DATA PROTECTION, PRIVACY AND INFORMATION GOVERNANCE POLICY
Platform & Company Details
1. PRELIMINARY DECLARATION AND JURIDICAL PREAMBLE
2. DEFINITIONS, INTERPRETATION AND LEGAL CONSTRUCTION
3. CORPORATE IDENTITY, BRAND OWNERSHIP AND LEGAL CAPACITY
4. NATURE, PURPOSE AND EDITORIAL CHARACTER OF THE DIGITAL PLATFORM
5. TERRITORIAL, EXTRATERRITORIAL AND CROSS-BORDER APPLICABILITY
6. DATA FIDUCIARY, DATA CONTROLLER AND RESPONSIBLE ENTITY
7. CATEGORIES OF DATA SUBJECTS COVERED UNDER THIS POLICY
8. CLASSIFICATION AND TAXONOMY OF PERSONAL DATA COLLECTED
9. PERSONAL DATA OF USERS, READERS AND GENERAL VISITORS
10. PERSONAL DATA OF REGISTERED MEMBERS AND ACCOUNT HOLDERS
11. PERSONAL DATA OF EDITORS, MODERATORS AND ADMINISTRATIVE PERSONNEL
12. PERSONAL DATA OF CREATORS, AUTHORS, JOURNALISTS AND CONTRIBUTORS
13. USER-GENERATED CONTENT, PUBLIC DISCLOSURE AND VOLUNTARY PUBLICATION
14. TECHNICAL DATA, DEVICE IDENTIFIERS AND ELECTRONIC LOG INFORMATION
15. LAWFUL BASIS, LEGITIMATE INTEREST AND CONSENT-BASED PROCESSING
16. PURPOSE LIMITATION AND PERMISSIBLE PROCESSING OPERATIONS
17. JOURNALISTIC, EDITORIAL, EDUCATIONAL AND PUBLIC-INTEREST PROCESSING
18. EDITORIAL CONFIDENTIALITY, ACCESS CONTROL AND INTERNAL GOVERNANCE
19. CREATOR, CONTRIBUTOR AND AUTHOR DATA GOVERNANCE
20. COOKIES, TRACKING INSTRUMENTS AND DIGITAL IDENTIFICATION TECHNOLOGIES
21. NEWSLETTERS, ELECTRONIC COMMUNICATIONS AND INFORMATIONAL DISPATCHES
22. SOCIAL MEDIA INTERACTION AND THIRD-PARTY PLATFORM EXPOSURE
23. THIRD-PARTY LINKS, EMBEDDED MATERIAL AND EXTERNAL DIGITAL INFRASTRUCTURE
24. DISCLOSURE, TRANSMISSION AND LAWFUL SHARING OF PERSONAL DATA
25. SERVICE PROVIDERS, PROCESSORS AND TECHNICAL INTERMEDIARIES
26. INTERNATIONAL DATA TRANSFER AND TRANSNATIONAL PROCESSING SAFEGUARDS
27. DATA RETENTION, ARCHIVAL PRESERVATION AND LAWFUL ERASURE
28. INFORMATION SECURITY, CYBER PROTECTION AND ORGANISATIONAL SAFEGUARDS
29. CHILDREN, MINORS AND PROTECTED CATEGORY USERS
30. SENSITIVE PERSONAL DATA AND RESTRICTED INFORMATION
31. RIGHTS OF USERS, EDITORS, CREATORS AND DATA SUBJECTS
32. ADDITIONAL RIGHTS OF FOREIGN AND INTERNATIONAL DATA SUBJECTS
33. AUTOMATED PROCESSING, PROFILING AND ALGORITHMIC MODERATION
34. ACCURACY, RECTIFICATION, TAKEDOWN AND CONTENT REVIEW MECHANISM
35. PAYMENT, TAXATION, COMMERCIAL AND CONTRIBUTOR REMUNERATION DATA
36. ADVERTISING, SPONSORED MATERIAL AND ANALYTICAL MEASUREMENT
37. DATA BREACH, CYBER INCIDENT AND STATUTORY NOTIFICATION PROTOCOL
38. DO-NOT-TRACK SIGNALS AND GLOBAL PRIVACY CONTROL MECHANISMS
39. THIRD-PARTY PERSONAL DATA SUBMITTED BY USERS, EDITORS OR CREATORS
40. PROHIBITED CONDUCT, UNAUTHORIZED ACCESS AND DATA MISUSE
41. GLOBAL PRIVACY LAW ALIGNMENT AND COMPLIANCE FRAMEWORK
42. GRIEVANCE REDRESSAL, DATA PROTECTION CONTACT AND LEGAL COMMUNICATION
43. AMENDMENT, MODIFICATION AND REVISION OF THIS POLICY
44. LIMITATION OF LIABILITY, EXCLUSION OF DAMAGES AND THIRDPARTY RISK
45. ACCEPTANCE, ACKNOWLEDGEMENT AND BINDING EFFECT
ANNEXURES TO THE DATA PROTECTION, PRIVACY AND INFORMATION GOVERNANCE POLICY
These Annexures constitute a statutory, regulatory and interpretative compliance schedule to the Policy. They shall be applied only to the extent relevant to the nature of the Platform, the jurisdiction of the data subject, the territorial reach of the processing, the threshold of applicability, the business activity undertaken, and the mandatory law then in force.
