DATA PROTECTION, PRIVACY AND INFORMATION GOVERNANCE POLICY

Platform & Company Details

Operating Company: Kubza Private Limited
Brand / Platform: The Eminent News (TEN)
CIN: U58130UP2025PTC239642
Company Website: www.kubzaa.com
Contact Email: contact@eminentnews.in / Kubzagroup@gmail.com
Registered Address: Gorakhpur, Uttar Pradesh, India
Applicability: Users, readers, editors, creators, authors, contributors, account holders, advertisers and collaborators
Effective Date & Last Updated: 1 July 2026

1. PRELIMINARY DECLARATION AND JURIDICAL PREAMBLE

This Data Protection, Privacy and Information Governance Policy is promulgated by Kubza Private Limited, a company incorporated under the Companies Act, 2013, bearing CIN U58130UP2025PTC239642, in respect of its digital news, editorial and knowledge brand The Eminent News, abbreviated as TEN. This Policy establishes the legal, administrative, editorial, technical and operational architecture governing the collection, recording, organization, structuring, storage, use, disclosure, transmission, retention, erasure and other processing of Personal Data on or through the Platform.

2. DEFINITIONS, INTERPRETATION AND LEGAL CONSTRUCTION

Unless repugnant to the context, the expressions Company, Kubza, TEN, The Eminent News, we, us and our shall mean Kubza Private Limited and its operating brand The Eminent News. Platform shall include www.eminentnews.in, www.eminentnews.com, digital publications, dashboards, creator tools, newsletters, social media channels and associated services. User means any reader, visitor, subscriber, commenter, account holder or person accessing the Platform. Editor means any person authorized to review, moderate, verify, approve, revise or publish content. Creator or Contributor means any author, journalist, writer, educator, freelancer, intern, columnist, media person or third-party submitting content or material to the Platform.

3. CORPORATE IDENTITY, BRAND OWNERSHIP AND LEGAL CAPACITY

The Eminent News is operated, administered and lawfully controlled by Kubza Private Limited. All legal notices, privacy requests, grievances, data protection communications and compliance correspondence shall be addressed to the Company through the contact details specified herein. The Platform, its editorial infrastructure, brand presentation, content systems, user interfaces, creator workflows and publication processes are subject to the internal governance and legal supervision of Kubza Private Limited.

4. NATURE, PURPOSE AND EDITORIAL CHARACTER OF THE DIGITAL PLATFORM

TEN functions as a digital news, current affairs, public information, knowledge, education, examination update and editorial platform under the brand philosophy Empowering Wisdom. The Platform may publish or host content relating to national affairs, world affairs, government schemes, economy, business, law, judiciary, social justice, internal security, environment, innovation, technology, sports, entertainment, education, examinations, magazines, podcasts, interviews, editorials and allied public-interest or educational categories.

5. TERRITORIAL, EXTRATERRITORIAL AND CROSS-BORDER APPLICABILITY

This Policy applies to all persons accessing or using the Platform from India or from any other jurisdiction, subject to territorial applicability, statutory thresholds, lawful exemptions and conflict-of-law principles. Where foreign data protection laws apply by reason of user location, processing activity, targeting, establishment, offering of services or statutory scope, such laws shall apply only to the legally required extent and not by mere reference in this Policy.

6. DATA FIDUCIARY, DATA CONTROLLER AND RESPONSIBLE ENTITY

For the purposes of Indian data protection law, Kubza Private Limited may act as Data Fiduciary in relation to Personal Data processed through TEN. For GDPR, UK GDPR and similar foreign regimes, the Company may act as Data Controller where it determines the purposes and means of processing. Service providers engaged by the Company may act as processors, operators, vendors, technical intermediaries or service providers, depending upon the nature of engagement and applicable law.

7. CATEGORIES OF DATA SUBJECTS COVERED UNDER THIS POLICY

a. Users, readers, subscribers, visitors, commenters and account holders. b. Editors, moderators, administrators and authorized editorial personnel. c. Creators, authors, journalists, guest writers, interns, freelancers, educators and contributors. d. Advertisers, sponsors, collaborators, vendors, service providers and business partners. e. Any person communicating with the Company through email, phone, social media, forms, newsletters or other channels.

8. CLASSIFICATION AND TAXONOMY OF PERSONAL DATA COLLECTED

The Company may collect identity data, contact data, account data, profile data, communication data, creator data, editor data, publication data, payment and tax data, device data, technical data, usage data, cookie data, analytics data and publicly submitted content. The nature and extent of Personal Data collected shall depend upon the relationship of the person with the Platform, the feature used, the content submitted and the lawful purpose for which such information is processed.

