Why we collect and process your data
We collect your data to enable us to achieve our business operational objectives. The data we hold about you helps us do this.
How we collect and process your data
We collect and process your data in a number of different ways. We always treat your data with the respect it deserves and will always store it securely and only for as long as necessary.
When we share your data
We only share data in order to perform the task you expect of us. We never share data with third parties for their own purposes.
Your rights over how we collect and process your data
You have many rights over your data, including the right to ask us to stop processing your data at any time. You can do this by using the unsubscribe link at the end of every newsletter or system generated email we send you, or by emailing firstname.lastname@example.org.
Changes to this statement
The Morning Star may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from May 2018.
Explaining the legal bases we rely on
The law on data protection [General Data Protection Regulation (2016/679 EU) (GDPR)], which applies from May 25th 2018, sets out a number of different reasons for which a company may collect and process your data. The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever we process personal data:
(a) Consent: the individual has given clear consent for us to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
When we collect information about you
- When you donate to us
- When you sign up to our newsletter
- When you subscribe to our e-edition
- When you place an advert
- When you subscribe to purchase the paper by post
- When you shop with us
- When you contribute to the content of the paper
- When you enter a competition
- When you join a readers and supporters group
- When you purchase shares
- When you join our 501 Club
- When you email us
- When you contact us by post
- When you contact us by phone
- When you engage with us on social media
- When you engage with our website
- When you respond to one of our questionnaires
- When you work for us
- When you work for a partner organisation
We may collect the following information:
- Your name and email address
- Your contact information including: telephone number, postal address.
- Details of the organisation or group you represent
- Photographic images e.g. for articles or to publicise activities and campaigns
- Usage statistics
- If you offer to volunteer or offer pro-bono services, we maintain a record of this so we can contact you if required.
- Details of financial transactions
On-line: Financial information such as credit card data is never handled by our servers, and we never have access to your card details. All transactions are handled securely by stripe - www.stripe.com or www.paypal.com
Please do not email your credit card details to us as this represents a security risk for which we cannot be held accountable.
Off-line: We need to take certain financial details to process payments by phone, including your card details. This information is not held on record and, if noted on a donation form, is securely destroyed once the payment is processed. We use an electronic card processor at our office which does not store your name or card number. You can provide a location if you choose and we will publicise the location only in our Fighting Fund column. You can also choose to provide a contact number in case we have to contact you if there is an issue with the payment process.
Financial transactions are recorded as we need to provide information to our Auditors and the Financial Conduct Authority. This is basic information and never includes card details.
If you offer to volunteer or offer pro-bono services, we maintain a record of this so we can contact you if required.
Using cookies helps us to provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You have the ability to prevent your computer from accepting cookies but, if you do, certain functionality on the website may be impaired. Information on how to manage cookies within your browser can be found below.
Managing your browser cookies
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping
- To improve our products and services
- To analyse content performance and trends in popularity
- To customise our practice to optimise our business and operational performance.
- To comply with legal requirements
We have certain legal requirements that we must maintain in regard to managing our finances and our compliance with co-operative society rules e.g. We must keep financial records to comply with the Financial Conduct Authority requirements. We must also keep records of our shareholders name, address, shareholding and amount paid, a statement of other property in the Society, date of entry in the register, date membership ceased and membership number.
We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided when you opted in to our newsletter or when you agreed to us using your personal information for direct marketing purposes . This information will only be selected and sent by the Morning Star. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required to do so by law.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect on and off-line.
Controlling your personal information
If you have previously agreed to us using your personal information for direct marketing purposes and you wish to have your data deleted from our system you may enter a request to do so at any time by writing to or emailing us using the contact details below..
How do we store your data?
- All transactional areas of our website use secure 'https://' technology, which encrypts any data sent to us (information or to one of our payment processors
- We store your data in a password protected, encrypted CRM system which only staff have access to.
- We store any sensitive data on paper securely in our locked office.
Who do we share your personal data with?
Our website may contain links to other websites of interest as well as links to sites e.g. sites with whom we have an advertising agreement. We do not enter into agreements with contractors or partner agencies unless they take data protection seriously. However, once you have used these links to leave our site you should note that we do not have any control over that other website. Therefore we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
We only share your data when necessary to perform the task you expect us to perform. Depending on why you have provided your data to us, we may share this with:
- Our bank
- Our auditors
- Delivery services
- Our IT technical support companies
- Web analytics software
Occasionally we will ask for your consent to share your contact details with someone else on our mailing list. For example, if you are interested in campaigning in your local area, we may ask if we can share your contact details with other activists in your local area.
We never share data with third parties for their own purposes.
How long do we keep your information?
- Financial transactions, we will keep your information for 6 years after the financial year in which you make your last transaction.
- If you are on our mailing list, we will keep your information for 5 years after your last engagement with one of our mailings.
- If you have emailed us, we will keep your information for 3 years after your last engagement with a member of our staff.
- At the end of the period, your data will be deleted or anonymised.
- Any paper records will be securely shredded and disposed of.
What are your rights over your personal data?
You have the right to request:
- Access to the personal data we hold about you
- The correction of your personal data when out of date or incorrect or incomplete
- That we stop using your personal details for marketing and communications (including our newsletter and fundraising)
- That we stop any consent based processing when you withdraw that consent
You can use the contact information below to get in touch at any time and we will deal with your request within one month of receipt. If the request is manifestly unfounded, excessive or repetitive, we reserve the right to charge a 'reasonable fee', as per the Information Commissioner's Office guidance.
You can stop the use of your personal data for legitimate interest direct marketing by clicking the 'unsubscribe button' at the end of all our mailings
How can you contact the regulator?
If you feel that we have not handled your data correctly, or you are unhappy with the response to any of the requests you have made to us about how we handle your data, you have the right to contact the Information Commissioner's Office. You can call them on 0303 123 1113 or via their website.
The Morning Star, Ruskin House, 23 Coombe Road, Croydon, CR01BD
Email address, (Please put GDPR in the subject bar and send your request to):
Please see additional information on the grid in the Privacy document.