ANNEXURE A — INDIAN STATUTORY, REGULATORY, CYBER, MEDIA AND EDITORIAL LAW CORPUS
| S. No. | Legal Instrument | Relevance / Operative Interface |
|---|---|---|
| 1 | Digital Personal Data Protection Act, 2023 | Digital personal data processing, data fiduciary obligations, consent, notice, data principal rights, children’s data, personal data breach, grievance redressal and lawful processing. |
| 2 | Digital Personal Data Protection Rules, 2025 | Operational rules concerning notice, consent, grievance handling, security safeguards, breach intimation, consent manager framework, child data processing and related compliance, as applicable. |
| 3 | Information Technology Act, 2000 | Electronic records, cyber offences, intermediary liability, lawful access, cybersecurity, digital authentication and electronic governance related obligations. |
| 4 | Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 | Legacy security practices, privacy policy disclosures and sensitive personal data handling, to the extent not displaced or modified by subsequent applicable law. |
| 5 | Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, as amended | Due diligence for intermediaries, grievance redressal, unlawful content response, user-generated content moderation, digital news/current affairs publisher obligations and ethics code compliance, where applicable. |
| 6 | CERT-In Directions issued under Section 70B of the Information Technology Act, 2000 | Cyber incident reporting, log retention, information security practices, incident response cooperation and covered entity obligations, where applicable. |
| 7 | Press and Registration of Periodicals Act, 2023 and Press and Registration of Periodicals Rules, 2024 | Registration and publication obligations for periodicals containing public news or comments on public news, if TEN conducts activities falling within the statutory definition and territorial scope. |
| 8 | Press Council Act, 1978 and Norms of Journalistic Conduct | Editorial fairness, accuracy, decency, restraint, public interest, journalistic ethics and correction practices, where applicable to publication activities. |
| 9 | Consumer Protection Act, 2019 and Consumer Protection (E-Commerce) Rules, 2020 | Consumer rights, unfair trade practice, transparency, grievance handling, e-commerce disclosures, refunds and service representations, where any commercial offering is made. |
| 10 | Guidelines for Prevention of Misleading Advertisements and Endorsements for Misleading Advertisements, 2022 | Sponsored content, creator endorsements, brand promotions, influencer disclosures, claims substantiation and prevention of misleading advertisements. |
| 11 | Copyright Act, 1957 | Ownership, licensing, reproduction, adaptation, publication, attribution, fair dealing, takedown of infringing material and creator-content rights. |
| 12 | Trade Marks Act, 1999 | Brand names, logos, marks, passing off, infringement, use of third-party marks and protection of TEN/Kubza identifiers. |
| 13 | Bharatiya Nyaya Sanhita, 2023 and applicable criminal law | Defamation, obscenity, hate speech, intimidation, impersonation, public order, unlawful publication and other penal liabilities, where applicable. |
| 14 | Bharatiya Nagarik Suraksha Sanhita, 2023 and Bharatiya Sakshya Adhiniyam, 2023 | Procedural, evidentiary and law-enforcement aspects concerning digital records, electronic evidence, notices, investigations and lawful proceedings. |
| 15 | Indecent Representation of Women (Prohibition) Act, 1986 | Restrictions on indecent or derogatory representation of women in content, advertising, images, videos and publications. |
| 16 | Protection of Children from Sexual Offences Act, 2012 and Juvenile Justice (Care and Protection of Children) Act, 2015 | Heightened standards while publishing, moderating or processing content involving children, minors, victims, identity protection and sensitive reporting. |
| 17 | Income-tax Act, 1961, Goods and Services Tax laws and allied fiscal statutes | Retention of invoices, TDS/TCS, GST records, creator remuneration data, vendor records, advertising revenue records and statutory books, where applicable. |
| 18 | Contract Act, 1872 and Specific Relief Act, 1963 | Terms of use, creator contracts, contributor engagement, warranties, indemnities, confidentiality and enforceability of digital agreements. |
ANNEXURE B — INTERNATIONAL AND EXTRA-TERRITORIAL PRIVACY LAW ALIGNMENT SCHEDULE
| S. No. | Jurisdiction / Framework | Applicability Interface |
|---|---|---|
| 1 | European Union General Data Protection Regulation (Regulation (EU) 2016/679) and ePrivacy Directive | Lawful basis, transparency, data subject rights, cookies, profiling, transfers, processor contracts, security and supervisory authority interface. |
| 2 | European Union Digital Services Act and related online platform obligations | Transparency, illegal content mechanisms, user redress, advertising disclosure and platform accountability, where service scope and EU nexus exist. |
