Privacy Policy
The Privacy Policy below discloses our practices regarding information collection and usage solely for the web site located at www.emgpublishinggroup.com (the “Web Site”).
By using or accessing the Web Site, you signify your agreement to be bound by our Privacy Policy. If you do not agree to this Privacy Policy then you may not access or otherwise use this Web Site.
Personally Identifiable Information
EMG Publishing Ltd does not collect personally identifiable information about you unless you voluntarily submit that information to us through one of our contact pages, by e-mail or other means. The personally identifiable information which you may provide to us could include your name, email address and telephone number.
Non-Personal or Aggregate Information
When you visit the Web Site, we may automatically collect certain non-identifying information about you, such as the type of browser or computer operating system you use or the domain name of the web site from which you linked to us.
Information Usage
We will only use your personally identifiable information as described below, unless you have specifically consented to another type of use, either at the time the personally identifiable information is collected from you or through some other form of consent from you or notification to you:
We may use your personally identifiable information to respond to your direct
inquires or to provide you with the services that you have requested.
We will use your personally identifiable information to add you to our mailing lists and to send you emails from time to time.
We may permit our vendors and subcontractors to access your personally identifiable information, but they are only permitted to do so in connection with performing services for us. They are not authorized by us to use the information for their own benefit.
We may disclose personally identifiable information as required by law or legal process.
We may disclose personally identifiable information to investigate suspected fraud, harassment or other violations of any law, rule or regulation, or the Terms and Conditions for the Web Site.
We may transfer your personally identifiable information in connection with the sale, merger or change of control of EMG Publishing Ltd or the division responsible for the services with which your personally identifiable information is associated.
Non-personal or aggregate information may be shared with any number of parties, provided that such information shall not specifically identify you.
Cookies
We may store some information on your computer’s hard drive as a “cookie” or similar type of file. We use this information internally, to help us enhance the efficiency and usefulness of the Web Site and to improve customer service. “Cookies” are pieces of information that may be placed on your computer by a web site for the purpose of facilitating and enhancing your communication and interaction with that web site. We may use cookies to customise your visit to the Web Site and for other purposes to make your visit more convenient or to enable us to enhance our service. You may stop or restrict the placement of cookies on your computer or flush them from your browser by adjusting your web browser preferences.
Security
The security of your information is very important to us. We attempt to provide for the secure storage of your information by utilising generally accepted industry practices. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and EMG Publishing Ltd or information stored on the Web Site or our servers will be free from unauthorised access by third parties such as hackers and your use of the Web Site demonstrates your assumption of this risk. We have put in place reasonable physical, electronic, and managerial procedures to safeguard the information we collect. Only those personnel who need access to your information in order to perform their duties are authorized to have access to your personally identifiable information.
Third-Party Web Sites
As a convenience to you, we may provide links to third party web sites from within the Web Site. We are not responsible for the privacy practices or content of these third party sites, and by providing a link we are not endorsing or promoting such third party sites. When you link away from our Web Site, you do so at your own risk.
Social Media Platforms
The Web Site may contain links to our presence on various social media platforms. We do not operate or control such platforms. You should be aware that personally identifiable information which you voluntarily include and transmit online in a publicly accessible blog, social network or otherwise online may be viewed and used by others. We are unable to control such uses of your personally identifiable information, and by using such services you assume the risk that the personally identifiable information provided by you may be viewed and used by third parties.
Communications with EMG Publishing Ltd
Any communication or material you transmit to us by email or otherwise, including any data, questions, comments, suggestions, or the like is, and will be treated as, non-confidential and nonproprietary. Except to the extent expressly covered by this policy, anything you transmit or post may be used by us for any purpose, including but not limited to, reproduction, disclosure, transmission, publication, broadcast and posting.
Protection for Children
We do not seek to collect personally identifiable information from children under the age of 13. When we become aware that personal information from a child under 13 has been collected without such child’s parent or guardian’s consent, we will use all reasonable efforts to delete such information from our database.
