PRIVACY POLICY
INTRODUCTION
This Privacy Policy explains what personal information Storm Digital Media Group Limited (together “SDMG”, “we”, “our” or “us”) may collect about you, as well as how we collect, use, share, disclose or process that personal information. It also provides information about your data protection rights.
We use your information to provide you with the products and services you request, as well as to understand how and why our audiences engage with us. This allows us to personalise content, show you relevant adverts and generally improve your experience of our products and services.
Storm Digital Media Group Limited, company number 14531372 whose registered address is 13 Vansittart Estate, Windsor, Berkshire, SL4 1SE;
1. Our Data Promise to you
The Storm Digital Media Group Limited is absolutely committed to respecting and protecting your data whilst it is in our care. We collect your personal information because it helps us to understand your needs and guides the way in which we interact and communicate with you about our products and services now and in the future.
We promise you that we will:
· have strict policies and procedures in place to protect your data;
· only process your data if we have a legal reason to do so; or where you have given us your permission to do so;
· only hold your information for as long as there is a business requirement to kept it;
· store your data on our secure servers and ensure that we have strong controls in place to protect your data;
· only work with external companies that share the same strong data protection values as we do.
We encourage you to read this Privacy Policy in full.
We are registered with the Information Commissioner's Office, the regulator of General Data Protection Regulations (GDPR) and other relevant legislation and abide by its requirements.
2. The lawful bases Storm Digital Media Group Limited process personal data
Storm Digital Media Group Limited rely upon four of these lawful ways to collect, use, store and process personal data: Consent, Contractual; Legitimate Interests and Legal Obligations
To perform our contractual obligations to you.
· We and our external companies process your information to perform our contractual obligations to you when we use your information to provide you with the products or services. For example:-
· When you purchase a product or service from us, we process your payment and contact information as necessary to confirm fulfil the product or service.
· To process your contact information and other details to provide you with support services in regard to the service or product.
· If you exhibited at an event or attend an event, we will process your payment and contact information as necessary to provide the services.
· To provide a prize to which you are entitled.
Ensure that our products and services conform to agreed industry standards: Some of our products and services are independently monitored and assessed to ensure they meet approved industry standards and for industry reporting purposes.
Provide you with support: We may also provide you with help and support where we believe it is required. For example, if you have provided your contact information, we may contact you when a checkout journey is not completed. We may record phone calls or customer enquiries via online chat for quality, training and management purposes.
Conduct market research and analytics: We may use the information we hold on you about your engagement with our products and services, as well as other information collected from partners and other sources, to understand how our products are used and make improvements or develop other products and services our audiences may like. We may need to contact you about your experience of a product or service we provide you.
Change of control or sale of our business: We may transfer, sell or assign any of the information described in this Policy to third parties as a result of a sale, merger, consolidation, change of control, transfer of assets or reorganisation of our business.
To comply with our legal obligations.
We process and share your information as necessary to comply with our legal obligations when we use your information to protect our rights or the rights of others and when we share your information with other parties where required by law or as necessary to protect our rights. For example, we are required to collect certain information from you when processing your subscription payment for tax or financial reporting reasons.
With your consent.
There may be some uses of your information where we need to ask for your consent. You will have the right to withdraw that consent at any time, however, if you withdraw consent, we may not be able to provide the product or service you have requested. We will rely on your consent to:
Deliver Direct Marketing Communications: where required, we will ask your permission if we want to deliver direct marketing to you.
We may send you direct marketing communications via post, telephone, email, SMS, social media, online, in-app and devices connected to the internet, if we hold a valid direct marketing permission for you where required.
In relation to Cookies and Similar Technologies, we obtain your consent as described in our Cookies Policy. You can withdraw your consent at any time, by emailing data@stormdigitalmedia.group as described in our Cookies Policy.
We use Sourcepoint on our apps and websites. This is the GDPR compliance system that we use and asks users for permissions regarding the various vendors we use and stores those preferences.