| 3 | United Kingdom UK GDPR, Data Protection Act 2018 and Privacy and Electronic Communications Regulations | UK-specific data protection rights, cookies, electronic marketing, research/journalistic exemptions, data transfer and ICO-facing compliance. |
| 4 | Switzerland Swiss Federal Act on Data Protection and Data Protection Ordinance | Swiss personal data processing, personality rights, transparency, security, cross-border transfers and FDPIC-facing obligations, where applicable. |
| 5 | United States California Consumer Privacy Act, as amended by CPRA | Consumer notice, access, deletion, correction, opt-out of sale/share, sensitive data limitation and non-discrimination, where thresholds are met. |
| 6 | United States Children’s Online Privacy Protection Act and COPPA Rule | Parental control and consent duties for online services directed to children under 13 or with actual knowledge of child data collection. |
| 7 | United States CAN-SPAM Act and applicable state privacy laws | Commercial email transparency, unsubscribe, state-specific privacy rights and targeted advertising obligations, where applicable. |
| 8 | Canada PIPEDA and Canada’s Anti-Spam Legislation | Consent, fair information principles, access/correction, safeguards, breach reporting and commercial electronic messages. |
| 9 | Australia Privacy Act 1988, Australian Privacy Principles and Spam Act 2003 | Collection notices, use/disclosure limits, cross-border disclosure, access/correction, security, direct marketing and electronic messages. |
| 10 | Brazil Lei Geral de Proteção de Dados (LGPD) | Controller/processor governance, lawful bases, data subject rights, security, impact reports and ANPD-facing obligations, where Brazil nexus exists. |
| 11 | South Africa Protection of Personal Information Act, 2013 (POPIA) | Conditions for lawful processing, operator controls, special personal information, direct marketing and regulator interaction. |
| 12 | Singapore Personal Data Protection Act 2012 | Consent, notification, purpose limitation, access/correction, protection, retention, transfer limitation, data breach notification and DNC obligations. |
| 13 | United Arab Emirates Federal Personal Data Protection Law and applicable free-zone laws | Consent/legal basis, data subject rights, cross-border transfer and controller/processor obligations, where applicable. |
| 14 | Japan Act on the Protection of Personal Information | Personal data handling, third-party transfer, cross-border transfer, security measures and data subject rights, where Japan nexus exists. |
| 15 | New Zealand Privacy Act 2020 and Information Privacy Principles | Purpose limitation, collection notice, access/correction, storage/security and notifiable privacy breach obligations, where applicable. |
| 16 | Other Jurisdictions Local privacy, cyber, consumer, media, advertising and electronic communications laws | To be assessed before targeting users, collecting data, engaging creators or running campaigns in that jurisdiction. |
ANNEXURE C — EDITORIAL, CREATOR, INTELLECTUAL PROPERTY, ADVERTISING AND PUBLICATION COMPLIANCE SCHEDULE
| Compliance Area | Editorial / Creator Obligation |
|---|---|
| Editorial Verification | Editors and creators shall observe accuracy, fairness, source diligence, correction readiness, non-misleading presentation and public-interest justification before publication. |
| Creator Warranties | Creators shall warrant originality, non-infringement, lawful acquisition of material, consent for third-party personal data, and absence of plagiarism, defamatory content or unlawful material. |
| User-Generated Content | Comments, posts and submissions may be moderated, removed, restricted, archived or disclosed when necessary for safety, legal compliance, editorial standards or rights protection. |
| Copyright and Licensing | Text, images, audio, video, graphics, quotations, screenshots and third-party materials must be used only with ownership, licence, statutory exception, fair dealing basis or written permission. |
| Trade Mark and Brand Use | Third-party names, logos, brand identifiers and platform marks shall be used only nominatively, referentially, lawfully or with permission, and without passing off or confusion. |
| Sponsored / Advertorial Content | Sponsored, paid, affiliate, promotional or brand-integrated content shall be identified and presented with legally adequate transparency and non-misleading claims. |
| Children and Vulnerable Persons | Content involving minors, victims, health information, trauma, sexual offences, vulnerable persons or sensitive identity shall be subject to stricter confidentiality, redaction and consent review. |
| Takedown and Rectification | Requests for correction, takedown, de-indexing, anonymisation or redaction shall be assessed against public interest, legal risk, accuracy, privacy rights and archival necessity. |
