Privacy Policy

Who We Are

DataPR News Agency ("DataPR", "we", "us", "our") operates the website at datapr.co. We are a data-driven digital PR news agency that transforms complex datasets and emerging trends into high-authority stories, delivering expert digital PR services powered by data analytics for clients primarily in the United Kingdom and the United States.

Our company is incorporated and based outside both the UK and US. However, because we actively offer services to individuals and businesses in those territories, we are subject to the data protection laws of those jurisdictions. This includes UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and applicable US state privacy laws including CCPA/CPRA.

Data We Collect and Why

We collect personal data in two ways: information you actively provide to us, and information collected automatically when you visit our website.

Information you give us directly

Information collected automatically

We do not collect special category or sensitive personal data (such as health, racial or ethnic origin, political opinions, religious beliefs, financial data or biometric data) through our website. If a client engagement requires processing such data, a separate Data Processing Agreement will be put in place.

Legal Basis for Processing (UK Visitors)

Under UK GDPR, every processing activity must have a lawful basis. The table below sets out our basis for each activity involving UK residents' personal data.

Where we rely on legitimate interests, we have conducted a Legitimate Interests Assessment (LIA) confirming our interests do not override your fundamental rights and freedoms. You may request a summary of any relevant LIA by emailing privacy@datapr.co.

Cookies and Tracking Technologies

Our website uses cookies — small text files stored on your device — to enable core functionality, remember your preferences, and (with your consent) collect analytics data. We use CookieAdmin as our consent management platform, which records your preferences and ensures no non-essential cookies are set before you consent.

Cookie categories we use

You can change your cookie preferences at any time by clicking the cookie icon at the bottom of any page on our site, or by clearing your browser cookies. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

How We Use Your Data

We use the personal data we collect for the following specific purposes only:

• To respond to your enquiries — when you contact us via the contact form or email, we use your name and email address to reply.
• To deliver our services — for engaged clients, we use contact and professional information to carry out agreed PR and data analytics work.
• To send our newsletter — if you subscribe, we send data-driven PR insights and industry updates. You can unsubscribe at any time via the link in every email.
• To improve our website — anonymised analytics data helps us understand which content is most useful and improve the site for all visitors.
• To ensure security — server logs and IP data are used to detect and prevent fraudulent or abusive activity.
• To comply with legal obligations — we may process or retain data as required by applicable UK, US or international law.

We will never use your personal data for solely automated decision-making or profiling that produces legal or similarly significant effects on you, without your explicit consent.

Who We Share Your Data With

We do not sell your personal data. We do not rent it, trade it, or share it with third parties for their own marketing purposes under any circumstances.

We share personal data only with the following categories of trusted service providers, and only to the extent necessary for them to carry out their function:

All service providers are contractually required to process your data securely, only for the purposes we specify, and in compliance with applicable data protection law. Where required, we enter into Data Processing Agreements (DPAs) with these providers.

International Data Transfers

Because DataPR is based outside both the UK and US, and our service providers may be located in various countries, your personal data may be transferred internationally. We ensure appropriate safeguards are in place for all cross-border transfers.

You may request information about the specific transfer mechanism for any given provider by emailing privacy@datapr.co.

How Long We Keep Your Data

We retain personal data only for as long as necessary to fulfil the purpose it was collected for, or as required by law. At the end of each retention period, data is securely deleted or anonymised.

Your Rights — All Users

Regardless of your location, you have rights over your personal data. The specific rights available depend on your jurisdiction — see the UK and US addendums below for full detail. The following rights apply to all DataPR website visitors and clients:

To exercise any right, email privacy@datapr.co with the subject line "Data Rights Request". We respond within 30 days (or sooner where required by law) at no charge, unless a request is manifestly unfounded, excessive or repetitive.

