Privacy Statement

May 24, 2018

INTRODUCTION

  1. This website (the “Site”) is operated by [Independent Newspapers Ireland Limited] (“INM”).
  2. This Privacy Statement together with the Cookie Policy, Terms and Conditions of use of the Site for www.sundayworld.com provides guidance and information to users/visitors of our Website regarding the processing of personal data by INM.
  3. The documents referred to in the Privacy Statement and Terms and Conditions sets out the basis on which any personal data we collect from you or that you provide to us (“Data”) in connection with the Site will be processed by us. Please read this Privacy Statement carefully to understand our treatment and use of Data.
  4. The Privacy Statement applies to the operations of this Site operated by INM, a company registered in the Republic Of Ireland under number 153066 and having its registered office at 27-32 Talbot Street, Dublin (hereinafter "INM”, "us", "we" or "our"). For the purposes of this agreement "INM" shall mean Independent News & Media plus any Subsidiaries thereof and "Subsidiaries" has the meaning given to it by section 7 of the Companies Act 2014.
  5. INM and its associated companies are fully committed to protecting and respecting your privacy.
  6. It is the intention of this Privacy Statement to explain to you the information practices of INM in relation to the information we collect about you and other users.
  7. In this Privacy Statement, references to “you” means the person whose personal information we collect, use and process.
  8. We will use your Data only for the purposes and in the manner set forth below, which describes the steps we take to ensure the processing of your Data is in compliance with the Data Protection Acts 1988 and 2003 (as amended) and any subsequent data protection and privacy legislation, European Union Law including Regulation (EU) 2016/679, known as the General Data Protection Regulation or GDPR and any subsequent amendments (collectively referred to as “Data Protection Legislation”).

IDENTITY OF THE CONTROLLER OF PERSONAL INFORMATION

1. For the purposes of the Data Protection Legislation, the Data Controller of the Site is [Independent Newspapers Ireland Limited, a private company limited by shares and registered in Ireland (Registered Number 153066) and having its registered office address at Independent Newspapers Ireland Limited, Independent House, 27-32 Talbot Street, Dublin 1, Ireland].

CONTACT DETAILS OF THE DATA PROTECTION OFFICE

1. The contact details of the INM Data Protection officer are as follows:
Email Address: data.protection@inmplc.com
Address: INM Data Protection Office, INM, 27-32 Talbot St, Dublin 1, Ireland

WHEN DOES THIS PRIVACY STATEMENT APPLY

1. This Privacy Statement applies to Data that we collect, use and otherwise process about you in connection with your use of our Website. The Data we process will depend on how you use our Website.

ACCEPTANCE OF THIS PRIVACY STATEMENT

1. By using this Site and by disclosing your Data to us, you consent to the collection, storage, processing, use and disclosure of your Data by us as described in this Privacy Statement. If you do not agree with or are not comfortable with any aspect of this Privacy Statement, your only remedy is to discontinue using our Site. We reserve the right to modify this Privacy Statement at any time. Your continued use of any part of our Site following notification or posting of such changes will constitute your acceptance of those changes.

INFORMATION WE MAY COLLECT FROM YOU

  1. When you visit or use the Site in any way, we may collect and process different types of information about you.
  2. We have set out below the different types of Data that we collect. Please note that if you do not provide us with your contact information we will not be able to provide you with any information you request.
  3. The Data we collect, the basis of processing and the purposes of processing are detailed below. Sometimes, these activities are carried out by third parties, (see “Disclosure of your Data” section below).

On Sunday World:

We collect technical information including your Internet Protocol (IP) address, browser type and version, operating system and device type. This is collected in an anonymous manner and helps us optimize the site for our users.

We also anonymously collect information about your visit, including the Uniform Resource Locators (URLs) of the pages you visit during your visit, articles you view, length of time on page and referring URL. This is the web page that you came from if you followed a link to our site. This helps us better understand what content appeals to our users and how to best structure our site.

When you register for one of our services we will track and store information about you in order to provide that service. If you sign up for e-paper subscriptions then we will track and store only such information as is necessary to deliver that service including, online identifier, payment details, contact details and subscription status. This is only done with your consent and in order to deliver the product that you have requested.

Our Web Sites use JavaScript to detect the use of ad blocking extensions for web browsers but does not store or process any personal data.

WHERE WE STORE YOUR DATA

  1. Your Data may be stored and transferred within the European Economic Area (EEA) or transferred to, and stored in, countries outside the EEA, for example, when one of our service providers use employees or equipment based outside the EEA. The EEA comprises those countries that are in the European Union (“EU”) and some other countries that are considered to have adequate laws to ensure personal data is protected.
  2. When transferring your Data outside of Ireland or the EEA, we will (and will ensure that service providers acting on our behalf agree to) protect it from improper use or disclosure and ensure the same levels of protection are in place as are applied within Ireland and the EEA.