| Source Confidentiality | Confidential sources, unpublished drafts, editorial records and whistle-blower communications shall be protected subject to lawful process, public interest and legal advice. |
| Data Minimisation in Journalism | Editors and creators shall not publish excessive personal information where the same is not necessary for the editorial purpose or public-interest context. |
ANNEXURE D — DATA SUBJECT RIGHTS, GOVERNANCE DUTIES AND RESPONSE PROTOCOL MATRIX
| Right / Request | Response Protocol | Eligible Person |
|---|---|---|
| Access / Confirmation | The requester may seek confirmation as to whether personal data is processed and may request reasonable access, subject to verification and lawful restrictions. | User / Editor / Creator / Data Subject |
| Correction / Updating | Inaccurate or incomplete personal data may be corrected or updated upon valid request and verification. | All relevant individuals |
| Erasure / Deletion | Deletion may be actioned where legally permissible; refusal may occur for legal, contractual, tax, security, journalistic, archival or dispute-resolution reasons. | All relevant individuals |
| Consent Withdrawal | Consent-based processing may be withdrawn prospectively, subject to limitations where processing is necessary under law or legitimate necessity. | Subscribers / Users / Data Subjects |
| Objection / Restriction | Where applicable, the individual may object to certain processing or request restriction of use. | Jurisdiction-dependent |
| Portability | Structured data may be provided where applicable law grants such right and where technically feasible. | Jurisdiction-dependent |
| Opt-out of Marketing | Newsletter, promotional or commercial communications may be unsubscribed from through available channels. | Subscribers / Users |
| Creator Data Review | Creators may request review of author profile, remuneration records, attribution details and published biography, subject to contracts and archival obligations. | Creators / Contributors |
| Editor Access Review | Editors may request review of administrative access records or role-related data, subject to internal controls and security requirements. | Editors / Moderators |
| Grievance Escalation | Unresolved matters may be escalated to the Grievance Officer / Authorized Contact Person and, where applicable, to the competent regulator or authority. | All relevant individuals |
Operational Response Standards
- Every request shall be logged with date, identity verification status, request category, decision, action taken and closure date.
- No personal data shall be disclosed to an unverified requester or unauthorized third party.
- Where a request concerns published editorial content, the Company may conduct a public-interest, legal-risk, journalistic-value and accuracy assessment before taking action.
- Where a request is manifestly excessive, abusive, fraudulent, legally restricted or technically infeasible, the Company may decline or limit action with reasons where required by law.
ANNEXURE E — JURISDICTIONAL CAVEAT, CONFLICT RULE AND APPLICABILITY DISCLAIMER
1. Without-Prejudice Applicability
The mention of any Indian or foreign statute, rule, regulation, directive, code, guideline, standard or authority shall be without prejudice to the Company’s right to contest jurisdiction, applicability, maintainability, competence, territorial nexus, statutory threshold, limitation, liability, damages, penalty or enforcement action.
2. Mandatory Law Supremacy
If any provision of the Policy or these Annexures is inconsistent with a mandatory provision of applicable law, the mandatory provision of applicable law shall prevail only to the extent of such inconsistency. The remaining provisions shall continue to remain valid, binding and enforceable to the maximum extent permissible.
3. Dynamic Compliance Updating
The Company may amend, supplement, substitute or update these Annexures from time to time to account for legislative amendments, regulatory guidance, court decisions, technology changes, business restructuring, platform feature changes, editorial policy changes or risk-governance requirements.
4. No Waiver of Rights
No silence, delay, non-enforcement, partial enforcement, publication of policy language, voluntary compliance action, user communication or platform practice shall constitute waiver of any defence, privilege, limitation, exemption, journalistic protection, statutory exception, contractual right or legal remedy available to the Company under law or equity.
This document is issued under the authority of Kubza Private Limited for its operating brand The Eminent News (TEN).
For Kubza Private Limited
Anoop Shrivastava
Managing Director / Authorized Signatory
Contact Info
Email: Kubzagroup@gmail.com
Address: Gorakhpur, UP, India