9. PERSONAL DATA OF USERS, READERS AND GENERAL VISITORS

a. Name, email address, mobile number, city, state, country, subscription preferences, contact form details, feedback, complaints, comments, requests or queries voluntarily submitted by the user. b. IP address, browser details, device information, pages viewed, content clicked, search queries, referral source, session duration, cookies, analytics identifiers and approximate location derived from technical information. c. Newsletter engagement, content preferences, account status, comment history and communication history where applicable.

10. PERSONAL DATA OF REGISTERED MEMBERS AND ACCOUNT HOLDERS

Where registration or login functionality is provided, the Company may process full name, username, email address, encrypted password credentials, profile information, profile photograph, login history, device logs, account activity, notification preferences and account verification details. Account holders are responsible for maintaining confidentiality of credentials and must immediately inform the Company of any unauthorized access, compromise or suspected misuse of account facilities.

11. PERSONAL DATA OF EDITORS, MODERATORS AND ADMINISTRATIVE PERSONNEL

The Company may process editor and administrator data including name, email, phone number, professional address, identity verification details, engagement records, role and access level, login credentials, dashboard activity, content approval history, moderation decisions, internal communications, payment details and tax records where applicable. Editors and administrative personnel shall process user data, creator data, unpublished drafts and internal information only within the scope of authorization granted by the Company.

12. PERSONAL DATA OF CREATORS, AUTHORS, JOURNALISTS AND CONTRIBUTORS

For creators and contributors, the Company may process name, pen name, author profile, photograph, biography, email, mobile number, address, social media handles, professional credentials, portfolio, submitted content, drafts, media files, references, editorial revisions, agreements, declarations, NOCs, payment details, bank details, UPI details, PAN, GST details and invoices where relevant. Creator information may be used for attribution, publication, editorial review, authenticity verification, content management, remuneration, taxation, audit, grievance handling, dispute resolution and legal compliance.

13. USER-GENERATED CONTENT, PUBLIC DISCLOSURE AND VOLUNTARY PUBLICATION

Any comment, post, article, reply, profile name, author biography, media file, guest contribution or other material submitted for public display may become visible to the public, indexed by search engines, shared on social media and copied or archived by third parties beyond the Company’s control. Users, editors and creators must not publish private, sensitive, confidential, defamatory, unlawful, infringing or third-party Personal Data without lawful basis, authority, consent or legitimate public-interest justification.

14. TECHNICAL DATA, DEVICE IDENTIFIERS AND ELECTRONIC LOG INFORMATION

The Platform may automatically collect IP address, device type, operating system, browser type, internet service provider, date and time of access, page views, clickstream data, crash logs, error logs, security logs, referral data, search terms, cookies, pixels, tags and similar digital identifiers. Such technical information may be used for security, analytics, functionality, fraud prevention, performance improvement, abuse detection, audit trails and lawful compliance.

15. LAWFUL BASIS, LEGITIMATE INTEREST AND CONSENT-BASED PROCESSING

a. Consent of the data principal or data subject where required by law. b. Performance of contract or pre-contractual arrangements with users, editors, creators, vendors or partners. c. Compliance with statutory, regulatory, judicial, tax, accounting, cybersecurity, media or legal obligations. d. Legitimate interests of the Company, including platform security, editorial governance, service improvement, legal defence, fraud prevention and business administration. e. Public-interest, journalistic, educational, research, archival or freedom-of-expression grounds, where legally recognized.

16. PURPOSE LIMITATION AND PERMISSIBLE PROCESSING OPERATIONS

Personal Data shall be processed for specified, lawful and legitimate purposes including platform operation, publication, editorial review, account management, communication, moderation, security, analytics, newsletter dispatch, creator administration, payment processing, content attribution, legal compliance and dispute resolution. The Company shall not process Personal Data in a manner manifestly incompatible with the stated purposes, except where permitted by law, consent, legitimate interest, public interest, contractual necessity or lawful authority.

17. JOURNALISTIC, EDITORIAL, EDUCATIONAL AND PUBLIC-INTEREST PROCESSING

As a news, editorial, current affairs and educational platform, TEN may process information for journalistic, literary, academic, research, archival, commentary, reporting, public awareness, examination update and public-interest purposes. Editors and creators must ensure that any publication involving Personal Data is fair, relevant, proportionate, accurate to the best of reasonable editorial assessment and justified by a lawful editorial or public-interest purpose.

