This website is operated by the Independent Press Standards Organisation C.I.C. of Gate House, 1 Farringdon Street, London, EC4M 7LG (IPSO).
As the regulator of the large majority of the UK newspaper and magazine industry, we help ensure that the UK public receives fair treatment from the press. We do this by enforcing the requirement contained in our agreement with the publishers we regulate that newspapers and magazines follow the Editors’ Code of Practice, monitoring their compliance with the Code, and taking action against newspapers and magazines which do not follow the Code. We also offer an arbitration service, which provides access to justice for individuals who wish to make legal claims against some of our member publishers.
We have a legitimate interest in administering and enforcing the Code, and providing access to justice for claimants. We also have a legitimate interest in publicising our work, and raising awareness of our services, by email. This is the legal basis for our processing of this personal data.
We are committed to protecting and respecting your privacy, and to ensuring that we comply with all relevant laws when processing your personal data. This notice explains what to expect when IPSO collects personal information. It applies to information we collect about
Our website contains hyperlinks to websites owned and operated by third parties. These third party websites may have their own privacy policies and we recommend you to review them
Type of information
We may receive personal data about complainants or other people through our investigation of complaints under the Editors’ Code of Practice, either from the complainant or the IPSO member publisher who the complaint is against. This may include a complainant’s name, contact details (including email and postal addresses), information about the complainant or other people appearing in coverage that the complaint is about, and information about the complainant or other people that is sent to us (either the complainant or the publication) during the investigation of a complaint. This material is kept together in a file, which in most cases is electronic.
Purpose of processing
We use this information to administer our complaints procedure, publish adjudications, carry out training, check on the level of service we provide, and monitor press standards.
Who is the data shared with
We may share this information with our members, even if the complaint is not taken forward. This ensures that they are aware that a complaint has been made about them and the outcome. You should let us know if you have concerns about this, and we will be happy to discuss it with you. It may be the case that we do not have to include certain information that you have given to us, although we do not generally take forward anonymous complaints.
In accordance with our general commitment to transparency and to help our standards-raising activities, we publish all rulings on investigated complaints by the Complaints Committee. However, we give complainants the opportunity before the Committee makes a decision to request that their name or other information is not included in the published decision. For similar reasons, we also publish a record of complaints that we resolve through mediation.
We collect information on complainants’ experiences with our complaints procedure via an online survey. This is anonymous and is used only for the purpose of monitoring and improving the service that we offer to complainants whose complaints are investigated.
Type of information
We operate a private advisory notice service to notify member publishers and other relevant publishers of concerns raised that the Editors’ Code of Practice is being, or may be, breached. These notices are sent on a private and confidential, not for publication basis.
When we are contacted by people wishing to use our private advisory service, or their representatives, we keep a copy of the correspondence relating to the request in an electronic file on our internal database. We also keep one hard copy of the advisory notice on file.
This may include personal data including the person’s name, contact details, and information about the requester that is submitted to us in order to form part of the private advisory notice or as background to the request.
Purpose of processing
We use this information to administer the service, check on the level of service we provide, monitor press standards, and to maintain a record of the notice in case it should be relevant to a future complaint.
Who is the data shared with
We may share this information with member publishers and other relevant contacts (including broadcast journalists and news agencies). We will agree with the requester in advance which material will be shared, and wherever possible will agree the exact wording of the request in writing, in advance.
Type of information
We monitor press standards and compliance on an ongoing basis. This includes information provided to IPSO through its complaints and private advisory notice services and material that is in the public domain, for example through news coverage or court judgments.
Some information about standards comes through our whistleblowing hotline, which is run by Crimestoppers, an external company. This enables journalists to report concerns about compliance at their organisations. Concerns can be raised over the phone or through an online form on our website. Journalists using the hotline can leave their contact details if they wish to, but are not required to. Any other personal data is removed from the record of the concern before it is passed to IPSO if requested by the whistleblower.
Purpose of processing
We use the contact information provided by those raising a concern to contact them to clarify points they have raised, or to communicate action we have taken in response to the concerns they have raised.
We use information about press standards in order to identify areas of potential concern or interest to our standards function, and to decide whether any issues identified require regulatory action by us. We seek to minimise the amount of personal data that we collect as part of this process, and we retain personal information only for as long as necessary to carry out these functions. We retain de-personalised information about the compliance records of organisations for as long as is necessary to help inform future actions, but no individuals are identifiable from that data.
Type of information
We monitor press standards and compliance on an ongoing basis. This includes producing guidance for regulated publishers and information leaflets for the public. To help us produce the most useful and appropriate information we may put draft version of this guidance and leaflets to journalists, members of the public and other interested stakeholders to gain insight into their views.
Purpose of processing
We use the contact information provided by those completing a consultation to contact them to clarify points they have raised, or to communicate action we have taken in response to the comments or concerns they have raised.
We seek to minimise the amount of personal data that we collect as part of this process, and we retain personal information only for as long as necessary to carry out these functions.
