Data Protection Privacy Notice

From the 25th May 2018, the General Data Protection Regulations (GDPRs) imposes legal obligations upon EU businesses who collect and process personal data, which is any information relating to an identifiable person, including details such as:

  • Your name;
  • Your postal address;
  • Your email address;
  • Your telephone number.

Cardiff Times collects and processes such personal data for the following purposes only:

  1. To administer any contract between you and us, including service delivery and invoicing;
  2. To contact you directly for marketing purposes;
  3. To facilitate circulation of the monthly magazine e.g. direct mailing.

This notice sets out your rights and our obligations in meeting the requirements of the GDPRs.

How do we obtain your data?

Contract: You have agreed to a contract with us to provide you with a service for payment. You implicitly or explicitly consent for us to use your personal data to administer this contract.

Consent: You provide us with your personal data, or agree for us to use it, to contact you in relation to the marketing and promotion of our services.

Publicly available: Your personal data has been acquired from public sources, such as your website or an authorised public Directory, for marketing purposes only and we have gained your consent to contact you.

Third Parties: We are contacted by a third party who provides your personal data and subsequently obtain your consent to use such for marketing purposes or to facilitate performance of our services.

Who is responsible for this data?

The Data Controller for Cardiff Times is responsible for the way in which your personal data is processed.
For all enquiries to the Data Controller, please use the following details:

Data Controller: Louise Denning
Address: 313 Albany Road, Roath, Cardiff, CF24 3NY
Tel: 02920 463 028
Mob: 07903 947 594
Email: [email protected]

What are your rights?

Right of Access:

You have the right to ask us for a copy of your personal data. This is known as a Subject Access Request (SAR). To make a SAR, please submit a written request via email. Alternatively, you can make a verbal request, but we recommend that you retain a copy for your own records.

Your request must specifically reference what personal data you require and you must use only the privacy contact details above to submit or communicate your request.

We are obligated to respond to your request within one calendar month. If we are unable to complete your request within this period, we will notify you in writing and provide a timeframe in which we are able to do so. The may also tell you:

  • What we are using your data for;
  • How we acquired it;
  • Who we share it with;
  • How long we store it and why;
  • How to challenge the accuracy of the data we hold for you;
  • How to request that we delete it or object to its use;
  • Your right to complain to the ICO;
  • (If your data has been transferred to a non-EU third party or international organisation) What
    security measures have been taken to secure your data.

Where applicable, we will provide this data electronically. Otherwise we will send it via post. Please provide your full contact details including postal address so that we may facilitate your request.

Note: We may take sufficient measures to establish your identity in order to verify your SAR.

There is no charge for a single request. However, we reserve the right to charge an administrative fee to provide copies of the information already provided to you. We may also refuse all or part of your request if the data includes information about another individual or where a request is excessively onerous or unreasonable.

If you are unhappy with the way in which we have handled your SAR, you must submit a written complaint to us first. You are thereafter entitled to make a formal complaint to the Information Commissioners Office (ICO) –

Right of restriction, rectification and deletion:

You have the right to ask us to amend, correct, delete or limit the use of the information we hold for you.
We suggest that you make such a request in writing but you are entitled to make a verbal request. We will respond within one calendar month.

If you ask us to delete or limit the use of your personal data, please specify what data you want us to erase or the restrictions to be applied. In certain circumstances, we may not be able to delete this data if:

  • There is an ongoing contract between us and this information is necessary in order to administer
    this contract;
  • Your data must be retained for lawful purposes;
  • We are unable to verify your identity in order to complete your request;
  • You specifically ask us not to delete your personal data.

We will notify you in writing if we are unable to delete your data and explain the reasons why. If you are unhappy with the way in which we handle your request, you must submit a written complaint to tell us why you are unhappy and we will review your request. You are thereafter entitled to make a written complaint to the ICO –

Right to object to the use of your data:

You are entitled to object to our use of your personal data. You have the absolute right to object to our use of your data for marketing purposes.

If we agree to do so, we will stop using your data immediately.

If we do not agree, we will write to you to explain the reason for processing your personal data.

Right to data portability

You have the right to ask us to provide your personal data in a portable format e.g. as a CSV file. You can also ask us to transfer your data to another organisation.

However, this right only applies to electronic data which you have provided to us and we may refuse to do so if the request is excessive or unreasonable.

Do we share your personal data with Third Parties?

For marketing purposes, we don’t share your personal data with third parties without your explicit consent.

For contract administration purposes, we may share your personal data with authorised third parties.

Information on third parties and the purpose for which we share your personal data can be found via the following link:

Personal Data: Third party processing

Where your personal data is shared with authorised third parties, they are also bound by the GDPRs requirements and are obliged to take appropriate security measures to secure your data. They can only use personal data that we share with them for the specified purposes outlined in this privacy notice.

We must obtain your permission to share your data with third parties. The only exception to this requirement is where the law requires us to share your personal data with authorised third parties such as law enforcement agencies and local authorities.

How long do we retain your personal data?

We will retain your personal data for the life of any contract you have with us. If you are a former customer, we may retain your personal data for at least one year:

  • To assist us to deal with any post-contractual complaints;
  • If we are required to do so by law;
  • To facilitate any legal requests involving your personal data;
  • (Financial Personal Data) For accounting purposes.

We may keep your information for longer than a year if we are legally required to do so. If so, we will write to notify you of the reason for retaining your information upon your request.

For non-customer contacts i.e. contact acquired for marketing purposes, we may retain your details indefinitely where we have obtained your consent to use your personally data for marketing, unless you have withdrawn your consent or asked us not to use your data in this way (please see Right to object to the use of your data).


A cookie is a small file which is placed on your computer’s hard drive to help store your user preferences, login and session states, analyse web traffic or let you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.


The following cookies may be set:

System specific: Visit this link for more information

Google Analytics: __utma, __utmb, __utmc, __utmz: We use Google Analytics to monitor and report on our website usage such as the number of visitors to the site, search phrases used to find us, pages visited on the site and time spent on the site. The statistics gathered are a necessary requirement in order for us to provide and improve our value added products and services and to stay competitive. The cookies do not identify users nor associate your IP address with any personally identifiable information. These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google’s privacy policy is found here


Our website uses features of other websites that may leave a cookie. These are third-party cookies and we are unable to block or prevent them without removing the feature from our site. For information about those cookies you would need to check the originator’s website for their cookie policy. Third-parties cookies left are as follows:

Facebook: Our website utilises the Facebook Like button functionality to share content. If a user clicks the Like button and logs into Facebook via our website, Facebook will leave a cookie on the users computer. This is the same process as if the user logs into Facebook directly, or clicks Like on any other website.
Facebooks privacy policy is set out here


Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit To opt out of being tracked by Google Analytics across all websites visit

If you have any questions about any of the information provided in this Privacy Notice, please contact us by using the following details:

Data Controller: Louise Denning
Address: 313 Albany Road, Roath, Cardiff, CF24 3NY
Tel: 02920 463 028
Mob: 07903 947 594
Email: [email protected]