The Oxford Blue

18 Lindore Road, London, England, SW11 1HJ

Website: https://www.theoxfordblue.co.uk

Contact: [email protected]

Introduction

Who we are

Our website address is: https://www.theoxfordblue.co.uk. We are an Oxford-based student newspaper established in 2020 with the aim of increasing the accessibility of student journalism.

Definitions

In order to ensure a transparent and easily understandable declaration regarding the processing of your personal data, we would like to inform you about the individual legal definitions used in this privacy policy:

  1. Personal data
    “Personal data” means any information relating to an identified or identifiable natural person (hereafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. Processing
    “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  3. Restriction of processing
    “Restrictions on processing” means the marking of stored personal data with the aim of limiting their processing in the future.
  4. Profiling
    “Profiling”  means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
  5. Pseudonymisation
    “Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  6. Filing system
    “File system” means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.
  7. Data controller
    “Data controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by UK law (for UK residents), or Union or Member State law (for EU residents), the controller or the specific criteria for its nomination may be provided for by UK law (for UK residents), or Union or Member State law (for EU residents).
  8. Processor
    “Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
  9. Recipient
    “Recipient” means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with UK law (for UK residents), or Union or Member State law (for EU residents), shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
  10. Third party
    “Third party” means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
  11. Consent
    “Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which the subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to themselves. 

Lawfulness of processing

Processing shall be lawful only if there is a legal basis for processing data. Pursuant to Article 6 paragraph 1 points (a) – (f) GDPR such legal basis for processing data can be in particular:

  1. the data subject has given consent to the processing of their personal data for one or more specific purposes;
  2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  3. processing is necessary for compliance with a legal obligation to which the controller is subject;
  4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

The possible legal bases for processing data which listed above are the same in the UK and the EU.

GDPR and core WordPress functionality

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

GDPR and third party Plugins, Analytics, and Widgets

Instagram Feed Plugin

Instagram Feed plugin uses Instagram API on website front end. All the data received from Instagram via API is cached in WordPress database for some short period to provide front end optimization. You may request us to delete your Instagram data if it is accidentally cached in our website database with hashtag feed data. Instagram saves some cookies in browsers of website visitors via API data. These cookies are mostly used for security purposes. They are regulated under terms of Instagram’s Privacy Policy.

Akismet Anti-Spam

Akismet collects information about visitors who comment on Sites that use our Akismet anti-spam service. The information typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).

Google Analytics

This website uses Google Analytics as a third-party data processor (with anonymization function).

Google Analytics is a website analysis service. Website analysis refers to the collection, recording and analysis of data regarding the behavior of visitors to the website. A website analysis service records e.g. data showing from which website a data subject has come to a website (so-called referrer), which subpages of the website were accessed or how often and how long a subpage was viewed. Website analysis is used mainly for the optimization of a website and for a cost-benefit analysis of Internet adverting.

Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, is the operator of the Google Analytics component.

Google Analytics uses cookies. The information about your use of our website generated by the Google Analytics cookie is normally transmitted to a Google server in the USA and stored there. Google might disclose these personal data collected via the technical procedure to third parties.

However, IP anonymization is activated on our website: Google shortens your IP address within the UK, or Member States of the European Union or in other countries that are parties to the European Marketing Area Treaty. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google uses this information to analyze your use of the website in order to compile a report about your website activities and provide us with other services associated with your website and Internet use. The IP address of your browser transmitted by Google Analytics is not linked to any other Google data. The IP address of your browser is used to determine geolocation, which is aggregated and shown in Google Analytics performance reports.

This website also uses the UserID functions of Analytics in order to be able to track interaction data. This User ID is also anonymized and encrypted and is not linked to other data.

You may prevent the storage of cookies by setting your browser software accordingly, but you might then not be able to fully use all functions of our website.

You may furthermore prevent the disclosure of the data generated by the cookie which refer to the use of the website (incl. your IP address) to Google as well as the processing of these data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

This browser add-on notifies Google Analytics via JavaScript that no data or information about website visitors may be transmitted to Google Analytics.

Besides, a cookie left behind by Google Analytics may be erased at any time via the Internet browser or other software programs.

Additional information and the applicable privacy policy of Google may be downloaded from https://policies.google.com/privacy and from https://marketingplatform.google.com/about/analytics/terms/. Google Analytics is explained in more detail under this link: https://marketingplatform.google.com/about/.

Our website also uses Google Analytics performance reports by demographic factors and interests as well as reports about impressions in the Google Display Network. You may deactivate Google Analytics for display advertising and set the displays in the Google Display Network by accessing the display settings under this link: https://adssettings.google.com/authenticated.

Newsletter

When you subscribe to our newsletter, you consent to us storing your email address. If you decide to further edit your profile to include your name or other information, you consent to us storing that personal data as well. You can delete that data by deleting your profile; you can also simply unsubscribe to stop receiving the newsletter. The aforementioned data will be stored until you decide to delete it.

Google Adsense

We use Google AdSense to display ads on some of our pages. Google AdSense may use user data. You can review Google’s privacy policy regarding advertising here. That page also provides information on how to manage what information is collected and how to opt out of collection.

Jetpack

Security

In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.

Additionally, for activity tracking (detailed below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Failed login attempts: we track when, and by which user, the feature is activated and deactivated. We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human.

Site Statistics

In order to record page views via WordPress.com Stats (which must be enabled for page view tracking here to work) with additional loads, the following information is used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Page views will be tracked with each additional load (i.e. when you scroll down to the bottom of the page and a new set of posts loads automatically). If the site owner has enabled Google Analytics to work with this feature, a page view event will also be sent to the appropriate Google Analytics account with each additional load.

Castos Podcasts

Castos is notified whenever a podcast is listened to: these events are not personally identifiable and are stored indefinitely.

Apple, Google, Spotify, and Stitcher may send aggregate data about content subscriptions to The Oxford Blue but such data is not personally identifiable, nor is it stored or processed locally.

Twitter

We use components of the service provider Twitter on our website. Twitter is a service offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

Whenever you access our website featuring this component, this component causes your browser to download the respective version of Twitter’s component. This process also informs Twitter which page of our website is currently visited.

We have no control over the data collected by Twitter in this process or over the range of the data collected by Twitter. As far as we know, Twitter records the URL of the respectively accessed website as well as the IP address of the user, but this information is not used for other purposes than for loading the respective version of the Twitter component. Additional information about this issue can be found in Twitter’s privacy policy under https://twitter.com/de/privacy.

You may change your privacy settings in account settings under https://twitter.com/account/settings.