Privacy Policy

In short.

  • Disrupts Media Limited is the data controller for the personal data you give us through any of our Sites.
  • We do not sell your data, ever. We do not share individual data with our sponsors.
  • We collect the minimum we need: your business email and account preferences when you register; analytics about how the Sites are used; and content you choose to give us (comments, story tips, contact-form messages).
  • You can see, correct, export or delete your data at any time by emailing privacy@disruptsmedia.com or, where available, through your account preferences page.
  • You can complain to the Information Commissioner's Office if you believe we have not handled your data properly. Details below.

1. Who we are

Disrupts Media Limited (referred to in this policy as "we", "us" or "our") is the publisher of four titles — The Biotech Times, The Fintech Times, The Datatech Times and Disrupts — together with the corporate website at www.disruptsmedia.com. We refer to the five together as "the Sites".

We are the data controller for the personal data we collect through the Sites, which means we decide how and why your data is processed. Our registered details and contact addresses are at the foot of this policy.

2. The personal data we collect

We collect personal data in three ways.

Data you give us directly.

  • When you register for an account: your business email address; the publication or publications you wish to subscribe to (optional); your marketing-email preferences (optional); any optional profile information you choose to provide (e.g. job title, employer, sector).
  • When you contact us: the contents of your message and any contact details you include.
  • When you submit content: comments, story tips, letters to the editor or other contributions you choose to send us.

Data we collect automatically when you visit the Sites.

  • Technical data: your IP address, browser type and version, device type, operating system, the pages you visit on the Sites, and the date and time of your visit.
  • Cookies and similar technologies: described in detail in our Cookie Policy.
  • Usage data: which articles you read, how long you spent on a page, which links you clicked. Where you are logged in, this data is linked to your account; where you are not, it is collected in an aggregated, non-identifying form.

Data we receive from third parties.

  • Authentication data from any third-party login services we may offer (e.g. LinkedIn sign-in, if introduced).
  • Email-delivery data from our email service provider (whether you opened a newsletter, clicked a link) — we receive this in aggregate by default and linked to your account only where it is operationally necessary (e.g. handling a bounce or complaint).

We do not knowingly collect personal data from children under the age of 16. The Sites are aimed at working professionals, not minors. If you believe we hold data about a child, contact privacy@disruptsmedia.com and we will delete it.

3. Why we use your data and the lawful bases we rely on

UK data protection law requires us to have a "lawful basis" before processing your personal data. The bases we rely on are below, in plain English.

| What we do | Why we do it | Lawful basis (UK GDPR Article 6) | |---|---|---| | Create and manage your account; sign you in across the Sites | To deliver the service you have asked for | Contract — performing the contract that begins when you register | | Send you the editorial newsletters you have asked for | You have asked for them | Consent | | Send you marketing emails from our sponsors and partners | You have asked for them | Consent | | Send you essential service notices (e.g. security alerts, material changes to this policy, account closure confirmations) | To meet our obligations to you as a registered user | Contract and legal obligation | | Aggregate, anonymise and report readership data to our commercial partners | To run the business model that funds free-to-read journalism | Legitimate interests — see §4 below | | Detect, prevent and investigate fraud, abuse or security incidents | To keep the Sites safe and lawful | Legitimate interests and legal obligation | | Respond to legal requests, court orders and regulatory enquiries | To comply with the law | Legal obligation | | Keep records for tax, accounting and audit purposes | Statutory record-keeping | Legal obligation |

Where we rely on consent, you can withdraw that consent at any time without giving a reason — through your account preferences page, by using the unsubscribe link in any email, or by emailing privacy@disruptsmedia.com. Withdrawing consent does not make any earlier processing unlawful.

Where we rely on legitimate interests, we have considered whether your rights and interests override that interest and have concluded they do not — but you can object at any time (see §6).

4. Aggregate audience reporting — what it does and does not involve

Our publications are free to read because they are supported by sponsorship and advertising rather than subscription fees. For that model to work, we have to be able to describe our readership to our sponsors — but only in aggregate.

Concretely:

  • We may tell a sponsor: "65% of our Biotech Times readership work in pharmaceutical or biotech companies; 12% are at academic research institutions; the median company size is 250+ employees." That is aggregate and does not identify any individual reader.
  • We will never tell a sponsor: who you are, your email address, your job title or anything else by which you could be identified.
  • We will never allow a sponsor to target advertising at you individually based on your reading history on the Sites.

If we ever change the basis on which we report to commercial partners — for example, by introducing individualised advertising targeting — we will update this policy, give clear notice, and seek your fresh consent before relying on any new processing.

5. Who we share your data with

We share personal data only with the following categories of recipient.

Service providers (data processors) acting on our behalf. These are organisations we engage to provide infrastructure or services; they process your data only on our instructions and under written contract. They include, currently:

  • Amazon Web Services — cloud hosting (eu-west-2, London region).
  • Amazon Simple Email Service (SES) — transactional and newsletter email delivery.
  • Mautic (self-hosted on AWS) — marketing-automation platform that stores your account record and email preferences.
  • Cloud-based file storage and collaboration providers used by Disrupts Media staff (e.g. Microsoft 365 / Google Workspace, depending on configuration).
  • Analytics providers used to understand Site traffic in aggregate. The current list is recorded in the Cookie Policy.

