personal data with the third party advertising partners, including those set out in our Cookies Policy when you use our Website. This data is used to provide you with, and measure the effectiveness of, online personalised advertising and for other advertising related activities.

Third-party email marketing and CRM specialists:  We share personal data with specialist suppliers who assist us in managing our marketing database and sending out our email marketing communications and membership-related communications.

Suppliers of postal and courier services:  We share personal data with suppliers who assist us in sending out our postal marketing communications and membership-related communications.

Third-party organisations that assist us with the administration of our promotions:  We share personal data with specialist suppliers who assist us in administering our prize draws, prize competitions and other promotions.

Recruitment agencies and related organisations:  We share personal data with external recruiters, third-party providers that undertake background checks on our behalf and other entities within our group of companies.

Auditors, lawyers, accountants and other professional advisers:  We share personal data with professional services firms who advise and assist us in relation to the lawful and effective management of our organisation and in relation to any disputes we may become involved in.

Law enforcement or other government and regulatory agencies and bodies:  We share personal data with law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable law or regulation. If we suspect that criminal or potential criminal conduct has been occurred, we may in certain circumstances need to contact an appropriate law enforcement authority. This could be the case, for instance, if we suspect that we fraud or a cyber crime has been committed or if we receive threats or malicious communications towards us or third parties.

Sharing with other third parties:  Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation. We may also need to share personal data in order to enforce our own legal rights, or in connection with a dispute or legal proceedings.

This list is non-exhaustive and there may be circumstances where we need to share personal data with other third parties in order to operate our Website and to provide our Services.

How long we retain your information

In respect of personal data that we process in connection with the supply of our Services, we may retain your personal data for up to seven years from the date of supply of the relevant Services and in compliance with our data protection obligations. We may then destroy such files without further notice or liability.

Where we process personal data in connection with the registration and use of an account on our Site, we may retain your personal data for up to seven years from the date that the relevant account is terminated (and in compliance with our data protection obligations). We may then destroy such files without further notice or liability.

When you make an enquiry or correspond with us for any reason, whether by email or via our contact form or by phone, we will retain your information for as long as it takes to respond to and resolve your enquiry, and for 3 years after that, after which point we will archive your information.

If any personal data is only useful for a short period (e.g. for a specific activity, promotion or marketing campaign), we will not retain it for longer than the period for which it is used by us.

If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future. However, we will not use this personal data to send you further marketing unless you subsequently opt back in to receive such marketing.

In any other circumstances, we will retain your information for no longer than necessary, taking into account the following:

  • the purpose(s) and use of your information both now and in the future (such as whether it is necessary to continue to store that information in order to continue to perform our obligations under a contract with you or to contact you in the future);
  • whether we have any legal obligation to continue to process your information (such as any record-keeping obligations imposed by relevant law or regulation);
  • whether we have any legal basis to continue to process your information (such as your consent);
  • how valuable your information is (both now and in the future);
  • any relevant agreed industry practices on how long information should be retained;
  • the levels of risk, cost and liability involved with us continuing to hold the information;
  • how hard it is to ensure that the information can be kept up to date and accurate; and
  • any relevant surrounding circumstances (such as the nature and status of our relationship with you).

How we secure your information

We are committed to keeping the personal data you provide to us secure and we will take reasonable precautions to protect your personal data from loss, misuse or alteration. We take appropriate technical and organisational measures to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction, including:

  • only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;
  • using secure servers to store your information;
  • verifying the identity of any individual who requests access to information prior to granting them access to information;
  • using Secure Sockets Layer (SSL) software to encrypt any payment transactions you make on or via our website;
  • only transferring your information via closed system or encrypted data transfers;

Sending information to us by email

Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk.

We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.

Transfers of your information outside the UK / European Economic Area

The Drum has locations in the U.K., United States, and Singapore, and we also use service providers based in the United States. Therefore, when you submit personal data to us, whether through your interaction with our Website or in connection with the supply of Services, your information will be transferred and stored outside the UK / European Economic Area (EEA).We may also transfer your information outside the EEA in order to comply with legal obligations to which we are subject (compliance with a court order, for example).

