Reader privacy notice

About this privacy notice

Bandung Publishing, trading as Equator, is committed to protecting and respecting your privacy. For the purposes of the UK General Data Protection Regulation (the UK GDPR) and any subsequent UK legislation covering data protection, we are the controller of your personal information. This means that we have legal responsibilities relating to our collection and use of your personal information. This privacy notice sets out how and why we use your personal information, and explains your related rights and options.

Contact details and who we are

  • Our lawful bases for using your personal information
  • What personal information do we collect and use, and why?
  • Where do we get personal information from?
  • How do we keep your personal information secure?
  • How long do we keep your personal information
  • Who do we share your information with?
  • Sharing information outside the UK
  • Your data protection rights
  • How to complain

Contact details and who are we

For the purposes of the UK GDPR and the Data Protection Act (DPA) 2018, the controller of your personal data is Bandung Publishing, a registered company in England and Wales (company number: 15892090). Our contact details are as follows:

  • Address: Boundary House, 91 Charterhouse Street, London, United Kingdom, EC1M 6HR
  • Email: info@equator.org

Our lawful basis for processing your personal data

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. A lawful basis is a reason for using personal information which is recognised and accepted under applicable data protection law. Depending on the purposes for which we use your information, we may rely on one or more of the following lawful bases:

  • Consent: Where you have provided your consent for us to use your personal information (for example, if you sign up to receive marketing communications from us). You may withdraw consent at any time by emailing us at info@equator.org or clicking the unsubscribe link in our emails.
  • Performance of a contract: It may be necessary for us to use your information to carry out our obligations under a contract entered into with you or to take steps you ask us to take prior to entering into a contract, for example when you purchase membership with us (to provide you with the content you have purchased).
  • Legal obligations: It may be necessary for us to use your information to comply with our legal obligations. For example, if we are legally required to hold transaction details for accounting/tax purposes.
  • Legitimate interests: It may be necessary for us to use your personal data for the purposes of “legitimate interests” pursued by us or a third party.

In brief, “legitimate interests” is the broadest lawful basis. Any good and genuinely held (as examples, and non-exhaustively) operational, journalistic, commercial, legal or developmental reason can qualify (as can the broader public interest). However, this lawful basis can only be used where using personal information in the proposed way does not pose an undue risk of adverse impact on affected individuals.

Below we set out the legitimate interests which Equator pursues in using your personal information, and sets out examples of where the other lawful bases set out above apply in practice.

What personal information do we collect and use, and why?

We collect or use the following types of personal information in the following ways, and for the following reasons:

To provide you with our products and services

  • Names and contact details
  • Payment details (including card or bank information for transfers or direct debits)
  • Transaction data (including details of payments and details of products and services purchased)
  • User account details
  • Your personal preferences as to content

We collect and use this personal information so that we can provide you with the products and services that you request (for example, providing you with regular Equator content where you have purchased a membership, in performance of the terms of that membership).

To improve our products and services for readers

  • Names and contact details
  • Payment details (including card or bank information for transfers and direct debits)
  • Transaction data (including details about payments and details of products and services you have purchased)
  • Usage data (including information about how you interact with and use our website, products and services)
  • Account access information
  • Website user information

We collect and use certain personal information to operate Equator and provide you with the best possible experience. This is based on our legitimate interest to understand how our products and services are being used so we can improve them, and to provide our members and readers with relevant and engaging content. For instance, we may analyse data to see which articles are most popular, which helps us make editorial decisions, or we may use your information to ensure our website is functioning correctly. We also use your data to manage our membership programme and newsletters, delivering the benefits and content you signed up for.

For the operation of reader accounts on our website

  • Names and contact details
  • Purchase or service history
  • Account information, including registration details
  • Marketing preferences
  • Technical data, including information about browser and operating systems

This is necessary for us to provide you with the services you've signed up for, such as managing your subscription, processing payments, sending you administrative communications about your account and assisting you with problem or issues which you experience when using your account. This also allows us to verify your identity to protect your account from fraud and unauthorised access. The applicable lawful basis is performance of the relevant membership or user agreement. We do this by using cookies – please see our cookie notice for more information.

For information updates or marketing purposes

  • Names and contact details
  • Addresses
  • Profile information
  • Marketing preferences
  • Purchase or account history
  • Website and app user journey information
  • IP addresses

We process personal information via Brevo for marketing and information updates For example, we may use your email address to send you our editorial newsletter, which you've requested or, or to tell you about new events, merchandise, or content offerings similar to those you've already engaged with, where you have provided your consent in advance or not opted out of receiving such communications. We always offer a clear and easy way for you to opt out of these communications at any time.

To communicate with you more generally

  • Name and contact details
  • Topics of interest / complaint / query / communication
  • We have a legitimate interest in communicating with our audience and the public more generally so that we can interact with you and provide you with information or outcomes which you seek.

For recruitment purposes:

  • Contact details (eg name, address, telephone number or personal email address)
  • Date of birth
  • National Insurance number
  • Copies of passports or other photo ID
  • Employment history (eg job application, career history and experience, employment references or secondary employment)
  • Education history (eg qualifications)
  • Right to work information

We have a legitimate interest in collecting and processing personal information for recruitment. This is because we need to assess and manage job applications to find the most suitable candidates for open roles within our company. This includes reviewing CVs résumés and cover letters, conducting interviews, and verifying qualifications and work history. We process this data to make informed hiring decisions and to manage our recruitment process efficiently. Our interest in hiring qualified individuals for our operations is balanced against your privacy rights, and we ensure that we only collect data that is necessary for the recruitment process.