Type of information
As part of the operation of our arbitration service, we receive claim forms setting out potential legal claims against member publishers. Claims may include a complainant’s name, contact details (including email and postal addresses), information about the claimant or other people appearing in coverage that the claim is about, and information about the claim or other people that is provided by either side during the arbitration process.
Purpose of processing
The arbitration service provides low-cost access to justice for legal claims against publishers we regulate who choose to participate. You can read more about the arbitration process here.
Who is the data shared with?
Information provided through the claim form is passed to CEDR, the company that administers the arbitration process on our behalf and oversees the appointment of an arbitrator. CEDR or the arbitrator may collect further information as part of the arbitration process. CEDR has a privacy policy which you can read here.
Type of information
We collect the names and email addresses of subscribers to our newsletter, which provides updates on our activities and relevant events.
Purpose of processing
Recipients of the newsletter are given the opportunity to opt out of further correspondence within each newsletter.
We use a third party provider, MailChimp, to deliver our newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see their privacy notice.
Type of information
When someone visits this website (ipso.co.uk) we use Google Analytics to collect information about which pages they visit, and how long they spend looking at each page. We process this data in a way that does not try to identify anyone. Our website search and decision notice search is powered by Google. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either IPSO or any third party. We also use cookies on our website, find out more here.
Purpose of processing
We look at this data to understand how people use our website and to help us consider how we can improve it.
We have a presence on social networks including Twitter and Facebook. We use third party providers, Hootsuite and Tweetdeck, to manage our social media interactions. If you send us a private or direct message via social media we will use it only to reply to your comment or question. We will not share it with anyone else. Each of these organisations have their own privacy notices, which you can read by clicking on their names above.
Type of information
When you call us with a query or request for advice, we may make a note of the nature of your question and your contact details.
Purpose of processing
We will use the information in order to enable us to monitor concerns raised with us or to reply to your question. We will not share this information with anyone else unless the correspondence later becomes part of a complaint to us, in which case we will follow our usual complaints process.
Telephone recording
We do not in general circumstances record telephone calls electronically but may do so if there is a specific need to do so. If we consider that it is necessary to record our call with you, we will tell you that we are doing so and will explain why. For example, we might have concerns about the way you are communicating with our staff and need to create a record so that that we can decide whether we need to limit our contact with you. More information about this is available in our policy on unacceptable behaviour by complainants, which you can see here. If we decide that we need to record our calls with you, we will also explain how you can object to this recording.
Type of information
IPSO maintains records of current and past job applicants, which are kept digitally and in hard copy format, as part of its management of human resources and its recruitment practices. This includes their names, contact details, employment history and CVs.
Purpose of processing
This information is only used for the purpose of assessing the application, or to fulfil legal or regulatory requirements if necessary. You don’t have to provide what we ask for but it might affect your application if you don’t. We do not share this information with third parties for marketing purposes or store any of this information outside of the European Economic Area. It is held securely by us and deleted after six months if your application is not successful.
In some cases we ask applicants to fill in diversity monitoring forms, on a voluntary basis. Information provided through a diversity monitoring form is kept separately from other applicant data. It is not available to the people running the recruitment process while it is on-going, and it is used only to analyse our recruiting practices.
If you are successful, we will retain the information you provide during the application process as part of your employee file.
We maintain records of past employees for a period of six years after you leave employment with us, to enable us to provide references and answer queries about your employment. This information is not shared with anyone else without your consent.
You have the following rights over the way we process personal information relating to you. We aim to comply without undue delay, and within one month at the latest:
You can read more about these rights on the website of the Information Commissioner’s Office here.
Please send your requests to Tonia Milton, Head of Systems ([email protected]).
We will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. Although we try to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
This policy was last updated on 6th February 2023. It may be updated from time to time. We will notify you of any changes by posting the new policy here.
As part of the administration of our human resources function, we transfer personal information about current employees and officeholders of IPSO to a territory outside the EEA that has been found by the EU Commission to provide adequate protection for the rights and freedoms of data subjects. We do not transfer personal data about any other data subjects outside the EEA.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We delete correspondence relating to complaints, private advisory notices and related inquiries after 7 years.
In the case of information provided by a whistleblower, we will delete contact information provided by a whistleblower after a period of two years. Any other personal data related to whistleblowing concerns will be deleted after 7 years.
We will delete contact information provided by someone responding to one of our Publication Consultations after a period of two years.
Information from job applicants is deleted 6 months after our last contact with you, if your application is not successful.
We delete records relating to past employees after 6 years from the date they leave employment with us.
We delete records relating to our data protection practices, which may include limited personal data, after 5 years.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
ISO 27001:2013 is a standard of requirements for information security, focusing on establishing, implementing, maintaining and continually improving information security management systems. We have been awarded ISO 27001 verification.
In this notice we have tried to explain how we use the personal data we collect in terms that are easy to understand and clear. We welcome comments or questions on this policy, including on improvements that we could make either to the policy or to how we explain it.
If you have any questions or comments, please contact us by telephone on 0300 123 2220 or by email at [email protected].