Privacy policy for the News Hub of the Democracy News Alliance

The use of this DNA-News Hub Website (www.democracy-news.org) und receipt of the associated electronic DNA-newsletter involves the processing of personal data (hereinafter also referred to as "data").

To make this data processing comprehensible, we would like to provide you with an overview of these processing operations in the following information. In order to ensure fair processing, we would also like to inform you about your rights under the European General Data Protection Regulation (GDPR).

1. Controller / Contact

Controller of the data being processed is the DNA cooperation partner with whom you or the company to which you belong has concluded a user agreement for the DNA-News Hub.

If you access the above-mentioned website without a user agreement, then dpa Deutsche Presse-Agentur GmbH (hereinafter referred to as ‘dpa’) is the controller.

Information on the contact details of the DNA cooperation partners (including dpa) and on how you can contact the data protection officers of these companies can be found below in section 18 of this privacy policy. The controller is also referred to below as ‘the Controller’, “we” and ‘us’.

If you have any questions or suggestions regarding data protection or this information, or if you wish to contact us to assert your rights, please send your enquiry to the relevant contact details.

2. Automated data processing

Whenever you access our website, your device automatically transmits data for technical reasons. The following data are stored separately from other data, which you may transmit to us under certain circumstances:

• browser type/version,
• operation system of your device,
• the website you access,
• website visited prior to access (referrer URL),
• IP address,
• date and time of the server request, and
• HTTP status code.

The processing of these data is necessary to provide the DNA-News Hub website and the associated functions and services. The legal basis is Article 6 (1) b) of the GDPR.

In addition, your data is processed for the following purposes

• Ensuring the security of our IT systems, e.g. to defend against specific attacks on our systems and detect attack patterns, and
• ensuring the proper operation of our IT systems, including (without limitation) error analysis and safeguarding the functionality of our website.
• to enable criminal prosecution, hazard prevention or legal action in the event of concrete indications of criminal offences.

This processing is based on our legitimate interests, Art. 6 (1) f) GDPR.

The data will be stored for 30 days and will be deleted, unless there are concrete indications giving rise to a justified suspicion of unlawful use and further examination and processing of the information is necessary for this reason.

1. Operation and hosting of the website, content delivery network

The DNA website is operated by Sourcefabric z.ú., Salvátorská 10, 110 00 Prague 1, Czechia, while the website is hosted on servers belonging to Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Deutschland („Hetzner “). All persistent data is stored on the servers in Germany. Sourcefabric also uses the services of a content delivery network and security layer provider (Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107). Cloudflare is certified under the EU-U.S. Data Privacy Framework; and, should this certification lapse or become otherwise invalidated, Cloudflare relies on the standard contractual clauses adopted by the EU Commission in accordance with Art 46 (2) c) GDPR, for transfers to the United States. Sourcefabric processes your personal data on our behalf, i.e. exclusively in accordance with our instructions (cf. Art. 4 No. 8, 28 GDPR). Hetzner and Cloudflare are sub-processors of Sourcefabric within the meaning of Art. 4 No. 8, Art. 28 GDPR.

Insofar as dpa is acting as a processor for the DNA cooperation partner who may be responsible data controller according to section 1 of this privacy policy, Sourcefabric acts as sub-processors for dpa.

4. Data processing during registration/login

To provide you with full access to the DNA-News Hub website, your registration and login with a dpa-ID (a Single-Sign-On-Service, provided by dpa) will be required. Please note that a separate privacy policy applies for the dpa-ID, which you can find at: https://account.dpa-id.de/privacy-service.

For your registration you will have to submit the email address and password used for the dpa-ID. When you register or log in to our website with your dpa ID, we automatically query the dpa ID database for your

• first and last name
• business telephone number,
• name and address (including country) of the company/organisation that you are working for.

We will check the data stored under your dpa ID to verify

• whether you are a registered and authenticated user, and the date of your registration
• the subscription assigned to you, including the start and end dates of the subscription to our DNA News Hub website.

and store these data in your user account.

We process this data in order to

• grant you access to our DNA News Hub website,
• set up and manage your user account, and set up the rights assignment in accordance with the associated company account,
• and to correspond with you as necessary and provide you with information relevant to your use of the website (e.g. regarding operational disruptions).