18. EDITORIAL CONFIDENTIALITY, ACCESS CONTROL AND INTERNAL GOVERNANCE

Editors, administrators, moderators, employees, consultants, interns and authorized personnel shall maintain strict confidentiality in respect of user data, creator data, unpublished drafts, internal communications, editorial decisions, dashboard access, legal notices and technical credentials. Unauthorized access, copying, disclosure, download, extraction, sale, alteration, misuse, export or publication of data or internal editorial material is strictly prohibited and may attract suspension, termination, civil action, criminal complaint or regulatory reporting.

19. CREATOR, CONTRIBUTOR AND AUTHOR DATA GOVERNANCE

a. Creators warrant that submitted content is original, lawful, non-plagiarized and does not infringe copyright, trademark, personality rights, confidentiality, privacy or any third-party rights. b. Creators shall obtain all required permissions, consents, releases, licences and authorizations for photographs, videos, interviews, quotes, documents, references, third-party material and personal information used in submissions. c. The Company may review, fact-check, edit, moderate, approve, reject, archive, remove or update creator submissions in accordance with editorial standards and legal requirements.

20. COOKIES, TRACKING INSTRUMENTS AND DIGITAL IDENTIFICATION TECHNOLOGIES

The Platform may use cookies, pixels, tags, scripts, local storage, browser storage, analytics identifiers, advertising identifiers and similar technologies for authentication, user preferences, security, analytics, personalization, content performance, comment functionality, newsletter management, embedded content and advertising. Users may manage or disable cookies through browser settings; however, disabling cookies may impair login, comments, embedded content, personalization, preferences and certain platform functionalities.

21. NEWSLETTERS, ELECTRONIC COMMUNICATIONS AND INFORMATIONAL DISPATCHES

By subscribing to newsletters, current affairs updates, exam alerts, magazines, promotional messages or related communications, the user consents to receiving electronic communications from TEN and/or Kubza Private Limited. Users may unsubscribe from non-essential communications through available unsubscribe mechanisms or by contacting the Company. Administrative, account-related, security, transactional, legal or service communications may continue where necessary.

22. SOCIAL MEDIA INTERACTION AND THIRD-PARTY PLATFORM EXPOSURE

TEN may maintain or promote content through Instagram, Facebook, X/Twitter, Snapchat, YouTube, WhatsApp, Telegram, LinkedIn, Google, Arattai and other third-party platforms. If a user interacts with TEN through such platforms, the respective third-party platform may independently collect, process, profile, track, store or disclose user information under its own privacy policy, cookies policy, community standards and terms of service. The Company does not control such independent processing.

23. THIRD-PARTY LINKS, EMBEDDED MATERIAL AND EXTERNAL DIGITAL INFRASTRUCTURE

The Platform may contain third-party links, embedded videos, social posts, articles, educational references, government portal links, advertisements, sponsored content, images, maps, widgets, forms, payment links or external resources. Third-party websites and embedded services may collect information, use cookies, monitor interaction or process data independently. The Company does not assume liability for third-party privacy practices, security, accuracy, availability, legality or content.

24. DISCLOSURE, TRANSMISSION AND LAWFUL SHARING OF PERSONAL DATA

The Company does not sell Personal Data in the ordinary course of business. Personal Data may nevertheless be disclosed or transmitted where required for service delivery, technical operation, editorial administration, legal compliance, public safety, fraud prevention, business transfer, tax compliance, statutory reporting or enforcement of rights. Any disclosure shall be subject to lawful purpose, role-based access, necessity, proportionality and reasonable safeguards to the extent applicable.

25. SERVICE PROVIDERS, PROCESSORS AND TECHNICAL INTERMEDIARIES

The Company may engage hosting providers, IT vendors, developers, cloud platforms, content delivery networks, security vendors, spam detection services, analytics providers, newsletter tools, payment processors, accountants, legal advisors, consultants, advertisers and other service providers. Such service providers may process information only for authorized purposes and in accordance with applicable contractual, confidentiality and data protection obligations.

26. INTERNATIONAL DATA TRANSFER AND TRANSNATIONAL PROCESSING SAFEGUARDS

Personal Data may be stored, accessed or processed in India or in other jurisdictions where hosting providers, cloud infrastructure, analytics tools, communication platforms, content delivery networks or technical vendors operate. Where legally required, the Company may rely on consent, contractual safeguards, standard contractual clauses, adequacy decisions, statutory exceptions, legitimate transfer mechanisms or equivalent safeguards for cross-border processing.

