Last reviewed: 15 May 2025 Next review: May 2026
1 Purpose test
We send occasional e-mails to registered users and recent customers featuring articles, tips and offers closely related to content they have already engaged with; this supports readership and funds the free Service.
2 Necessity test
Only an e-mail address is needed; alternative channels (post, phone, social ads) would collect more data and be more intrusive or costly.
3 Balancing test
| Factor | Assessment | Safeguards |
|---|---|---|
| Expectation | People who subscribe or create an account reasonably expect thematic follow-up e-mails. | We tell users at sign-up and in the Privacy Policy that we send such messages. |
| Impact | Low-frequency bulletins pose minimal privacy risk. | Every e-mail contains a one-click “unsubscribe”; we honour objections within 48 h, meeting PECR and GDPR Art 21. |
| Data security | Addresses are stored on encrypted UK/EU servers replicated to our U.S. host under the UK-US Data Bridge. | Access limited to marketing staff; quarterly permission audits. |
4 Conclusion
After applying the ICO’s three-part test, we believe our commercial interest in promoting relevant content is not overridden by individuals’ rights or freedoms. We therefore rely on Article 6 (1)(f) UK GDPR – legitimate interests to process e-mail addresses for direct marketing, while always providing an opt-out.