It uses a Unique Identifier to recognise each user and remember their preferences. It is essential, without it, we would not be able to comply with the law.
We will always be transparent about how we plan to use your data so that you have the choice whether or not to give it to us. We respect your preferences and will do our best to make sure that we keep our promises.
If you give us your consent to send you further marketing messages, we may contact you from time-to-time with carefully selected offers and promotions from our network of carefully selected partners, from which you may always opt-out or unsubscribe. It is not our practice to contact you if you have made it clear that you do not wish to hear from us about our products and services.
If you withdraw your consent, we may be unable to provide that product or the service that you have requested.
3. What Personal Data do we collect?
The Storm Digital Media Group Limited collects Personal Data in a number of ways, such as, when you enter a competition, exhibit at an event or provide details at an event or when you interact with us via a website, mobile app or other digital services (“Services”). This Personal Data could include:
· Contact information, your name; postal address; email address; phone number.
· Comments, photos, videos and other content that you choose to publish or share with us.
· Payment information for subscriptions or purchases made through our websites, mobile application or other digital services.
· Your vehicle registration number if you are requesting a vehicle valuation.
· Your dietary and accessibility requirements if you are attending one of our events.
· Information you provide when participating in a competition; survey; event or apply for a job.
· Location information, when you permit the digital service to access device location. To prevent this access, please refer to instructions provided by your mobile service provider.
· Information we obtain from other sources, such as our business partners, and social media platforms
You may give us information about other people, such as the name and email of a contact if you are attending an event or the name and address of a gift subscription recipient. Please ensure that you are authorised or have the person’s permission to do so.
4. How do we keep it secure?
We hold your personal data on our secure systems, mainly based with the UK and the European Economic Area (EEA). Our staff are trained in data security, and our staff policies and procedures help our staff to understand what is required of them under their obligations to us, and also their responsibilities under GDPR and other privacy legislation.
When we ask another organisation to provide a service for us, we ensure that they have appropriate security measures in place. If we or our service providers transfer any information out of the European Economic Area (EEA), it will only be transferred with the correct protection in place. This includes the use of Model Contractual Arrangements as approved by the European Commission.
5. How do we collect Personal Data?
We collect your details when you register on one of our websites; subscribe to our service; place an order on our website; search for a product; correspond with us by phone, e-mail or otherwise; register to attend one of our events; participate in discussion boards or other social media functions on our website; enter a competition or promotion; apply for a job.
With regard to each of your visits to our websites and/or apps we may automatically collect the following information:
· technical information, including the Internet Protocol (IP) address used to connect your computer to the internet, your login information, browser/ app type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform;
· information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
Posts, comments and interaction:
· If you correspond with any of our titles or radio stations or interact with other customers or audience members or our staff, for example by using polls, comments, text messages, video, email, phone, radio or by post, we may display this content indefinitely in any relevant context, subject to our editorial judgement and your rights as set out in this Policy. This may be anonymised in the case of testimonials or customer service conversations.
· If you take part in any reader, listener or viewer forums, send us letters for publication, or take part in any radio ‘phone-ins, then you may be identifiable to others publicly and your comments attributed to you.
· If you send in a comment, we may post it on our site or use it as a testimonial without mentioning your full name or publishing any information that would identify you. Furthermore, in some circumstances we may display some of your information such as your username and age. Others may be able to see your personal data if you post any information on bulletin boards or forums and may be used to send you unsolicited communications over which we have no control.
We may need to authenticate your identity to provide you with access to subscriber-only services. We might also send you surveys or invite you to enter a competition or receive a newsletter, for instance. If you do not wish to participate you may simply decline our invitations.
Our iPad, Android and other "apps" may collect user data, which we use to learn about our readers and improve our apps.
To understand how our "apps" are used, we may use the service Google Analytics, Google Firebase, Adjust, Braze and App Tweak to provide us with anonymous statistical information about your use of our app(s).
A Facebook software development kit (SDK) is integrated with the app’s software. This allows us and Facebook to track when you launch the app and if / when you take some actions (like making a purchase).
