Get all your news in one place.
100's of premium titles.
One app.
Start reading
The Guardian - UK
The Guardian - UK
Comment

Privacy policy US addendum

About this document

Our Privacy Policy provides information about what personal data we collect about you, how we collect personal data, how and why we use your personal data, how we share your personal data with third parties, international transfers, however long we keep your personal data for, what your privacy rights and data protection are under the UK data protection laws, and how we keep your personal data secure. Any terms not otherwise defined in this US addendum have the same definition as the Privacy Policy.

This US addendum provides additional information for residents in Alabama, California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Louisiana, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oklahoma, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, or another U.S. state that has similar comprehensive privacy legislation (collectively, “Covered States”). Residents of Covered States may have specific rights regarding your personal data under: California Consumer Privacy Act (“CCPA”), Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Texas Data Privacy and Security Act, Oregon Consumer Privacy Act, Montana Consumer Data Privacy Act, Iowa Consumer Data Protection Act, Delaware Personal Data Privacy Act, Nebraska Data Privacy Act, New Hampshire Data Privacy Act, New Jersey Data Privacy Act, Tennessee Information Protection Act, Minnesota Consumer Data Privacy Act, Maryland Online Data Privacy Act, Indiana Consumer Data Protection Act, Kentucky Consumer Data Protection Act, Rhode Island Data Transparency and Privacy Protection Act, the Alabama Personal Data Protection Act, Louisiana Data Privacy Act, Oklahoma Data Privacy Act, and similar laws in other U.S. states (collectively, “State Privacy Laws”).

This US addendum describes the rights that consumers of Covered States have and explains how to exercise those rights. These rights are granted only to the extent that you are considered a consumer of Covered State and we are acting as a “controller” or “business” (as applicable) under State Privacy Laws with respect to your personal data.

For more information about how users with disabilities can access this Privacy Policy in an alternative format, please contact the Data Protection Team by email at dataprotection@guardian.co.uk.

1. What personal data we collect

In the past 12 months, we have collected categories of personal data described in the section of the Privacy Policy above titled What personal data we collect about you, and we have collected this information from the sources described in the section titled How we collect personal data from you. Depending on your level of interaction with us, we may not have collected your personal data from all of the categories listed in the Privacy Policy. We collect and use your personal data for the business or commercial purposes described in the section titled Why and how we use your personal data, and retain it pursuant to the section titled How long we keep your personal data.

Additionally, we may sell and/or share for affiliate marketing and personalised advertising the following categories of personal data listed below:

  • Contact information and identifiers

  • Geolocation information

  • Device information and unique identifiers

  • Internet or other electronic network activity information

2. Your US privacy rights

Depending on your state of residence, State Privacy Laws may provide you with the following rights:

  • Right to Know: You may have the right to know whether we process your personal data and to access such personal data. You may also have the right to request that we disclose certain information to you about our collection, use, or disclosure of your personal data.

  • Right to Data Portability: You may have the right to obtain a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another business without hindrance, where the processing is carried out by automated means.

  • Right to Correct: You have the right to correct inaccurate personal data we hold about you, taking into account the nature of the personal data and the purposes for which we process it.

  • Right to Opt-Out: You have the right to opt out of the processing of your personal data for purposes of: (i) personalised advertising; (ii) the sale of personal data; or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. As of the latest date of the Privacy Policy, we process personal data or share it with third parties for the purposes of personalised advertising, and sell your personal data in exchange for monetary or other valuable consideration. We do not engage in profiling decisions based on your personal data that produce legal or similarly significant effects concerning you. You can exercise this right by pressing the “Do not sell or share my information” link in the banner or at any time in the footer of every page on our site. We recognize and honor GPC signals. Please find more information on the Global Privacy Control website. We do not sell or share the personal data of consumers we know are less than 18 years of age, unless we receive affirmative authorisation (the “right to opt-in”) from either the consumer who is less than 18 (but greater than 13) years of age, or the parent or guardian of a consumer less than 13 years of age. To our knowledge, we do not sell or share the personal data of minors under 18 years of age.

  • Right to Deletion: You have the right to ask us to delete personal data we may hold on you or restrict how it is used. There may be exceptions to the right to deletion which, if applicable, we will set out for you in response to your request.

  • Right to Limit Use and Disclosure of Sensitive Personal Data: If you are a California resident, you have the right to limit our use of sensitive personal data for any purposes other than to provide the services you request or as otherwise permitted by law. We will also treat opt-out preference signals as valid “Limit the Use” requests.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights under State Privacy Laws. Unless permitted by the State Privacy Laws, we will not deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; provide you a different level or quality of goods or services; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

3. Exercising your privacy rights

To exercise any of your privacy rights, or if you have any questions about your privacy rights, you can contact us by sending an email to dataprotection@theguardian.com.

With the exception of opt-out or right to limit requests (which do not require verification), after submitting a request, we may need verification of your identity to proceed. If you provide us with proof of identity containing information that does not match our records, we may request further proof of identity from you. This is a security measure to ensure that your personal data is not disclosed to any person who does not have a right to receive it.

Only you (or for California residents, an agent legally authorised to act on your behalf) may make a verifiable request to know, delete, correct, or obtain a copy of your personal data. If you are making a request as the authorised agent of a California consumer, we will ask you to also submit reliable proof that you have been authorised in writing by the consumer to act on such consumer’s behalf. If you are making a request as the parent or legal guardian of a known child regarding the processing of that child’s personal data, we may ask you to submit proof of your identity.

4. Right to appeal

We will make every effort to respond to your request within 45 days from when you contacted us. If you have a complex request, State Privacy Laws allow us up to 90 days to respond. We will contact you within 45 days from when you contacted us to inform you of the need for additional time and the reason for such extension. We may charge you a reasonable fee to cover administrative costs if your requests are manifestly unfounded, excessive, or repetitive.

If we decline to take action on a request that you have submitted, we will inform you of our reasons for doing so, and provide instructions for how to appeal the decision. Depending on your state of residence you may have the right to appeal within a reasonable period of time after you have received our decision. If you have this appeal right, within 60 days (45 days for residents of Colorado and Minnesota) of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, we will provide you with a method for contacting your state attorney general’s office to submit a complaint.

5. California-specific Record of requests

We keep a record of requests that we received from users exercising their CCPA rights. We have set out this record of requests for the last calendar year from 1 July 2026 below:

6. California “Shine the Light” privacy rights

Residents of California can ask us in writing to provide a list of the categories of personal data we have disclosed to third parties for direct marketing purposes and the identity of those third parties. We do not generally disclose personal data as defined under the California “Shine the Light” law. To the extent that we share email addresses with third parties in connection with online marketing that could be covered, you can opt-out through your “Manage My Account” choices or by sending an email to dataprotection@theguardian.com with “Shine the Light” in the subject line.

7. Nevada privacy rights

If you are a resident of Nevada, you have the right to opt out of the sale of certain personal data that we have collected (or may collect) from you to data brokers or other third parties. You can exercise this right by emailing us at dataprotection@theguardian.com with the subject line “Nevada Do Not Sell Request.”

8. Contact us

If you have any questions about how we use your personal data or if you have a concern about how your personal data is used, please contact the Data Protection Officer at Guardian News & Media Limited, Kings Place, 90 York Way, London N1 9GU or, email dataprotection@theguardian.com.

If you have a question about anything else, please see our Contact us page here.

The process by which we notify you of material changes may include email or a pop-up notification on our sites, depending on how you interact with us.

The most recent changes to this privacy policy were made on:

  • 8 July 2026

Sign up to read this article
Read news from 100's of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.