This is the privacy policy for theguardian.com and associated apps. Some of our other sites and services have their own policies, and there is more about how to find these below.

Everything that we do is guided by our values – including our editorial approach and how we use data.

We use your personal data for many reasons, from understanding how our users engage with our journalism to informing our marketing and advertising. Ultimately, this allows us to publish the journalism that you read on our sites and apps.

These are the main reasons why we collect and use data about our users:

  • To show you journalism that is relevant to you and to improve your experience on our site
  • To provide the services you sign up for, such as subscriptions
  • To carry out marketing analysis and send you communications when we have your permission, or when permitted by law
  • To enable us to show advertising on our sites.

We think carefully about our use of personal data, and below you can find the details of what we do to protect your privacy. This policy covers, among other topics :

  • Information about your rights and our obligations
  • Clarity about our dealings with you and transparency about how we collect and use your personal data
  • Commitments on how we protect your personal data
  • Commitments on how we will facilitate your rights and respond to your questions.

We will continue to examine how we can provide more clarity to our users about our use of data.

About this privacy policy

This privacy policy explains how we (Guardian News & Media Limited) collect, use, share and transfer your personal data when you use the services provided on theguardian.com (“our sites”) and our related mobile applications (“our apps”).

Personal data is any information about you by which you can be identified. This can include information such as:

  • your name, date of birth, email address, postal address, phone number, mobile number;
  • debit card details;
  • information about your device (such as the IP address, which is a numerical code to identify your device that can provide information about the country, region or city where you are based); and
  • information relating to your personal circumstances and how you use our sites, apps and services.

Some of our other services have separate privacy policies. You can read them using these links:

  • Guardian Jobs (jobseekers)
  • Guardian Jobs (recruiters)
  • Guardian Soulmates
  • Guardian Holidays
  • Guardian Courses
  • Guardian Crowd (pdf)

Sometimes our sites and apps may contain links to third party sites and services. These sites and services have their own privacy policies. If you follow a link to a third party, you should read the privacy policy shown on their site.

Who we are and how to contact us

The data controller for our sites and apps is Guardian News & Media Limited, Kings Place, 90 York Way, London N1 9GU. This means that we are responsible for deciding how and why we hold and use your personal data. If you want to contact us, you can find our contact details in the “How to contact us” section below.

What personal data we collect and how we use it

We collect personal data when you sign up for our services and when you browse our sites or use our apps. This information is used to provide our journalism and other services, display advertising and analyse how visitors use our sites or apps.

The personal data we collect when you register for a Guardian account

When you register for a Guardian account on theguardian.com we collect:

  • your name;
  • your email address;
  • some limited data from your social media profile (further information on this is below) if you have signed in to theguardian.com using your social media details; and
  • your photograph, if you add one to your profile page.

You can choose to add a username to your profile page and you can use this when posting content or comments on our site.

When you register for a Guardian account, we assign you a unique ID number that we use to recognise you when you are signed in to our services. This will recognise you if you sign in using the same account on a new device or through a different application such as the Guardian app on mobile devices.

When you use our sites or apps we may also use cookies or similar technology to collect extra data, including:

  • your IP address - a numerical code to identify your device and which can provide information about the country, region or city where you are based;
  • your browsing history of the content you have visited on our sites, including information on how you were referred to our sites via another website; and
  • details of your devices, for example, the unique device ID, unique advertising ID and browsers used to access our content.

Some of our services, such as Professional Networks, may give you the option of providing more information about your preferences, so that we can tailor your experience. Signing up for membership or a subscription may also mean you need to provide other details such as your address details:

We will not collect special categories of data - such as information about your race, political opinions, religion, health or sexual orientation - unless you have chosen to provide that information to us.

Using your social media details to sign into your Guardian account

When you sign in to our sites or apps using your Facebook login details, you give permission to Facebook to share with us your email address and certain aspects of your Facebook profile if you have made these public on your Facebook profile. This only includes your first and last name, age range, link to your Facebook profile and profile picture. We do not have access to updates on your Facebook profile. If you use your Google login details, you give Google permission to share the information that you have made public in your Google profile. This only includes your first and last name, your email address and whether your email address has been validated, your age range, a link to your Google profile and, if you have one, your profile picture.

We will then use this information to form a profile for your Guardian account. If you remove the Guardian app from your Facebook settings, or if you remove the Guardian from your Google settings, we will no longer have access to this data. However, we will still have the information that we received when you first set up your Guardian account using your Facebook or Google login.