Privacy Policy Changes
We reserve the right, at our discretion, to change, modify, add, or remove portions from this Privacy Policy at any time. However, if at any time in the future we plan to use personally identifiable information in a way that materially differs from this Privacy Policy, including sharing such information with third parties, we will inform you of such changes and provide you the opportunity to opt-out of such differing uses. Your continued use of the Web Site following the posting of any changes to this policy means you accept such changes.
Terms and Conditions
This Privacy Policy and the use of the Web Site is subject to our Terms & Conditions.
Effective Date
This Privacy Policy was last updated on November 1st, 2020.
Our details
This website is owned and operated by EMG Publishing Ltd.
We are registered in England and Wales under registration number No. 10781511, and our registered office is at: EMG Publishing Limited
Edmund House 12-22 Newhall Street BIRMINGHAM B3 3AS United Kingdom
DATA / GDPR
These EMG Publishing Ltd Data Processing Terms ( “Data Processing Terms”) apply when EMG Publishing Ltd and Customer have entered into a Processing Contract that incorporates these terms by reference. Any capitalized terms are either defined herein or have been defined in other applicable EMG Publishing Ltd terms or policies.
1. Agreement to Process
These Data Processing Terms supplement the Processing Contract and any other agreements and agreed-upon terms or policies between the parties. Collectively, these documents reflect the parties’ agreement to the processing or subprocessing (hereinafter referred to simply as "processing") of Personal Data in connection with the GDPR.
2. Duration of these Data Processing Terms
These Data Processing Terms will take effect on the date Customer executes the Processing Contract and remain in effect until, and automatically expire upon, deletion of all Personal Data by EMG Publishing Ltd as described in these Data Processing Terms.
3. Application of these Data Processing Terms
3.1 Application of GDPR. These Data Processing Terms will only apply to the extent that the GDPR applies to the processing of Personal Data, including if:
the processing is in the context of the activities of an establishment of Customer in the EEA; and/or
Personal Data is personal data relating to data subjects who are in the EEA and the processing relates to the offering to them of goods or services or the monitoring of their behavior in the EEA.
3.2 Application to Processor Services. These Data Processing Terms will only apply to the processor services identified in the Processing Contract and its attachments ("Processing Services").
4. Processing of Data
4.1 Roles and Regulatory Compliance; Authorization.
4.1.1 Processor and Controller Responsibilities. The parties acknowledge and agree that:
The Processing Contract describes the subject matter and details of the processing of Personal Data;
EMG Publishing Ltd is a processor of Personal Data under the GDPR;
Customer is a controller or processor, as applicable, of Personal Data under the GDPR; and
each party will comply with the obligations applicable to it under the GDPR with respect to the processing of Personal Data.
4.1.2 Consent from Data Subject. Customer warrants that it has obtained and maintained any required consents necessary to permit the processing by EMG Publishing Ltd of Personal Data relating to End Readers.
4.1.3 Authorization by Third Party Controller. If Customer is a processor, Customer warrants to EMG Publishing Ltd that Customer’s instructions and actions with respect to Personal Data, including its appointment of EMG Publishing Ltd as another processor, have been authorised by the relevant controller
4.2 Customer’s Instructions. By entering into these Data Processing Terms, Customer instructs EMG Publishing Ltd to process Personal Data only in accordance with applicable law: (a) to provide the Processor Services and any related technical support; (b) as further specified via Customer’s use of the Processor Services (including in the settings and other functionality of the Processor Services) and any related technical support; (c) as documented in the Processing Contract, these Data Processing Terms, or any other agreement between the parties; and (d) as further documented in any other written instructions given by Customer and acknowledged by EMG Publishing Ltd's as constituting instructions for purposes of these Data Processing Terms.
4.3 EMG Publishing Ltd's Compliance with Instructions. EMG Publishing Ltd will comply with the instructions described in Section 4.2 (Customer’s Instructions) (including with regard to data transfers). However, if EMG Publishing Ltd believes an instruction infringes the GDPR or other Union or Members State data protection provisions, EMG Publishing Ltd will immediately notify Customer (unless that law prohibits EMG Publishing Ltd from doing so on important grounds of public interest).
5. Data Deletion
5.1 Deletion During Term
5.1.1 Processor Services With Deletion Functionality. During the Term, if:
the EMG Publishing Ltd interface associated with the Processor Services includes the option for Customer to delete Personal Data;
Customer uses the interface to delete certain Personal Data; and -the deleted Personal Data cannot be recovered by Customer (for example, from the “trash”),
then EMG Publishing Ltd will delete such Personal Data from its systems as soon as reasonably practicable and within a maximum period of 180 days, unless any laws to which EMG Publishing Ltd is subject requires storage.
5.1.2 Processor Services Without Deletion Functionality. If the functionality of the EMG Publishing Ltd interface associated with the Processor Services does not include the option for Customer to delete Personal Data, then EMG Publishing Ltd will comply with:
any reasonable request from Customer to facilitate such deletion, insofar as this is possible taking into account the nature and functionality of the Processor Services and unless EU or EU Member State law requires storage; and
the data retention practices described in EMG Publishing Ltd's Customer Privacy Policy and End Reader Privacy Policy.
EMG Publishing Ltd may charge a fee (based on EMG Publishing Ltd's reasonable costs) for any data deletion under Section 5.1.2(a). EMG Publishing Ltd will provide Customer with further details of any applicable fee, and the basis of its calculation, in advance of any such data deletion.
5.2 Deletion on Term Expiration. On expiration of the Term and discontinuation of the processing services, EMG Publishing Ltd's will, at the choice of Customer, either delete or return all Personal Data (including existing copies) from EMG Publishing Ltd's systems in accordance with applicable law. Given the nature of the Services, Customer is responsible for informing EMG Publishing Ltd when it has discontinued the processing services, triggering this clause. EMG Publishing Ltd will comply with this instruction as soon as reasonably practicable and within a maximum period of 180 days, unless EU or EU Member State law requires storage.
5.3 Requests from End Readers. EMG Publishing Ltd will promptly forward to Customer any requests received from End Readers relating to the deletion or modification of relevant Personal Data.
6. Data Security
6.1 EMG Publishing Ltd's Security Measures and Assistance.
6.1.1 EMG Publishing Ltd's Security Measures. EMG Publishing Ltd's will implement and maintain technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access as described in the Security Measures. The Security Measures include measures: (a) to help ensure the ongoing confidentiality, integrity, availability, and resilience of EMG Publishing Ltd's systems and services; (b) to help restore timely access to personal data following an incident; and (c) for regular testing of effectiveness. EMG Publishing Ltd may update or modify the Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Processor Services.
6.1.2 Security Compliance by EMG Publishing Ltd Staff. EMG Publishing Ltd will take appropriate steps to ensure compliance with the Security Measures by its employees, contractors, and Subprocessors to the extent applicable to their scope of performance, including ensuring that all persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
6.1.3 EMG Publishing Ltd Security Assistance. Customer agrees that EMG Publishing Ltd will (taking into account the nature of the processing of Personal Data and the information available to EMG Publishing Ltd) assist Customer in ensuring compliance with any obligations of Customer in respect of security of personal data and personal data breaches, including (if applicable) Customer’s obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR, by:
implementing and maintaining the Security Measures in accordance with Section 6.1.1 (EMG Publishing Ltd's Security Measures); and
complying with the terms of Section 6.2 (Data Incidents).
6.2 Data Incidents.
6.2.1 Incident Notification. If EMG Publishing Ltd becomes aware of a Data Incident, EMG Publishing Ltd will notify Customer in accordance with Section 9 of its Security Measures.
6.2.2 Delivery of Notification. EMG Publishing Ltd will deliver its notification of any Data Incident to the notification email address provided by Customer or, at EMG Publishing Ltd's discretion (including if Customer has not provided a notification email address), by other direct communication (for example, by phone call or an in-person meeting).
6.3 Customer’s Security Responsibilities and Assessment.
6.3.1 Customer’s Security Responsibilities. Customer agrees that, without prejudice to EMG Publishing Ltd's obligations under Sections 6.1 (EMG Publishing Ltd's Security Measures and Assistance) and 6.2 (Data Incidents):
Customer is solely responsible for its use of the Processor Services, including:
making appropriate use of the Processor Services to ensure a level of security appropriate to the risk in respect of Personal Data; and
securing the account authentication credentials, systems, and devices Customer uses to access the Processor Services.
EMG Publishing Ltd has no obligation to protect Personal Data that Customer elects to store or transfer outside of EMG Publishing Ltd's and its Subprocessors’ systems.
EMG Publishing Ltd's has no obligation to protect personal or sensitive data contained within Content generally published through the Service to End Readers using EMG Publishing Ltd's content distribution network.
6.3.2 Customer’s Security Assessment. Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing of Personal Data as well as the risks to individuals) the Security Measures implemented and maintained by EMG Publishing Ltd as set out in Section 6.1.1 (EMG Publishing Ltd's Security Measures) provide a level of security appropriate to the risk in respect of Personal Data.
6.4 Reviews and Audits of Compliance.
6.4.1 Customer’s Audit Rights. EMG Publishing Ltd will allow Customer or a third party auditor appointed by Customer to conduct audits (including inspections) to verify EMG Publishing Ltd's compliance with its obligations under these Data Processing Terms in accordance with Section 6.4.2 (Additional Business Terms for Audits). EMG Publishing Ltd will contribute to such audits as described in this Section 6.4 (Reviews and Audits of Compliance). As part of any such audit, EMG Publishing Ltd will further make available to Customer all information necessary to demonstrate its compliance with the obligations laid down in Article 28 of the GDPR.
6.4.2 Additional Business Terms for Audits.
(a) Customer will send any request for an audit under Section 6.4.1 to EMG Publishing Ltd as described in Section 11.1 (Contacting EMG Publishing Ltd).
(b) Following receipt by EMG Publishing Ltd of a request under Section 6.4.2(a), EMG Publishing Ltd and Customer will discuss and agree in advance on the reasonable start date, scope and duration of, and security and confidentiality controls applicable to, any audit under Section 6.4.1.
(c) EMG Publishing Ltd may charge a fee (based on EMG Publishing Ltd's reasonable costs) for any audit under Section 6.4.1. EMG Publishing Ltd will provide Customer with further details of any applicable fee, and the basis of its calculation, in advance of any such audit. Customer will be responsible for any fees charged by any third party auditor appointed by Customer to execute any such audit.
(d) EMG Publishing Ltd may object to any third party auditor appointed by Customer to conduct any audit under Section 6.4.1 if the auditor is, in EMG Publishing Ltd's reasonable opinion, not suitably qualified or independent, a competitor of EMG Publishing Ltd, or otherwise manifestly unsuitable. Any such objection by EMG Publishing Ltd will require Customer to appoint another auditor or conduct the audit itself.
(e) Nothing in these Data Processing Terms will require EMG Publishing Ltd either to disclose to Customer or its third party auditor, or to allow Customer or its third party auditor to access:
any data of any other customers of EMG Publishing Ltd;
any EMG Publishing Ltd internal accounting or financial information;
any trade secret of EMG Publishing Ltd;
any information that, in EMG Publishing Ltd's reasonable opinion, could: (a) compromise the security of any EMG Publishing Ltd systems or premises; or (b) cause EMG Publishing Ltd to breach its obligations under the GDPR or its security and/or privacy obligations to Customer or any third party; or
any information that Customer or its third party auditor seeks to access for any reason other than the good faith fulfillment of Customer’s obligations under the GDPR.
7. Impact Assessments and Consultations
7.1 EMG Publishing Ltd Assistance. Customer agrees that EMG Publishing Ltd will (taking into account the nature of the processing and the information available to EMG Publishing Ltd) assist Customer in ensuring compliance with any obligations of Customer in respect of data protection impact assessments and prior consultation, including (if applicable) Customer’s obligations pursuant to Articles 35 and 36 of the GDPR, by:
providing the information contained in these Data Processing Terms; and
providing or otherwise making available, in accordance with EMG Publishing Ltd standard practices, other materials concerning the nature of the Processor Services and the processing of Personal Data (for example, help center materials).
7.2 Reasonable Fee. EMG Publishing Ltd may charge a fee (based on EMG Publishing Ltd reasonable costs) for any assistance under Section 7.1. EMG Publishing Ltd will provide Customer with further details of any applicable fee, and the basis of its calculation, in advance of any such assistance.
8. Data Subject Rights
8.1 Responses to Data Subject Requests. If EMG Publishing Ltd receives a request from a data subject in relation to Personal Data, EMG Publishing Ltd will advise the data subject to submit his/her request to Customer, and Customer will be responsible for responding to such request.
8.2 EMG Publishing Ltd's Data Subject Request Assistance. Customer agrees that EMG Publishing Ltd will (taking into account the nature of the processing of Personal Data and, if applicable, Article 11 of the GDPR) assist Customer in fulfilling any obligation of Customer to respond to requests by data subjects, including (if applicable) Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR, by:
providing the functionality of the Processor Services;
complying with the commitments set out in Section 8.1 (Responses to Data Subject Requests).
9. Data Transfers
9.1 Data Storage and Processing Facilities. Except for Personal Data covered by EMG Publishing Ltd's GDPR or EEA-Only Data Processing Addendum addressed in Section 9.2, Customer agrees that EMG Publishing Ltd may store and process Personal Data in any country in which EMG Publishing Ltd has clients.
9.2 EEA-Only Data Processing. If Customer has executed a EMG Publishing Ltd EEA-Only GDPR Data Processing Addendum, certain Personal Data relating to End Readers will be collected, stored, and processed only in the EEA, using EMG Publishing Ltd's infrastructure and personnel located in the EEA, and avoid an international transfer of End Reader Data.
9.3 Data Center Information. Information about the locations of EMG Publishing Ltd Data Centers is available in EMG Publishing Ltd's Security Measures.
10. Subprocessors
10.1 Consent to Subprocessor Engagement. Customer authorizes EMG Publishing Ltd to engage Subprocessors, as generally described in the Security Measures, to assist in processing Personal Data (“Subprocessors”).
10.2 Requirements for Subprocessor Engagement. When engaging any Subprocessor, EMG Publishing Ltd will:
ensure via a written contract that:
the Subprocessor only accesses and uses Personal Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the Processing Contract (including these Data Processing Terms); and
if the GDPR applies to the processing of Personal Data, the data protection obligations set out in Article 28(3) of the GDPR are imposed on the Subprocessor.
remain fully liable for all obligations subcontracted to, and all acts and omissions of, the Subprocessor.
10.3 Opportunity to Object to Subprocessor Changes.
When any new Subprocessor is engaged during the Term, EMG Publishing Ltd will, at least 30 days before the new Subprocessor processes any Personal Data, inform Customer of the engagement (including the name and location of the relevant subprocessor and the activities it will perform).
Customer may object to any new Subprocessor by terminating the Processing Contract immediately upon written notice to EMG Publishing Ltd, on condition that Customer provides such notice within 90 days of being informed of the engagement of the new Subprocessor as described in Section 11.3(a). This termination right is Customer’s sole and exclusive remedy if Customer objects to any new Subprocessor.
11. Contacting EMG Publishing Ltd; Processing Records
11.1 Contacting EMG Publishing Ltd. Customer may contact EMG Publishing Ltd in relation to the exercise of its rights under the Processing Contract or these Data Processing Terms via the below contact information or via such other means as may be provided by EMG Publishing Ltd from time to time.
Registered office address:
EMG Publishing Limited
Edmund House
12-22 Newhall Street
BIRMINGHAM
B3 3AS
United Kingdom
+44 (0)203 291 3493
11.2 EMG Publishing Ltd's Processing Records. Customer acknowledges that EMG Publishing Ltd is required under the GDPR to: (a) collect and maintain records of certain information, including the name and contact details of each processor and/or controller on behalf of which EMG Publishing Ltd is acting and (if applicable) of such processor’s or controller's local representative and data protection officer; and (b) make such information available to the supervisory authorities. Accordingly, Customer will, where requested and as applicable to Customer, provide such information to EMG Publishing Ltd via the user interface of the Processor Services or via such other means as may be provided by EMG Publishing Ltd, and will use such user interface or other means to ensure that all information provided is kept accurate and up-to-date.
