1.1 Introduction

This Privacy Policy describes:

  • What personal data we collect,
  • How we use it,
  • How we protect it,
  • Your rights under GDPR.

This Policy has been developed in accordance with the General Data Protection Regulation (GDPR, EU Regulation 2016/679) and the ePrivacy Directive (2002/58/EC).

By using the Site, you agree to the terms of this Policy. If you do not agree, please do not use the Site.

1.2 Data Controller

Novaja Gazeta - Europe

  • Address: Riga, Baznīcas street 7 - 1B, LV-1010, Latvia
  • Registration number: 40008315331
  • Email: [email protected]

For data protection inquiries, please contact us at the email address above.

1.3 What Data We Collect

Automatically collected data

Technical data:

  • Your device's IP address,
  • Browser type and operating system,
  • Date and time of visit,
  • Pages viewed,
  • Time spent on each page,
  • Referral source,
  • Click and interaction data,
  • Unique browser identifiers.

Collection methods:

  • Cookies,
  • Web beacons and tracking pixels,
  • Server logs,
  • Browser local storage.

Voluntarily provided data

You may provide us with:

  • Email address when subscribing to our newsletter,
  • Communication data when contacting support.

Data from embedded services

The Site uses embedded elements from social platforms (YouTube, Facebook, Instagram, Twitter/X, VK.com, Telegram). These platforms' operators may collect data about your activity through their own cookies and tracking tags. Their processing is governed by their own privacy policies.

1.4 Legal Basis for Processing

We process your data on the following legal bases:

Your consent:

  • Cookies for analytics, marketing and recommendations,
  • Email address for newsletters.

Legitimate interest:

  • IP address and browser data for Site security,
  • Fraud prevention,
  • Improving the Site and content.

Performance of a contract:

  • Responding to your inquiries.

1.5 Purposes of Processing

We use your data to:

  • Provide and improve Site functionality,
  • Analyse traffic and user behaviour,
  • Track popular content,
  • Optimise content and user experience,
  • Personalise and recommend articles,
  • Display targeted advertising,
  • Send newsletters (with your consent),
  • Respond to support requests,
  • Prevent fraud and abuse,
  • Protect the rights and property of the publication,
  • Comply with legal requirements.

1.6 Who We Share Data With

Your personal data may be shared with the following recipients:

Recipient

Purpose

Jurisdiction

Google Ireland Limited

Google Analytics, Google Ads

EU

Yandex LLC

Yandex.Metrica, Yandex.Advertising

EU

Meta Platforms, Inc.

Facebook, Instagram, tracking pixel

USA

Twitter International Company

Embedded posts

USA

VK Company

Embedded posts

Russia

Telegram FZ-LLC

Embedded posts

UAE

YouTube LLC

Embedded videos

USA

Cloudflare Inc.

Hosting, DDoS protection

USA / EU

Substack Inc.

Newsletter management

USA

Transfers to third countries

To comply with GDPR when transferring data to companies outside the EU, we use Standard Contractual Clauses (SCC) and other legal safeguards provided under Articles 44–49 of the GDPR.

1.7 Data Retention Periods

Data type

Retention period

Cookie data (analytics)

12–26 months

Subscriber email addresses

Until unsubscribe + 30-day archive

IP addresses in logs

90 days

Google Analytics

14 months

Communication data

As needed + 1-year archive

After the retention period, data is deleted or anonymised, unless the law requires longer retention.

1.8 Your Rights Under GDPR

Right of access

You may request a copy of all personal data we hold about you.

Right to rectification

You may ask us to correct inaccurate or incomplete data.

Right to erasure

You may request deletion of your data if:

  • The data is no longer necessary,
  • You withdraw your consent,
  • You object to the processing,
  • The data is being processed unlawfully.

Right to restriction of processing

You may request restriction of processing if:

  • You contest the accuracy of the data,
  • Processing is unlawful,
  • The data is no longer needed.

Right to data portability

You may receive your data in a structured format and transfer it to another controller.

Right to object

You may object to processing based on our legitimate interest.

Right to withdraw consent

You may withdraw your consent to data processing at any time.

1.9 How to Exercise Your Rights

Send a request to: [email protected]

Please include in your request:

  • Which right you wish to exercise
  • Your contact details
  • Information to help us identify you
  • Proof of identity (may be requested)

Response times

We are obliged to respond within 30 days. For complex requests, this period may be extended to 90 days with prior notice.

1.10 Data Security

We apply the following security measures:

  • Encryption (SSL/TLS) during data transmission,
  • Access control — authorised personnel only,
  • Regular security audits,
  • DDoS protection tools (Cloudflare),
  • Access monitoring and logging,
  • Staff training on GDPR requirements.

Despite all measures, we cannot guarantee 100% security. If you believe your data has been compromised, please contact us immediately.

1.11 Breach Notification

In the event of a personal data security breach, we will:

  • Notify supervisory authorities within 72 hours (where required),
  • Notify affected users by email where there is a high risk,
  • Provide information on the nature of the breach and the measures taken.

1.12 Policy Updates

We may update this Policy from time to time. The date of the last update is shown at the top of the document. Significant changes will be communicated to you via a notice on the Site or by email.