Without this information, we cannot grant you access to the DNA-News Hub website.

The processing is necessary for the initiation and execution of the contractual relationship with the respective company. This is also our legitimate interest. If you yourself are our contractual partner, the legal basis for the processing of this data is Art. 6 (1) b) GDPR. In this case, the processing is necessary for the initiation and execution of the contractual relationship with you.

You will find further information on the processing of your data in connection with the dpa-ID service at: https://account.dpa-id.de/privacy-service.

We also process your data related to the login for the purpose of authenticating your login. We have a legitimate interest in granting access to the registration-required area of our website only to authorized individuals, Art. 6 (1) (f) of the GDPR.

In addition, we process your data to send you the electronic DNA-newsletter via email (see Section 7) to the email address stored in your user account.

5. Use of the DNA-News Hub

When using the DNA-News Hub website and its services and functions, we process your data to provide these services and functions. If you make certain settings on the DNA News Hub website, e.g. use filter functions or make other settings (if applicable), we will process the information and settings you have provided in order to provide these functions and services.

The processing is necessary in order to provide you with the relevant functions. The legal basis for the data processing in this regard is Article 6(1)(b) GDPR.

6. Analysis of registration data

We process the user data that we collected during registration to analyze the usage of the DNA News Hub. In particular, we analyse which users respectively companies and industries make use of the DNA-News Hub, in order to tailor it to the target audience. Such processing of your data is generally based on our legitimate interest in improving our products and measuring the success of our business operations, Art. 6 (1) (f) of the GDPR.

7. DNA-Newsletter

For the distribution of our newsletter, including newsletter analysis as set out below, we use the services of the newsletter mailing service provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Sendinblue GmbH processes your personal data on our behalf, and solely in accordance with our instructions (within the meaning of Art. 4 No 8, 28 GDPR).

Insofar as dpa acts as a processor for the DNA cooperation partner responsible as a controller pursuant to section 1 of this privacy policy, Sendinblue acts as a sub-processor for dpa in this regard.

7.1 Sending the DNA-Newsletter

We will inform you by email at regular intervals about the content currently available on the DNA News Hub. We process your email address for this purpose.

We process this data in order to send you the DNA newsletter by email, as agreed in the contract.

The legal basis for processing is Art. 6 (1) f) GDPR if you set up a user account with us as an employee of a company.

The processing is necessary for the performance of the contractual relationship with the respective company. This is also our legitimate interest. If you yourself are our contractual partner, the legal basis for the processing of this data is Art. 6 (1) b) GDPR. In this case, the processing is necessary for the performance of the contractual relationship with you.

If you no longer wish to receive the DNA newsletter as part of the DNA News Hub delivery, you can unsubscribe from the DNA newsletter. An “Unsubscribe” link is included in every newsletter. Alternatively, you can cancel your order for the newsletter delivery by contacting the relevant contact details specified in section 1 and mentioned in section 18.

Your data will be processed in this context until the purpose of the processing ceases to apply, i.e. until we discontinue the DNA newsletter or you object to the processing or unsubscribe from the DNA newsletter.

7.2 Newsletter Analysis

For the dispatch of the DNA-Newsletter, the relevant emails contain so-called tracking pixels (also known as web beacons), which connect to the dpa servers when the email is opened. This makes it possible to determine whether an email has been opened and to count how often this happens.

The use of the counting pixel serves solely to analyse your product usage in order to check compliance with the contractually agreed scope of use and, if necessary, to bill or recalculate the contractual services.

7.3 Legal basis

The legal basis for data processing in the context of sending emails is contract fulfilment, Art. 6 (1) b) GDPR.

The legal basis for the use of the counting pixel and the associated processing of your personal data is the concerned dpa Group company's legitimate interest in measuring the scope of use to control the contractually agreed use, Art. 6 para. 1 f) GDPR. The counting pixel is therefore used without your consent in accordance with Art. 5 (3) Directive on privacy and electronic communications (2002/58/EC) in order to be able to safeguard delivery within the scope of the contractually agreed scope of use.