Posting comments on our sites

When you post information on a discussion board or comment publicly on an article on one of our sites, the information you post and your username are publicly accessible. This information can be viewed online and collected by other people. We are not responsible for the way these other people use this information. When contributing to a discussion, we strongly recommend you avoid sharing any personal details, and especially information that can be used to identify you directly such as your name, age, address and name of employer. We are not responsible for the privacy of any identifiable information that you post in our online community or other public pages of the site.

Using our apps

The Guardian app uses information on the content you have viewed. A list of the articles that you have recently viewed is cached in the local storage on your mobile device. You can delete this reading history in the settings of the app. Information on what you have viewed in the app and information on bugs and crashes is also sent to us. You can choose to receive notifications on your mobile device via the app. You can manage these notifications in the settings of the app.

How we collect personal data

We collect personal data when you:

  • become a supporter or registering for an account on theguardian.com;
  • contribute to fund and support the Guardian;
  • pay for a subscription or purchase any other products/services;
  • attend our events;
  • enter our competitions and surveys;
  • sign up to our editorial emails;
  • post in our online community;
  • sign up for marketing communications;
  • use mobile devices to access our content;
  • access our sites, through cookies and other similar technology; and
  • when you contact us via email, social media, our apps or similar technologies or when you mention us on social media.

Why we use your personal data

We use personal data collected through our sites and apps for a number of purposes, including the following:

  • To provide the services you sign up for, such as sending out subscriptions. We also use the personal data for related internal administrative purposes - such as our accounting and records - and to make you aware of any changes to our services.
  • To send marketing communications when we have your permission, or when permitted by law.
  • To personalise our services (for example, so you can sign in), remembering your settings, displaying personalised advertising as well as measuring how effective our online adverts are, recognising you when you sign in on different devices and tailoring our marketing communications based on what you read on our sites (including Guardian Jobs and Guardian Holidays).
  • To carry out marketing analysis, for example we look at what you have viewed on our sites and apps and what products and services you have bought (including what you have looked at and what products or services you have bought on our other platforms, for example Guardian Jobs) to better understand what your interests and preferences are, and to improve our marketing by making it more relevant to your interests and preferences. You can opt out from having your personal data used for marketing analysis by going into your account to the tab “Emails and marketing”.
  • To improve our marketing communications, we use a similar technology to cookies to confirm whether you have opened a marketing email or clicked on a link in the email. To sell advertising space on our sites. Since the publication of the very first edition of the Manchester Guardian on 5 May 1821, our journalism has been funded in part by advertising. Today, digital advertising underpins much of our investment in high quality journalism. To find out more about our advertising standards, please click this link.
  • For statistical purposes such as analysing the performance of our sites and apps and to understand how visitors use them.
  • To respond to your queries and to resolve complaints.
  • For security and fraud prevention, and to ensure that our sites and apps are safe and secure and used in line with our terms of use.
  • To comply with applicable laws and regulations.

Access permissions that we ask from users of the Guardian app

When you use the Guardian app, we ask for the following permissions to access particular functions of your mobile device:

  • For the Android version, we ask for permission to access your contact details/profile on your mobile device, so that we can add or find your Guardian account on your phone. We also ask for permission to access the storage on your mobile device, so that you can store content and read when offline.
  • For the iOS version, we ask for permission to save pictures to your photo library, so that you can save pictures that you find in our articles on your mobile device.

Legal grounds for using your personal data

We will only use your personal data where we have a legal ground to do so. We determine the legal grounds based on the purposes for which we have collected and used your personal data. In every case, the legal ground will be one of the following:

  • Consent: For example, where you have provided your consent to receive marketing emails from us. You can withdraw your consent at any time. In the case of marketing emails you can withdraw your consent by clicking on the “unsubscribe” link at the bottom of the email or through your email preferences in the “emails and marketing” tab, when signed into your Guardian account.
  • Our legitimate interests: Where it is necessary for us to understand our readers, promote our services and operate our sites and apps efficiently for the creation, publication and distribution of news, media and related journalistic content both online and in print form, globally. For example, we will rely on our legitimate interest when we analyse what content has been viewed on our sites and apps, so that we can understand how they are used. It is also in our legitimate interest to carry out marketing analysis to determine what products and services may be relevant to the interests of our readers. You can opt out from having your personal data used for marketing analysis in your account in the “emails and marketing” tab.
  • Performance of a contract with you (or in order to take steps prior to entering into a contract with you): For example, where you have purchased a subscription from us and we need to use your contact details and payment information in order to process your order and deliver your subscription.
  • Compliance with law: In some cases, we may have a legal obligation to use or keep your personal data.