USE MADE OF YOUR DATA

We may use your Data that we hold to:

  • provide paid services such as digital edition subscriptions;
  • analyse your online browsing behaviour on our Site, Mobile Apps or email communications based on information about when you click on our content
  • respond to your requests for information and other communication or correspondence you may submit to us;
  • provide you with information or services that you request from us;
  • carry out statistical analysis and market research;
  • carry out activities necessary to the running of INM, including systems testing, network monitoring, staff training and quality control; and

DISCLOSURE OF YOUR DATA

  1. We consider your Data to be private and confidential. Your Personal data may be shared within the INM Group, for any of the purposes set out in this Privacy Statement.
  2. We may access and/or disclose your Data if required to do so by law or in good faith and belief that such action is necessary to: (a) conform with the law or comply with legal process served on us; (b) protect and defend our rights or property including, without limitation the security and integrity of our network and systems; or (c) act under exigent circumstances to protect the personal safety of users of our services or members of the public.
  3. Service Providers. We use third party service providers who work for us in the provision of our services. In providing the services, your Data will, where applicable, be processed by the service provider on our behalf. We will check any third party that we use to ensure that they can provide sufficient guarantees regarding the confidentiality and security of your Data. We will have written contracts with them which provide assurances regarding the protections that they will give to your Data and their compliance with our data security standards and international transfer restrictions.
  4. Disclosure to Third Parties. In certain circumstances, we may share and/or are obliged to share your Data with third parties for the purposes described above and in accordance with Data Protection Legislation. These third parties include:
    • regulatory authorities;
    • financial institutions;
    • revenue who, under the Standard for Automatic Exchange of Financial Account Information in Tax Matters (Common Reporting Standard) may share information with the tax
    • authorities of other countries police, public prosecutors;
    • auditors;
    • relevant industry bodies;
    • external professional advisors; and
    • others, where it is permitted by law, or where we have your consent.
    • These organisations will also use your Data as a “Data Controller” – they will have their own privacy notices which you should read, and they have their own responsibilities to comply with applicable Data Protection Legislation.

RETENTION

  1. We keep your personal data for as long as it is necessary to do so to fulfil the purposes for which it was collected as described above. The criteria we use to determine data retention periods for personal data includes the following:
  2. Retention in case of queries; we will retain it for a reasonable period after the relationship between us has ceased; and
  3. Retention in accordance with legal and regulatory requirements.
  4. If you would like further information about our data retention practices, please contact INM’s data protection officer (see the “Contact Us” section below).

LINKS TO OTHER SITES

  1. Our Site contains links to and from other websites and web platforms. In addition, third parties websites may also provide links to the Site. If you follow a link to any of those websites or web platforms, please note that those websites and web platforms have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.
  2. We do not accept, and we disclaim, any responsibility for the privacy policies and information protection practices of any third party website (whether or not such website is linked on or to the Site). These links are provided to you for convenience purposes only, and you access them at your own risk. It is your responsibility to check the third party website's privacy statement before you submit any personal data to their websites.

SECURITY

  1. We endeavour to use appropriate technical and physical security measures to protect your personal data which is transmitted, stored or otherwise processed by us, from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access. Our service providers are also selected carefully and required to use appropriate protective measures.
  2. As effective as modern security practices are, no physical or electronic security system is entirely secure. The transmission of information via the internet is not completely secure. Although we will do our best to protect your Data, we cannot guarantee the security of your Data transmitted to our Site. Any transmission of Data is at your own risk. Once we receive your Data, we will use appropriate security measures to seek to prevent unauthorised access. We will continue to revise policies and implement additional security features as new technologies become available.
  3. In the event that there is an interception or unauthorised access to your personal data, we will not be liable or responsible for any resulting misuse of your personal information.

YOUR RIGHTS

  1. You may have various rights under Data Protection Legislation. However, in certain circumstances, these rights may be restricted (Article 23 of the General Data Protection Regulation, [which is transposed into Irish law by section 54 of the Data Protection Bill 2018], sets out the circumstances in which your rights may be restricted). In particular, your rights may be restricted where this is necessary: (i) for the prevention, detection, investigation and prosecution of criminal offences, and/or (ii) in contemplation of or for the establishment, exercise or defence of a legal claim or legal proceedings (whether before a court, tribunal, statutory body or an administrative or out-of-court procedure).
  2. Subject to the above, your rights under Data Protection Legislation may include (as relevant):

Your Right: Right of Access

What does it mean? Subject to certain conditions, you are entitled to have access to your personal data which we hold (this is more commonly known as submitting a “data subject access request”).
How do I execute this right? Requests for such information should be made in writing to to Data Protection Officer by email data.protection@inmplc.com and/or by post to INM Data Controller, INM, 27-32 Talbot St, Dublin 1, Ireland. If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.
Conditions to exercise? We must be able to verify your identity. Your request may not affect the rights and freedoms of others, e.g. privacy and confidentiality rights of other individuals and/or businesses.