Professional advisers. Our lawyers, accountants and auditors, where they have a legitimate need to access specific data to advise us.

Authorities. Where we are required to disclose data by law, court order or a regulator with legal authority (e.g. the Information Commissioner's Office, HMRC, law enforcement acting under a valid legal instrument).

A successor. If Disrupts Media Limited is acquired, restructured or transfers any of the Sites to another publisher, your data may transfer to the successor. We will tell you before that happens and your rights under data protection law will continue.

We do not share data with sponsors or advertisers on an individual basis. We do not rent or sell email lists.

6. International data transfers

Most of our processing happens in the United Kingdom (AWS eu-west-2, London). Some service providers — particularly those headquartered in the United States — may process data outside the UK and the EEA.

Where data leaves the UK / EEA, we rely on lawful transfer mechanisms recognised by UK data protection law: an adequacy decision where one exists, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or your explicit consent where appropriate. We carry out transfer risk assessments where the destination country does not have a UK adequacy decision.

7. How long we keep your data

We keep personal data only for as long as we need it. Headline retention periods:

  • Active account data: for as long as your account is open, plus 30 days after closure to handle reversals and final reconciliation.
  • Marketing and newsletter consent records: until you withdraw consent, plus a further 7 years to evidence the lawful basis for past communications, in line with the ICO's expectations.
  • Billing, tax and accounting records (if any apply to you, e.g. paid event attendance): 7 years, as required by UK tax law.
  • Aggregate, anonymised analytics: indefinite. Once data is fully anonymised it is no longer personal data.
  • Comments, contributions and editorial correspondence: as long as the content remains published on the Site, plus the period needed to handle any reader complaint, regulatory enquiry or legal action arising from it.

A more detailed retention schedule is held internally and is available to regulators on request.

8. Your rights

Under the UK GDPR and the Data Protection Act 2018 you have the following rights. We honour them all.

  1. The right to be informed — this policy is part of how we do that.
  2. The right of access — you can ask for a copy of the personal data we hold about you.
  3. The right to rectification — you can ask us to correct data that is inaccurate or incomplete.
  4. The right to erasure ("right to be forgotten") — you can ask us to delete your data, subject to a small number of legal exceptions.
  5. The right to restrict processing — you can ask us to pause processing while a query is resolved.
  6. The right to data portability — you can ask for a copy of the data you have given us, in a structured, machine-readable format.
  7. The right to object — you can object to processing we carry out on the basis of legitimate interests, and to direct marketing at any time.
  8. The right not to be subject to a solely automated decision that has a legal or similarly significant effect — we do not make such decisions about you.

To exercise any of these rights, email privacy@disruptsmedia.com. We will respond within one calendar month. We may ask you to confirm your identity before we act on a request, to protect you against impersonation. There is no fee for a reasonable request.

If you are unhappy with how we have handled your data, please tell us first so we have the chance to put it right. You also have the right to complain to the Information Commissioner's Office at any time:

Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Helpline: 0303 123 1113 · ico.org.uk

9. How we keep your data secure

We take appropriate technical and organisational measures to protect your personal data, including:

  • Encryption in transit (HTTPS / TLS) for all web traffic and authenticated session traffic between the Sites.
  • Encryption at rest for databases and backups held in AWS.
  • Role-based access controls for staff: only staff with a defined need can access reader data, and access is logged.
  • Regular review of our service providers' security posture.
  • A defined process for handling personal-data breaches, including notification of the ICO within 72 hours where the law requires it.

No system is perfectly secure. If a breach affecting your personal data ever occurs and the risk to you is significant, we will tell you directly and tell you what we are doing about it.

10. Automated decision-making and AI

We do not make solely automated decisions that have a legal or similarly significant effect on you.

Our use of AI in editorial production (drafting and editing assistance) is described in detail in our AI Use Policy. That AI use is editorial, not personal data processing, and does not produce automated decisions about you.

11. Cookies and similar technologies

We use cookies and similar technologies as described in our Cookie Policy. Strictly-necessary cookies are set when you visit the Sites. Other cookies are set only with your consent, which you can change at any time through the cookie banner or the "Cookie preferences" link in each Site's footer.

12. Changes to this policy

If we make changes to this policy that materially affect how we handle your data, we will:

  • update the version number, "Effective" date and Document history below;
  • bring the change to the attention of registered users by email; and
  • where the change requires it, ask for your fresh consent before relying on any new processing.

Minor or clarifying changes are made silently with the Document history note alone.

13. Contact us

For any question about this policy or about the personal data we hold about you:

Email: privacy@disruptsmedia.com Post: Data Protection, Disrupts Media Limited, 41 Luke Street, London EC2A 4DP, United Kingdom

14. About Disrupts Media

Disrupts Media Limited Registered in England & Wales — Company No. 09447878 Registered office: 41 Luke Street, London EC2A 4DP, United Kingdom

15. Document history

| Date | Version | Change | |---|---|---| | 2026-05-14 | 1.0 | Initial policy. Establishes Disrupts Media Limited as data controller; lists categories of personal data; documents lawful bases, aggregate-reporting model, recipients, transfers, retention, the eight UK GDPR rights, security measures and complaint route. Cross-references the Cookie Policy and AI Use Policy. |