This assists us when it comes to advertising campaigns we run – it helps us serve relevant adverts to target audiences on Facebook, and attribute revenues we receive against money spent advertising on the Facebook platform.
This is only done using your device’s unique identifier. We do not track, trace or monitor any other personal information within the app. It is non-essential and the user can opt out.
Google Firebase
Google Firebase is an analytics and marketing platform that we use to engage users and help us to improve our apps. A software development kit (SDK) is integrated with the app’s software.
As well as enabling features like push notifications (which the user opts into / out of using their phone’s built-in operating system), it allows us to monitor app usage, form cohort audiences for Google Ads and enable/disable functionality within the app.
Much like Facebook, each device is given a Unique Identifier and we don’t store any personally identifiable data. It is non-essential and the user can opt out.
Adjust
Adjust is our attribution software. It allows us to see which ad campaign/email/Facebook post users arrived at our app from. This means we know what’s working.
As part of our Google Analytics tracking, we have implemented the following features: Remarketing, Google Analytics Demographics and Interest Reporting. Visitors can opt-out of Google Analytics for Display Advertising by visiting here https://tools.google.com/dlpage/gaoptout/
We use this information for reporting purposes and to advertise online. Third-party vendors, including Google and Facebook, may show your ads on sites and mobile/native apps across the Internet. We may use the cookies relating to Google Analytics together with third party cookies to inform, optimise and serve ads based on a user's part visits to our websites. For more information please see our Cookies Policy.
Airship
Airship is a marketing user engagement platform that enables us to serve features like push notifications and other in-app communications.
Like Google Firebase, it allows us to monitor app usage and from that data form cohort audiences, which we can tailor unique messages for and then send to. Again, each device is given a Unique Identifier to help achieve this and we don’t store any personally identifiable data.
Airship again is classified as non-essential, so the user can opt out at any time.
LiveRamp
When you browse through our websites or use our mobile apps and when you enter your email address on these (either to log in, or to sign up to a newsletter, or similar) we may share personal or other information that we collect from you, such as your email address (in hashed, pseudonymous form), IP address, your mobile advertising ID or information about your browser or operating system, with our partner LiveRamp, Inc. and its group companies, acting as joint controllers. LiveRamp uses this information to create an online identification code for the purpose of recognising you on your devices. This code does not contain any of your identifiable personal data and will not be used by LiveRamp to re-identify you. We place this code in our cookie or use a LiveRamp cookie and allow it to be used for online and cross-channel advertising. It may be shared with our advertising partners and other third-party advertising companies globally for the purpose of enabling interest-based content or targeted advertising throughout your online experience (e.g., web, email, connected devices, and in-app, etc). These third parties may in turn use this code to link demographic or interest-based information you have provided in your interactions with them. Detailed information on LiveRamp’s data processing activities is available in LiveRamp’s privacy policy and opt-out here: https://your-rights.liveramp.uk/home. You have the right to withdraw your consent or opt-out to the processing of your personal data at any time.
LiveRamp again is classified as non-essential, so the user can opt out at any time.
6. How do we use your Personal Data?
Fulfilment of a service
We will use your personal data when fulfilling a product or service that you have requested. For example, when you subscribe to a magazine; register to access online content; register to attend an event; enter a prize draw/competition or apply for a job.
Marketing
We will only send you direct marketing when you have either provided consent for example by ticking a box or where we believe we can demonstrate a legitimate interest and have balanced this with your interests and privacy. You can opt out of receiving direct marketing at any time by clicking on the unsubscribe link on our emails or emailing data@stormdigitalmedia.group
Events
If you register to attend, sponsor or exhibit at one of our events such consumer events, a B2B event such as a conference; awards or roundtable events, we will share your details such as your name, job title and company name, with the events sponsors to ensure that the activity is specific to the audience, suppliers of event services such as shell scheme supplier. We also may share the delegate list with the venue for health and safety purposes.
Exhibitors and or sponsors may ask to scan your badge at the event to gain your consent to contact you in the future. If you do not wish your details to be shared, you can choose not to have your badge scanned.