Non-EEA countries do not have the same data protection laws as the UK and the EEA. In particular, non-EEA countries may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data. However, when transferring your personal data outside the UK or the EEA, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data, and will ensure that at least one of the following safeguards applies, in order to ensure that your personal data is subject to an essentially equivalent level of protection:

Adequacy decisions:  We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

Model clauses:  Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

Please contact us if you would like further information on the specific mechanisms used by us when transferring your personal data outside the UK or the EEA.

Your rights in relation to your information

Subject to certain limitations on certain rights, you have the following rights in relation to your information, which you can exercise by writing to the data controller using the details provided in the “Our details” section.

  • Your right to request access to your information  and information related to our use and processing of your information;

If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may charge a reasonable fee for producing those additional copies.

  • Your right to request the correction  of your information;

If the personal data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your personal data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we’ve shared your personal data with so that you can contact them directly.

  • Your right to request the erasure  of your information;

You can ask us to delete or remove your personal data in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.

  • Your right to request that we restrict our use  of your information;

You can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your personal data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your personal data to stop us processing it further. If we’ve shared your personal data with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.

  • Your right to data portability;

You have the right, in certain circumstances, to obtain personal data you have provided to us (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer it to a third party of your choice.

  • Your right to object to the processing of your information for certain purposes;

You can ask us to stop processing your personal data, and we will do so, if we are:

  • relying on our own or someone else’s legitimate interest to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or
  • processing your personal data for the purposes direct marketing.

You may also exercise your right to object to us using or processing your information for direct marketing purposes by:

  • clicking the unsubscribe link  contained at the bottom of any marketing email we send to you and following the instructions which appear in your browser following your clicking on that link;
  • sending an email  to data@thedrum.com, asking that we stop sending you marketing communications or by including the words “OPT OUT”.
  • Your rights in relation to automated decision-making and profiling

You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.

  • Your right to withdraw your consent  to our use of your information

If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. You can exercise your right of withdrawal by contacting us using our contact details in the “How to Contact Us” section above or by using any other opt-out mechanism we may provide, such as an unsubscribe link in an email.

Please note that if you withdraw your consent, this will not affect the lawfulness of our use and processing of your information on the basis of your consent before the point in time when you withdraw your consent.

  • Your right to lodge a complaint with a supervisory authority

If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, please contact us using the contact details provided in the “Our details” section above.

You can also report any issues or concerns to a national supervisory authority in the Member State of your residence or the place of the alleged infringement. You can find a list of contact details for all EU supervisory authorities at: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. As we are incorporated in the UK, our regulatory authority is https://ico.org.uk.

For further information about your rights in relation to your information, including any limitations which apply, please visit the following pages on the ICO’s website:

Verifying your identity where you request access to your information or to exercise other rights

Where you request access to your information, we are required by law to use all reasonable measures to verify your identity before doing so.

These measures are designed to protect your information and to reduce the risk of identity fraud, identity theft or general unauthorised access to your information.

How we verify your identity

Where we possess appropriate information about you on file, we will attempt to verify your identity using that information.

If it is not possible to identity you from such information, or if we have insufficient information about you, we may require original or certified copies of certain documentation in order to be able to verify your identity before we are able to provide you with access to your information.

We will be able to confirm the precise information we require to verify your identity in your specific circumstances if and when you make such a request.

Special Personal Data

'Special personal data' is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.

Save as outlined above, we do not knowingly or intentionally collect special personal information from individuals, and you must not submit sensitive personal information to us.

If, however, you inadvertently or intentionally transmit special personal information to us, you will be considered to have explicitly consented to us processing that sensitive personal information under Article 9(2)(a) of the General Data Protection Regulation. We will use and process your sensitive personal information for the purposes of deleting it.

Changes to our Privacy Notice

We may update and amend this Privacy Notice from time to time.

Where we make minor changes to our Privacy Notice, we will update our Privacy Notice with a new effective date stated at the beginning of it. Our processing of your information will be governed by the practices set out in that new version of the Privacy Notice from its effective date onwards.

Where we make significant changes to our Privacy Notice or intend to use your information for a new purpose or a different purpose than the purposes for which we originally collected it, we may also notify you by email (where possible) or by posting a notice on our website. However, we encourage you to review this Privacy Notice periodically to be informed of how we use your personal data.

We will provide you with the information about the change in question and the purpose and any other relevant information before we use your information for that new purpose.