This is the privacy and cookie policy for theguardian.org (the “Website”). Guardian.org Foundation (dba theguardian.org) (“We” or “Us”) is a 501(c)(3) nonprofit organization with a focus to advance and inform public discourse and citizen participation around the most pressing issues of our time through the support of independent journalism and journalistic projects at the Guardian.

Your use of the Website indicates your acceptance of this privacy and cookie policy (the “Policy”). If you do not accept all of the terms of this Policy, you should not use the Website. This Policy may change, so please refer back to it periodically. We think carefully about our use of personal information, and below you can find the details of what we do to protect your privacy.

This Policy covers, among other topics:

• Information about the choices available to you with respect to your personal information
• Transparency about how we collect and use your personal information, including when and how it is shared
• Information on how we protect your personal information
• Information on how you can control your personal information and how we respond to your questions

This Policy explains how we collect, use, share and transfer your personal information when you use our site or interact with us. This Policy also explains how you can control your personal information.

Personal information is any information about you by which you can be identified or be identifiable. This can include information such as:

• your name, date of birth, gender, email address, postal address, phone number, mobile number, financial details
• information about your device (such as the IP address, which is a numerical code to identify your device that can provide information about the country, region or city where you are based)
• information relating to how you use and interact with our site and projects

Sometimes our site may contain links to sites and services that are not part of the theguardian.org offering. These sites and services have their own privacy policies. If you follow a link to these non-theguardian.org sites and apps, you should read the privacy policy shown on their site.

We collect your personal information when you visit our site, engage in services or contribute to theguardian.org or when you interact with us. We collect your personal information in various ways:

• directly from you, e.g. via your communications with us, when you request to receive information on our projects and when you browse our site
  personal information we generate about you, e.g.
• personal information we use to authenticate you, or personal information in the form of your IP address or your preferences
• personal information we collect from third parties, e.g. personal information which we collect, with your permission, when you donate to us or interact with us via your social media accounts

Personal information we generate about you

When you use our sites, we may also use cookies or similar technology to collect extra data, including:

• your IP address - a numerical code to identify your device, together with the country, region or city where you are based
• your geolocation data - your IP address can be used to find information about the latitude, longitude, altitude of your device, its direction of travel, your GPS data and data about connection with local Wi-Fi equipment
  information on how you interact with our site
• your browsing history of the content you have visited on our sites, including how you were referred to our sites via other websites
• details of your computer, mobile, TV, tablet or other devices, for example, the unique device ID, unique vendor or advertising ID and browsers used to access our content

Personal information when you post comments about theguardian.org on other social media sites

• If you have mentioned theguardian.org in posts on social media sites, then we may collect your social media handles. For example, when you mention theguardian.org in a tweet, we may collect your Twitter handle

We collect personal information when you:

• participate in theguardian.org activities
• donate to theguardian.org
• attend our events (in person and virtually)
• use mobile devices to access our content
• access and interact with our site
• through cookies and other similar technology
• when you contact us via email, social media, or similar technologies or when you mention us on social media

Our legal basis for processing your personal information for the purposes described above is based on one of the following:

• Consent: If we use your personal information because you have consented to us using it, you can withdraw your consent at any time. An example of where we ask for your consent includes to send email communications or project updates to you. You can withdraw your consent at any time by replying to the email.
• Performance of a contract with you (or in order to take steps prior to entering into a contract with you): We will use your personal information if we need to in order to perform a contract with you. For example, where you have signed up to or registered your interest in becoming involved in one of our projects or attending our events.
• Compliance with law: In some cases, we may have a legal obligation to use or keep your personal information.
• Our legitimate interests: We may process your personal information where it is necessary for our legitimate interests in operating theguardian.org, improving our services, measuring our impact and protecting our organization. For example, it is in our legitimate interests for us to: understand our donors, promote our projects and operate our site efficiently and to analyze what content has been viewed on our site, so that we can understand how it is used. Examples of when we rely on our legitimate interests to use your personal information include:
  • to contact you in relation to projects you are involved in or have registered an interest in
  • when we analyze what content has been viewed on our site, so that we can understand how they are used and improve our content
  • for internal administrative purposes related to when you use our site or participate in projects - such as our accounting and records - and to make you aware of any changes to our site or projects
  • to collect and log IP addresses to improve the website and monitor website usage
  • to personalize our site by remembering your settings, and recognizing you when you visit our site
  • when responding to your queries and to resolve complaints
  • for security and fraud prevention

Data protection law includes certain exemptions when personal information is processed for the purposes of journalism. Those exemptions apply to some of the ways theguardian.org uses personal information. This Policy does not cover personal information that is processed for the purposes of journalism.

What is a cookie?

A cookie is a small file that can be placed on your device. It is sent to your browser and stored on your computer’s hard drive, tablet or mobile device. When you visit our site, it can allow us to recognize and remember you.

How do we use cookies?

