Overview
Aevum News (“we,” “us,” or “our”) is committed to processing your personal data lawfully, fairly, and transparently. This page provides comprehensive information about our data processing activities in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
This document is intended to be read together with our Privacy Policy. While the Privacy Policy explains why and how we process your data, this page provides granular detail about specific processing activities, legal bases, and data flows.
As a digital news publisher operating globally, we process personal data to deliver journalism, personalize content, operate our platform, and comply with legal obligations. Every processing activity is documented and reviewed regularly to ensure ongoing compliance.
Our Commitment
- Lawfulness: Every processing activity has a valid legal basis under applicable law.
- Minimization: We only collect data that is strictly necessary for stated purposes.
- Transparency: You always have visibility into what data we hold and why.
- Security: Industry-leading technical and organizational measures protect your data.
- Accountability: We maintain comprehensive records and audit trails for all processing activities.
Data We Collect & Process
The following table categorizes the types of personal data we process, the sources from which we obtain them, and the category classification under applicable data protection frameworks.
| Data Type | Category | Source | Examples |
|---|---|---|---|
| Identity Data | Personal | Provided by you | Name, username, email address |
| Contact Data | Personal | Provided by you | Billing address, phone number |
| Account Credentials | Technical | Created by you | Password (hashed), authentication tokens |
| Usage Data | Behavioral | Automatically collected | Pages visited, time spent, click patterns |
| Device Data | Technical | Automatically collected | IP address, browser type, device ID, OS |
| Content Preferences | Content | Inferred / Provided | Topic interests, subscription choices |
| Communication Data | Personal | Provided by you | Email correspondence, feedback, comments |
| Location Data | Technical | Automatically collected | Country, region (approximate from IP) |
| Payment Data | Personal | Processed by payment providers | Subscription billing (tokenized) |
| Cookie & Tracking Data | Behavioral | Automatically collected | Cookie IDs, analytics identifiers |
We do not intentionally collect special category data (racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data, health data, or sexual orientation). If such data is accidentally provided (e.g., in a comment), we will process it only to comply with legal obligations and will offer removal upon request.
Processing Purposes
Each processing activity is tied to a specific, explicit, and legitimate purpose. Below we detail our primary processing purposes and the associated activities.
1. Service Delivery & Platform Operation
We process your data to operate the Aevum News platform, deliver news content, and maintain your account.
- Hosting and serving web content to your device
- Managing user registration and authentication
- Processing subscription payments and billing
- Maintaining platform security and preventing fraud
- Ensuring technical compatibility and performance
2. Content Personalization
We analyze your reading behavior and stated preferences to tailor content recommendations.
- Tracking article views and reading patterns (with consent)
- Building anonymous preference profiles
- Curating personalized homepage layouts
- Sending topic-relevant newsletter content
3. Communication & Support
We process data to communicate with you about our services and respond to inquiries.
- Sending service notifications and updates
- Responding to customer support requests
- Delivering editorial newsletters (with explicit consent)
- Conducting optional user research surveys
4. Analytics & Improvement
We analyze aggregated and anonymized data to improve our platform and journalism.
- Measuring website traffic and engagement metrics
- Conducting A/B testing on layout and features
- Identifying content performance trends
- Optimizing load times and user experience
5. Legal & Compliance
We process data to fulfill legal obligations and protect our rights.
- Complying with tax and financial regulations
- Responding to lawful requests from authorities
- Enforcing our Terms of Service
- Preventing and detecting security incidents
Legal Basis for Processing
Under the GDPR, we must identify a lawful basis for every processing activity. The table below maps our processing purposes to their corresponding legal bases.
| Purpose | Legal Basis (GDPR Art. 6) | Details |
|---|---|---|
| Service Delivery | 6(1)(b) — Contract | Necessary to perform our contract with you |
| Account Security | 6(1)(f) — Legitimate Interest | Protecting our platform and users from fraud |
| Content Personalization | 6(1)(a) — Consent | Based on your explicit opt-in via cookie settings |
| Editorial Newsletters | 6(1)(a) — Consent | Explicit subscription opt-in; withdrawable anytime |
| Service Notifications | 6(1)(b) — Contract | Essential for account and subscription management |
| Analytics | 6(1)(a) — Consent | Tracking analytics cookies require consent |
| Tax & Legal Compliance | 6(1)(c) — Legal Obligation | Required by applicable tax and financial laws |
| Fraud Prevention | 6(1)(f) — Legitimate Interest | Protecting our business and other users |
For California residents: We do not “sell” or “share” personal information for cross-context behavioral advertising as defined under the CCPA/CPRA. We share data only with service providers necessary for platform operation under contractual processing agreements.
Data Processing Flow
The following diagram illustrates the journey of your personal data through our systems, from collection to eventual deletion.
Collection
Data collected via forms, cookies, device signals, or third-party services
Validation
Data validated, sanitized, and checked against processing purposes
Storage
Encrypted storage in EU-based data centers with access controls
Processing
Data used for stated purposes with audit logging and monitoring
Review
Periodic review against retention schedules and necessity criteria
Deletion
Secure deletion or anonymization when retention period expires
Data Controllers & Processors
Aevum News acts as the Data Controller for all personal data collected through our website and services. We engage third-party service providers who act as Data Processors under binding data processing agreements (DPAs) that comply with GDPR Article 28.