Please note that at some events photographs and video footage may be taken and used for post event publicity. If you have any objection please legal@stormdigitalmedia.group. We sometimes make assumptions about your interests based on the way you interact with our products and services and the information we hold about you. This allows us to understand the products, content and services our customers like, letting us focus our efforts on developing those areas. We may also use this information to make decisions about what direct marketing and advertising to show you.
We will use your information to optimise article and content recommendations. Based on the kind of articles and content which prove to be of interest, we will use this information to provide a more engaging and personalised experience for you.
We may use the information we hold about you, including how you engage with our products and services, as well as from other sources, to segment our audiences into groups with particular attributes (likes/dislikes/reading behaviours etc). This helps us personalise your experience and show you more relevant content and adverts.
7. Do we share that data with any other companies?
Except as otherwise stated in this Privacy Policy or in the data collection statements that will always be visible when we collect your information and where we give you the opportunity to select your preferences, we may release your data to external companies that we use to process your orders, to supply you with a prize in the event you win a competition, or charge your credit card, for instance.
Every supplier we use has to go through a rigorous up-front process to ensure that their processes are at least as good as our own, and they are required to sign a contract that defines what their responsibilities and liabilities are. We make site visits regularly whether our suppliers are in the UK, the EEA or outside the EEA, where we require an EU approved model contract to be signed.
When you visit our websites and apps, we may check to see if you have a cookie ID. This is a form of identifier that tells us who you are. We may share this with advertisers, ad servers and ad networks to deliver targeted advertising both on our websites/apps and on selected partner websites but this will not include any information which directly identifies you. However, by interacting with or viewing an advert, you should be aware that the third party may make the assumption that you meet the targeting criteria used to display the advert and we accept no responsibility for the content of any advertising you may see.
We do tell you which third parties may collect and use your information when you visit our sites and provide you with the ability to opt out. To learn more or to see how you can opt out of targeted advertising, for more information please read our Cookie Policy.
Please take care when using social networking sites to which we may invite you to join that you do not disclose anything that you might later wish to retract.
There are certain times when we may have a legal obligation to disclose your data in good faith where it is required by law or to respond to subpoenas or warrants served on us, or where we have a requirement to protect or defend the rights of The Storm Digital Media Group Limited or any users of our servers. We will always ensure that those requesting the information have the legal right to do so.
If another company should acquire any of our companies or any of our assets, including our databases, that company will have the right of possession to the Personal Data collected by us and will assume the rights and obligations formerly attributable to us and will use the data in line with the terms under which you submitted it or as described in this Privacy Policy.
Occasionally we may allow our clients to compare their customer database to ours. This is called data matching and allows our partners to see if they can reach their audiences on our platforms. Generally, this will be conducted at an aggregate audience level to provide insights, rather than individual level information, although your information may be used to generate these insights. These insights might include the overlap between our audiences and the client and other information that would be useful to understand if an advertising campaign would be effective.
As part of the data matching process we may allow partners to build target audiences based on predefined attributes. These ‘lookalike’ audiences may be similar to our partners’ existing audiences. For example, a sports brand may want to reach ‘car enthusiasts’ or those who enjoy ‘motoring. They could select audiences who have been identified as having an interest in these areas. To do this, we segment our audiences into groups depending on what we think they like or other behaviours. This helps them find the right audiences and we are able to show you more relevant advertising.
In the event that a partner wishes to send direct marketing or other promotional communications to an audience as a result of data matching, they must confirm to us that they have permission to contact any individual on their database. In some circumstances, we may use the marketing permissions we hold for us to reach those audiences to send relevant communications.
We may share your personal data with a third-party auditing organisation so they can verify aggregated statistics about circulation and usage of our products or review our policies, processes and procedures for compliance with relevant standards.
We may collect information from your devices that tells us whether you’re using an ad blocker. This is so that we can manage our compliance with the law and also determine if we are able to show you advertising. We may also ask you to suspend or whitelist our websites so that we can show you adverts. As a predominantly advertising funded business, we do rely on our ability to show you advertising to help ensure we are able to provide you with the products and services you.