We use cookies in a range of ways to improve your experience on our site, including:

• Understanding how you use our site, for instance how long you stay on a page or which report you read next
• Delivering content to you
• Monitoring how users interact with pages on our site to identify and remedy interface issues

We use the following types of cookies on our sites:

• Strictly Necessary - These cookies are essential for the operation of our site. If you set your browser to block these cookies, some parts of our site will not work. In particular, we won’t be able to save your preferences about cookies.
• Performance - These cookies are used to measure how often you visit our site and how you use our site. We use this information to get a better sense of how our users engage with our site and projects and to improve our site so that you have a better experience. For example, we collect information about which of our pages are most frequently visited, and by which types of users.
• Functionality - These cookies are used to recognize you and remember your preferences or settings when you return to our site so that we can provide a more personalized experience for you.

It is possible to stop your browser from accepting cookies altogether by changing your browser’s cookie settings. You can usually find these settings in the “options” or “preferences” menu of your browser. Please note that searching in incognito mode or regularly clearing your cookies may impact your choice cookie settings.

Adding to or combining the personal information you provide to us

When you sign up to our projects, we may add to the personal information you give us by combining it with other personal information shared with us by other trusted organizations. We may also add personal information to improve the accuracy of your delivery address when we send out mail and to ensure the accuracy of the information we hold.

Personal information shared by event partners

When you register or book a ticket for a theguardian.org event organized by an event partner, your registration data may be shared with us by the event partner.

We do not aim any of our projects directly at children under the age of 16 and we do not knowingly collect personal information about children under 16. Some of our projects may have a higher age restriction and this will be shown at the point of registration. If you are under the age of 16 please do not use the guardian.org or provide personal information to us.

We have implemented appropriate technical and organizational controls to protect your personal information against unauthorized processing and against accidental loss, damage or destruction. Unfortunately, sending any information, including personal information, via the internet is not completely secure. We cannot guarantee the security of any personal information.

Within the Guardian group of companies

Depending on where you live, we may share your personal information within the Guardian group of companies in the UK, US, or Australia. We may share it in order to perform a contract with you, for administrative purposes, or when we have a legitimate interest in doing so.

With external organizations

We share your personal information with other organizations that are not directly linked to us under the following circumstances:

Service providers - We may share your data with other organizations that provide services on our behalf. Examples of when we may share your data with service providers include sharing with:

• website hosting providers
• online payments processors who process credit and debit card transactions on our behalf
• internet and cloud hosting services providers
• software service providers such as Salesforce that assist us with our relationship management
• communications services providers
• service providers that provide us with insights and analytics that help us to improve our site. For example, we use Google Analytics to understand how visitors engage with our site. If you don’t want Google Analytics to be used in your browser, you can install the ‘Google Analytics Opt-Out Browser Add-On’, provided by Google

Agencies and authorities if required by law - We may reveal your personal information to any law enforcement agency, court, regulator, government authority, or in connection with any legal action if we are required to do so to meet a legal or regulatory obligation, or otherwise to protect our rights or the rights of anyone else (for example, in response to valid and properly served legal process such as subpoena or warrant).

Event sponsors and partners - We may share your personal information with sponsors of theguardian.org events and partners who we hold events with for event administration purposes. We do not sell or rent personal information to unaffiliated mass marketers without your express permission.

Data we collect may be transferred to, stored and processed in any country or territory where one or more of theguardian.org service providers are based or have facilities. While other countries or territories may not have the same standards of data protection as those in your home country, we protect personal information that we transfer in line with this Policy.

We keep your personal information for only as long as we need to. How long we need your personal information depends on what we are using it for, as set out in this Policy. For example, we may need to use it to answer your queries about a project or our site and as a result may keep personal information while you are still participating in such project or accessing our site. We may also need to keep your personal information for accounting purposes, for example, where you have made a donation. If you request not to be contacted, we may keep your personal information to ensure that we do not send you any communications in future.

Communications

We may send you materials we think may interest you, such as communications about specific projects.
If you have agreed to receive information about theguardian.org projects, we may email you with further information. You can decide not to receive these communications at any time by letting us know.

Responding to your queries or complaints

If you have raised a query or a complaint with us, we may contact you to answer your query or to resolve your complaint.

You may contact us with regard to your personal information as follows:

• You may request a copy of the personal information we hold about you
• You may ask us to correct the personal information we hold about you
• You may ask us to delete your personal information or restrict how it is used. There may be exceptions to our ability to do this for specific legal reasons which, if applicable, we will set out for you in response to your request
• Where applicable, you may object to processing of your personal information for certain purposes
• Where you have provided us with consent to use your personal information, you can withdraw this at any time

We may need verification of your identity to proceed with a request. If you provide us with proof of identity containing information that does not match our records, we may request further proof of identity from you.

If your request is complicated or if you have made a large number of requests, it may take us longer to respond. You generally will not have to pay a fee to obtain a copy of your personal information (or to contact us as above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

If we decide to change our Policy we will post the latest version here. Please check back often to read our most updated and amended version. Your continued use of theguardian.org means that you agree to our updates and amendments.