27. DATA RETENTION, ARCHIVAL PRESERVATION AND LAWFUL ERASURE

Personal Data shall be retained only for as long as reasonably necessary for the purposes stated herein, unless a longer period is required or permitted by law, contract, tax, accounting, audit, security, dispute resolution, journalistic, archival or public-interest considerations. Account data, comments, creator records, editor logs, payment records, published content, author attribution, legal notices, security logs and communication records may be retained in accordance with legitimate operational, editorial and legal requirements.

28. INFORMATION SECURITY, CYBER PROTECTION AND ORGANISATIONAL SAFEGUARDS

The Company shall adopt reasonable technical, organizational, administrative and contractual safeguards against unauthorized access, misuse, alteration, disclosure, loss, destruction, malware, spam, credential compromise and other unlawful processing. No system of internet transmission or electronic storage is absolutely secure. Users, editors and creators must maintain confidentiality of credentials and immediately report suspected compromise or unauthorized activity.

29. CHILDREN, MINORS AND PROTECTED CATEGORY USERS

TEN may publish educational, current affairs, general knowledge and examination-related content that may be accessed by students and young aspirants. The Platform does not knowingly intend to collect children’s Personal Data without appropriate consent where such consent is required by applicable law. Parents or lawful guardians may contact the Company if they believe that a child or minor has submitted Personal Data without appropriate consent or lawful basis.

30. SENSITIVE PERSONAL DATA AND RESTRICTED INFORMATION

Users, editors and creators must not submit sensitive information unless specifically required and lawfully requested. Sensitive information may include passwords, financial information, government identification numbers, health data, biometric data, precise location, private communications, confidential documents, political or religious information and other restricted data recognized by law. The Company may delete, redact, restrict or moderate sensitive information where necessary for safety, legality, privacy, editorial integrity or compliance.

31. RIGHTS OF USERS, EDITORS, CREATORS AND DATA SUBJECTS

a. Right to access Personal Data, subject to verification and lawful limitations. b. Right to correction, rectification, updating or completion of inaccurate or incomplete Personal Data. c. Right to deletion, erasure, restriction or withdrawal of consent, subject to lawful retention and editorial exceptions. d. Right to object, opt out, receive information regarding processing and lodge a grievance where applicable. e. Right to nominate, where recognized under applicable Indian data protection law.

32. ADDITIONAL RIGHTS OF FOREIGN AND INTERNATIONAL DATA SUBJECTS

Depending upon the jurisdiction of the user and the legal applicability of foreign privacy laws, additional rights may arise under the EU GDPR, UK GDPR, Swiss Federal Act on Data Protection, California CCPA/CPRA, Canada PIPEDA, Australia Privacy Act, Brazil LGPD, South Africa POPIA, COPPA and similar laws. Such rights may include access, rectification, erasure, portability, restriction, objection, withdrawal of consent, opt-out of sale or sharing, limitation of sensitive data use, complaint to a supervisory authority and protection against discriminatory treatment for exercising privacy rights.

33. AUTOMATED PROCESSING, PROFILING AND ALGORITHMIC MODERATION

The Platform may use automated tools for spam detection, comment filtering, security monitoring, analytics, traffic measurement, content recommendation, newsletter segmentation, abuse prevention and moderation assistance. The Company does not intend to make decisions producing legal or similarly significant effects solely through automated processing without lawful basis where such activity is restricted by applicable law.

34. ACCURACY, RECTIFICATION, TAKEDOWN AND CONTENT REVIEW MECHANISM

Any user, editor, creator or affected person may request correction, update, deletion, redaction, restriction, review or takedown of Personal Data or published content through the contact details provided herein. Requests relating to published editorial content shall be assessed having regard to accuracy, public interest, freedom of expression, journalistic purpose, archival value, privacy rights, legal obligations, court orders, regulatory directions and editorial standards.

35. PAYMENT, TAXATION, COMMERCIAL AND CONTRIBUTOR REMUNERATION DATA

Where creators, contributors, vendors, advertisers, sponsors or service providers receive or make payments, the Company may process bank account details, UPI details, PAN, GSTIN, invoices, payment history, contracts, fee records, tax details, TDS records, accounting records and commercial correspondence. Such information may be retained for accounting, tax, audit, statutory compliance, contractual enforcement and dispute resolution purposes.

36. ADVERTISING, SPONSORED MATERIAL AND ANALYTICAL MEASUREMENT

The Platform may display advertisements, sponsored content, affiliate references, promotions, campaigns, analytics tools, marketing pixels or third-party measurement technologies. Advertising and analytics providers may independently process information under their own policies. Where required by applicable law, the Company may provide consent, preference, opt-out or notice mechanisms for advertising cookies, targeted advertising or similar activities.

37. DATA BREACH, CYBER INCIDENT AND STATUTORY NOTIFICATION PROTOCOL

In the event of a personal data breach, unauthorized access, unlawful disclosure, cyber incident or security compromise, the Company shall take reasonable steps to investigate, contain, mitigate and remediate the incident. Where required by applicable law, the Company may notify affected persons, regulatory authorities, law enforcement agencies or competent authorities in the manner and timeframe prescribed by law.

38. DO-NOT-TRACK SIGNALS AND GLOBAL PRIVACY CONTROL MECHANISMS

Some browsers, devices or privacy tools may transmit Do-Not-Track or Global Privacy Control signals. The Company may respond to such signals where legally required and technically feasible. In other cases, the response may depend upon browser configuration, available technology, third-party tools and applicable legal obligations.

39. THIRD-PARTY PERSONAL DATA SUBMITTED BY USERS, EDITORS OR CREATORS

Any person submitting Personal Data of another individual represents that such submission is supported by consent, legal authority, contractual basis, legitimate editorial purpose, public-interest justification or other lawful ground. Editors and creators must exercise enhanced caution while handling data relating to minors, victims, witnesses, accused persons, patients, employees, students, vulnerable persons or private individuals.

40. PROHIBITED CONDUCT, UNAUTHORIZED ACCESS AND DATA MISUSE

a. No person shall scrape, harvest, extract, sell, misuse, copy, export or unlawfully process user data, creator data, editor data or internal records. b. No person shall impersonate, upload malware, interfere with security, attempt unauthorized access, publish defamatory material, infringe intellectual property or disclose third-party Personal Data without lawful authority. c. Violation may result in account suspension, content removal, access revocation, contractual termination, legal proceedings, damages, injunctions or regulatory complaints.

41. GLOBAL PRIVACY LAW ALIGNMENT AND COMPLIANCE FRAMEWORK

This Policy is intended to be aligned, where applicable, with the Digital Personal Data Protection Act, 2023, Information Technology Act, 2000, Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, Consumer Protection Act, 2019, Copyright Act, 1957, Trade Marks Act, 1999, EU GDPR, UK GDPR, Swiss Federal Act on Data Protection, CCPA/CPRA, COPPA, PIPEDA, Australia Privacy Act and APPs, Brazil LGPD, South Africa POPIA and other applicable privacy, cybersecurity, electronic communication, consumer, media and data protection laws. Reference to any foreign law shall not be construed as an admission that such law applies in every circumstance. Applicability shall depend on jurisdictional nexus, user location, service targeting, processing activity, statutory threshold, exemption and territorial scope.

42. GRIEVANCE REDRESSAL, DATA PROTECTION CONTACT AND LEGAL COMMUNICATION

For privacy-related requests, complaints, consent withdrawal, correction, deletion, editor access concerns, creator data requests, takedown requests, legal notices or grievance redressal, communications may be addressed to Kubza Private Limited, Operating Brand: The Eminent News (TEN), Gorakhpur, Uttar Pradesh, India, Email: contact@eminentnews.in / Kubzagroup@gmail.com. Grievance Officer / Authorized Contact Person: Mr. Anoop Shrivastava, Designation: Director, Email: contact@eminentnews.in. The Company may verify identity before processing any request and may refuse, restrict or defer requests where legally permitted.

43. AMENDMENT, MODIFICATION AND REVISION OF THIS POLICY

Kubza Private Limited reserves the right to amend, modify, revise, supplement, replace or withdraw this Policy at any time to reflect changes in law, technology, business practice, platform functionality, editorial policy, security requirements or operational necessity. The revised Policy shall be published on the Platform with an updated date. Continued use of the Platform after publication of the revised Policy shall constitute acceptance of such revision.

44. LIMITATION OF LIABILITY, EXCLUSION OF DAMAGES AND THIRDPARTY RISK

Although the Company adopts reasonable safeguards, it shall not be liable for loss, damage, claim, cyber incident, unauthorized access, data breach, search engine indexing, social media republication, third-party misuse, platform failure, external compromise or technical disruption beyond its reasonable control, except to the extent liability cannot be excluded under applicable law. The Company shall not be responsible for independent privacy practices, cookies, algorithms, tracking, advertising, data processing or content of third-party websites, social media platforms, analytics providers, payment processors, hosting providers, advertisers or embedded services.

