Privacy Policy
- Who we are
- Why we collect information
- The purpose of this notice
- What personal information do we collect and how do we use it?
- Do we share your information with anyone else?
- How we secure your data
- Changes to this policy
- International data transfers
- Retention periods
- ISO 27001 information security management
- Complaints or queries
Who we are
This website is operated by the Independent Press Standards Organisation C.I.C. of Gate House, 1 Farringdon Street, London, EC4M 7LG (IPSO).
Why we collect information
As the regulator of the large majority of the UK newspaper and magazine industry, we help ensure that the UK public receives fair treatment from the press. We do this by enforcing the requirement contained in our agreement with the publishers we regulate that newspapers and magazines follow the Editors’ Code of Practice, monitoring their compliance with the Code, and taking action against newspapers and magazines which do not follow the Code. We also offer an arbitration service, which provides access to justice for individuals who wish to make legal claims against some of our member publishers.
We have a legitimate interest in administering and enforcing the Code and providing access to justice for claimants. We also have a legitimate interest in publicising our work, and raising awareness of our services, by email. This is the legal basis for our processing of this personal data.
The purpose of this notice
We are committed to protecting and respecting your privacy, and to ensuring that we comply with all relevant laws when processing your personal data. This notice explains what to expect when IPSO collects personal information. It applies to information we collect about
- people who complain to us about a breach of the Editors’ Code of Practice, and people who are mentioned in coverage that is reported to us, or during an investigation by us
- people who fill in our complainant feedback form after we handle their complaint
- people who request that we issue privacy notices on their behalf
- press standards and compliance at our member publishers, including information provided to us through our whistleblowers’ hotline or online form
- people who contact our arbitration service
- people who subscribe to our newsletter
- visitors to our website
- people who contact us for advice or general inquiries, including through social media
- job applicants and former employees.
Our website contains hyperlinks to websites owned and operated by third parties. These third-party websites may have their own privacy policies and we recommend you review them.
What personal information do we collect and how do we use it?
Complaints procedure
Type of information
We may receive personal data about complainants or other people through our investigation of complaints under the Editors’ Code of Practice, either from the complainant or the IPSO member publisher who the complaint is against. This may include a complainant’s name, contact details (including email and postal addresses), information about the complainant or other people appearing in coverage that the complaint is about, and information about the complainant or other people that is sent to us (either the complainant or the publication) during the investigation of a complaint. This material is kept together in a file, which in most cases is electronic.
Purpose of processing
We use this information to administer our complaints procedure, publish adjudications, carry out training, check on the level of service we provide, and monitor press standards.
Who is the data shared with
We may share this information with our members, even if the complaint is not taken forward. This ensures that they are aware that a complaint has been made about them and the outcome. You should let us know if you have concerns about this, and we will be happy to discuss it with you. It may be the case that we do not have to include certain information that you have given to us, although we do not generally take forward anonymous complaints.
In accordance with our general commitment to transparency and to help our standards-raising activities, we publish all rulings on investigated complaints by the Complaints Committee. However, we give complainants the opportunity before the Committee makes a decision to request that their name or other information is not included in the published decision. For similar reasons, we also publish a record of complaints that we resolve through mediation.
We collect information on complainants’ experiences with our complaints procedure via an online survey. This is anonymous and is used only for the purpose of monitoring and improving the service that we offer to complainants whose complaints are investigated.
Private advisory notice system
Type of information
We operate a private advisory notice service to notify member publishers and other relevant publishers of concerns raised that the Editors’ Code of Practice is being, or may be, breached. These notices are sent on a private and confidential, not for publication basis.
When we are contacted by people wishing to use our private advisory service, or their representatives, we keep a copy of the correspondence relating to the request in an electronic file on our internal database. We also keep one hard copy of the advisory notice on file.
This may include personal data including the person’s name, contact details, and information about the requester that is submitted to us in order to form part of the private advisory notice or as background to the request.
Purpose of processing
We use this information to administer the service, check on the level of service we provide, monitor press standards, and to maintain a record of the notice in case it should be relevant to a future complaint.
