Privacy Policy

1. Who this Privacy Policy applies to

This Privacy Policy applies to personal data we collect from:

visitors to our website;

contributors and prospective contributors;

people who contact us by email, form, or otherwise;

people who enquire about advertising, sponsorship, or commercial content;

subscribers to any newsletter or mailing list we operate;

service providers and business contacts; and

any person featured in, referred to, or connected with content submitted to us, where we process their personal data in connection with editorial or publishing activity.

2. The personal data we collect

The personal data we collect depends on how you interact with us. It may include:

your name;

email address;

telephone number;

job title;

business or organisation name;

postal address;

social media handle or public profile details;

biographical details and contributor profile information;

headshot, photograph, or image you provide;

article submissions, feature requests, attachments, and correspondence;

billing and payment information where relevant to sponsored content or advertising;

technical data such as IP address, browser type, device information, operating system, referring URLs, and website usage data;

cookie and similar technology data; and

any other information you choose to provide.

Where you submit editorial content, we may also process personal data contained within the submission itself, including names, opinions, professional details, and public-facing information relating to authors, interviewees, or third parties.

3. How we collect personal data

We collect personal data:

directly from you when you fill in forms, submit articles, contact us, sign up to updates, request sponsorship information, or otherwise correspond with us;

automatically when you use our website, including through cookies and similar technologies;

from publicly available sources, such as company websites, social media profiles, and public professional biographies, where relevant to publication or contributor profiles; and

from third parties acting on your behalf, such as PR representatives, agents, employers, or authorised colleagues.

Where we use cookies or similar technologies, we do so in accordance with PECR and the UK GDPR. PECR applies to cookies and similar technologies, and clear information must be given about their purposes. In many cases consent is required before using them.

4. How we use personal data

We use personal data for the following purposes:

to operate, manage, and improve The Open Forum website;

to receive, assess, edit, and publish contributor submissions;

to communicate with contributors, readers, advertisers, sponsors, and business contacts;

to verify identity, authorship, or rights in submitted material;

to publish contributor names, biographies, profile details, and approved images alongside content;

to respond to enquiries, complaints, or requests;

to manage advertising, sponsorship, paid placements, and related commercial arrangements;

to send newsletters, updates, or marketing communications where permitted;

to maintain website security, prevent misuse, and detect technical issues;

to analyse website traffic and user engagement;

to comply with legal obligations and protect our legal rights; and

to establish, exercise, or defend legal claims.

5. Our lawful bases for processing

Under UK GDPR, we must identify a lawful basis for processing personal data. Organisations must tell individuals why they use personal data and which lawful basis applies.

Depending on the context, we rely on one or more of the following lawful bases:

Consent
We rely on consent where required, including for certain cookies and similar technologies, and for certain direct marketing communications where consent is needed under PECR. Where PECR requires consent for electronic marketing or cookies, consent is generally the appropriate UK GDPR lawful basis as well.

Contract
We process personal data where needed to take steps at your request before entering into a contract, or to perform a contract with you, such as managing a paid sponsored article, advertising arrangement, or related commercial service.

Legitimate interests
We may process personal data where necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These interests may include operating the publication, reviewing submissions, corresponding with contributors, promoting published content, preventing misuse of the website, improving services, and managing business relationships.

Legal obligation
We may process personal data where necessary to comply with legal or regulatory obligations.

Legal claims
We may process personal data where necessary to establish, exercise, or defend legal claims.

6. Contributor data and publication

If you submit content to The Open Forum, we may process your personal data to review, edit, communicate about, and publish your submission. This may include your name, biography, profile details, employer or business name, social links, and approved headshot where you provide them or agree to publication.

If your submission includes personal data relating to another person, you are responsible for ensuring you have a lawful basis and any permissions needed to provide it to us.

Publication content may remain publicly accessible online, be indexed by search engines, be archived, and be shared through newsletters, social media, and partner channels. Even if content is later amended or removed from our site, copies or references may remain elsewhere online.

7. Sponsored content, advertising, and commercial enquiries

If you enquire about sponsored articles, advertising, or other commercial opportunities, we may process your contact details, organisation details, billing information, and correspondence to manage those discussions and any resulting arrangements.

Where content is promotional or sponsored, we may process and publish identifying information needed to label it clearly as sponsored, advertorial, promotional, or similar. Sponsored content should be clearly identifiable as advertising under the CAP Code.

8. Marketing communications

If we send newsletters or marketing emails, we will do so in accordance with UK data protection law and PECR. PECR sits alongside UK GDPR and contains specific rules for electronic marketing and privacy in communications.

You can opt out of marketing communications at any time by using the unsubscribe link in the message or by contacting us.

9. Cookies and similar technologies

Our website may use cookies and similar technologies for essential site functions, analytics, performance, preferences, security, and, where applicable, advertising or social media integrations.

PECR applies to cookies and similar technologies whether or not personal data is involved, and clear and comprehensive information must be provided about the purposes for which they are used. In many cases, consent is required before storing or accessing information on a user’s device.

You should pair this Privacy Policy with a separate Cookie Policy and a cookie consent mechanism if your site uses non-essential cookies.

10. Sharing personal data

We may share personal data where necessary with:

website hosts, developers, and IT support providers;

analytics, email, and software service providers;

professional advisers, including legal, compliance, and accounting advisers;

payment processors and invoicing providers;

advertising, sponsorship, or publishing partners where relevant;

regulators, courts, law enforcement bodies, or public authorities where legally required; and

other parties where necessary to protect rights, safety, property, or legal claims.

Before sharing personal data, a lawful basis is required under UK GDPR.

We do not sell personal data to third parties.

11. International transfers

Some of our service providers may process personal data outside the UK. If we transfer personal data outside the UK and a restricted transfer occurs, we will ensure an appropriate safeguard is in place, such as adequacy regulations or other lawful transfer mechanisms recognised under UK GDPR. Transfers outside the UK are restricted unless specified conditions are met.

You may wish to add a sentence naming the countries or providers you actually use, once known.

12. Data retention

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including for editorial, legal, operational, and record-keeping purposes.

Retention periods may vary. For example:

contributor correspondence and submission records may be kept while a submission is under review and for a reasonable period afterwards;

published contributor details may be retained for as long as the article remains live and for archive purposes;

commercial and billing records may be retained for legal, tax, and accounting requirements;

technical logs and analytics data may be retained in line with operational and security needs.

Where personal data is no longer needed, we will delete it or anonymise it where appropriate.

13. Data security

We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. No system is completely secure, and we cannot guarantee absolute security of information transmitted over the internet, but we take reasonable steps to reduce risk.

14. Your data protection rights

Depending on the circumstances, you may have rights under UK data protection law, including the right to:

request access to your personal data;

request correction of inaccurate or incomplete data;

request erasure of your personal data;

request restriction of processing;

object to processing based on legitimate interests;

request transfer of your personal data in a portable format, where applicable; and

withdraw consent where we rely on consent.

These rights are not absolute and may be limited in some cases, including where legal exemptions apply. In particular, media and journalism-related processing can involve specific exemptions in data protection law, depending on the circumstances.

To exercise your rights, please contact us using the details in this Privacy Policy.

15. Complaints

If you have concerns about how we use your personal data, please contact us first and we will try to resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner’s Office in the UK.

16. Third-party links

Our website may contain links to third-party websites, platforms, or services. We are not responsible for their privacy practices. You should review their privacy policies before providing personal data to them.

17. Children

The Open Forum is not intended for children. We do not knowingly collect personal data from children through the website for general use. If you believe a child has provided personal data to us without proper authorisation, please contact us.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. You should check this page periodically to stay informed about how we handle personal data.

19. Contact us

If you have any questions about this Privacy Policy or about our use of personal data, please contact us HERE.