45. ACCEPTANCE, ACKNOWLEDGEMENT AND BINDING EFFECT

By accessing, browsing, registering, subscribing, commenting, creating, editing, uploading, contributing, publishing or otherwise using The Eminent News Platform, the user confirms that he/she/they have read, understood and accepted this Policy. Any person using the Platform on behalf of an organization, media entity, educational institution, agency, advertiser, creator group, vendor or third party represents that he/she/they is duly authorized to accept this Policy on behalf of such entity.

ANNEXURES TO THE DATA PROTECTION, PRIVACY AND INFORMATION GOVERNANCE POLICY

These Annexures constitute a statutory, regulatory and interpretative compliance schedule to the Policy. They shall be applied only to the extent relevant to the nature of the Platform, the jurisdiction of the data subject, the territorial reach of the processing, the threshold of applicability, the business activity undertaken, and the mandatory law then in force.

ANNEXURE A — INDIAN STATUTORY, REGULATORY, CYBER, MEDIA AND EDITORIAL LAW CORPUS

S. No.Legal InstrumentRelevance / Operative Interface
1Digital Personal Data Protection Act, 2023Digital personal data processing, data fiduciary obligations, consent, notice, data principal rights, children’s data, personal data breach, grievance redressal and lawful processing.
2Digital Personal Data Protection Rules, 2025Operational rules concerning notice, consent, grievance handling, security safeguards, breach intimation, consent manager framework, child data processing and related compliance, as applicable.
3Information Technology Act, 2000Electronic records, cyber offences, intermediary liability, lawful access, cybersecurity, digital authentication and electronic governance related obligations.
4Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011Legacy security practices, privacy policy disclosures and sensitive personal data handling, to the extent not displaced or modified by subsequent applicable law.
5Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, as amendedDue diligence for intermediaries, grievance redressal, unlawful content response, user-generated content moderation, digital news/current affairs publisher obligations and ethics code compliance, where applicable.
6CERT-In Directions issued under Section 70B of the Information Technology Act, 2000Cyber incident reporting, log retention, information security practices, incident response cooperation and covered entity obligations, where applicable.
7Press and Registration of Periodicals Act, 2023 and Press and Registration of Periodicals Rules, 2024Registration and publication obligations for periodicals containing public news or comments on public news, if TEN conducts activities falling within the statutory definition and territorial scope.
8Press Council Act, 1978 and Norms of Journalistic ConductEditorial fairness, accuracy, decency, restraint, public interest, journalistic ethics and correction practices, where applicable to publication activities.
9Consumer Protection Act, 2019 and Consumer Protection (E-Commerce) Rules, 2020Consumer rights, unfair trade practice, transparency, grievance handling, e-commerce disclosures, refunds and service representations, where any commercial offering is made.
10Guidelines for Prevention of Misleading Advertisements and Endorsements for Misleading Advertisements, 2022Sponsored content, creator endorsements, brand promotions, influencer disclosures, claims substantiation and prevention of misleading advertisements.
11Copyright Act, 1957Ownership, licensing, reproduction, adaptation, publication, attribution, fair dealing, takedown of infringing material and creator-content rights.
12Trade Marks Act, 1999Brand names, logos, marks, passing off, infringement, use of third-party marks and protection of TEN/Kubza identifiers.
13Bharatiya Nyaya Sanhita, 2023 and applicable criminal lawDefamation, obscenity, hate speech, intimidation, impersonation, public order, unlawful publication and other penal liabilities, where applicable.
14Bharatiya Nagarik Suraksha Sanhita, 2023 and Bharatiya Sakshya Adhiniyam, 2023Procedural, evidentiary and law-enforcement aspects concerning digital records, electronic evidence, notices, investigations and lawful proceedings.
15Indecent Representation of Women (Prohibition) Act, 1986Restrictions on indecent or derogatory representation of women in content, advertising, images, videos and publications.
16Protection of Children from Sexual Offences Act, 2012 and Juvenile Justice (Care and Protection of Children) Act, 2015Heightened standards while publishing, moderating or processing content involving children, minors, victims, identity protection and sensitive reporting.
17Income-tax Act, 1961, Goods and Services Tax laws and allied fiscal statutesRetention of invoices, TDS/TCS, GST records, creator remuneration data, vendor records, advertising revenue records and statutory books, where applicable.
18Contract Act, 1872 and Specific Relief Act, 1963Terms of use, creator contracts, contributor engagement, warranties, indemnities, confidentiality and enforceability of digital agreements.

