Privacy Policy

SN&CK Media Ltd Website Network Privacy Policy

This Privacy Policy was last updated on 24th April 2018 (and subject to be updated soon)

Introduction

Our Privacy Policy will help you to understand what information we collect and process using this SN&CK Media website, how we protect and use it, and what choices you have about your personal data.

When we refer to “Company” within this Privacy Policy, we are referring to SN&CK Media Ltd of 18 Dartmouth Park Hill, London NW5 1HL, the organisation which provides this website, and any services or features which may be made available to you from this website.

Data Protection Framework

SN&CK Media is based within the United Kingdom, and as such is registered with the Information Commissioner’s Office (ICO) as a Data Controller under the UK Data Protection Act of 1998. We have also aligned our Privacy Policy with the EU General Data Protection Regulation (“GDPR”) which comes into effect on 25th May 2018, under the supervision of the ICO within the UK.

(adjust the above for other countries and their applicable Supervisory Authority)

SN&CK Media has completed applicable Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) for activities related to this website, and these are available upon request from the Company’s Data Protection Officer (see Section 9).

  1. Customer and Citizen Data

You may decide to send us your personal information via this website if you are seeking more information, requesting to attend one of our events, or for other similar purposes. Your decision to disclose your personal data is entirely voluntary, and by doing so, you are taking an affirmative action by providing us with specific consent to use your personal data only for the purposes for which you have disclosed it to us.

SN&CK Media may access and use your personal data only for the purposes for which you have submitted it to us to (a) provide information to you, (b) make contact with you, (c) provide services to you, or (d) maintain the operations and security of the website and services we provide to you. We will not use your personal information for any other purposes, for example for the communication of marketing materials, unless we have your specific consent that permits us to do so.

We will at all times handle and store your personal data in accordance with industry best practice aligned with ISO27001, the international standard for information security. This includes the activities and procedures undertaken by our own personnel and authorised third parties (see Section 5), and the technical controls which we have implemented to prevent unauthorised access, compromise or theft of information from our applications, supporting computer systems and premises.

  1. Sensitive Personal Data

GDPR specifies a set of personal data categories which are “sensitive”, and which require special consideration by Data Controllers. This website, and any services available from this website, do not knowingly collect or process any sensitive personal data, and supporting Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) are available upon request from the Company’s Data Protection Officer (see Section 9).

  1. Children’s Personal Data

This website, and any services available from this website, are not directed to children under the age of 13. If you learn that a child under the age of 13 has provided us with their personal information without having parental consent, please contact the Company’s Data Protection Officer (see Section 9) immediately so that we can take appropriate action.

  1. Customer and Citizen Data Rights

As prescribed within data protection regulations, you have specific rights connected to the provision of your personal data to SN&CK Media using this website. These include your rights to request we:

  • confirm to you what personal data we may hold about you, if any, and for what purposes
  • change the consent which you have provided to us in relation to your personal data
  • correct any inaccurate or incomplete personal data which we may hold about you
  • provide you with a complete copy of your personal data for you to move elsewhere
  • stop the processing of your personal data, whilst an objection from you is being resolved
  • permanently erase all your personal data promptly, and confirm to you that this has been done (there may be reasons why we may be unable to do this)

To contact SN&CK Media, please see Section 9 below.

If SN&CK Media does not address your request, or fails to provide you with a valid reason why we have been unable to do so, you have the right to contact the Information Commissioner’s Office to make a compliant. They can be contacted via their website (www.ico.org.uk) or by telephone 0303 123 1113.

  1. Declaration of Sub-Processing

To make an informed decision on whether to provide your personal data to SN&CK Media using this website, we need to make you aware of the following organisations who act as Data Processors for us in the provision of our services to you:

  • Rubicon Project, has structured its business to control personal data of EEA end users through its UK subsidiary The Rubicon Project Ltd., which acts as a controller of that data. Additional data storage centres reside in Ashburn Virginia, San Jose California, Las Vegas Nevada, Amsterdam NL, Frankfurt DE, Hong Kong. As set forth in Rubicon Project’s privacy policy (http://rubiconproject.com/rubicon-project-yield-optimization-privacy-policy/), when a user visits a website or application using Rubicon Project’s technology, they collect certain information about the user and their device, which may include the following elements of pseudonymous personal data: IP address, device identifiers, cookie identifiers and geolocation information.  In general, they use the personal data they receive to provide their services to their buyer and seller customers, including relaying bid requests (which include this personal data) to their buyers to enable them to evaluate and bid on each advert impression, and to provide their customers with reporting and analytic services such as dynamic price floors.

    Rubicon Project is registered with the Information Commissioner’s Office for the UK Data Protection Act with registration number ZA118130. While Rubicon Project is not ISO 27001 certified, The Rubicon Project Ltd’s information security management program is modelled after 27001 practices.
  • Google, (specifically Google Analytics and DoubleClick for Publishers) based in the United States with data centers in the locations listed here (https://www.google.com/about/datacenters/inside/locations/index.html), who collect pseudonymous personal data: IP address, device identifiers, cookie identifiers and geolocation information for the main purposes of providing statistical data (web analytics) and advertising services.

    Google complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and subject to enforcement by the Federal Trade Commission. Google, including Google Inc. and its wholly-owned US subsidiaries, has certified that it adheres to the relevant Privacy Shield Principles, including for Google Analytics.

    Google is ISO 27001 certified with Certificate number: 2016-006 Certified by EY CertifyPoint since: April 29, 2016
  • Lotame, based in the United States. Lotame collects information directly. Lotame also collects and receives information on behalf of its clients and receives information from third parties for use in its Services. Lotame collects information via many methods, including cookies, pixel tags, SDKs (software development kits), secure file transfers, and server to server connections.

    Lotame is a participant in EU – U.S. Privacy Shield and abides by its principles with respect to the transfer of data from the European Union to the United States.

    The following information is collected and used by Lotame to provide its Services:
    Demographic Information, such as:Age, Gender, Income Range
    Online Behavioral Information: Lotame collects information on your online browsing activity to determine what types of activities and products you may be interested in and how you interact with certain content and advertisements. This information includes:
  • Inferred behavioral data
  • Websites and content viewed
  • Mobile applications used
  • Date and time of visits to a website
  • Search terms used on a website
  • Frequency of visits to a website
  • Engagement with an advertisement

Technical Identifiers:
These can be used to identify your device and typically include:

  • Cookies
  • Mobile advertising identifiers (Apple IDFA and Google AAID)
  • IP address
  • Non-personal data inferred from an IP address, such as non-precise geo-location data

Lotame’s privacy policy can be found here:
https://www.lotame.com/about-lotame/privacy/lotames-products-services-privacy-policy/

This list will be added to as we receive information from each sub-processor, and will be complete before GDPR comes into effect on 25th May 2018.

We will also launch a consent management tool whereby users of our websites will be able to take full control over which sub-processors they wish to allow access to their data.

The activities within which each of these Data Processors participates have been recorded within the applicable SN&CK Media Privacy Impact Assessment records (also known as Data Protection Impact Assessments under GDPR) and these are available upon request from the Company’s Data Protection Officer (see Section 9).

  1. Website Cookies

This SN&CK Media website uses cookies to record log data. We use both session-based and persistent cookies, dependent upon how you use or interact with this website.

Cookies are small text files sent by us to your computer, and from your computer or mobile device to us each time you visit our website. They are unique to you or your web browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser session. Persistent cookies last until you or your browser delete them, or until they expire.

We use cookies which are not specific to your account but are unique and allow us to undertake website analytics and customization, among other similar things. If you decide to disable some or all cookies, you may not be able to use some of the functions on our website. We may use third-party cookies, for example Google Analytics, and you may choose to opt-out of third party cookies by visiting their website.

  1. External Links

This SN&CK Media website may include relevant hyperlinks to external websites not controlled by us. Whilst all reasonable care has been exercised in selecting and providing any such links, you are advised to exercise caution before clicking any external links. We cannot guarantee the ongoing suitability of external links, nor do we continually verify the safety or security of the contents which may be subsequently provided to you. You are advised, therefore, that your use of external links is at your own risk and we cannot be responsible for any damages or consequences from your use of them.

  1. Changes to this Privacy Policy

We may change this SN&CK Media Privacy Policy from time to time, and if we do we will post any changes on this page. If you continue to access this website or use services available from this website after those changes have come into effect, you will have agreed to the revised policy.

This SN&CK Media Privacy Policy is version 1.0, and was released on 20/1/2018. You are advised to download or print a copy and retain it for your records.

  1. Contacting SN&CK Media

If you have any questions about this Privacy Policy, would like to exercise any of your statutory rights, or to make a complaint, please write to:

Sam Burdge
SN&CK Media Ltd
Rosebery House Business Centre,
70 Rosebery Avenue,
London,
EC1R 4RR

gdpr@snack-media.com

This Privacy Policy was last updated on 24th April 2018