Your Right: Right of Data Portability

What does it mean? Subject to certain conditions, you are entitled to receive the data which you have provided to us and which is processed by us by automated means, in a commonly-used machine readable format.
How do I execute this right? Requests for such information should be made in writing to to Data Protection Officer by email data.protection@inmplc.com and/or by post to INM Data Controller, INM, 27-32 Talbot St, Dublin 1, Ireland. If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.
Conditions to exercise? The GDPR does not establish a general right to data portability. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (e.g. not for paper records). It affects only personal data that was “provided” by you. Therefore, it does not, as a rule, apply to personal data that was created by the INM or supplied to the INM by any other individual and/or business.

Your Right: Rights in relation to inaccurate personal or incomplete data

What does it mean? You may challenge the accuracy or completeness of personal data which we process about you. If it is found that personal data is inaccurate, you are entitled to have the inaccurate data removed, corrected or completed, as appropriate.
How do I execute this right? We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details. Please always check first whether self-help tools are available. Requests for such information should be made in writing to to Data Protection Officer by email data.protection@inmplc.com and/or by post to INM Data Controller, INM, 27-32 Talbot St, Dublin 1, Ireland.
Conditions to exercise? This right only applies to your own personal data. When exercising this right, please be as specific as possible.

Your Right: Right to object to or restrict our data processing

What does it mean? Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.
How do I execute this right? Requests for such information should be made in writing to to Data Protection Officer by email data.protection@inmplc.com and/or by post to INM Data Controller, INM, 27-32 Talbot St, Dublin 1, Ireland.
Conditions to exercise? This right applies only if the processing of your personal data is necessary for the performance of a task carried out in the public interest (see “basis of processing” above). Objections must be based on grounds relating to your particular situation. They must not be generic so that we can demonstrate that there are still lawful grounds for us to process your personal data.

Your Right: Right to have personal data erased

What does it mean? Subject to certain conditions, you are entitled, on certain grounds, to have your personal data erased (also known as the “right to be forgotten”), e.g. where you think that the information we are processing is inaccurate, or the processing is unlawful.
How do I execute this right? Requests for such information should be made in writing to to Data Protection Officer by email data.protection@inmplc.com and/or by post to INM Data Controller, INM, 27-32 Talbot St, Dublin 1, Ireland.
Conditions to exercise? There are various lawful reasons why we may not be in a position to erase your personal data. This may apply (i) where we have to comply with a legal obligation, (ii) in case of bringing legal proceedings or defending legal proceedings, or (iii) where retention periods apply by law or under the INM’s internal data retention policies.

Your Right: Right to withdrawal

What does it mean? You have the right to withdraw your consent to any processing for which you have previously given that consent.
How do I execute this right? Requests for such information should be made in writing to to Data Protection Officer by email data.protection@inmplc.com and/or by post to INM Data Controller, INM, 27-32 Talbot St, Dublin 1, Ireland.
Conditions to exercise: If you withdraw your consent, this will only take effect for the future.

COMPLAINTS

1. In the event that you wish to make a complaint about how your personal data is being processed by INM, or how your complaint has been handled, you have the right to lodge a complaint directly to the Data Protection Officer by email data.protection@inmplc.com and/or by post to INM Data Controller, INM, 27-32 Talbot St, Dublin 1 Ireland.

YOUR RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

  1. If you are unhappy about any aspect of the way we collect, share or use your personal data, please let us know using the contact details below.
  2. You also have a right to complain to the Office of the Data Protection Commissioner at Canal House, Station Road, Portarlington, Co. Laois by telephone at 1890 25 2231 and/or by email to info@dataprotection.ie.

CHANGES TO OUR PRIVACY STATEMENT

1. We reserve the right to change this Privacy Statement at any time in our sole discretion. If we make changes to this Privacy Statement they will be posted on the Site so that you are always are of what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our website after we post any such changes, you accept and agree to this Privacy Statement as modified.

CONTACT US

1. In the event you have any Questions, comments and requests about the information set out in this Privacy Statement, please contact us by email data.protection@inmplc.com and/or by post to INM Data Controller, INM, 27-32 Talbot St, Dublin 1 Ireland.