As a data subject, you have the right to know who processes your data and for what purpose. Full details on each processor are provided in the Third Parties section below.
Data Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. The following table outlines our standard retention periods.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account Data | Duration of account + 30 days | Contractual necessity |
| Subscription/Payment Data | Duration + 7 years | Tax & legal compliance |
| Usage & Analytics Data | 13 months (aggregated after) | Consent / legitimate interest |
| Cookie Data | Session or 13 months max | bsp;Consent / legitimate interest |
| Newsletter Preferences | Until unsubscribe + 30 days | Consent withdrawal |
| Support Communications | Resolution + 2 years | Legitimate interest |
| Security Logs | 1 year | Security & fraud prevention |
| Comment Data | 10 years (with moderation) | Legitimate interest / archival |
Regardless of retention schedules, you may request immediate deletion of your personal data at any time by contacting our DPO. We will comply unless a legal obligation requires retention.
Third-Party Data Processors
We engage vetted third-party service providers to support our platform operations. Each processor is bound by a Data Processing Agreement (DPA) and undergoes regular compliance reviews.
We do not sell, rent, or trade your personal data to advertising networks, data brokers, or unauthorized third parties. Any data shared with the processors above is strictly limited to what is necessary for their specified service function.
Your Data Protection Rights
Depending on your location, you may have the following rights regarding your personal data. To exercise any of these rights, contact our Data Protection Officer at dpo@aevumnews.com.
Right of Access
Request a copy of all personal data we hold about you, including processing purposes and recipients.
Right to Rectification
Request correction of inaccurate or incomplete personal data without undue delay.
Right to Erasure
Request deletion of your personal data where there is no compelling legitimate ground for continuing processing.
Right to Restrict Processing
Request that we limit the processing of your data while a dispute or concern is resolved.
Right to Data Portability
Receive your personal data in a structured, machine-readable format and transfer it to another controller.
Right to Withdraw Consent
Withdraw consent for any processing based on consent at any time. This does not affect prior lawful processing.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
Right to Lodge a Complaint
File a complaint with your local supervisory authority if you believe your data protection rights have been violated.
We will respond to all data subject requests within 30 days. If your request is complex, we may extend this by up to 60 additional days, and we will notify you of any extension and the reason for it.
Security Measures
We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, accidental loss, alteration, or disclosure.
Technical Measures
- Encryption at Rest: All personal data stored in our databases is encrypted using AES-256 encryption.
- Encryption in Transit: All data transmitted between your browser and our servers uses TLS 1.3.
- Access Controls: Role-based access control (RBAC) with multi-factor authentication for all administrative systems.
- Network Security: Web Application Firewall (WAF), DDoS protection, and intrusion detection systems.
- Regular Penetration Testing: Annual third-party security audits and quarterly vulnerability assessments.
- Secure Development: OWASP-compliant development practices with automated security scanning in our CI/CD pipeline.
Organizational Measures
- Data Protection Officer: Dedicated DPO overseeing all data protection activities.
- Staff Training: Mandatory quarterly data protection and security training for all employees.
- Incident Response Plan: Documented procedures for detecting, reporting, and investigating data breaches.
- Vendor Management: Rigorous third-party assessment and ongoing monitoring of all data processors.
- Record of Processing Activities: Comprehensive RoPA maintained as required by GDPR Article 30.
- Data Protection Impact Assessments: DPIAs conducted for all high-risk processing activities.
In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform you without undue delay, as required by GDPR Article 34.
International Data Transfers
Aevum News is headquartered in the European Union, and the primary storage of your personal data occurs within the EU/EEA. However, some of our service providers may be located outside the EU/EEA.
For any transfers outside the EU/EEA, we ensure an adequate level of protection through:
- EU-US Data Privacy Framework (DPF): Transfers to U.S. companies that are DPF-certified.
- Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision, we implement the European Commission's Standard Contractual Clauses.
- Transfer Impact Assessments: We conduct TIAs for all international transfers to evaluate the legal environment of the destination country.
- Supplementary Measures: Where required, we implement additional technical and contractual safeguards.
If you wish to know more about specific international transfers involving your data, please contact our DPO.
Children's Data
Aevum News services are directed to individuals aged 16 and older. We do not knowingly collect or process personal data from children under the age of consent (16 in the EU, or the applicable age in your jurisdiction).
If we become aware that we have inadvertently collected personal data from a child below the applicable age of consent, we will take immediate steps to delete that data. If you believe we may have collected such data, please contact our DPO at dpo@aevumnews.com.
Changes to This Policy
We may update this Data Processing Information page from time to time to reflect changes in our practices, legal requirements, or technological developments. We will notify you of material changes by:
- Posting a notice on our website homepage at least 30 days before the change takes effect
- Sending an email notification to registered users
- Updating the "Last Updated" date at the top of this page
We encourage you to review this page periodically to stay informed about how we process your personal data.
If you have any questions about this Data Processing Information, our privacy practices, or wish to exercise your rights, please reach out to our Data Protection Officer:
Email: dpo@aevumnews.com
Postal Address: Aevum News DPO, 42 Media Lane, Dublin 2, D02 XF68, Ireland
Response Time: Within 30 calendar days