This privacy policy from Logistics Media Ltd sets out the information you give Transport & Logistics Magazine when you use this site. Transport & Logistics Magazine is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. Transport & Logistics Magazine may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 01/01/2020.
What we may collect
We may collect the following information:
– Name and job title
– Contact information including email address
– Demographic information such as postcode, preferences and interests
– Other information relevant to customer surveys and/or offers
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
– Internal record keeping.
– We may use the information to improve our products and services.
– We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
– From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
How we use cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
GDPR Compliance Statement
Introduction
The statements contained within this GDPR compliance document and the subsection numbering is directly related to the ICO’s self-readiness checklist.
Definition
“The business” refers to Logistics Media Ltd
The statements are grouped into the following five sections:
- Direct Marketing
- Legitimate Interest Assessment (LIA)
- Data Control
- Records creation and maintenance
- Data Sharing
- Direct Marketing
Direct marketing governance:
The business has defined and allocated responsibility for compliance with data protection legislation and PECR when carrying out direct marketing activities or roles.
The business has approved and published direct marketing policies and procedures, which contain data protection and PECR guidance and are routinely reviewed to ensure they remain fit-for-purpose.
Direct marketing training:
The business ensures that we provide data protection training to all staff with direct marketing responsibilities (including temporary staff).
Lawful basis for direct marketing:
The business has obtained the necessary consent from individuals for marketing in compliance with data protection legislation and PECR (Privacy and Electronic Communications Regulations).
The business relies on ‘legitimate interests’ as the lawful basis for some of our marketing activities.
The business has applied the three part test and complies with other marketing laws.
Bought-in lists:
The business does not operate with bought-in lists.
Marketing lists:
The business does not sell marketing lists.
Telephone marketing:
The business identifies itself when making live marketing calls and only makes them in compliance with PECR.
The business does not make automated marketing calls.
Electronic mail:
The business identifies itself when sending electronic marketing messages and ensures we have the initial and ongoing permission of recipients in compliance with current legislation.
Postal marketing:
The business only sends marketing mail to named individuals who have not objected to receiving mailings in line with current legislation
Marketing by fax:
The business does not use fax as a marketing medium
Opt-out:
The business has mechanisms in place to ensure that individuals can opt out of marketing easily.
Retention of personal data:
The business has a retention policy and procedures in place for the personal data we hold for direct marketing.
- Legitimate Interest Assessment (LIA)
To comply with the new General Data Protection Regulations (GDPR) we process data based on a genuine legitimate interest. As we are a trade publication (press) we are a voice for the industry we work in.
We represent promotion, news and best interests of the industry and associated industries that we have business dealings in.
We understand and protect individuals’ genuine interests. As such, we allow individuals to have us remove their details held by us if requested.
As a business-to-business (b2b) trade publication we work with companies within the same industry and immediately associated industries
We produce news and promotions that are relevant to the industries we work with hence why we have assessed that a legitimate interest has been identified in making contact with said individuals.
The way we process data is to promote our publication to industry individuals and relevant companies. The method of contact is necessary as there would not be another way to achieve the same result.
Any individual we contact would be relevant to the publication and either work in the same industry as the publication or an industry that is linked with that industry. As such on balance, we believe there is a legitimate interest to provide genuine news and promotions via our publication, including website(s), email and telephone calls.
We only use individuals’ data as one would normally expect and would not sell that data to any third parties. We do not use data in a way that people would find intrusive or cause harm.
Data is protected by both physical protection, firewalls and limited access.
Our assessment of GDPR may be updated from time to time to reflect best practice. This information will also will be reflected in our privacy notice.
- Data Control
Information we hold:
The business has conducted an information audit to map data flows.
The business has documented what personal data we hold, where it came from, who we share it with and what we do with it.
Lawful basis for processing personal data:
The business has identified our lawful basis for processing and documented them.
Consent:
The business has reviewed how we ask for and record consent.
The business has systems to record and manage ongoing consent.
Vital interests:
This is not relevant to the business.
Legitimate interests:
The business uses legitimate interests as the lawful basis for processing. The business has applied the three part test and we can demonstrate we have fully considered and protected individual’s rights and interests.
Right of access:
The business has a process to recognise and respond to individuals’ requests to access their personal data.
Right to rectification and data quality:
The business has processes to ensure that the personal data we hold remains accurate and up to date.
Right to erasure including retention and disposal:
The business has a process to securely dispose of personal data that is no longer required or where an individual has asked us to erase it.
Right to restrict processing:
The business has procedures to respond to an individual’s request to restrict the processing of their personal data.
Right to data portability:
The business has processes to allow individuals to move, copy or transfer their personal data from one IT environment to another in a safe and secure way, without hindrance to usability.
Right to object:
The business has procedures to handle an individual’s objection to the processing of their personal data.
Rights related to automated decision making including profiling:
The business has identified whether any of our processing operations constitute automated decision making and have procedures in place to deal with the requirements.
Accountability:
The business has an appropriate data protection policy.
The business monitors our own compliance with data protection policies and regularly reviews the effectiveness of data handling and security controls.
The business provides data protection awareness training for all staff.
Information risks:
The business manages information risks in a structured way so that management understands the business impact of personal data related risks and manages them effectively.
Data Protection by Design:
The business has implemented appropriate technical and organisational measures to integrate data protection into our processing activities.
Management Responsibility:
Decision makers and key people in the business demonstrate support for data protection legislation and promote a positive culture of data protection compliance across the business.
Security policy:
The business has an information security policy supported by appropriate security measures.
Breach notification:
The business has effective processes to identify report, manage and resolve any personal data breaches.
Records management organisation:
The business has defined and allocated records management responsibilities.
Records management risk:
The business has identified records management risks as part of a wider information risk management process.
Records management training:
The business incorporates records management within a formal training programme. This comprises mandatory induction training with regular refresher material, and specialist training for those with specific records management functions.
Monitoring and reporting:
The business carries out periodic checks on records security and there is monitoring of compliance with records management procedures.
- Records creation and maintenance
Record creation:
The business has set minimum standards for the creation of paper or electronic records
Information we hold:
The business has identified where we use manual and electronic records keeping systems and actively maintains a centralised record of those systems.
Information standards:
The business has processes in place to ensure that the personal data we collect is accurate, adequate, relevant and not excessive. We carry out regular reviews to remove any personal data or records that are out of date or no longer relevant.
- Data Sharing
Data sharing policy:
The business has communicated policies, procedures and guidance to all staff that clearly set out when it is appropriate for them to share or disclose data.
Accountability:
The business has assigned responsibility to an appropriate member of staff for ensuring effective data sharing.
Staff training:
The business provides adequate training on an ongoing basis for staff that regularly makes decisions about whether to share personal data with third parties.
Data sharing records:
The business maintains a log of all our decisions to share personal data and we review this regularly.
Data sharing agreements:
The business has a data sharing agreement (DSA) with any party we routinely share personal data with or transfer large quantities of data to. We review these agreements regularly.
Privacy information:
The business informs individuals about the sharing of their personal data.
Security
Security measures:
The business has appropriate security measures in place to protect data that is in transit, received by the business or transferred to another business.
Right of access
Requests for personal data:
The business has a documented process for dealing with requests for personal data that all our staff are aware of and we have effectively implemented.
Accountability and training:
The business has appropriately trained all personnel who have responsibility for processing requests for personal data and has made them aware of how to identify and channel requests to the appropriate team or person.
Compliance monitoring:
The business monitors and reviews all requests for personal data and, where necessary, implements additional measures to improve compliance.