1 Introduction
Aevum News ("we," "our," or "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our mobile applications, subscribe to our newsletters, or interact with our services (collectively, the "Services").
This policy is designed to comply with the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
This policy applies to all personal data processed by Aevum News. We encourage you to read this entire policy carefully. By using our Services, you acknowledge that you have read and understood this Privacy Policy.
2 Data Controller
The data controller responsible for your personal data is:
Aevum News Ltd.
125 Kingsway, Holborn, London WC2B 6NH, United Kingdom
Company Registration No.: 12345678
Our designated Data Protection Officer (DPO) oversees all matters related to data protection and can be reached at the email address above. We have appointed the DPO to be the contact point for data protection authorities and individuals regarding their personal data.
3 Types of Data We Collect
We collect and process the following categories of personal data:
3.1 Data You Provide Directly
| Data Category | Description | Required |
|---|---|---|
| Identity Data | First name, last name, username, or similar identifier | Optional |
| Contact Data | Billing address, delivery address, email address, telephone number | Required |
| Financial Data | Bank account and payment card details (processed via PCI-DSS compliant third parties) | Required |
| Transaction Data | Details about payments and subscriptions made through our Services | Required |
| Profile Data | Username, password, preferences, interests, and reading history | Optional |
| Publication Data | Comments, submissions, or user-generated content | Optional |
3.2 Data Collected Automatically
| Data Category | Description | Source |
|---|---|---|
| Technical Data | IP address, browser type/version, OS, device identifiers | Auto-collected |
| Usage Data | Pages viewed, click patterns, time spent, referral sources | Auto-collected |
| Location Data | Generalized geographic location based on IP address | Auto-collected |
| Marketing Data | Preferences for receiving marketing communications | User-provided |
3.3 Data from Third Parties
- Analytics providers: Google Analytics, Matomo for aggregated usage statistics
- Advertising partners: Programmatic advertising networks for personalized ad delivery
- Social media platforms: Twitter/X, Facebook, LinkedIn for social sharing features
- Verification services: Third-party identity verification for subscription accounts
- Enrichment services: Demographic and interest data for content personalization
4 Legal Basis for Processing
Under GDPR, we rely on the following legal bases to process your personal data:
We process your data based on one or more of the following lawful grounds under Article 6 of the GDPR:
- Consent (Article 6(1)(a)): Where you have given explicit consent for specific processing purposes, such as newsletter subscriptions and marketing communications.
- Contract (Article 6(1)(b)): Where processing is necessary to fulfill our contractual obligations, such as processing your subscription payment and delivering premium content.
- Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate interests, such as website security, fraud prevention, analytics, and improving our Services — provided these interests are not overridden by your data protection rights.
- Legal Obligation (Article 6(1)(c)): Where processing is necessary for compliance with our legal obligations, such as tax reporting and law enforcement requests.
- Vital Interests (Article 6(1)(d)): In rare cases where processing is necessary to protect someone's life.
- Public Task (Article 6(1)(e)): Where processing is necessary for tasks carried out in the public interest (where applicable).
For special category data (under Article 9), we process such data only where:
- You have given explicit consent (Article 9(2)(a))
- Processing is necessary for reasons of substantial public interest (Article 9(2)(g))
- Processing is necessary for archiving, scientific, or historical research purposes (Article 9(2)(j))
5 Purposes of Processing
We process your personal data for the following purposes:
| Purpose | Data Categories | Legal Basis |
|---|---|---|
| Content Delivery | Contact, account, usage data | Contract |
| Subscription Management | Identity, financial, contact data | Contract |
| Personalization | Usage, profile, reading history | Legitimate Interests |
| Newsletter Distribution | Email address, preferences | Consent |
| Analytics & Improvement | Usage, technical data | Legitimate Interests |
| Security & Fraud Prevention | IP address, device data | Legitimate Interests |
| Marketing Communications | Contact, preferences, engagement data | Consent |
| Legal Compliance | Identity, transaction data | Legal Obligation |
| Advertising | Technical, usage, demographic data | Consent / Legitimate Interests |
| Customer Support | Contact, profile, communication data | Legitimate Interests |
6 Data Sharing & Third Parties
We may share your personal data with the following categories of third parties:
6.1 Service Providers
- Hosting & Infrastructure: AWS, Cloudflare — for secure data storage and content delivery
- Email Service Provider: Mailchimp / SendGrid — for newsletter delivery and campaign analytics
- Payment Processor: Stripe — for secure payment processing (we do not store payment card details)
- Analytics: Google Analytics, Matomo — for website usage analysis (anonymized where possible)
- Advertising: Google AdSense, programmatic ad networks — for personalized advertising
- CRM & Support: Salesforce, Zendesk — for customer relationship management
- Social Media Platforms: Twitter/X, Meta, LinkedIn — for social sharing and analytics pixels
- Content Delivery Network: Cloudflare, Akamai — for global content delivery optimization
6.2 Legal Disclosures
We may disclose your personal data where required by law, including:
- In response to valid legal requests such as subpoenas, court orders, or government demands
- To comply with applicable laws, regulations, or legal processes
- To protect and defend the rights, property, or safety of Aevum News, our users, or the public
- To detect, prevent, or address fraud, security, or technical issues
- To establish or exercise legal claims
Our advertising partners may set their own cookies and collect data through our Services. We do not control these third-party cookies. We encourage you to review the privacy policies of these advertising partners for more information about their data practices. You can opt out of personalized advertising through Network Advertising Initiative and Your Online Choices.
7 Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.
7.1 Retention Periods
| Data Type | Retention Period | Justification |
|---|---|---|
| Account & Profile Data | Duration of account + 30 days after deletion | Service delivery |
| Subscription & Payment Data | 7 years (tax/legal compliance) | Legal obligation |
| Transaction History | 7 years | Legal obligation |
| Newsletter Subscription Data | Until withdrawal of consent | Consent |
| Analytics Data | 26 months (anonymized) | Legitimate interests |
| Log Files & IP Addresses | 90 days | Security |
| Comment & User Content | Duration of account + 2 years | Legitimate interests |
| Cookies Data | 12 months (persistent cookies) | Legitimate interests |
After the applicable retention period expires, your personal data will be securely deleted or anonymized so that it can no longer be associated with you.
8 International Data Transfers
Your personal data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your country.
8.1 Safeguards for International Transfers
Where we transfer your personal data outside the European Economic Area (EEA), we ensure adequate protection through one of the following mechanisms:
- European Commission Adequacy Decisions: Transfers to countries deemed adequate by the European Commission (e.g., Switzerland, Canada, Japan, UK)
- Standard Contractual Clauses (SCCs): We use the EU Commission-approved Standard Contractual Clauses for transfers to countries without adequacy decisions
- Binding Corporate Rules (BCRs): Where applicable, we use our approved BCRs for intra-group transfers
- Transfer Impact Assessments (TIAs): We conduct TIAs to verify that adequate safeguards are in place for each transfer
8.2 Key Transfer Destinations
| Recipient | Destination | Safeguard Mechanism |
|---|---|---|
| AWS (Amazon Web Services) | United States | EU SCCs + Data Privacy Framework |
| Google Cloud | United States | EU SCCs + Data Privacy Framework |
| Cloudflare | United States | EU SCCs |
| Mailchimp (Viant) | United States | EU SCCs |
| Stripe | United States | EU SCCs |
| Salesforce | United States | EU SCCs + Data Privacy Framework |
9 Your GDPR Rights
Under the GDPR and applicable data protection laws, you have the following rights with respect to your personal data:
Right of Access
Request a copy of all personal data we hold about you, including the purposes of processing and categories of data.
Right to Rectification
Request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure
Request deletion of your personal data where there is no compelling reason for us to continue processing it.
Right to Restrict Processing
Request that we limit the way we use your personal data in certain circumstances.
Right to Portability
Receive your personal data in a structured, commonly used, and machine-readable format.
Right to Object
Object to processing based on legitimate interests, including direct marketing and profiling.
Automated Decision-Making
Right not to be subject to solely automated decision-making, including profiling, that produces legal effects.
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent, without affecting prior lawful processing.
9.1 How to Exercise Your Rights
To exercise any of the above rights, please contact us at dpo@aevumnews.com or write to us at the address provided in Section 2. We will respond to your request within one calendar month of receipt (extendable by two further months for complex requests).
We may need to verify your identity before processing your request to protect your data. You also have the right to lodge a complaint with a supervisory authority in your EU member state.
UK: Information Commissioner's Office (ICO) — ico.org.uk
EU (Germany): Federal Commissioner for Data Protection — bfdi.bund.de
EU (France): CNIL — cnil.fr
Other EU countries: edpb.europa.eu
10 Cookies & Tracking Technologies
We use cookies and similar tracking technologies to collect and track information about your activity on our Services. These technologies help us provide a better experience and improve our Services.
10.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for website functionality (authentication, security, session management) | Session / 1 year |
| Analytics & Performance | Understand how visitors interact with our website (Google Analytics, Matomo) | 12-26 months |
| Functional | Remember your preferences (language, region, font size, reading mode) | 12 months |
| Advertising & Targeting | Deliver relevant ads and measure ad campaign effectiveness | 6-12 months |
| Social Media | Enable social sharing and track social media engagement | 30-90 days |
10.2 Cookie Management
You can manage your cookie preferences at any time through:
- Our Cookie Consent Manager available on our website banner and in your account settings
- Your browser settings — most browsers allow you to control and manage cookies
- Third-party opt-out platforms: aboutcookies.org, NAI, YourOnlineChoices
Blocking or deleting cookies may impact the functionality of our Services. Strictly necessary cookies cannot be disabled as they are essential for the website to operate properly.
11 Children's Data
Our Services are not directed to individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children.
If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected data from a child, please contact us immediately at dpo@aevumnews.com.
12 Data Security
Aevum News implements appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage:
- Encryption: All data in transit is protected via TLS 1.3. Data at rest is encrypted using AES-256 encryption
- Access Controls: Role-based access control (RBAC) with multi-factor authentication (MFA) for all systems containing personal data
- Infrastructure Security: WAF, DDoS protection, vulnerability scanning, and penetration testing via Cloudflare and internal security teams
- Data Minimization: We collect only the data strictly necessary for the stated purposes
- Regular Audits: Quarterly internal security audits and annual third-party security assessments
- Employee Training: Mandatory data protection training for all employees with access to personal data
- Incident Response: Incident response plan with 72-hour breach notification to supervisory authorities as required by GDPR Article 33
- Data Processing Agreements: DPAs executed with all third-party processors
13 Consent Management
14 Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The version history is as follows:
When we make material changes, we will notify you through prominent notice on our website, via email, or through our mobile app notification system. We encourage you to periodically review this policy.
15 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:
Mailing Address
Aevum News Ltd.
Data Protection Office
125 Kingsway, Holborn
London WC2B 6NH
United Kingdom
Phone
+44 (0) 20 7946 0958
Mon–Fri, 9:00–17:00 GMT
We are committed to handling your data protection requests promptly and transparently. We will respond to legitimate requests within the statutory timeframe and work with you to resolve any concerns. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority.