Financial Times and the General Data

Protection Regulation (GDPR)

The FT is controller of reader data for GDPR purposes, not a processor on behalf of the client. This means that all individual readers are able to enjoy the full benefit of the FT’s services and have control over their own preferences. An individual agrees to the FT’s privacy policy and terms & conditions when he/she registers for an FT.com account. The personal data collected from the use of FT.com is governed by the FT's privacy policy and the FT is the controller of that data.

The FT provides clients with a signup link where readers can register for FT.com access. The FT and/or client can invite readers to register for FT.com via the signup link. The signup link will ask readers to accept the FT.com terms and conditions and privacy policy, as well as state their communication preferences.

The FT asks readers to provide their email address, name, job title and country when registering for FT.com access. The IP address of readers is processed to identify whether a reader belongs to the client organisation and to protect against cyber attacks. For details of other personal data that we collect from readers and how we use it, please see our privacy policy.

Users are asked to set their preferences when they register on FT.com. These determine the majority of communication we send. Users can update these preferences at any time here: https://www.ft.com/myft/alerts/.

Services messages are sent to all users and users cannot opt out of these.

The FT commits to comply with its privacy policy and with readers’ stated preferences on marketing and communications. These can be updated at any time by going to https://www.ft.com/myft/alerts/.

The communications we send to readers are split into three categories:

• Top stories & features
• Invites & offers from the FT
• Service messages

Top stories & Features: This category of communication includes personalised special reports, recommended reads and the latest feature announcements.

Invites & offers from the FT: This category of communication includes exclusive personalised event invitations, carefully-curated offers and promotions from the Financial Times.

Service Messages: Service messages are sent to a reader when an important update is relevant to them and will impact their subscription or usage of FT.com.

Within ‘Top stories & Features’ and ‘Invites & offers from the FT’, readers can manage their contact preferences by each channel - email, phone and post, separately. Or they can choose to opt out of all communications, except service messages.

The preferences provided by individuals on an FT Group Subscription supercede policies agreed with the customer organisation or employer.

Readers can review and amend their personal preferences for marketing and communications at https://www.ft.com/myft/alerts/.

The FT and its suppliers host customer data in the UK, EEA, US and elsewhere in the world. In all cases, the FT ensures that appropriate access, encryption and security features are in place to protect customer data and information processing facilities. Where customer data is hosted outside the UK or EEA, the FT takes steps (such as use of the UK International Data Transfer Agreement or EU Standard Contractual Clauses, as applicable) to ensure that users’ rights are protected.

The FT has formal policies in place to ensure compliance with all relevant legislation including data protection and misuse of computer legislation. All personal data are systematically encrypted to strong industry standards. Our IT compliance team conducts regular security reviews and security technology/processes are audited by a third party twice a year.

The FT has deployed a Network Intrusion Detection System (IDS) on internet facing systems and internal systems. A central logging and alerting system is in place for processing security logs and we perform regular vulnerability scans of internal and internet facing systems.