GDPR Policy

1. Introduction

A News Time ("we", "us", "our") is committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK General Data Protection Regulation ("UK GDPR"), and the Data Protection Act 2018. This policy explains how we collect, process, and store personal data of individuals located in the European Economic Area (EEA), the United Kingdom, and Switzerland when you access our website and services.

This policy supplements our general Privacy Policy and provides additional information specific to your rights under European and UK data protection law. Where there is any conflict between this GDPR Policy and our Privacy Policy, this GDPR Policy shall take precedence for individuals in the EEA, UK, and Switzerland.

2. Data Controller

ANewsTime is the data controller responsible for your personal data. For data protection enquiries, please contact us at:

• Email: help@anewstime.com
• Subject line: GDPR Data Request

We are committed to responding to all data protection enquiries within 30 calendar days of receipt, in accordance with Article 12(3) of the GDPR.

3. Categories of Personal Data We Collect

We may collect and process the following categories of personal data:

• Identity data: Name, username, or similar identifier when you create an account or subscribe to our newsletter.
• Contact data: Email address, and any contact information you provide when reaching out to us.
• Technical data: IP address, browser type and version, time zone setting, browser plug-in types, operating system, platform, and other technology identifiers on the devices you use to access our website.
• Usage data: Information about how you use our website, including pages visited, time spent on pages, click-through rates, scroll depth, and navigation patterns.
• Marketing data: Your preferences in receiving marketing communications from us and your communication preferences.
• Cookie data: Data collected through cookies and similar technologies as detailed in our Cookie Policy.

We do not collect any Special Categories of Personal Data about you (such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health data, or genetic and biometric data). We do not collect information about criminal convictions and offences.

4. Lawful Basis for Processing

Under Article 6 of the GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases depending on the specific processing activity:

5. Your Rights Under GDPR

Under the GDPR and UK GDPR, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to certain conditions and exemptions as set out in the legislation:

To exercise any of these rights, please contact us at help@anewstime.com. We may need to verify your identity before processing your request. We will respond within one calendar month, though this may be extended by two further months for complex or numerous requests, in which case we will notify you within the first month.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to satisfy any legal, accounting, or reporting requirements, or as required by applicable law. Our standard retention periods are:

• Account data: Retained for the duration of your account and for 12 months after account closure.
• Newsletter subscriptions: Retained until you unsubscribe, plus 30 days for processing.
• Analytics data: Aggregated and anonymised within 26 months of collection.
• Contact form submissions: Retained for 24 months from the date of submission.
• Cookie data: Varies by cookie type — see our Cookie Policy for specific retention periods.

When personal data is no longer required, it is securely deleted or irreversibly anonymised so that it can no longer be associated with you.

7. Third-Party Data Processors

We share your personal data with carefully selected third parties who process data on our behalf. All third-party processors are bound by Data Processing Agreements (DPAs) in compliance with Article 28 of the GDPR. Our key categories of processors include:

• Hosting and infrastructure: Cloud hosting providers for website delivery and data storage.
• Analytics: Web analytics services to understand site usage and improve our services.
• Email services: Email delivery platforms for newsletters and transactional communications.
• Advertising: Advertising networks that may use cookies and tracking technologies subject to your consent.
• Security: DDoS protection and content delivery network providers.

We do not sell your personal data to any third party. We will not share your data with third parties for their own marketing purposes without your explicit consent.

8. International Transfers

Some of our third-party processors are based outside the EEA and UK. Where we transfer personal data internationally, we ensure appropriate safeguards are in place as required by Chapter V of the GDPR:

• Adequacy decisions: Transfers to countries that the European Commission has determined provide an adequate level of data protection.
• Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses (as updated in June 2021) where no adequacy decision exists.
• Supplementary measures: Where required by the Schrems II ruling (Case C-311/18), we implement additional technical and organisational measures to ensure an equivalent level of protection.

You may request details of the specific safeguards applied to international transfers of your data by contacting our DPO.

9. Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR. These measures include:

• Encryption of data in transit using TLS 1.2 or higher
• Regular security assessments and vulnerability testing
• Access controls limiting data access to authorised personnel
• Regular backups and disaster recovery procedures
• Staff training on data protection and security practices

10. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR, unless the breach is unlikely to result in a risk to your rights and freedoms. Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, as required by Article 34.

11. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority (DPA). For residents of the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. For residents of other EEA countries, you can find your local supervisory authority through the European Data Protection Board (EDPB) website.

Before escalating to a supervisory authority, we encourage you to contact us directly so we can address your concerns. You can reach us at help@anewstime.com.

12. Changes to This Policy

We may update this GDPR Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. Material changes will be communicated through a prominent notice on our website. We encourage you to review this policy periodically. The "Last updated" date at the top of this page indicates when the policy was last revised.