12. Liability
The total liability of the parties under or in connection with these Data Processing Terms will be subject to the exclusions and limitations of liability in the Agreement.
13. Changes to these Data Processing Terms
13.1 Changes to Data Processing Terms. EMG Publishing Ltd may change these Data Processing Terms if the change:
is expressly permitted by these Data Processing Terms;
reflects a change in the name or form of a legal entity;
is required to comply with applicable law, applicable regulation, a court order, or guidance issued by a governmental regulator or agency; or
does not: (i) result in a degradation of the overall security of the Processor Services; (ii) expand the scope of, or remove any restrictions on, EMG Publishing Ltd's processing of Personal Data, as described in Section 4.3 (EMG Publishing Ltd's Compliance with Instructions); and (iii) otherwise have a material adverse impact on Customer’s rights under these Data Processing Terms, as reasonably determined by EMG Publishing Ltd.
13.2 Notification of Changes. If EMG Publishing Ltd intends to change these Data Processing Terms under Section 13.1(c) or (d),EMG Publishing Ltd will inform Customer at least 30 days (or such shorter period as may be required to comply with applicable law, applicable regulation, a court order, or guidance issued by a governmental regulator or agency) before the change will take effect by either: (a) sending an email to the notification email address; or (b) alerting Customer via the user interface for the Processor Services. If Customer objects to any such change, Customer may terminate the Processing Contract by giving written notice to EMG Publishing Ltd within 90 days of being informed by EMG Publishing Ltd of the change.
The General Data Protection Regulation (‘GDPR’) is effective from 25 May 2018.
The General Data Protection Regulation, or “Regulation (EU) 2016/679”, became law on 27 April 2016, but businesses were given just over 2 years to become compliant. Therefore, GDPR will be enforceable as of 25 May 2018.
GDPR applies to processing of data of EU subjects.
Definitions
Data controller means the organisation that determines the purposes for which, and the manner in which any personal data are, or are to be, processed. EMG Publishing Ltd (‘we’) is the data controller of all personal data used in our business for our own commercial purposes.
Processing of data means any set of operations performed on personal data including collection and storage, and contacting. Data means information stored electronically or in certain paper-based filing systems.
Personal data is any data that identifies an individual person, not generic company data.
Approach
In preparation for GDPR, EMG Publishing Ltd acknowledges its responsibility to develop and maintain business-wide awareness of the rights of individuals to be empowered and protected in terms of data privacy.
We have consulted broadly and implemented processes, procedures and training to ensure that a legal basis for the processing of personal data underpins all business practices at EMG Publishing Ltd.
We recognise that there are some circumstances in which personal data may be processed and that the GDPR clarifies the responsibilities of companies as far as the processing (collection, storage, maintenance and use) of personal data is concerned.
EMG Publishing Ltd is actively working on its strategy in relation to data protection, and considers this to be an ongoing endeavour that will continue to be operational beyond the enforcement date of 25 May 2018. We will continually strive to ensure that personal data privacy is embedded as routine practice on a perpetual basis.
EMG Publishing Ltd has undertaken to ensure that all staff receive training in the concepts and requirements of data protection law. Staff will be expected to embrace the ethos of data protection law and to adopt practices in the workplace that reflect the company’s commitment to ensuring that the rights of individuals are respected and protected at all times.
EMG Publishing Ltd's internal policy for data protection requires any products, services or systems adopted by the company (relating in any way to the processing of personal data) to undergo an assessment to establish that they do not contravene the company’s policies to maintain compliance with the GDPR. We also strive to ensure that our suppliers, where relevant (for example, mailing and fulfilment businesses), have appropriate policies in place to safeguard personal data and that the data is transferred securely.
EMG Publishing Ltd has implemented training and processes to enable staff to recognise and respond to Data Subject Access Requests (‘SARs’). We have also reviewed our current work processes and records in detail, before 25 May 2018, to be sure existing consents meet the GDPR standard.