8. The information we may collect from you about others
Sometimes we may offer you the chance to invite a family member or a friend to enjoy a particular service. In such circumstances, we will collect both your personal details and those of your friend or family member. We will ask your consent to mention your name when we contact the person or persons you have recommended and we will only use this information once and not save it in our database, unless they have entered a competition, for example, when the information will be stored purely for that purpose. If they decide to take up any of our invitations then their data will be treated exactly the same as your own, using the terms under which the data was collected and the information as described in this Privacy Policy, which they will be made aware of at the time of our invitation.
9. Leaving our website and moving on to third party websites
When you click on advertisements or links on any of our sites, you will leave that site and go to a third-party site, which is outside of our control. When we place an advertisement on one of our sites, it does not signify that we are endorsing that advertiser's product or service. We do not accept responsibility for content, which we have no control over, and our Privacy Policy does not apply to these companies, sites or content; and if such third-party sites collect Personal Data, we cannot control how this data is processed, stored or used. We advise that you read their data collection statements, which accompany any registration and their Privacy Policies, before you submit your personal information.
10. Cookies and how we use them
"Cookies" are small pieces of information that a website sends to your computer's hard drive while you are viewing a website. The Storm Digital Media Group Limited uses cookies for a number of reasons:
· To provide you with a more personal and interactive experience on our sites.
· For statistical purposes to track how many users we have and how often they visit our websites.
· We use organisation to collect anonymous user information so they can analyse how the website is being used and the number of visitors.
· We and our advertisers may use statistical cookies to track who has seen an advert and clicked on it.
· To show you adverts that you may be interested in and to control the number of time you see them and measures the effectiveness of the ad campaign.
· We may use ‘Flash’ cookies to store your preference for your media player. If we do not use them, it may not be possible for you to watch some video content.
You have the ability to accept or decline cookies, when you use the website for the first time via “see all options” link on the “pop up” banner, but please be aware that for some parts of our sites to work, you will need to accept cookies.
For more information on how the Storm Digital Media Group Limited use cookies please read our Cookie Policy.
11. Our Apps
If you use any of our apps on your mobile device, we will process the following information:
· Your location, you may decline this request, but this may mean that we cannot offer relevant services and information that are relevant to your area.
· Your device ID, this will be processed automatically.
· Your email address, if you create an account used to contact you and to recognise you when you contact us.
· Your age and gender, if you provide it.
You may edit your details, opt-out of advertising profiling or de-activate your account at any time by selecting ‘Account Preferences’ from the ‘More’ menu on your app.
12. Online Behavioural Advertising
We use an advertising service called online behavioural advertising (OBA). This allows us to deliver targeted advertising to the visitors of our websites. It works by showing you adverts that are based on your browsing patterns and the way you have interacted with the website. For example, if you have been reading a lot of specific articles, you may be shown more adverts for those specific interests.
None of the OBA techniques used will collect personal information such as your name, email address, postal address or phone number.
13. Logging in using social networking
If you login to our sites using a Facebook login or a Google login, you are granting permission to Facebook and/or Google to share your user details with Storm Digital Media Group Limited. This will include your name, email address, date of birth and location which will then be used to form a Storm Digital Media Group Limited identity. This will also allow Storm Digital Media Group Limited and Facebook and/or Google to share your networks, user ID and any other information you choose to share according to your Facebook and/or Google account settings. If you remove the Storm Digital Media Group Limited app from your Facebook and/or Google settings, we will no longer have access to this information.
14. Opting out on Receipt of Marketing Communications
If you receive a marketing email from one of our brands, you will have the option to “opt-out” by clicking on the unsubscribe link provided at the bottom of each and every message we send you. If you wish to unsubscribe from all brand lists please contact data@stormdigitalmedia.group. Please be aware that this will not unsubscribe you from our service based messages, such as subscription rewards and subscription reminders. If you wish to be opted out of reward emails, please contact data@stormdigitalmedia.group.
