Guardian Privacy Policy: A Comprehensive Overview
This privacy policy applies to Guardian News & Media Limited, referred to as "Guardian", "we", "us", or "our", covering our sites like theguardian.com and associated apps. It outlines how we handle your personal data, including collection, usage, sharing, and protection. Note that links to non-Guardian sites have their own privacy policies, which you should review separately.
The policy incorporates specific data privacy rights under Californian and Australian law, reflecting our commitment to readers in these regions where we provide localised editorial content. Additional privacy information is available for other Guardian services, such as Guardian Jobs, Guardian Holidays, and Guardian Foundation, with separate policies for contributors and licensing customers.
Who We Are and Our Data Controller Role
Guardian News & Media Limited, based at Kings Place, 90 York Way, London N1 9GU, acts as the data controller for personal data collected from you. We are responsible for its use and are guided by our values, including a strong commitment to data safety throughout its lifecycle. As a media organisation, we note that data privacy law includes exemptions for journalism, which apply to some of our data uses.
What Personal Data We Collect
We collect personal data when you visit our sites, subscribe, support us, or interact with us. This includes information that can identify you directly or indirectly, such as names, email addresses, IP addresses, and browsing behaviour. When you register for a Guardian account, we collect details like your name, email, contact number, address, username, and limited social media data if you sign in via social media. We do not collect special categories of data unless you provide them.
We generate data about you, such as unique ID numbers for managing preferences and recognising you across devices. Cookies and similar technologies collect additional data, including IP addresses, geolocation, browsing history, and device information. Our apps use personal data based on viewed content, with bug reports and cached reading history stored locally.
How We Collect Personal Data
We collect data directly from you, e.g., when you sign up, purchase services, or browse our sites, and from third parties like social media or payment providers. This occurs when you become a supporter, make contributions, attend events, enter competitions, or contact us. We also combine data with information from trusted organisations to better understand our audience and improve services.
Why and How We Use Your Personal Data
We use personal data based on valid legal grounds: consent, contract performance, compliance with law, or legitimate interests. Examples include sending newsletters, processing subscriptions, and conducting competitions. We rely on legitimate interests for administrative purposes, account registration, content sharing, and security measures. AI functionalities may be used in line with our generative AI principles.
How We Share Your Personal Data
We share data within the Guardian group for administrative purposes and with external organisations like service providers for payments, fraud management, and analytics. Advertising partners help deliver relevant ads, and we share data for affiliate marketing, event sponsorships, and legal requirements. Social media organisations may receive data when you use plug-ins on our sites.
International Data Transfers and Security
Personal data may be transferred globally, with safeguards like adequacy decisions or Standard Contractual Clauses to protect it. We keep data only as long as needed, based on usage purposes, and implement technical measures to secure it against unauthorised access or loss.
Your Data Privacy Rights
You have rights to access, correct, delete, or restrict use of your personal data, and to withdraw consent. Contact us at dataprotection@theguardian.com to exercise these rights, with responses typically within one month. Verification may be required to ensure security.
Specific Rights for California and Australian Residents
California residents have rights under the CCPA and CPRA, including access, correction, opt-out of sales, and deletion. Use the "California resident - Do not sell" link to opt-out. Australian residents have rights under the Australian Privacy Act, such as access and correction, and can opt out of personalised advertising via privacy settings.
Contact and Policy Changes
For questions or concerns, contact the Data Protection Officer at the provided address or email. Complaints will be handled within 30 days, with escalation options to authorities like the Information Commissioner's Office or Office of the Australian Information Commissioner. Policy changes will be posted on this page, with significant updates communicated to registered users.