This addendum applies to visitors and clients in the United Kingdom. It supplements the main policy above and sets out additional rights and protections under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

Your full rights under UK GDPR

• Right of access (Article 15) — request a copy of all personal data we hold about you (Subject Access Request / SAR). We respond within one calendar month.
• Right to rectification (Article 16) — require us to correct inaccurate data without undue delay.
• Right to erasure — "right to be forgotten" (Article 17) — request deletion where data is no longer necessary, consent is withdrawn, or processing is unlawful.
• Right to restriction of processing (Article 18) — ask us to pause processing while a dispute about accuracy or legitimate interests is resolved.
• Right to data portability (Article 20) — where processing is based on consent or contract and carried out automatically, request your data in a structured, machine-readable format.
• Right to object (Article 21) — object at any time to processing based on legitimate interests, including profiling. We must stop unless we can demonstrate compelling legitimate grounds.
• Rights related to automated decision-making (Article 22) — we do not carry out solely automated decision-making producing legal or similarly significant effects. If this changes, we will update this policy and seek your explicit consent.

Supervisory authority — UK ICO

The UK supervisory authority is the Information Commissioner's Office (ICO). If you are unsatisfied with how we have handled your data or a rights request, you have the right to complain to the ICO:

We would always prefer the opportunity to resolve a concern directly before you contact the ICO. Please reach out to us first at privacy@datapr.co.

This addendum applies to visitors and clients in the United States. It supplements the main policy above and sets out rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and comparable laws in Virginia (VCDPA), Colorado (CPA), Texas (TDPSA) and Connecticut (CTDPA).

Categories of personal information we collect (CCPA categories)

• Identifiers — name, email address, IP address
• Internet or network activity — pages visited, time on site, referring URLs, browser type
• Geolocation data — approximate location derived from IP address only (not precise geolocation)
• Professional or employment-related information — company name, job title (where provided voluntarily by clients)
• Communications — content of messages sent via our contact form

We do not sell or share your personal information

DataPR does not sell personal information as defined under CCPA/CPRA. We do not share personal information with third parties for cross-context behavioural advertising. Because we do not sell or share personal information in these ways, a "Do Not Sell or Share My Personal Information" opt-out link is not required — however, you may contact us at any time to confirm this and to request deletion of your data.

Your rights under CCPA/CPRA (California residents)

Rights under other US state laws (Virginia, Colorado, Texas, Connecticut)

Residents of Virginia, Colorado, Texas and Connecticut have comparable rights including access, correction, deletion, portability, and the right to opt out of targeted advertising and profiling. To exercise any of these rights, contact us using the details in Section 15.

How to submit a US privacy request

Email privacy@datapr.co with the subject line "US Privacy Request — [Right you wish to exercise]". We will verify your identity before processing your request and respond within 45 days (with a possible 45-day extension where reasonably necessary, with notice to you).

Children's Privacy

Our website and services are not directed at children under the age of 13 (or under 16 for UK visitors, in line with the UK GDPR digital age of consent under the Children's Code). We do not knowingly collect personal data from children.

If you believe a child has provided us with personal data without appropriate parental or guardian consent, please contact us immediately at privacy@datapr.co and we will delete that information without delay.

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, disclosure, alteration or destruction. These include:

• HTTPS encryption across the entire datapr.co website
• Access controls limiting who within our organisation can access personal data
• Regular review of data processing practices and third-party service providers
• Prompt deletion of data at the end of applicable retention periods

No transmission over the internet is completely secure. While we take every reasonable precaution, we cannot guarantee absolute security. In the event of a personal data breach posing a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (UK: ICO) and, where required by law, notify affected individuals without undue delay.

Changes to This Policy

We review and update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements or business operations. When we make a material change — one that meaningfully affects how we collect, use or share your personal data — we will:

• Update the "Last Updated" date at the top of this page
• Post a notice on our website homepage for 30 days
• Notify newsletter subscribers by email if the change affects how we process their data

Your continued use of our website after changes are posted constitutes acceptance of non-material updates. For material changes, we will seek fresh consent where legally required. Previous versions of this policy are available on request by emailing privacy@datapr.co.

How to Contact Us

For any question, concern or request relating to this Privacy Policy or how we handle your personal data, please contact us using the details below. We aim to acknowledge all privacy enquiries within 2 business days and to fully resolve them within 30 days (or within the statutory timeframe required by your jurisdiction).