SMS
If you receive a marketing SMS text, please text “STOP” to any message received.
Phone
If you receive a marketing call from Bauer, please let the call operator know you do not wish to receive any further calls.
If you wish to stop all marketing communications from SDMG, please data@stormdigitalmedia.group
Push Notifications
We work with an independent provider to deliver Push Notifications via your internet browser if you select the option to “Subscribe” via the pop up message that appears when you visit the site. We will only send you messages about relevant content, products and services available from the site.
If you have pop-up notifications enabled on your desktop, you can use the following instructions to opt out.
Google Chrome
Click the 3 dots at the top right > Select settings > advanced > privacy and security > content settings > notifications > click the three dots next to the websites that are in the “allowed” category > click Remove.
Safari
Choose Safari > Preferences, click Websites, then click Notifications > Find the website in the list, then select Deny.
Safari
Choose Safari > Preferences, click Websites, then click Notifications > Find the website in the list, then select Deny.
Firefox
Click the menu button and select Options > Select the Privacy & Security panel and go down to the Permissions section > Click the Settings using the button next to Notifications > Select the website > Click Remove Website.
Microsoft Edge
Click the three dots button in the top-right of the browser window > Click settings > Click View advanced settings > Under Notifications, click Manage.
15. Telephone and Mailing Preference Services
The Telephone Preference Service (TPS), the Corporate Telephone Preference Service (CTPS) and the Mailing Preference Service (MPS) allow you to choose to opt out of unsolicited marketing. However, if you are registered on any of the preference services, which are general opt-out registers, you may still receive marketing communications from us if you have given us your consent previously or if you subsequently give us that consent or if we are contacting you under legitimate interests.
16. Marketing to Children
We do not knowingly collect personal information from children under the age of 16 for marketing purposes.
17. Your Rights
Under GDPR, you have a number of rights, which are aimed at giving you control about how your personal data is used by us.
Access your personal data
You have the right to see what information we hold about you and the purposes for which we are using it. This is known as a Subject Access Request. In responding to such a request, we may ask for proof of your identity, to ensure that we do not send you personal data to another person. We will respond to any requests as soon as possible, but at least within 30 days.
Amend your personal data
You may ask us to make any changes that you consider necessary to make the information accurate, please let us know and we will rectify this as soon as possible. Please email data@stormdigitalmedia.group
We will require that you satisfactorily identify yourself to demonstrate your entitlement to view this data.
Delete your personal data
If you wish for your personal data to be deleted, we will review any request on a case-by-case basis. We will respond to you as soon as possible, at least within 30 days of receiving your request.
18. How long do we keep your personal data?
We hold personal data for different purposes and the length of time we keep your information will vary depending on the services or products we are providing. We will only keep your data for a reasonable period of time, which is based on the purpose for which we are using your data. Once that purpose has been fulfilled, we will securely delete that data or anonymise your information (so that we, or anyone else, can no longer tell that data relates to you) unless we are required to retain the data longer for legal, tax or accounting reasons.
We have a detailed retention policy for ensuring that we do not hold personal data for any longer than we justifiably need to. For further information on our retention policy contact legal@stormdigitalmedia.group
19. Questions regarding this Privacy Policy
If you have comments or questions related to this Privacy Policy please email legal@stormdigitalmedia.group and we will respond as promptly and as fully as we can.
Complaints will be dealt with by the Data Protection Officer and will be responded to within 30 days. If you are not satisfied with the response you should refer your complaint to the ICO https://ico.org.uk/concerns/
20. Changes to this Privacy Policy
This Privacy Policy will be amended from time-to-time if we make any important changes in the way that we collect, store and use personal data. We may notify you by sending an email to your last known email address or writing to your last known postal address to direct you to the Privacy Policy if the changes are material. Our dispatch of a communication to you will, in any event, constitute notification. Any changes will be effective immediately.
This Privacy Policy was last revised in November 2023