ANNEXURE B — INTERNATIONAL AND EXTRA-TERRITORIAL PRIVACY LAW ALIGNMENT SCHEDULE

S. No.Jurisdiction / FrameworkApplicability Interface
1European Union General Data Protection Regulation (Regulation (EU) 2016/679) and ePrivacy DirectiveLawful basis, transparency, data subject rights, cookies, profiling, transfers, processor contracts, security and supervisory authority interface.
2European Union Digital Services Act and related online platform obligationsTransparency, illegal content mechanisms, user redress, advertising disclosure and platform accountability, where service scope and EU nexus exist.
3United Kingdom UK GDPR, Data Protection Act 2018 and Privacy and Electronic Communications RegulationsUK-specific data protection rights, cookies, electronic marketing, research/journalistic exemptions, data transfer and ICO-facing compliance.
4Switzerland Swiss Federal Act on Data Protection and Data Protection OrdinanceSwiss personal data processing, personality rights, transparency, security, cross-border transfers and FDPIC-facing obligations, where applicable.
5United States California Consumer Privacy Act, as amended by CPRAConsumer notice, access, deletion, correction, opt-out of sale/share, sensitive data limitation and non-discrimination, where thresholds are met.
6United States Children’s Online Privacy Protection Act and COPPA RuleParental control and consent duties for online services directed to children under 13 or with actual knowledge of child data collection.
7United States CAN-SPAM Act and applicable state privacy lawsCommercial email transparency, unsubscribe, state-specific privacy rights and targeted advertising obligations, where applicable.
8Canada PIPEDA and Canada’s Anti-Spam LegislationConsent, fair information principles, access/correction, safeguards, breach reporting and commercial electronic messages.
9Australia Privacy Act 1988, Australian Privacy Principles and Spam Act 2003Collection notices, use/disclosure limits, cross-border disclosure, access/correction, security, direct marketing and electronic messages.
10Brazil Lei Geral de Proteção de Dados (LGPD)Controller/processor governance, lawful bases, data subject rights, security, impact reports and ANPD-facing obligations, where Brazil nexus exists.
11South Africa Protection of Personal Information Act, 2013 (POPIA)Conditions for lawful processing, operator controls, special personal information, direct marketing and regulator interaction.
12Singapore Personal Data Protection Act 2012Consent, notification, purpose limitation, access/correction, protection, retention, transfer limitation, data breach notification and DNC obligations.
13United Arab Emirates Federal Personal Data Protection Law and applicable free-zone lawsConsent/legal basis, data subject rights, cross-border transfer and controller/processor obligations, where applicable.
14Japan Act on the Protection of Personal InformationPersonal data handling, third-party transfer, cross-border transfer, security measures and data subject rights, where Japan nexus exists.
15New Zealand Privacy Act 2020 and Information Privacy PrinciplesPurpose limitation, collection notice, access/correction, storage/security and notifiable privacy breach obligations, where applicable.
16Other Jurisdictions Local privacy, cyber, consumer, media, advertising and electronic communications lawsTo be assessed before targeting users, collecting data, engaging creators or running campaigns in that jurisdiction.

ANNEXURE C — EDITORIAL, CREATOR, INTELLECTUAL PROPERTY, ADVERTISING AND PUBLICATION COMPLIANCE SCHEDULE

Compliance AreaEditorial / Creator Obligation
Editorial VerificationEditors and creators shall observe accuracy, fairness, source diligence, correction readiness, non-misleading presentation and public-interest justification before publication.
Creator WarrantiesCreators shall warrant originality, non-infringement, lawful acquisition of material, consent for third-party personal data, and absence of plagiarism, defamatory content or unlawful material.
User-Generated ContentComments, posts and submissions may be moderated, removed, restricted, archived or disclosed when necessary for safety, legal compliance, editorial standards or rights protection.
Copyright and LicensingText, images, audio, video, graphics, quotations, screenshots and third-party materials must be used only with ownership, licence, statutory exception, fair dealing basis or written permission.
Trade Mark and Brand UseThird-party names, logos, brand identifiers and platform marks shall be used only nominatively, referentially, lawfully or with permission, and without passing off or confusion.
Sponsored / Advertorial ContentSponsored, paid, affiliate, promotional or brand-integrated content shall be identified and presented with legally adequate transparency and non-misleading claims.
Children and Vulnerable PersonsContent involving minors, victims, health information, trauma, sexual offences, vulnerable persons or sensitive identity shall be subject to stricter confidentiality, redaction and consent review.
Takedown and RectificationRequests for correction, takedown, de-indexing, anonymisation or redaction shall be assessed against public interest, legal risk, accuracy, privacy rights and archival necessity.
Source ConfidentialityConfidential sources, unpublished drafts, editorial records and whistle-blower communications shall be protected subject to lawful process, public interest and legal advice.
Data Minimisation in JournalismEditors and creators shall not publish excessive personal information where the same is not necessary for the editorial purpose or public-interest context.

