Privacy Policy

Last Updated: 23 April 2025

Introduction

This Privacy Policy describes how PRIORB ("we," "us," or "our"), located at Gewerkenstr 8, 44805 Bochum, Germany, collects, uses, processes, and discloses your information, including personal data, in conjunction with your access to and use of the Lightcone News website and services (collectively, the "Service"). As the data controller, we are committed to protecting your privacy and handling your data in an open and transparent manner, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Please read this Privacy Policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.

Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person ('data subject').
  • Processing: Any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • Controller: The natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purpose of this policy, PRIORB is the Controller.
  • Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
  • Data Subject: An identified or identifiable natural person whose personal data is processed.
  • Consent: Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  • GDPR: General Data Protection Regulation (EU) 2016/679.

Principles of Data Processing

We adhere to the principles relating to the processing of Personal Data set out in the GDPR, which require Personal Data to be:

  • Processed lawfully, fairly, and in a transparent manner.
  • Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
  • Accurate and, where necessary, kept up to date.
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
  • Processed in line with the rights of data subjects.

Types of Personal Data We Collect

We may collect and process the following types of Personal Data:

  • Information You Provide Directly:
    • When you register for an account: Name, email address, password (stored securely hashed).
    • When you use our contact form: Name, email address, and the content of your message.
    • When you interact with AI features: Text inputs, queries, and potentially feedback you provide (subject to specific consent where applicable).
  • Information Collected Automatically:
    • Log Data: Information that your browser automatically sends whenever you visit our Service. This log data may include your IP address (potentially anonymized or truncated), browser type and settings, the date and time of your request, how you interacted with the Service.
    • Usage Data: Information about how you use the Service, such as the articles you view, features you use, time spent on pages, clicks, and other interactions.
    • Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Please see our "Cookies and Tracking Technologies" section below for more details.
  • Information from Third Parties:
    • We generally do not receive personal data from third parties, except potentially aggregated or anonymized data from analytics providers.

Legal Basis for Processing Personal Data

We process your Personal Data based on the following legal grounds under GDPR:

  • Consent (Art. 6(1)(a) GDPR): Where you have given clear consent for us to process your personal data for a specific purpose (e.g., subscribing to a newsletter, non-essential cookies, using specific AI interaction data for improvement). You can withdraw your consent at any time.
  • Contract Performance (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract (e.g., creating and maintaining your user account, providing the core functionalities of the Service).
  • Legal Obligation (Art. 6(1)(c) GDPR): Where processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax laws, responding to legal requests).
  • Legitimate Interests (Art. 6(1)(f) GDPR): Where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms (e.g., analyzing usage data to improve the Service, ensuring network and information security, sending essential service communications, preventing fraud). We conduct a balancing test for processing based on legitimate interests.

How We Use Your Personal Data

We use the collected Personal Data for various purposes:

  • To provide, operate, and maintain our Service.
  • To manage your account and provide customer support.
  • To improve, personalize, and expand our Service (e.g., understanding usage patterns, potentially personalizing content based on reading history - subject to transparency and controls).
  • To develop new products, services, features, and functionality.
  • To communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the Service, and for marketing and promotional purposes (where consent is obtained if required).
  • To process your requests (e.g., contact form submissions).
  • To facilitate AI features, including processing your inputs to generate outputs and potentially (with explicit consent or anonymization) improving underlying models.
  • For compliance purposes, including enforcing our Terms of Service, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
  • To detect, prevent and address technical issues and security incidents.
  • For analytics and measurement to understand how our Services are used.

Data Sharing and Disclosure

We do not sell your Personal Data. We may share your Personal Data in the following limited circumstances:

  • Service Providers (Processors): We may employ third-party companies and individuals to facilitate our Service, provide the Service on our behalf, perform Service-related services, or assist us in analyzing how our Service is used (e.g., hosting providers, email service providers like AWS SES, analytics providers, AI model providers like Google and OpenAI). These third parties act as Processors and have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose, under contractual agreements compliant with GDPR Art. 28.
  • AI Feature Providers: When you interact with AI features, your input data may be sent to third-party AI model providers (e.g., Google, OpenAI) to generate a response. We rely on the privacy policies and data processing agreements of these providers. We aim to minimize the personal data sent and will seek specific consent if providers intend to use input data for model training.
  • Legal Requirements: We may disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency), or to protect and defend our rights or property, prevent fraud, or protect the personal safety of users or the public.
  • Business Transfers: If we are involved in a merger, acquisition, or asset sale, your Personal Data may be transferred as part of that transaction. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.
  • With Your Consent: We may disclose your personal information for any other purpose with your explicit consent.

International Data Transfers

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located in the European Economic Area (EEA), your Personal Data may be transferred to countries outside the EEA, such as the United States, where some of our Service Providers may be located.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. For transfers outside the EEA, we rely on adequacy decisions by the European Commission where applicable, or implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, along with supplementary measures as necessary, to ensure a level of data protection equivalent to that required by GDPR.

Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Account information is typically retained for the duration your account is active and for a reasonable period thereafter for administrative purposes or as required by law. Usage data and logs may be retained for shorter periods for analysis and security purposes, typically anonymized or aggregated where possible after the initial necessity period.

Data Security

The security of your data is important to us. We implement appropriate technical and organizational security measures designed to protect the security of any personal information we process. These measures include, but are not limited to, encryption, access controls, secure password hashing, and regular security assessments. However, please also remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Your Data Protection Rights under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. You have the following rights:

  • The right to access: You have the right to request copies of your personal data.
  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The right to erasure ('right to be forgotten'): You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing: You have the right to object to our processing of your personal data based on legitimate interests, under certain conditions.
  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • The right to withdraw consent: Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
  • The right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of botched infringement if you consider that the processing of personal data relating to you infringes the GDPR.

To exercise any of these rights, please contact us using the contact details provided below. We may need to verify your identity before responding to such requests.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies (like web beacons or pixels) to collect and use personal information about you, including to track usage patterns and manage sessions. A cookie is a small text file stored on your device.

  • Strictly Necessary Cookies: These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site or managing your login session. These cookies do not require consent.
  • Performance and Analytics Cookies: These cookies collect aggregated, anonymized information about how you use our website (e.g., pages visited, links clicked) to help us improve website functions. We currently use Google Analytics for this purpose, integrated via the `nuxt-gtag` module. The collection of this data is subject to your explicit consent provided via our cookie consent banner. If consent is not granted, these cookies will not be placed, and analytics data will not be collected.
  • Functionality Cookies: These cookies allow our website to remember choices you have made in the past, like your language preference or user name and password for automatic login. We will ask for your consent before placing these cookies where required by law.
  • Marketing Cookies: (We currently do not use marketing cookies, but reserve the right to, subject to consent). These cookies track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad. These cookies can share that information with other organizations or advertisers.

You can manage your cookie preferences through the consent banner provided on our Service or via your browser settings. Please note that disabling strictly necessary cookies may affect the functionality of the Service.

Children's Privacy

Our Service does not address anyone under the age of 16 ("Children"). We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from a child under age 16 without verification of parental consent, we take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. We may also provide notice through the Service or via email for significant changes. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: