Newsarc

Privacy Policy

We are pleased that you are visiting our timeline page. Protecting your personal data is a high priority for us. Below, we inform you about the collection, processing, and use of your data when visiting and using our website in accordance with applicable data protection regulations, particularly the General Data Protection Regulation (GDPR).

1. Controller

The controller responsible for processing your personal data is:

Ali Büyükkakaç
contact@newsarc.io

2. Data Collected and Purposes of Processing

2.1 Server Hosting and Infrastructure

Our application runs on Next.js and uses the following Amazon Web Services (AWS):

  • AWS Lambda
  • S3 Buckets
  • CloudFront
  • Amazon RDS

All infrastructure components are located in the us-east-1 (USA) region. In this context, personal data (e.g., IP addresses, log data) may be transferred to and stored in the USA.

Purpose of Processing:

  • Operating and delivering the website
  • Ensuring stability and security
  • Analyzing technical issues

Legal Basis:

  • Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient operation of the website)

2.2 Cookies

We use cookies that are strictly necessary to ensure the technical operation of our website (e.g., to maintain your session). Without these cookies, our website cannot function properly.

Purpose of Processing:

  • Providing essential functionalities (e.g., login, session management)

Legal Basis:

  • Art. 6(1)(f) GDPR (legitimate interest in the technical functionality of the site)

2.3 Login and Authentication (Auth0 and OAuth Providers)

We offer various login options through Auth0. Auth0 is based in the USA. Along with Auth0, we also use OAuth services from third-party providers:

  • GitHub OAuth
  • Google OAuth
  • Microsoft OAuth
  • vKontakte OAuth

The following data is collected and processed:

  • Email address
  • Profile information (e.g., username)

By using these services, personal data may be transferred to the USA or other third countries. Please note that we have only limited influence over the data processing by the respective providers. For more information, please refer to the privacy policies of these providers.

Purpose of Processing:

  • Simplified login
  • Managing user accounts
  • Enabling the functionality of our service

Legal Basis:

  • Art. 6(1)(b) GDPR (performance of a contract if a user account is created)
  • Art. 6(1)(f) GDPR (legitimate interest in a secure and user-friendly authentication process)

2.4 Google Tag Manager (Third-Party Cookie)

We use Google Tag Manager, a service provided by Google LLC (USA). Cookies may be set to analyze user behavior and manage the integration of additional services. Please note that personal data such as IP addresses or online identifiers may be transferred to the USA.

Purpose of Processing:

  • Managing scripts and tags
  • Analyzing and optimizing our online offering

Legal Basis:

  • Art. 6(1)(f) GDPR (legitimate interest in efficiently managing our tracking and analysis tags)
  • Potentially your consent (where required by national law, e.g., if non-essential cookies are used)

3. Data Transfers to Third Countries

By using AWS, Auth0, and other OAuth providers, data may be transferred to the USA or other third countries. We would like to point out that in these countries, there may not be a level of data protection comparable to that of the EU, and authorities may access data. Where possible, we rely on recognized safeguards such as Standard Contractual Clauses or adequacy decisions.

4. Storage Period

Personal data is stored only as long as is necessary for the purposes for which it was collected or as required by statutory retention periods. Afterward, the data is routinely deleted or blocked.

5. Security

We use technical and organizational security measures to protect your data against unauthorized access, loss, misuse, or destruction. Our security measures are continuously improved in accordance with technological developments.

6. Your Rights

You have the right to obtain information about your personal data stored with us at any time, free of charge. Additionally, you have the following rights:

  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR), in particular where processing is based on our legitimate interests
  • Right to withdraw consent (Art. 7(3) GDPR), where processing is based on consent

To exercise these rights, please contact us using the contact details provided above.

7. Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your personal data violates applicable data protection law, you may lodge a complaint with the competent supervisory authority (for instance, in the EU member state of your habitual residence, your workplace, or the place of the alleged infringement).

8. Changes and Updates

We reserve the right to modify this Privacy Policy from time to time to reflect changes in legal requirements or our services. The version that applies to your visit is always the most recent one.

Date: 16.03.2025

If you have any questions about our Privacy Policy or how we handle your personal data, please feel free to contact us using the details provided above.