Privacy Policy | Eastings

Privacy Policy (how we are careful with the information you give us)

Who we are

Terntide Ltd trading as Eastings is the publisher of The Gripping Gazette. The digital issues can also be accessed on our website www.eastings.com.

How to Contact Us

You can contact us at our main business address: Eastings Ltd c/o 20-22 Wenlock Road London N1 7GU. Our Data Protection Officer can also be contacted by email at the following address telegraphy@eastings.com.

Why do we need personal data?

Put simply; to know who you are. If you are logged in to our website, we use your personal data to make sure your account works and process any requests you might have. We also use your personal data to provide your parents with information about things we create, contacting your parents about the things they have bought and sending out information about products, services, activities, promotions, or anything else that we feel might be of interest or use to you. We sometimes also use your personal data because of an event you take part in, or a competition we organise, to make sure if you win that you get your prize. If you want to know more about why we need your personal data, you can ask an adult to read the full Privacy Policy with you to help you understand the details.

How we obtain your data

Your personal data is provided to us by your parents or by yourself when you sign up on our website or newletter.

Who can see my data?

Your personal data is seen by our staff. Sometimes we need to share your personal data with the staff of third parties that we work with to allow us to do our work. We are very careful about how we do this, which means there are even more rules and whatever they do, it will be done lawfully and safely. Some examples of people who might see this information include: our website operator.

What do we do with your data?

We are only allowed to keep your personal data for as long as we need it. Depending on the circumstances, this period may vary.

How do we look after your data?

We use security measures to protect your information against any unlawful use or unauthorised access.

Do I have a say in what happens to my data?

Yes, you do. You have a range of rights when we use your data. These rights are:

A right to request a copy of your data that we have
A right to request a correction of errors or inaccuracies in the data that we hold relating to you
A right to object to processing and to “opt-out” of having your data processed by us on the basis of consent, our legitimate interests or a public interest basis unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
A right to request us to delete your personal data in certain specified circumstances. This right does not apply where we are processing data for compliance with a legal obligation, for reasons of public interest in relation to public health, for archiving purposes for historical or scientific research, or where necessary to establish or defend legal claims (Article 17)
A right to restrict processing in certain circumstances (Article 18)

If you want to know more about how you can exercise these rights, you can ask an adult to read the full Privacy Policy with you to help you understand the details.

Is there somewhere I can complain if I am worried about how we use your personal data?

Yes. There is also a government agency whose job it is to make sure that organisations follow the rules, and correct us if we do things wrong. You can also email or write to them. Their contact information can be found online at the following links:

Information Commissioner’s Office at Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Telephone - 0303 123 1113 (local rate) or 01625 545 745 Website: https://ico.org.uk/concerns.

Why we use personal data?

We process (use) personal data to help us run our business, deliver projects, and run events.

We process data about people for the following purposes:

Sales and Marketing
Managing subscriptions
General office administration and accounting
Organising and running events

What data do we use?

We use a variety of categories of personal data depending on our purposes. In all cases, we aim to capture and process the minimum necessary to deliver our services and meet our obligations.

We process the following categories of personal data for the purposes set out. We provide general information on the lawful grounds we rely on for processing in each context. The specific basis relied on will depend on the context of processing.

Processing PurposeCategory of Information ProcessedLawful Basis for Processing

Sales and Marketing

Contact names
Telephone numbers (landline and mobile)
Social media identifiers (e.g. Twitter accounts)
Email addresses
Postal addresses

Legitimate Interest Consent As we operate B2B, Regulation 13(2) of SI336/2011 will apply to some of our marketing activities.Managing Subscriptions

Contact names
Job title
School name
School address
Subject preferences
Email addresses
Postal addresses
Contact phone numbers

Legitimate InterestsGeneral Office Administration and Accounting

Contact names
Contact details (e.g. address, email address and telephone number)
Tax identifiers
Timesheets
Data associated with accounts receivable or accounts payable.

IP Addresses (in server log files)

Legitimate Interests

Data Processors

We use several different categories of data processors to help us deliver our services.

The categories of suppliers used include:

Telephones & Comms
Office productivity
HR Management
Accounting
Payment Processing

Third-Party Recipients

In the course of our business, we are required to disclose data to third parties who are not data processors on our behalf. For many of our processing activities, we are required to disclose data to third parties who are not data processors acting on our behalf or data controllers on whose behalf we are working. Categories of recipients include:

Tax authorities
Law enforcement (where required for the investigation, detection, or prosecution of criminal offences)

How Long Do We Keep Your Data?

We retain data for as little time as possible. Our retention periods are based on:

Statutory Obligations
Contractual Requirements
Quality Assurance
Prudent risk management

Cross-border Data Transfers

Some of our service providers or partners are based outside the UK/EU/EEA. We make sure to only use providers who are processing data outside the EU on a valid basis. Creature and Co will, from time to time, make use of services provided by 3rd parties for the delivery of our services which may necessitate the transfer of personal data outside the UK/EU/EEA. For example, we use a variety of cloud-based tools such as Office365, and similar tools. Where data needs to be transferred or processed outside the UK/ EU/EEA, we chose providers who process data on the basis of

Model Contract Clauses/ UK IDTA
An Adequacy Decision from the European Commission or the UK.
Appropriate additional technical safeguards, including but not limited to the use of encryption, including own-key encryption.

In exceptional circumstances, we will rely on the consent of the data subject or the necessity of the processing for the performance of or conclusion/performance of a contract that the Data Subject has entered into (e.g. transferring data to a USbased accrediting body for certifications so that a client can receive their accreditation). On a case-by-case basis, we may rely on other grounds for transfer, including processing that is necessary for the establishment, exercise, or defence of legal claims.

Keeping your data safe and secure

We place great importance on the security of all personal data associated with our clients. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control. Periodic reviews of our security standards are carried out to identify any new risks. However, with any electronic transmission and storage of data comes risks and we cannot guarantee that our databases, or those of our third-party affiliates, will be 100% secure. There is also a risk of data being intercepted while being transferred over the internet. In the event of a breach of data security, Pieta will:

Where we are acting as a Data Controller, notify without undue delay the relevant Supervisory Authority where we identify that there is a risk to the fundamental rights and freedoms of people using our services.
Where we are acting as a Data Controller, and we identify a high risk to your rights and freedoms, notify you of the incident without undue delay.

Automated decision making and profiling

Your Rights under GDPR

You have a range of rights under UK Data Protection law. These rights are:

For processing activities for which we rely on consent as a basis for processing your data, you have the right to withdraw your consent at any time.
For processing activities which are based on a statutory or contractual requirement, you may request your data not be processed for that purpose. However, this is not an absolute right and may be overridden by our statutory obligations. In other cases, requesting that data should not be processed for a particular reason may prevent us from executing a contract or delivering a service to you.
You have the right to request: ◦A copy of data we hold about you. (Right of Access) ◦ That any error in data we hold about you is corrected. (Right of Rectification) ◦ That data we hold about you be erased, unless we have a countervailing interest or legal obligation to retain it. (Right of Erasure) ◦ That we refrain from processing data for a specific purpose. (Right to Restrict processing)

Right to Complain to the Data Protection Commission

You have the right to file a complaint United Kingdom: Information Commissioner’s Office https://ico.org.uk.

This Privacy Notice was updated: March 2025.

BACK