Please note that for technical reasons every email contains an “Unsubscribe” link. If this link is clicked, the recipient stored in our email system is automatically unsubscribed from the delivery of the DNA Newsletter only. We would like to point out that this has no effect on the obligation under the DNA-Agreement to pay for ordered products and that it is the customer's responsibility to provide a deliverable email address for delivery at any time.

8. Making Contact (Enquiries and Feedback)

If you contact us using the contact details set out in section 18 below to submit (e.g. by email, telephone or postal mail) an enquiry (such as a support request), we process

• your name and surname,
• information regarding the company/organization that you are working for,
• time and date of your enquiry as well as any further information you provide us in such communication.

and, depending on the method of communication you choose and / or the contact information you provide:

• your email address,
• your phone number; and / or
• your address.

We process the aforementioned personal data in order to receive and process your enquiry.

In the case of enquiries relating to your contractually agreed use of our DNA News Hub website, processing is carried out for the purpose of implementing the respective contractual relationship, Art. 6(1) b) GDPR.

If you send us your feedback on the DNA News Hub via our contact details, processing is also carried out in order to collect and evaluate our users' experiences with our DNA News Hub website and the associated services and functions, and to optimally adapt them to the needs of our users on the basis of the insights gained. This is also in our legitimate interests, Art. 6 (1) f) GDPR.

9. CRM system

For the administration and configuration of user accounts, we store your personal data that you have provided to us during registration and when contacting us, also in a CRM system (depending on the provider with whom a usage agreement has been concluded).

The processing carried out in this respect is based on Art. 6 (1) b) GDPR and on our legitimate interests in managing our customer relationships, Art. 6 (1) f) GDPR

10. Further Processing of Your Data

We also process the same data that we have collected for the purposes set out herein above for the following purposes:

• in the event of concrete indications of criminal offences for the purposes of criminal prosecution, averting danger or legal prosecution,
• for the purpose of providing evidence and asserting, exercising or defending claims,
• for internal administrative purposes and the organisation of our business, and
• for compliance with our legal obligations.

The processing is based on our legitimate interests in maintaining our business activities, performing our tasks, asserting, exercising or defending claims, Art. 6(1)(f) GDPR, or on the basis of a legal obligation under Art. 6 (1) c) GDPR.

11. Provision of your Personal Data

You are not required to provide your personal data to us, neither by contract nor by law.

Notwithstanding, the provision of your personal data is necessary to access the areas of our website requiring registration and to use the associated services and functions. When not providing your personal data, it will not be possible to enter into the respective contract with us.

Further, the provision of your personal data is necessary, so that

• we can manage and configure your user account and you can use the services and functions to the extent contractually owed and otherwise desired by you, and
• we can provide you with the services, features and functions of our website that you have requested;
• we can receive and process your enquiries regarding our products and services, and/or your support or other inquiries;

Where it is necessary to provide certain data to us, we will mark such data as mandatory items. Provision of any other data is voluntary. In the event that you do not provide mandatory data to us we will be unable to provide the relevant services and features to you.

In other cases, the consequence of you not providing your data may be that we will not be capable to provide the relevant features and services or the full usual scope of them.

12. Sharing of Your Data

Except as set out in this privacy policy, we will only share or otherwise disclose your personal data without your prior consent in the following cases:

• As necessary to investigate any illegitimate use of this website, including any of its services, functions and features, or for legal prosecution, we will share personal data with external consultants (e.g., lawyers), law enforcement authorities and, if necessary, with any damaged third parties; in each case provided that that specific indications for illegal or abusive conduct exist. Moreover, we will share your data as necessary to enforce our terms of use or for the establishment, exercise or defence of legal claims. Furthermore, we may be required by law to provide information to certain public authorities upon their request, including law enforcement agencies, other authorities that prosecute regulatory offences which are subject to fines as well as fiscal authorities.Your personal data may also be shared by us with others if third parties make claims against us which include the disclosure of your data, particularly, without limitation, claims by data subjects who are exercising their rights under Chapter III of the GDPR. The disclosure of this data is based on our legitimate interest in combating misuse, prosecuting criminal offences and asserting, exercising or defending claims, Art. 6 (1) f) GDPR, or on the basis of a legal obligation under Art. 6 (1) c) GDPR.
• Within our administrative processes, organization of our business operations, financial accounting activities, and in order to comply with legal obligations (such as archiving obligations), we may disclose or transfer your personal data to fiscal authorities and consultants (such as tax advisors or auditors).Such transfer is based on our legitimate interest in the proper operation of our business, the performance of our tasks, in establishing, exercising of or defending against claims, Art 6 (1)(f) GDPR, or ,as the case may be, be based on our legal obligation according to Art 6 (1)(c) GDPR.
• For providing our DNA website, its services and related functions, we sub-contract (certain services in whole or in part to third-party companies and third-party service providers (“processors” within the meaning of Art 4 No 8, 28 GDPR). In such event, we share your personal data with these processors for further processing on our behalf and in accordance with our instructions.In addition to the processors already mentioned in this privacy policy, we also use the following categories of processors:
  • IT service providers
  • Cloud service providers
  • Software service providers

When engaging processors in third countries, we will ensure that one of the following conditions will be met:

• There is an adequacy decision by the EU Commission in accordance with Art. 45 GDPR; or
• we and the processor have agreed on the standard contractual clauses adopted by the EU Commission in accordance with Art 46 (2) c) GDPR and taken additional measures in line with the criteria of the European Court of Justice (Schrems II ruling).Further information, including a copy of the standard contractual clauses, can be requested using the contact details provided in section 1 above.
• Future development of our business may result in a change of our company structure by means of a change of its legal form; by establishing, sale of, or acquisition of any subsidiaries, business units or corporate components. In the event of such transactions, personal data will be passed on, together with the portion of the business that will be transferred, and we shall ensure that such data will be shared in accordance with applicable data protection law. The legal basis for such sharing of personal data is our legitimate interest in changing the legal form and structure of our company in accordance with the economic and legal development, Article 6(1) f) GDPR.

13. Third country transfers

We also process personal data in so-called third countries or transfer this data to recipients in third countries. Third countries are all countries outside the European Economic Area (EEA). Please note that there is currently no adequacy decision by the EU Commission that these third countries generally have an adequate level of data protection. In particular, there is currently no corresponding adequacy decision by the EU Commission for the USA.When we transfer personal data to third countries, we ensure that one of the following prerequisites are met:

• There is an adequacy decision by the EU Commission in accordance with Art. 45 GDPR.
• We have concluded the standard contractual clauses adopted by the EU Commission in accordance with Art. 46 (2) c) GDPR and have taken additional measures in accordance with the criteria of the European Court of Justice (Schrems II judgment).
• There are other appropriate safeguards within the meaning of Art. 46 (1) GDPR to establish an adequate level of data protection.
• There is an exception in accordance with Art. 49 GDPR, e.g. if you have given your consent for the transfer (Art. 49 para. 1 sentence 1 a) GDPR), the transfer is necessary for the performance of a contract with you (Art. 49 para. 1 sentence 1 b) GDPR) or for the assertion, exercise or defense of legal claims (Art. 49 para. 1 sentence 1 e) GDPR).

For information on the appropriate safeguards we have put in place to protect your personal data, including a copy of any standard data protection clauses concluded, please contact us using the contact details set out in Sec. 1 above.

14. Deletion of your data

Unless set out otherwise in this privacy policy, we erase or anonymize your personal data when they are no longer required for the purposes for which we have collected and/or further processed them in accordance with this privacy policy. As a general rule, we will store your data for the duration of your usage of our website and/or the duration of the contractual relationship. Where we process your data based on your consent, such data will be deleted upon your withdrawal of consent; or at an earlier if such data are no longer required for the purpose for which we collected them.We store your personal data for a longer period of time only to the extent:

• that we are bound by law to retain your data, we will store your data throughout the time period prescribed by law (Art 6 (1) c) GDPR). In particular, such legal obligations to store your data may result from retention periods under any commercial or fiscal laws that the Controller is subject to. The retention periods are regularly starting from the end of the year in which the relevant processing or operation were completed, e.g., when we have fully processed your request.
• the data is still needed for criminal prosecution or for the establishment, exercise of or defense against legal claims, which also explains our legitimate interest, Art 6 (1) f) GDPR. In these cases, the data are stored until the corresponding process has been completed plus the statutory retention period.

