Leeds-List’s Privacy Policy — How we use your data
Here we cover the information we collect, what we do with it and what you can expect from our handling of your data. It is our ethos to provide a great user experience across our channels and platforms, which includes best practice with the collection, processing and sharing of data. If you have concerns, you can contact us and we’ll be pleased to discuss them.
This information is provided so you can make an informed decision when you use our digital platforms and features, including our website and competitions.
Leeds-List is a trading style of Leeds Digital Magazines Limited (the company), who is registered with the Information Commissioner’s Office as a data controller.
We collect information about:
- Those people that visit our websites
- Those people that use our search engine or other interactive features, like quizzes
- Those people that enter the competitions that we host on our website or other channels
- Those people that subscribe to, read, and consume our email newsletter(s)
- Those people that contact us through our website
- People that interact with our social media posts or social media advertising or contact us through social media
- People that use our social media channels or social media apps to interact with us (including ‘comments’)
1. Website Visitors
When someone visits our website, which is normally hosted at https://leeds-list.com, we use a number of services to enable us to serve the request and understand how our visitors consume it.
We offer an industry standard level of security across our website to improve the user experience, increase reliability and protect the information you may choose to submit to us. This is often known as SSL or secure sockets layer.
Your web browser will often indicate when a connection is secure, by displaying a notification message, e.g. ‘secure’ or displaying a symbol like a padlock. We aim to meet and exceed the industry standards for data security, however we cannot guarantee the security of data sent over the internet because of the variety of technologies and providers.
In servicing requests to our website, we rely on third party providers including CloudFlare and Digital Ocean. Your request or information that you submit to us through our website may pass through countries outside of the UK or Europe in fulfilling your request or submission.
Third party services, including Google Analytics and CloudFlare are used to improve the availability of our services and to understand the behaviour of visitors to our website and other digital services that we may provide from time to time.
This information does not include personally identifiable details, however it does tells us things like:
- Type of device used to visit the website
- Parts of the website that are most popular
- The features or aspects that are interacted with by a user
We collect this information on content that we produce and publish, as well as content that we produce and publish on behalf of a client or brand partner. The latter content can be identified as such by the presence of a ‘sponsored by’ or other disclosure.
This non-personally identifiable information may be shared with the third party client or brand partner that is explicitly noted as the ‘sponsor’ of the competition in relation to the effectiveness of the activity so that they may improve their campaigns, products or services.
Web server log files are used to record standardised information on every request made to our website and the other resources we host. This information includes:
- The resource requested
- The time of the request
- Information on the device’s hardware and software making the request
- The IP address of the device or network making the request
This information is held for up to 5 calendar years and used for compliance, security and robustness purposes and is not normally used to identify individual users except where required for security or legal purposes.
2. Users of our website’s search engine or other interactive features
To provide a better user experience and analyse the effectiveness of the content we create and publish, we collect information including:
- The text of the search query used when searching our website
- The section, page or feature of the website that was interacted with and the duration of the interaction
- The device used by the visitor to enable the interaction
- The time and date of such an interaction
We use this information when making decisions on the content we produce.
When this information is collected in relation to content that is part of a client’s campaign or is otherwise produced and published on behalf of a client or brand partner, we may share this non personally identifiable information with the named third party client.
3. Users, entrants and purchasers of competitions, promotions or third-party contact forms on our website
Promotions on our website offer our website visitors the chance to win a prize, purchase a product or take up an offer from or in association with our brand partners or clients.
Our clients and brand partners utilise promotions as a way to inform our website users about their products or services and sometimes additional benefits like offers, discounts or exclusive incentives to those users and customers.
We collect personally identifiable information, alongside usage data and information to enable us to practically, fairly and securely process and action promotions, as well as providing us with data that we use and analyse to produce better, more relevant content and provide our clients with information on the effectiveness of the content and campaigns we produce for them.
The information we collect includes:
- User’s first name and last name
- User’s email address
- IP address of the device or network used to access the promotion page
- Information to identify the hardware and software of the device used to access the promotion
- Geographic location of the device used to enter the promotion, either estimated from the device or network’s IP address or from the device’s GPS capabilities (with a capable device and the user grants permission for the collection of this data)
- Date and time of interactions
- Technical information relating to the entry and interaction, such as device behaviour and cursor position on the screen
This information is securely sent to our servers and securely stored by our CRM and email provider, Campaign Monitor.