Who is the data shared with
We may share this information with member publishers and other relevant contacts (including broadcast journalists and news agencies). We will agree with the requester in advance which material will be shared, and wherever possible will agree the exact wording of the request in writing, in advance.
Standards and compliance monitoring, and the whistleblowing hotline/online form
Type of information
We monitor press standards and compliance on an ongoing basis. This includes information provided to IPSO through its complaints and private advisory notice services and material that is in the public domain, for example through news coverage or court judgments.
Some information about standards comes through our whistleblowing hotline, which is run by Crimestoppers, an external company. This enables journalists to report concerns about compliance at their organisations. Concerns can be raised over the phone or through an online form on our website. Journalists using the hotline can leave their contact details if they wish to, but are not required to. Any other personal data is removed from the record of the concern before it is passed to IPSO if requested by the whistleblower.
Purpose of processing
We use the contact information provided by those raising a concern to contact them to clarify points they have raised, or to communicate action we have taken in response to the concerns they have raised.
We use information about press standards in order to identify areas of potential concern or interest to our standards function, and to decide whether any issues identified require regulatory action by us. We seek to minimise the amount of personal data that we collect as part of this process, and we retain personal information only for as long as necessary to carry out these functions. We retain de-personalised information about the compliance records of organisations for as long as is necessary to help inform future actions, but no individuals are identifiable from that data.
Public Consultations
Type of information
We monitor press standards and compliance on an ongoing basis. This includes producing guidance for regulated publishers and information leaflets for the public. To help us produce the most useful and appropriate information we may put draft version of this guidance and leaflets to journalists, members of the public and other interested stakeholders to gain insight into their views.
Purpose of processing
We use the contact information provided by those completing a consultation to contact them to clarify points they have raised, or to communicate action we have taken in response to the comments or concerns they have raised.
We seek to minimise the amount of personal data that we collect as part of this process, and we retain personal information only for as long as necessary to carry out these functions.
Arbitration service
Type of information
As part of the operation of our arbitration service, we receive claim forms setting out potential legal claims against member publishers. Claims may include a complainant’s name, contact details (including email and postal addresses), information about the claimant or other people appearing in coverage that the claim is about, and information about the claim or other people that is provided by either side during the arbitration process.
Purpose of processing
The arbitration service provides low-cost access to justice for legal claims against regulated publishers who choose to participate. You can read more about the arbitration process here.
Who is the data shared with?
Information provided through the claim form is passed to CEDR, the company that administers the arbitration process on our behalf and oversees the appointment of an arbitrator. CEDR or the arbitrator may collect further information as part of the arbitration process. CEDR has a privacy policy which you can read here.
Mailing list
Type of information
We collect the names and email addresses of subscribers to our newsletter, which provides updates on our activities and relevant events.
Purpose of processing
Recipients of the newsletter are given the opportunity to opt out of further correspondence within each newsletter.
We use a third party provider, MailChimp, to deliver our newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see their privacy notice.
Visitors to our website
Type of information
When someone visits this website (ipso.co.uk) we use Google Analytics to collect information about which pages they visit, and how long they spend looking at each page. We process this data in a way that does not try to identify anyone. Our website search and decision notice search is powered by Google. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either IPSO or any third party. We also use cookies on our website, find out more here.
Purpose of processing
We look at this data to understand how people use our website and to help us consider how we can improve it.
People who contact us via social media
We have a presence on social networks including X formerly known as Twitter, LinkedIn and Facebook. Each of these organisations have their own privacy notices, which you can read by clicking on their names above. We do not respond to queries/comments on social media and to get in touch with us, please write to Email: inquiries@ipso.co.uk
People who call us for advice
Type of information
When you call us with a query or request for advice, we may make a note of the nature of your question and your contact details.
Purpose of processing
We will use the information in order to enable us to monitor concerns raised with us or to reply to your question. We will not share this information with anyone else unless the correspondence later becomes part of a complaint to us, in which case we will follow our usual complaints process.
We will use the information in order to enable us to monitor concerns raised with us or to reply to your question. We will not share this information with anyone else unless the correspondence later becomes part of a complaint to us, in which case we will follow our usual complaints process.