Updating your personal data and your profile page on our sites

When you register for an account with theguardian.com, you have access to a profile page. Under “edit profile” you can review what information is public when you comment on our articles, or if people look up your profile. You can also update your information or provide extra information if you want.

You may also update your marketing preferences in the “Emails and marketing” tab in your account.

Personal data that we receive about you from other organisations

Adding to or combining the personal data you provide to us

When you sign up to our services we may add to the personal data you give us by combining it with information shared with us by other trusted organisations. This includes, for example, information about the region that you are located in, so that we can show you the prices for subscriptions or other products in your local currency. We may also add information to improve the accuracy of your delivery address when we send out mail. We may also obtain information from partners whose offers we include in some of our marketing communications and we use this information to ensure that we do not send you irrelevant marketing.

We also use information on the content you have viewed on our sites and apps and your interaction with the content to add you to groups with similar interests and preferences, so that we can make our online advertising more relevant. Sometimes we use data about your interests or demographics that third parties have collected from you online to add to these groups. Please refer to our cookies policy for more information on how we use cookies.

Information shared by event partners

When you register or book a ticket for a Guardian event organised by an event partner, your registration data may be shared with us by the event partner.

Using children’s personal data

We do not aim any of our products or services directly at children under the age of 13 and we do not knowingly collect personal data about children under 13. Some of our services may have a higher age restriction and this will be shown at the point of registration.

Security of your personal data

We have implemented appropriate technical and organisational controls to protect your personal data against unauthorised processing and against accidental loss, damage or destruction. You are responsible for choosing a secure password when we ask you to set up a password to access parts of our sites or apps. You should keep this password confidential and you should choose a password that you do not use on any other site. You should not share your password with anyone else, including anyone who works for us. Unfortunately, sending information via the internet is not completely secure. Although we will do our best to protect your personal data once with us, we cannot guarantee the security of any personal data sent to our site while still in transit and so you provide it at your own risk.

Who we share your personal data with

Depending on where you live, we may share your personal data with the Guardian group of companies currently based in the UK, US or Australia. For example, if you book an event held in Australia, at first we may hold your data on our systems in the UK and then we may share it with the Guardian in Australia for administration purposes. If you are going to one of our events hosted by an event partner, we may share your personal data with that partner for event administration purposes. Sometimes we may receive a letter, email or another form of communication from you that we consider to be significant to the history of the Guardian. We may decide to share this with the Guardian Archive run by the Guardian Foundation for historic and archiving purposes.

We do not share your personal data with other people or organisations that are not directly linked to us except under the following circumstances:

  • We may share your data with other organisations that provide services on our behalf such as dealing with online payments and other forms of payment processing, ie credit card transactions and preventing fraud.
  • We may also share your data with our advertising partners, as set out in the section about Online Advertising below.
  • We may reveal your personal data to any law enforcement agency, court, regulator, government authority or other organisation if we are required to do so to meet a legal or regulatory obligation, or otherwise to protect our rights or the rights of anyone else.
  • We may reveal your personal data to any other organisation that buys, or to which we transfer all, or substantially all, of our assets and business. If this sale or transfer takes place, we will use reasonable efforts to try to make sure that the organisation we transfer your personal data to uses it in line with our privacy policy.

      • Any organisations which access your data in the course of providing services on our behalf will be governed by strict contractual restrictions to make sure that they protect your data and keep to all data privacy laws that apply. We may also independently audit these service providers to make sure that they meet our standards.

      We will not share your personal data with anyone else for their own marketing purposes unless we have your permission to do this.

      Some of our webpages use social plug-ins from other organisations (such as the “Facebook Recommend” function, Twitter’s retweet function, Google+ function). These other organisations may receive and use personal data about your visit to our sites or apps. If you browse our site or view content on our apps, information they collect may be connected to your account on their site. For more information on how these organisations use personal data, please read their privacy policies.