When you send information to us for this purpose, your information is sent out side the United Kingdom and sometimes outside the EU to be stored by this third party. This third party uses multiple data processing locations including USA, Australia and Germany.
Data at rest is also encrypted using AES-256 encryption and their data centre adheres to several layers of industry best practice.
To ensure best practice and ensure compliance with industry standards, we perform analysis and checks on users that take up promotions after their submission. Competition winners are randomly selected from entrant data during processing.
We inform winners by email, subject to the terms and conditions of the specific competition or promotion.
Users are added to our email newsletter subscribers to be informed of similar promotions and opportunities.
Losing competition entrants may receive additional emails afterwards with marketing material such as an offer, promotion or exclusive incentive in return for entering the competition.
Users may receive email updates (which may include offers and discounts by way of thank you for entering the competition or taking up the promotion) from the third party company or partner.
We may sell, share or trade the personally identifiable information provided during competition entry to the third party company or brand partner that paid for the competition.
When information is shared with the third party, the personal information is encrypted before it is sent to protect it during transit.
Data may be sent outside of the United Kingdom and EU when it is sent to a third party.
Individuals may request deletion of the data they submit to us by emailing data.controller@leeds-list.com.
We will assess the validity of every request received and may require verification of the requesters’ identity to proceed. Requests are normally processed in one calendar month, with changes cascaded to our backups in line with our retention policy. We may notify the individual making the request within 14 days of receiving a valid request.
4. Subscribers and readers of our emails and email newsletters
We store data to keep track of the people that subscribe to our emails, email newsletters and enter our competitions, including:
- User’s first name and last name
- User’s email address
- IP address of the device or network used to access the website
- Information to identify the hardware and software of the device used to access the website
- Geographic location of the device used to access the website
We use a third-party supplier, CampaignMonitor to securely store and process user data and analyse the behaviour of users.
Your information may be transmitted outside the United Kingdom and EU during subscription and processing.
We use secure methods including SSL and encryption to enhance the security of your data and prevent to the most possible extent the interception of your data as it travels over the internet, though we cannot guarantee the security of data as it travels over the internet or in the delivery of email.
Additionally, CampaignMonitor collects user behaviour data on how subscribers and users consume our e-newsletter, which we use to improve our communications with our users. This information includes individual and aggregate information on emails opened and links clicked and by whom.
Where an action relates to a specific user or subscriber, such as an email open or link clicked, we may analyse this information to offer a better user experience, detect fraud, offer customised content and identify the content and experiences (some relating to paid campaigns from our brand partners) that particular users are interested in.
We may share or sell this data to the named third party company or brand partner when your data specifically relates to a promotion or campaign from that company or brand partner.
Individuals may request deletion of the data they submit to us by emailing data.controller@leeds-list.com.
We will assess the validity of every request received and may require verification of the requesters’ identity to proceed. Requests are normally processed in one calendar month, with changes cascaded to our backups in line with our retention policy. We may notify the individual making the request within 14 days of receiving a valid request.
5. Users of the contact forms on our website
We provide contact forms on our website for multiple purposes:
- To enable users to contact Leeds-List
- To enable users to contact the brand sponsor of a campaign or piece of sponsored content in relation to their products or services
When you enter information on our website in these cases, your information is transmitted over a secure connection between your computer and our website to prevent third parties from intercepting your information.
However, because of the nature of internet communications, the company cannot make any guarantees of the security of information transmitted over the internet.
The information collected will be appropriate to the subject matter of your enquiry, to enable your enquiry to be answered and responded to, and, where applicable, the commercial requirements of the brand sponsor.
The information collected will typically include:
- User’s first name and last name
- User’s email address
- IP address of the device or network used to access the website
- Information to identify the hardware and software of the device used to access the website
- Geographic location of the device used to enter the website, either estimated from the device or network’s IP address or from the device’s GPS capabilities (with a capable device and the user grants permission for the collection of this data)
- Date and time of the interaction
- Technical information relating to the interaction, such as device behaviour and cursor position on the screen
- Subject of the contact
- Enquiry text of the contact
- Telephone number of the user
- The types of communication the user wants to receive from either Leeds-List and/or the brand sponsor.
Your information may be transmitted outside the United Kingdom and EU for storage and processing and subsequent sharing with a third party.
We store your information using third parties. These include CampaignMonitor and HubSpot. Both systems use contemporary encryption to ensure customer data is secure when in transit and at rest. For example, HubSpot uses Logical Tenant Separation, Encryption In-Transit (TLS 1.2, TLS 1.3) and Encryption At-Rest (AES-256).
These third parties securely store and process user data and analyse the behaviour of users when they are emailed through their systems.
This data includes statistical behaviour on email opening and links clicked, with some of this information associated with the users that performed those actions.
We use this information to improve the effectiveness of email communications and to identify the users that interacted with our or the brand sponsor’s email communications, to provide a better service and to potentially tailor and customise future communications.
Where an action relates to a specific user or subscriber, such as an email open or link clicked, we may analyse this information to offer a better user experience, detect fraud, offer customised content and identify the content and experiences (some relating to paid campaigns from our brand partners) that particular users are interested in.
We may share or sell this data to the named third party company or brand partner when your data specifically relates to a promotion or campaign from that company or brand partner.
Individuals may request deletion of the data they submit to us by emailing data.controller@leeds-list.com.
We will assess the validity of every request received and may require verification of the requesters’ identity to proceed. Requests are normally processed in one calendar month, with changes cascaded to our backups in line with our retention policy. We may notify the individual making the request within 14 days of receiving a valid request.
6. Users of our social media channels (interacting with our posts, sending social media messages, etc)
We use Facebook, Twitter and Instagram as ways to disseminate our content to users and enable sharing of the content on our digital platforms. These social media channels also allow their users to send messages to the company and to leave comments against the content published via those channels, which is covered in the section below.
The security of these social media channels is out of the control of the company and therefore the company takes no responsibility for it.
It is always advisable to check for a secure connection when entering any personal or sensitive information into a website or on social media.
These messages are likely to include personally identifiable information which has been previously entered, and, at a minimum, the user’s name and contact email address.
Your message, and associated information is stored and processed outside the United Kingdom and EU.
These messages are stored by the third-party social media site, and the social media monitoring tool, SproutSocial, which securely stores the message whilst we process and action it.
7. People that use our social media channels or social media apps to interact with us
We use social media channels, including but not limited to Facebook, Twitter and Instagram, to allow the people in our audience to interact with us, by leaving a comment or otherwise interacting with us.
This functionality is enabled by the third-party social media platform which we implement on our website by means of a direct secure connection to the social media platform or using an ‘App’ hosted on the social media platform itself.
When you submit a comment through our social media App (e.g. our Facebook App) the comment is transmitted directly to the social media platform’s provider over a secure connection. Once data reaches the social media platform, your comment, together with your account information held by the social media platform, is stored on their servers. The security and privacy of the data that the social media companies hold on you is out of our control, and therefore the company takes no responsibility for it.
We may create a copy of the comment that you make via the social media App (e.g the Facebook App) on the company’s web servers for audit and performance purposes (e.g. so that the content is more easily discoverable, or to provide redundancy should the social media channel become unreachable). This will include the text of the comment you submit, together with personally identifiable social media account information, such as your full name and username, together with information on your device and connection. Most social media platforms allow you to choose what information is shared with third parties such as the company in this manner.
It is always advisable to check for a secure connection when entering any personal or sensitive information into a website or on social media.
Your comment, and associated information is transmitted, stored and processed outside the United Kingdom and EU.
Individuals may request deletion of comments they submit to the company by emailing data.controller@leeds-list.com.
We will assess the validity of every request received and may require verification of the requesters’ identity and specific information to enable us to locate the comment to proceed with deletion. Requests are normally processed in one calendar month, with changes cascaded to our backups in line with our retention policy. We may notify the individual making the request within 14 days of receiving a valid request.
The company has no capability to action deletion requests for comments from the social media platforms to which you submit your comments, and your deletion request should be submitted directly to the social media platform to which you submitted it.