Effective date: 22 October 2025
Controller: Orepulse LTD, Tenarou 4, Agios Dometios, 2360 Nicosia, Cyprus, ΗΕ 476822.
Contact for privacy matters: privacy@orepulse.com
Data Protection Officer: Anna Kandilian, privacy@orepulse.com

This policy explains how we process personal data under Regulation (EU) 2016/679 (GDPR) and applicable Cyprus law. It applies when you visit orepulse.com (the “Site”), interact with our content, create an account, subscribe to newsletters, make purchases, submit press materials, or contact us.

Part of our processing is for journalistic purposes. Where applicable, GDPR Article 85 and Cyprus law allow limited exemptions to protect freedom of expression. We apply those narrowly and case-by-case.

 

1. What data we collect (GDPR arts. 13(1)(c), 14(1)(d))

- Technical and usage data: IP address, device/browser type, language, referrer, timestamps, request headers, pages viewed, consent-banner interactions.

- Cookie and similar identifiers: as set out in our Cookie Policy.

- Account data (if enabled): name, email, password hash, preferences, subscription tier, country, activity history.

- Newsletter data: email, consent timestamps, unsubscribe and bounce events.

- Payments (if enabled): transaction IDs, payment token, billing country, VAT number where applicable. We do not store full card numbers; our payment processor does.

- Advertising/analytics/affiliate (if enabled): pseudonymous IDs, campaign parameters, conversion events, consent preferences.

- Embedded media/social: when you load or interact with third-party embeds (video, maps, social posts), providers may receive identifiers per your cookie choices.

- Communications and submissions: messages you send us; press materials and related metadata; contributor identity and licensing confirmations.

- Security/fraud signals: failed logins, rate-limit identifiers, threat indicators.

 We do not intentionally collect special-category data (art. 9). We do not direct services to children under 16.

 

2. Sources of data (art. 14(2)(f))

- From you (forms, account creation, newsletters, purchases, emails).

- Automatically via cookies/SDKs (consistent with your consent choices).

- From processors acting on our instructions.

- From public/third-party sources (e.g., verifying press submissions).

 

3. Purposes and legal bases (arts. 13(1)(c), 14(1)(c))

Purpose	Examples	Legal basis
Operate and secure the Site	Routing, load balancing, uptime logs, abuse prevention	Legitimate interests (art. 6(1)(f))
Consent management	Store and honor cookie choices	Legal obligation (ePrivacy) + legitimate interests (proof of consent)
Accounts & authentication (if enabled)	Register, log in, session management	Contract (art. 6(1)(b)); legitimate interests (security)
Newsletters & alerts	Send editorial updates	Consent (art. 6(1)(a))
Purchases/subscriptions (if enabled)	Payment, invoicing, tax	Contract + legal obligation
Analytics & performance (if enabled)	Page metrics, quality improvements	Consent via cookie banner
Advertising & affiliate (if enabled)	Delivery/measurement, attribution	Consent via cookie banner
Editorial operations	Receive press materials, verify rights, contact you	Legitimate interests; sometimes consent or legal obligation
Legal/compliance	Takedowns, rights requests, enforcing Terms	Legal obligation; legitimate interests
Security/fraud	Detect abuse, protect accounts/systems	Legitimate interests

 

4. Direct marketing and your right to object (art. 21)

If we process personal data for direct marketing, you may object at any time; we will stop processing for that purpose, including related profiling. Use the unsubscribe link or email privacy@orepulse.com.

 

5. Recipients (arts. 13(1)(e), 14(1)(e))

- Processors under contract: hosting/CDN, email delivery, consent-management, analytics (if enabled), payment processing (if enabled), error logging, security tooling.

- Advertising/affiliate partners (if enabled), per your consent preferences.

- Third-party media platforms when you load embeds, per your cookie choices.

- Professional advisers and external counsel.

- Public authorities when required by law or court order.

We do not sell personal data.

 

6. International transfers (arts. 13(1)(f), 14(1)(f))

Some providers may process data outside the EEA. Where transfers occur, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses together with supplementary measures. If a mechanism changes, we will adopt a valid alternative and update this policy.

 

7. Retention (arts. 13(2)(a), 14(2)(a))

Data category	Typical retention
Technical logs & security events	Up to 30 days, unless extended for incident investigation
Consent records	Up to 13 months, then refreshed
Account data	Life of the account + up to 6 years after closure (legal/tax/record-keeping, where applicable)
Newsletter records	Until you unsubscribe; suppression list retained to honor opt-outs
Payment/invoicing records	6–10 years (tax/accounting rules)
Editorial submissions & rights confirmations	Life of the content/rights, or as needed for legal claims
Legal complaints & takedowns	For the duration of the claim and applicable limitation periods

 

8. Cookies and similar technologies (art. 13(1)(e))

We use cookies and similar technologies as described in our Cookie Policy. Non-essential categories operate only with your prior consent and can be changed at any time via Cookie Settings. Essential cookies are used to provide services you request and for our legitimate interests in security and fraud prevention.

 

9. Whether provision is mandatory and consequences (arts. 13(2)(e), 14(2)(e))

- You do not have to provide personal data to browse public pages.

- For accounts, newsletters, or purchases, certain data is necessary; without it we may not be able to provide the service.

- Declining consent for non-essential cookies disables related features.

 

10. Your rights (Chapter III; arts. 12–23)

- Access (art. 15)

- Rectification (art. 16)

- Erasure (art. 17)

- Restriction (art. 18)

- Portability (art. 20)

- Object (art. 21) — including an absolute right to object to direct marketing at any time

- Withdraw consent (art. 7(3)) — at any time; withdrawal does not affect prior lawful processing

To exercise rights, email privacy@orepulse.com. We may need to verify your identity. We respond without undue delay and within one month (extendable by two months for complex cases, with notice). You may also lodge a complaint with a supervisory authority.

 

11. Supervisory authority contact (arts. 13(2)(d), 14(2)(e))

Office of the Commissioner for Personal Data Protection (Cyprus)
Kypranoros 15, 1061 Nicosia, Cyprus — P.O. Box 23378, 1682 Nicosia
Tel: +357 22 818 456 | Fax: +357 22 304 565 — Website: dataprotection.gov.cy.

 

12. Automated decision-making and profiling (arts. 13(2)(f), 14(2)(g), 22)

We do not engage in automated decision-making that produces legal or similarly significant effects. If we later introduce features that rely on profiling for advertising or personalisation, they will run only with your consent, and you may withdraw consent or object at any time.

 

13. Third-party links and embedded content

Our articles may include links to third-party sites and embedded media (for example, video players or social posts). Those providers process data under their own privacy policies. Where feasible, embedded content is gated by your cookie choices and loads only after opt-in.

 

14. International representations (if applicable)

We are established in Cyprus. If we designate a representative in another jurisdiction, we will publish their contact details here.

 

15. Changes to this policy (arts. 13(3), 14(4))

We update this policy when our processing changes or when required by law. The Effective date shows the latest version. Material changes will be signposted on the Site and, where appropriate, by email.

 

16. How to contact us

Questions or requests: privacy@orepulse.com
Postal: Orepulse LTD, Tenarou 4, Agios Dometios, 2360 Nicosia, Cyprus, ΗΕ 476822.

 

Prepared for Orepulse LTD by AVZ Law Office, Grigoris Aivazidis, Larnakos Avenue 86A, Nicosia 1046, Cyprus, info@avzlaw.com