      International data transfers

      Data we collect may be transferred to, stored and processed in any country or territory where one or more of our Guardian group companies or service providers are based or have facilities. While other countries or territories may not have the same standards of data protection as those in your home country, we will continue to protect personal data that we transfer in line with this privacy policy. Whenever we transfer your personal data out of the European Economic Area (EEA), we ensure similar protection and put in place at least one of these safeguards:

      • We will only transfer your personal data to countries that have been found to provide an adequate level of protection for personal data.
      • We may also use specific approved contracts with our service providers that are based in countries outside the EEA. These contracts give your personal data the same protection it has in the EEA .
      • Where we use service providers in the United States, we may transfer personal data to them if they are part of the Privacy Shield scheme, which requires them to provide a similar level of protection of your personal data to what is required in the EEA.

      If you are located in the EEA, you may contact us for a copy of the safeguards which we have put in place for the transfer of your personal data outside the EEA.

      How long we keep your personal data

      We keep your personal data for only as long as we need to. How long we need you personal data depends on what we are using it for, as set out in this privacy policy. For example, we may need to use it to answer your queries about a product or service and as a result may keep personal data while you are still using our product or services. We may also need to keep your personal data for accounting purposes, for example, where you have bought a subscription. If we no longer need your data, we will delete it or make it anonymous by removing all details that identify you. If we have asked for your permission to process your personal data and we have no other lawful grounds to continue with that processing, and you withdraw your permission, we will delete your personal data. However, when you unsubscribe from marketing communications, we will keep your email address to ensure that we do not send you any marketing in future.

      How we may contact you

      Service communications

      From time to time we may send you service emails, for example, telling you your subscription is coming to an end or thanking you when you contribute or place an order with us. Marketing communications and editorial newsletters If we have your permission, we may send you materials we think may interest you, such as new Guardian offers and updates. Depending on your marketing preferences, this may be by email, phone, SMS or post. We offer a range of editorial newsletters. You can manage your subscription to these emails through your profile page when you are signed in to your Guardian account. You can decide not to receive these emails at any time and will be able to “unsubscribe” directly by clicking a link in the email or through your email preferences in the tab “Emails and marketing” when you are signed in to your Guardian account. Market research Sometimes we may contact you for market research purposes, for example about a survey. You can opt out from being contacted in this way by signing into your Guardian account and going to the tab “Emails and marketing”. Responding to your queries or complaints If you have raised a query or a complaint with us, we may contact you to answer your query or to resolve your complaint.

      Cookies and similar technology

      When you visit our sites or when you use our apps, we may collect personal data from you automatically using cookies or similar technology. A cookie is a small file that can be placed on your device that allows us to recognise and remember you. This privacy policy includes our cookie policy, where you can find details of our key advertising partners.

      Online advertising

      Advertising on our sites that is based on cookies and similar technology We use personalised online advertising on our sites. This allows us to deliver more relevant advertising to people who visit theguardian.com. It works by showing you adverts that are based on your browsing patterns and the way you have interacted with our sites and apps. It then shows you adverts which we believe may interest you. Since the publication of the very first edition of the Manchester Guardian on 5 May 1821, our journalism has been funded in part by advertising. Our editorial content is not influenced by the advertising we display and our journalists are free to, and often do, challenge the activities of companies and organisations that advertise and sponsor content that appears in Guardian sites and publications. When you browse our sites or use our apps, some of the cookies and similar technology we place on your device are advertising cookies, so we can understand what sort of pages you are interested in. We can then display advertising on your browser based on these interests. For instance if you have been reading a lot of food and drink articles, we may show you more advertisements for food and drink. We do not collect or use information such as your name, email address, postal address or phone number for personalised online advertising. We may also share online data collected through cookies and similar technology with our advertising partners. This means that when you are on another website, you may be shown advertising based on your browsing patterns on theguardian.com. We may also show you advertising on theguardian.com website based on your browsing patterns on other sites that we have obtained from our advertising partners. Online retargeting is another form of online advertising that allows us and some of our advertising partners to show you advertising based on your browsing patterns and interactions with a site away from our sites. For example, if you have visited the website of an online clothes shop, you may start seeing adverts from that same shopping site displaying special offers or showing you the products you were browsing. This allows companies to advertise to you if you leave their website without making a purchase.

      Advertising that we place on our site or on other sites

      We also use personalised online advertising to promote our own products and services. This means that you may see advertising for our products and services on our sites (and our other platforms, such as Guardian Jobs) and when you are on other, third party websites, including social media platforms.