Telephone recording
We do not in general circumstances record telephone calls electronically but may do so if there is a specific need to do so. If we consider that it is necessary to record our call with you, we will tell you that we are doing so and will explain why. For example, we might have concerns about the way you are communicating with our staff and need to create a record so that that we can decide whether we need to limit our contact with you.
More information about this is available in our policy on unacceptable behaviour by complainants. If we decide that we need to record our calls with you, we will also explain how you can object to this recording.
Job applicants
Type of information
IPSO maintains records of current and past job applicants, which are kept digitally and in hard copy format, as part of its management of human resources and its recruitment practices. This includes their names, contact details, employment history and CVs.
Purpose of processing
This information is only used for the purpose of assessing the application, or to fulfil legal or regulatory requirements if necessary. You don’t have to provide what we ask for but it might affect your application if you don’t. We do not share this information with third parties for marketing purposes or store any of this information outside of the European Economic Area. It is held securely by us and deleted after six months if your application is not successful.
In some cases we ask applicants to fill in diversity monitoring forms, on a voluntary basis. Information provided through a diversity monitoring form is kept separately from other applicant data. It is not available to the people running the recruitment process while it is on-going, and it is used only to analyse our recruiting practices.
If you are successful, we will retain the information you provide during the application process as part of your employee file.
Former employees
We maintain records of past employees for a period of six years after you leave employment with us, to enable us to provide references and answer queries about your employment. This information is not shared with anyone else without your consent.
Do we share your personal information with anyone else?
We share information about IPSO’s operations with the members of our advisory panels on a strictly confidential basis. These panels include IPSO’s Standards Investigations Panel and the Readers’ and Journalists’ Advisory Panels.
We may share personal information with our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this privacy policy, provided that they do not make independent use of the information, and have agreed to adhere to the rules set out in this privacy statement.
In addition, we may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
Except as provided in this privacy policy, we will not provide your information to third parties.
Your rights
You have the following rights over the way we process personal information relating to you. We aim to comply without undue delay, and within one month at the latest:
- to ask for a copy of personal information we are processing about you and have inaccuracies corrected
- to ask us to restrict, stop processing, or to delete your personal information
- to request a machine readable copy of your personal information, which you can use with another service provider. Where it is technically feasible, you can ask us to send this information directly to another provider if you prefer
- to make a complaint to a data protection regulator.
You can read more about these rights on the website of the Information Commissioner’s Office here.
Please send your requests to Tonia Milton, Head of Systems (tonia.milton@ipso.co.uk).
How we secure your data
We will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. Although we try to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
Changes to this policy
This policy was last updated on 6th February 2023. It may be updated from time to time. We will notify you of any changes by posting the new policy here.
International data transfers
As part of the administration of our human resources function, we transfer personal information about current employees and officeholders of IPSO to a territory outside the EEA that has been found by the EU Commission to provide adequate protection for the rights and freedoms of data subjects. We do not transfer personal data about any other data subjects outside the EEA.
Retention periods
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We delete correspondence relating to complaints, private advisory notices and related inquiries after 7 years.
In the case of information provided by a whistleblower, we will delete contact information provided by a whistleblower after a period of two years. Any other personal data related to whistleblowing concerns will be deleted after 7 years.
We will delete contact information provided by someone responding to one of our Publication Consultations after a period of two years.
Information from job applicants is deleted 6 months after our last contact with you, if your application is not successful.
We delete records relating to past employees after 6 years from the date they leave employment with us.
We delete records relating to our data protection practices, which may include limited personal data, after 5 years.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
ISO 27001
ISO 27001:2022 is a standard of requirements for information security, focusing on establishing, implementing, maintaining and continually improving information security management systems.
We have been awarded ISO 27001 accrediation: IPSO ISOIEC 27001-2022 Certificate 2024.
Complaints or queries
In this notice we have tried to explain how we use the personal data we collect in terms that are easy to understand and clear. We welcome comments or questions on this policy, including on improvements that we could make either to the policy or to how we explain it.
If you have any questions or comments, please contact us by telephone on 0300 123 2220 or by email at inquiries@ipso.co.uk.