If data must be retained for the purposes detailed above, processing will be restricted. The data will then no longer be available for any other use.

15. Your Rights

You have the rights set out below concerning the processing of your personal data. In addition to any options already described in this privacy policy, you may exercise your rights by sending a request by letter or e-mail using the contact details provided in Sec 1 above.

15.1 Right of access

Within the scope of Art 15 GDPR and § 34 Federal Data Protection Act (“BDSG”), you have the right to obtain from us, information on and access to the personal data that is being processed by us.

15.2 Right to rectification

You have the right to obtain from us the rectification of any inaccurate personal data concerning you without undue delay.

15.3 Right to erasure

Under the prerequisites set out in Art 17 GDPR and § 35 BDSG, you have the right to obtain from us the erasure of personal data concerning you.

15.4 Right to restriction of processing

You have the right to obtain from us the restriction of processing pursuant to Art 18 GDPR.

15.5 Right to data portability

You have the right to receive from us the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format pursuant to Art 20 GDPR.

15.6 Right to Object

Pursuant to Art 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to any processing of personal data concerning you, that, inter alia, is based on Art 6 (1)(f) GDPR. We shall then no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise or defence of legal claims.Where personal data are being processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. Upon your objection, we will no longer process your data for these purposes.

15.7 Withdrawal of a consent

In accordance with Art 7 (3)(1) GDPR, you have the right to withdraw your consent at any time. Withdrawal of your consent does not affect the lawfulness of any processing that is based on your consent before your withdrawal.

16. Right to Lodge a Complaint

If you believe that the processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with a data protection authority.

17. Data Processed when you Exercise your Rights

Finally, we hereby advise, that we process the personal data transmitted by you, when you exercise your rights under Art 7 (3)(1) and Art 15 to Art 22 GDPR for the purpose of complying with these rights and to be able to demonstrate such compliance. Further, we will process your personal data to defend our legal position.In this context your personal data is stored as long as necessary to demonstrate that we have fully and compliantly processed your data subject right request.Such processing for the purpose of fulfilling your data subject rights and proof of a legally compliant fulfillment is based on our legal obligation according to Art. 6 (1) c) GDPR in connection with Art. 7 (3) sentence 1 and Art. 15 to Art 22 GDPR and applicable local laws on data protection. Insofar that we process your personal data to defend our legal position this also explains our legitimate interest, Art 6 (1) f) GDPR.You are not required to provide your personal data to us, neither by contract nor by law, notwithstanding, we may refuse to fulfil your request concerning your data subject rights pursuant to Art 12 (2) (2) GDPR if you do not provide us, though being requested to do so, with the data necessary for your identification.

18. Contact details of DNA cooperation partners and their respective data protection officers

(1) dpa Deutsche Presse-Agentur GmbH, Mittelweg 38, 20148 HamburgTelephone: +49 40 4113 0E-Mail: info@dpa.comData protection officer: datenschutz@dpa.com

(2) Agence France-Presse, 11-13-15 place de la Bourse, 75002 Paris, France

Telephone: +33 1 4041 4646 E-Mail: contact@afp.com

Data protection officer:

(3) Agenzia Nazionale Stampa Associata, Via della Dataria, 94, 00187 Roma (RM), Italy

Telephone: +39 06 67741 E-Mail: rcc@ansa.it

Data protection officer:

(4) The Canadian Press, 60 Adelaide St. E., Suite 1200, Toronto, ON, M5C 3E4, Canada

Telephone: E-Mail: info@thecanadianpressnews.ca

Data protection officer:

(5) PA Media, The Point, 37 N Wharf Rd, Paddington, London W2 1AF, United Kingdom

Telephone: +44 20 7963 7000 E-Mail: info@pa.media

Data protection officer:

19. Changes to this Privacy Policy

You can access the current version of this privacy policy at any time at: [URL Privacy Policy]

Version: 12/2025