Privacy Policy – worldnewsstudio.com (World News Studio or WNS)

DOCUMENT CONTROL
Version: v1.0
Effective Date: 11 February 2026
Last Updated: 11 February 2026
Review Cycle: February 2027 or upon material regulatory change
Accessibility Target: WCAG 2.1 AA (with progression toward WCAG 2.2)
Applies To: worldnewsstudio.com and associated digital services

This Policy is necessarily detailed due to the global scope, legal complexity, and public-interest responsibilities of the Platform. It is written in formal governance language to ensure clarity, consistency, and reliability across jurisdictions.

ACCESSIBILITY, STATUS & LEGAL NOTICE

This Privacy Policy is drafted in alignment with:

• WCAG 2.1 & 2.2
• US ADA Title III
• EU Web Accessibility Directive
• UK Equality Act
• India Rights of Persons with Disabilities Act
• Canada Accessible Canada Act
• Australia Disability Discrimination Act

This Privacy Policy is a legally binding document and forms part of the unified contractual framework of worldnewsstudio.com together with:

• Terms of Service
• Privacy Policy
• Data Protection & User Rights Statement
• Editorial Policy
• Code of Ethics
• Fact-Checking Policy
• Corrections & Updates Policy
• Community Guidelines
• User-Generated Content Policy
• Content Removal Policy
• Notice-and-Action / Takedown Procedure
• User Appeals & Review Process Policy
• Platform Safety & Risk Mitigation Policy
• Grievance Redressal Policy
• Copyright & Intellectual Property Policy
• Governing Law & Dispute Resolution
• All other policy and governance documents published on worldnewsstudio.com

In case of inconsistency, document hierarchy applies as defined in the Terms of Service.

1. PURPOSE, PHILOSOPHY, AND ETHICAL FOUNDATION OF PRIVACY

Privacy is not merely a compliance obligation for worldnewsstudio.com; it is a core ethical commitment grounded in:

• Human dignity
• Autonomy
• Freedom of expression
• Informational self-determination

worldnewsstudio.com operates as a global news, information, digital services, e-commerce and content platform, serving users across all continents, political systems, cultures, and legal regimes.

Accordingly, this Privacy Policy is designed to:

1. Explain what personal data is collected
2. Explain why data is processed
3. Describe how data is protected
4. Set out user rights worldwide
5. Address cross-border data flows
6. Balance privacy with journalism, safety, and public interest
7. Align with and reflect the principles of major global data protection regimes, to the extent applicable by operation of law.

2. GLOBAL LEGAL BASIS AND UNIVERSAL APPLICABILITY

This Privacy Policy is written to align with and reflect principles contained in major global data protection frameworks, to the extent applicable by operation of law.

2.1 International & Multilateral Frameworks

• Universal Declaration of Human Rights (Article 12)
• International Covenant on Civil and Political Rights (Article 17)
• UN Guiding Principles on Business & Human Rights
• OECD Privacy Guidelines
• APEC Privacy Framework
• Council of Europe Convention 108+
• African Union Malabo Convention
• ASEAN Data Protection Principles
• Ibero-American Data Protection Standards

2.2 National & Regional Laws

This Policy addresses compliance with, among others:

INDIA

• Digital Personal Data Protection Act, 2023
• IT Act, 2000
• IT Rules, 2021

EU

• GDPR
• ePrivacy Directive
• Digital Services Act (data aspects)

United Kingdom

• UK GDPR
• Data Protection Act, 2018

United States

• CCPA / CPRA (California)
• Virginia CDPA
• Colorado Privacy Act
• Connecticut, Utah, and other state laws
• FTC Act (unfair/deceptive practices)

Canada

• PIPEDA
• Provincial privacy statutes (Quebec Law 25, etc.)

China

• Personal Information Protection Law (PIPL)
• Cybersecurity Law
• Data Security Law

Russia

• Federal Law on Personal Data
• Data localization rules

Africa

• South Africa POPIA
• Nigeria Data Protection Act
• Kenya Data Protection Act
• Ghana, Egypt, Morocco, Tunisia, Rwanda, Uganda, Tanzania statutes

Latin America

• Brazil LGPD
• Argentina Data Protection Law
• Mexico Federal Data Law
• Chile, Colombia, Peru statutes

Middle East

• UAE PDPL
• Saudi Arabia PDPL
• Qatar Data Law
• Bahrain, Kuwait, Oman frameworks

Asia–Pacific

• Japan APPI
• Korea PIPA
• Singapore PDPA
• Indonesia PDP Law
• Vietnam Cybersecurity Law
• Australia Privacy Act
• New Zealand Privacy Act

Where no clear or comprehensive privacy statute exists, worldnewsstudio.com applies international best-practice standards.

2.3 Scope and Non-Establishment Clarification

References to international treaties, foreign statutes, regulatory authorities, or cross-border legal frameworks in this Policy are provided for transparency and comparative explanation only. Such references do not constitute representation of regulatory establishment, physical presence, incorporation, licensing, supervisory registration, or mandatory jurisdictional submission in any foreign country except where required by operation of applicable law based on operational nexus.

Compliance obligations are interpreted and applied strictly in accordance with mandatory legal applicability.

3. DEFINITIONS AND INTERPRETATION

For purposes of this Policy:

• “Personal Data” means any information relating to an identified or identifiable individual.
• “Processing” includes collection, storage, use, disclosure, transfer, deletion.
• “User” includes visitors, subscribers, contributors, advertisers, partners.
• “Controller” / “Data Fiduciary” means Badana Communications and Business Pvt. Ltd.
• “Processor” means any third party processing data on behalf of WNS.

Definitions align with GDPR, DPDP Act, LGPD, PIPL, and equivalent statutes.

3A. DATA CONTROLLER INFORMATION

The Data Controller (or “Data Fiduciary” under Indian law) responsible for processing personal data under this Privacy Policy is:

Badana Communications and Business Pvt. Ltd.
CIN: U47999JK2020PTC011443

Phone: +91-9419061646

Correspondence & PR Office
1st Floor, Bhat Complex
Near Astan, Airport Road
Humhama, Srinagar – 190021
Jammu & Kashmir, India

Email: legal@worldnewsstudio.com

For data protection inquiries, users may contact the Controller at the above details.

Where required by applicable law, the Company shall designate a Data Protection Officer or equivalent privacy contact. In the absence of a statutory DPO requirement, privacy inquiries may be directed to the Controller through the contact details above.

For purposes of this Policy, references to “worldnewsstudio.com,” “World News Studio,” or “WNS” refer to Badana Communications and Business Pvt. Ltd., except where the context indicates the website platform interface specifically.

3B. Sensitive or Special Category Personal Data

Certain jurisdictions provide heightened protection for “sensitive personal data” or “special category data.” Depending on applicable law, this may include data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric identifiers, health information, sexual orientation, financial account credentials, government-issued identification numbers, or other data classified as sensitive under local law.

worldnewsstudio.com does not intentionally collect sensitive personal data unless:
(a) Explicitly provided by the user;
(b) Necessary for journalism in the public interest;
(c) Required by law; or
(d) Processed under a valid lawful basis with appropriate safeguards.

Where sensitive data is processed, additional technical and organizational safeguards are applied consistent with applicable legal requirements.

4. CATEGORIES OF PERSONAL DATA COLLECTED

worldnewsstudio.com may collect the following categories only where lawful and necessary:

4.1 Identity & Contact Data

• Name
• Email address
• Phone number
• Username
• