Version: 28 September 2020
JournoLink Ltd (“Us”, "We", “Our”) are committed to protecting and respecting your privacy.
The EU General Data Protection Regulation (GDPR), as read with the UK Data Protection Act 2018, both effective from 25 May 2018 (collectively “the Data Protection Legislation”), give individuals in the European Union enhanced rights over the use of their personal data. JournoLink Ltd is the data controller of your personal data for the purposes of the Data Protection Legislation. Under the Data Protection Legislation, we are required to give data subjects certain information, which is set out below.
What we do
The JournoLink press release distribution service enables our customers to send their stories to our database of journalists, bloggers and broadcasters. Our intelligent PR software enables the targeting of press releases at the relevant people to maximise coverage. We also provides PR services including a press release template and a knowledge base to make writing press releases simpler.
Visits to our website
JournoLink Ltd believes in respecting the privacy of individuals. We do not collect any personally identifiable data from visitors to our website other than when you subscribe to any of our services. The basis on which we collect such data and other relevant information is set out below. We have no legal means of finding out the identities of persons visiting our website and do not make any attempt to do so. Any links to external sites are out of our control and we encourage visitors to always read the privacy statements on the other websites you visit.
When a customer subscribes to any of our services we will collect certain personal information, e.g. names and contact details, necessary for providing the services and for administration purposes. Our legal basis for processing personal data for these purposes is contractual (Article 6(1)(b) GDPR).
If a data subject consents to being included in our database, then the legal basis for processing their personal data is Article 6(1)(a) GDPR. This consent is limited to the specific purposes contemplated and can be withdrawn at any time.
We maintain a database of journalists, bloggers and broadcasters who we believe would be interested in receiving press releases and other communications from our customers. Personal details are obtained through research of publicly-available sources. The legal basis on which we process personal data and communicate with data subjects in these circumstances is our legitimate interests under Article 6(1)(f) of GDPR. In conducting a legitimate interests assessment, we took into account the following:
- The amount of personal data processed is minimal;
- The data is publicly available and is not sensitive in any way;
- There is minimal privacy risk;
- There is no viable alternative means of communication;
- The processing is vital to our business operations;
- The data subjects are professional persons who would be interested in receiving press releases from our customers;
- There is a simple opt-out facility.
On balance, we concluded that the processing is justified as it is vital to our business interests while having a minimal impact on the rights and freedoms of data subjects.
Any personal data acquired by us will be used only for the purposes for which they were acquired and for providing and improving our services.
Protection of Personal Information
We take all reasonable care and apply necessary technical and organisational measures to protect the personal data we hold. Where we employ data processors to process personal data on our behalf, we ensure that the necessary contractual protections are in place.
We do not sell personal data under any circumstances. We do not transfer personal data to any third parties without explicit consent, other than to our data processors who are contractually bound to process personal data only in accordance with our instructions and to keep such data secure. We do not ourselves transfer your personal data outside of the EU/EEA. However, certain of our data processors may do so and where this occurs, we ensure that such transfers comply with the Data Protection Legislation.
In accordance with the principle of minimising data retention, we will retain personal data only for so long as is necessary for the purposes for which it was acquired, subject to legal and other relevant requirements, in accordance with our data retention policy.
At the expiry of the relevant data protection period, personal data will be deleted or anonymised.
The rights of data subjects under the Data Protection Legislation include the following:
- The right at any time to withdraw consent to the processing of personal data.
- The right to be informed of what personal data we hold, how we obtained it, who we may have shared it with and why and how long we intend to keep it.
- The right to have personal data rectified in the event that it is inaccurate or incomplete.
- The right to request the erasure of personal data (also called the right to be forgotten), subject to our retention policy.
- The right to restrict the processing of personal data.
- The right to data portability (i.e. transfer of personal data by request to another organisation).
- The right to be informed of any automated profiling (We currently do not process personal data in this manner).
The above rights above can be exercised free of charge by contacting us as described below. In all cases, we will need to satisfy ourselves of the requester’s identity before we can action a subject access request under the GDPR. We will usually require proof of identity such as a passport or driver’s licence.
If you feel that any of your rights have been infringed, you have the right to lodge a complaint with the appropriate authority which in the UK is the Information Commissioner’s Office (www.ico.org.uk).
How to Contact Us
If you have any queries about our website or about how we process data, you can contact us as follows:JournoLink Ltd
10 Churchill Way
Email address: firstname.lastname@example.org
Telephone No.: +44 330 124 6550