At ABC we take the responsibility of looking after personal data in our possession seriously. This policy explains who we are and what we do with individuals’ personal data. ‘Personal data’ in this context means data relating to a living individual who can be identified from that data, or can be identified from that data taken together with other information that we hold or we may be likely to obtain. The persons or organisation responsible for determining how and why your personal data is used is known as a ‘Data Controller’.
Who we are and how to contact us
What personal data we collect and where we get it from
What we do with your personal data and why
Sharing your personal data
Sending your personal data to other jurisdictions
Keeping your personal data secure
How long we keep your personal data
Your rights in relation to personal data
Updates to this policy
- We are Audit Bureau of Circulations Ltd (‘ABC’), a company registered in England (number 259647).
- We are an independent company that organisations in the media industry engage to:
- Verify and report aggregated statistics related to their media products
- Verify their organisation’s policies, processes and procedures for compliance with relevant standards
- You can contact us:
- By post: ABC, Charter House Black Prince Yard, 207-209 High Street, Berkhamsted, Herts, HP4 1AD, United Kingdom
The personal data we use can be divided into two key types:
- Personal data that has been provided to us by our customers for the purposes of auditing their media products or their policies, processes and procedures against relevant standards
- Personal data related to our customers or prospective customers. This includes employees at our customers and other individuals, typically in a business capacity, that use or access our services
For the purposes of auditing
- When you transact with a media organisation, for example by buying a magazine, attending an event or visiting a website, they will collect your data and be responsible for it (i.e. they are a ‘data controller’). They will produce, by combining your transaction with others, aggregated statistics for their media products (for example a magazine’s circulation or an event’s attendance figure).
- If that media organisation engages us to carry out an audit of their media product(s) they (or agents acting on their behalf) will pass to us the aggregated statistics and supporting information that is necessary for us to carry out the audit. We will therefore be acting as a ‘data controller in common’ with that media organisation in relation to this supporting personal data.
- The information shared with us will be relevant to the media product being audited and may include (but not be limited to) the following types of personal data:
- Name, job title, company, postal address, email address, telephone number, demographic information, responses to audit personal identifier questions, the fact that you requested or paid for the media product (and how much). This may include information you provide about other people (such as work colleagues) where we assume you have their permission to share this data
- For online/digital activity (such as for websites or apps) log file records that may include IP addresses, unique device IDs, indicators of geographic location, cookies and web beacons associated with requests for access, or use of the media product
For ABC customers and prospective customers
- If you are registering to use our products or services (or are a prospective customer) we will collect the personal data necessary to provide these services (or engage you regarding them) and keep you updated with information relevant to these services. These will be obtained from you via registration forms, contact with our employees or our website or may be obtained from other publicly available sources such as your website or publicly available directories. This may include (but not be limited to) the following types of personal data:
- Name, job title, company, postal address, email address, telephone number. This may include information you provide about other people (such as work colleagues) where we assume you have their permission to share this data
For the purposes of auditing
- When verifying aggregated statistics:
- We reconcile the total records provided with the organisation’s claimed aggregated figures (such as a publication’s circulation, an event’s attendance or a website’s visitors)
- We select a sample of records to check against supporting information which may include personal data, such as subscription forms and payment records.
- For some media products we may contact a sample of individuals to further verify a particular transaction. For example that you requested a particular magazine or that you attended a particular event. We aim to conduct this in the least intrusive manner using a means of contact that you provided to the media organisation. We will explain why we are contacting you and will not conduct any direct marketing.
- When verifying whether a company’s policies, processes and procedures are compliant with relevant standards this may involve us reviewing personal data relevant to the product, to test how an organisation’s systems record and document transactions or activity.
- We do not publish any personal data and none of our published output can be linked back to you. The public output of our audit work is a certificate or report on the media product (or organisation) that may include aggregated statistics relating to that product and its audience. You can view examples of these on our website www.abc.org.uk.
- We do not use any data obtained for the purposes of auditing for any other purpose, such as direct marketing.
- The lawful basis under which we use your Personal Data is legitimate interests. This is because on balance, and taking account of your own interests, we have determined that it is necessary for the legitimate business interests for us (and others) to use your personal data in carrying out the auditing of media product(s) and/or organisations’ policies, processes and procedures.
For ABC customers and prospective customers
- We will use your personal data to deliver our products and services, manage your registration or subscriptions and communicate updates and relevant notifications and reminders.
- The lawful basis which we apply for this purpose is that it is necessary for the performance of a contract or in order to take the steps prior to entering a contract.
- We may send you marketing information about our products and services by post, email or telephone. If you wish to change how marketing messages are sent or wish to stop receiving them please contact us.
- The lawful basis which we apply for this purpose is that, on balance, and taking account of your own interests, we have determined that it is necessary for our legitimate business interests to process your personal data for the purposes of direct marketing.
- We will only disclose personal data to other third parties (such as regulatory authorities) if we were legally compelled to do so, plus in the following circumstances:
- When we share the results of our audit testing with the media organisation that supplied it to us. This would only be in the context of communicating any potential impact on the accuracy of the aggregated statistics arising from our conclusions.
- When we share your information with third parties who provide services on our behalf and on our instruction (for example to carry out auditing work or for the storage of records supporting our audit work). These third parties will be subject to contractual obligations to keep your data secure.
- If we transfer your personal data to processors outside the European Economic Areas (EEA) we will do so with appropriate measures and controls to ensure your privacy rights continue to be protected in accordance with the appropriate legislation.
- We will take specific steps (as required by applicable data protection laws) to ensure we take appropriate security measures to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.
- We will retain your information for as long as necessary for the uses set out in this policy unless a longer period is required or permitted by law.
Data protection legislation gives you a number of important rights:
- Right of access
- Subject to certain conditions, you are entitled to have access to your personal data (this is more commonly known as submitting a “data subject access request”). This right also means you can obtain information about how we process your personal information.
- Right to data portability
- Subject to certain conditions, you are entitled to receive the personal data which you have provided to us and which is processed by us by automated means, in a structured, commonly-used machine readable format.
- Rights in relation to inaccurate personal or incomplete data
- You may challenge the accuracy or completeness of your personal data and have it corrected or completed, as applicable. You have a responsibility to help us to keep your personal information accurate and up to date. We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details or telephone number.
- Right to object to or restrict our data processing
- Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.
- Right to erasure
- Subject to certain conditions, you are entitled to have your personal data erased (also known as the “right to be forgotten”). For example where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful.
- Right to withdrawal of consent
- As stated above, where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time.
- Rights in relation to automated decision making
- We do not currently undertake any automated decision making including profiling. However if we do then you have the right to object in relation to automated decision making which has a legal effect or otherwise significantly affects you.
If you wish to exercise any of the above rights please contact us via the post or email address given above.
If you wish to make a complaint please contact us in order that we can look into the issue and respond. You also have the right to complain to the Information Commissioner’s Office (ICO) which enforces data protection laws. For further information on your rights and how to complain to the ICO, please refer to the ICO website.
- You can contact us:
- By post: ABC, Charter House, Black Prince Yard, 207/209 High Street, Berkhamsted, Herts, HP4 1AD, United Kingdom
This policy was last updated: April 2018