      Your rights with regard to the personal data that we hold about you

      You can contact us with regard to the following rights in relation to your personal data:

      • If you would like to have a copy of the personal data we hold on you or if you think that we hold incorrect personal data about you, please write to the Data Protection Officer at Guardian News & Media Limited, Kings Place, 90 York Way, London N1 9GU or email cmack@stoneywood.scot. We will deal with requests for copies of your personal data or for correction of your personal data within one month. If your request is complicated or if you have made a large number of requests, it may take us longer. We will let you know if we need longer than one month to respond. You will not have to pay a fee to obtain a copy of your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
      • Where you have provided us with consent to use your personal data, you can withdraw this at any time.
      • Where applicable, you may also have a right to receive a machine-readable copy of your personal data.
      • You also have the right to ask us to delete your personal data or restrict how it is used. There may be exceptions to the right to erasure for specific legal reasons which, if applicable, we will set out for you in response to your request. Where applicable, you have the right to object to processing of your personal data for certain purposes.

      If you do not want us to use your personal data for marketing analysis, you can change your settings in the “Emails and marketing” tab of your Guardian account. If you want to make any of these requests, please contact cmack@stoneywood.scot.

      We may need to request specific information from you to help us confirm your identity.

      Your California privacy rights

      Under California Civil Code Section 1798.83, if you live in California and your business relationship with us is mainly for personal, family or household purposes, you may ask us about the information we release to other organisations for their marketing purposes. To make such a request, please send an email to cmack@stoneywood.scot with “Request for California privacy information”in the subject line. You may make this type of request once every calendar year. We will email you a list of categories of personal data we revealed to other organisations for their marketing purposes in the last calendar year, along with their names and addresses. Not all personal data shared in this way is covered by Section 1798.83 of the California Civil Code.

      Contact us for information about how we use your personal data

      If you have any questions about how we use your personal data or if you have a concern about how your personal data is used, please contact the Data Protection Officer at Guardian News & Media Limited, Kings Place, 90 York Way, London N1 9GU. Or, email cmack@stoneywood.scot.

      Complaints will be dealt with by the Data Protection Manager, and will be responded to within 30 days. If you are not satisfied with the way your concern has been handled, you can refer your complaint to the Information Commissioner’s Office. If you have a question about anything else, please see our Contact us page here.

      Changes to the Privacy Policy

      If we decide to change our privacy policy we will post the changes here. If the changes are significant, we may also choose to email all our registered users with the new details. If required by law, we will get your permission or give you the opportunity to opt out of any new uses of your data.

      Changes to this Privacy Policy to date

      November 2004: cookie information moved to separate page; Data Protection Commissioner changed to Information Commissioner; legal information under the Data Protection Act added.

      May 2008: principles updated to provide more detail on protections and limits on data usage and confirmation about the use of data processors; contact details updated.

      August 2009: contact details updated, useful links updated, some headings added and a new section headed “advertising and affiliate links” added.

      July 2011: Principles updated to include further information on marketing preferences, contact details, further information provided about online behavioural advertising, cookies, and the ‘Who we share data with’ section has been updated.

      September 2011: Websites covered expanded to include guardiannews.com, information on use of children’s data added.

      October 2011: Information on plugins and dispute resolution for Guardian News & Media LLC added.

      February 2012: Additional provision included in ‘How we use your information’ to address certain data that we may collect, especially in the context of certain Apps and geographical location data.

      April 2012: Information on logging onto our sites using social networking log-ins as a means of authentication.

      February 2013: Applicability of policy to other websites and applications added.

      May 2013: Information on mobile device advertising added.

      July 2013: References to guardian.co.uk and guardiannews.com replaced with references to theguardian.com.

      August 2013: Policy reviewed by the Plain English Campaign and awarded Crystal Mark.

      September 2014: Policy amended to include references to Guardian Membership, name added as a mandatory field for registration.

      February 2015: Policy amended to include information on data sharing between Guardian group companies in the UK, USA and Australia.

      July 2015: Amendment for the personalisation of newsletters based on browsing history on theguardian.com

      October 2015: Removal of references to Safe Harbor Privacy Framework.

      January 2016: Policy amended to include information on profiling and how to opt-out of profiling data being shared with Guardian News & Media.

      December 2016: Information on Google Analytics added, removal of children’s books information and replaced with Young Critics’ information.

      March 2017: updated information on the use of Nielsen software on our sites.

      May 2017: updated information on the use of anonymous information for online advertising

      February 2018: updated information on marketing preferences and use of children’s data

      May 2018: updated to reflect changes resulting from the General Data Protection Regulation.