ANNEXURE D — DATA SUBJECT RIGHTS, GOVERNANCE DUTIES AND RESPONSE PROTOCOL MATRIX

Right / RequestResponse ProtocolEligible Person
Access / ConfirmationThe requester may seek confirmation as to whether personal data is processed and may request reasonable access, subject to verification and lawful restrictions.User / Editor / Creator / Data Subject
Correction / UpdatingInaccurate or incomplete personal data may be corrected or updated upon valid request and verification.All relevant individuals
Erasure / DeletionDeletion may be actioned where legally permissible; refusal may occur for legal, contractual, tax, security, journalistic, archival or dispute-resolution reasons.All relevant individuals
Consent WithdrawalConsent-based processing may be withdrawn prospectively, subject to limitations where processing is necessary under law or legitimate necessity.Subscribers / Users / Data Subjects
Objection / RestrictionWhere applicable, the individual may object to certain processing or request restriction of use.Jurisdiction-dependent
PortabilityStructured data may be provided where applicable law grants such right and where technically feasible.Jurisdiction-dependent
Opt-out of MarketingNewsletter, promotional or commercial communications may be unsubscribed from through available channels.Subscribers / Users
Creator Data ReviewCreators may request review of author profile, remuneration records, attribution details and published biography, subject to contracts and archival obligations.Creators / Contributors
Editor Access ReviewEditors may request review of administrative access records or role-related data, subject to internal controls and security requirements.Editors / Moderators
Grievance EscalationUnresolved matters may be escalated to the Grievance Officer / Authorized Contact Person and, where applicable, to the competent regulator or authority.All relevant individuals

Operational Response Standards

  • Every request shall be logged with date, identity verification status, request category, decision, action taken and closure date.
  • No personal data shall be disclosed to an unverified requester or unauthorized third party.
  • Where a request concerns published editorial content, the Company may conduct a public-interest, legal-risk, journalistic-value and accuracy assessment before taking action.
  • Where a request is manifestly excessive, abusive, fraudulent, legally restricted or technically infeasible, the Company may decline or limit action with reasons where required by law.

ANNEXURE E — JURISDICTIONAL CAVEAT, CONFLICT RULE AND APPLICABILITY DISCLAIMER

1. Without-Prejudice Applicability

The mention of any Indian or foreign statute, rule, regulation, directive, code, guideline, standard or authority shall be without prejudice to the Company’s right to contest jurisdiction, applicability, maintainability, competence, territorial nexus, statutory threshold, limitation, liability, damages, penalty or enforcement action.

2. Mandatory Law Supremacy

If any provision of the Policy or these Annexures is inconsistent with a mandatory provision of applicable law, the mandatory provision of applicable law shall prevail only to the extent of such inconsistency. The remaining provisions shall continue to remain valid, binding and enforceable to the maximum extent permissible.

3. Dynamic Compliance Updating

The Company may amend, supplement, substitute or update these Annexures from time to time to account for legislative amendments, regulatory guidance, court decisions, technology changes, business restructuring, platform feature changes, editorial policy changes or risk-governance requirements.

4. No Waiver of Rights

No silence, delay, non-enforcement, partial enforcement, publication of policy language, voluntary compliance action, user communication or platform practice shall constitute waiver of any defence, privilege, limitation, exemption, journalistic protection, statutory exception, contractual right or legal remedy available to the Company under law or equity.

This document is issued under the authority of Kubza Private Limited for its operating brand The Eminent News (TEN).

For Kubza Private Limited

Anoop Shrivastava

Managing Director / Authorized Signatory

Contact Info

Email: Kubzagroup@gmail.com

Address: Gorakhpur, UP, India