For dealing with queries, complaints or claims:

  • Names and contact details
  • Payment details
  • Account information
  • Purchase or service history
  • Customer or client accounts and records
  • Financial transaction information

We have a legitimate interest in collecting and processing personal information to address and resolve any queries, complaints, or claims you may have. This is essential for us to provide good customer service, maintain the quality of our operations, and protect our business from potential legal or financial liabilities. By processing your data in this context, we can investigate issues thoroughly, communicate with you effectively and ensure that your concerns are handled in a fair and timely manner. This processing is a necessary part of our relationship with you as a reader or member, and is a reasonable expectation for anyone engaging with our products and services.

To interact with us on social media

  • Social media account details, such as username and profile picture
  • Social media content, comments and preferences (depending on your privacy settings)
  • Any messages you send to us on social media, or posts you make to or about us on social media
  • Information about content or posts viewed or clicked through on social media

We collect and use such personal information where you interact with us on social media, or to enable you to share our content on social media (broadly on the basis that we have a legitimate interest to interact with our readers and followers on social media, and to seek to use social media platforms to expand our reach and readership).

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Where we get personal information from

  • Directly from you, such as when you sign up for membership, ask to receive our products and services or make a donation to or otherwise fund our work.
  • Ourselves, in that we generate certain information about you, such as personal information to authenticate you or information generated from your use of our website, products and/or services.
  • Via cookies deployed from our website, as set out above and in our cookie notice.
  • From social media platforms where you interact with us on social media.
  • Suppliers and service providers, such as Shopify, which helps us process payments made online; and Brevo, where you have consented to receive email information and promotional updates.

How do we keep your personal information secure?

We have implemented appropriate technical (i.e. IT and electronic) and physical (i.e. office-based and in-person) controls, restrictions and other measures to safeguard your personal information when in our care, particularly against the threats of unauthorised access or accidental loss, damage or destruction.

With this said, you are responsible for choosing a sufficiently complex and secure password when we ask you to set up a user account to access and use our products and services. You should not share that password with anyone else. Sending any information via the internet can never be guaranteed to be 100% secure.

How long do we keep your personal information?

We retain personal information data based on our legitimate interest only for as long as it's necessary to fulfil the purpose for which it was collected, or a related purpose. For instance, information collected and used to manage a reader's newsletter subscription is kept only until they unsubscribe. Similarly, information used for market research is retained long enough to analyse trends and inform business decisions, after which it's either deleted or anonymised. We have a regular review process to ensure that we aren't holding on to data unnecessarily. Our goal is to balance our operational needs with your right to privacy by ensuring data is securely deleted once it's no longer needed for its intended purpose.

Who do we share your information with?

There are certain scenarios in which we need to share your personal information with third parties, for example (non-exhaustively):

  • Where we work with suppliers to provide services that we do not have in-house, such as:
    Shopify, to process your payments and donations.
    Plausible, to provide essential metrics such as page views and visitor numbers
    Brevo, to help operate our subscription, marketing and editorial databases.
    Sanity (our content management system)
    Google (our email and workspace provider)
    Vercel (our cloud storage and other software services provider)
    MUX (our video creation and hosting software)

We carry out data protection due diligence into all of our suppliers so that we can be sure that they can access and use your personal information in line with their obligations under data protection law (particularly as regards data security), and we enter into contractual terms with them that are mandatory under data protection law.

  • Professional service providers such as lawyers, insurers, accountants, auditors and consultants.
  • Where required on the basis of applicable law, for example tax records or on demand from law enforcement authorities or duly authorised regulators.
  • Event organisers, if you sign up to attend an event in-person or online.

Sharing information outside the UK

Where necessary, our suppliers data processors will share personal information outside of the UK so that they can provide their service (or part of the relevant service). Where this is the case, sometimes your personal information will only be sent to a jurisdiction which has the same, or substantially the same, standards of data protection law as the UK. For example, Shopify processes personal information from Ireland, while Brevo processes personal information from France. Both of these countries operate on the basis of the EU GDPR, which is largely identical to the UK GDPR.

However, sometimes personal information may be sent to, or accessed from, a jurisdiction with data protection law that is less protective of individuals (such as the United States in the case of Google Workspace). Where this is the case, we will ensure that the supplier enters into contractual terms that, in effect, put them under legal obligations that mean they must handle your personal information to the standards of European data protection law.

When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.

Organisation name: Shopify

Category of recipient: E-commerce

Country the personal information is sent to: Ireland

Privacy policy: https://www.shopify.com/uk/legal/privacy/consumers

Organisation name: Brevo

Category of recipient: CRM

Country the personal information is sent to: France

Privacy policy: https://www.brevo.com/legal/privacypolicy/

Your data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights, which are set out in brief below. You can find out more about your data protection rights and the exemptions that may apply on the ICO’s website:

If you make a request, we must respond to you without undue delay and in any event within one month. To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

We use only essential cookies necessary for site function and rely on a consent-free analytics tool to understand readership, ensuring your privacy is protected and your experience is uninterrupted. Learn more here.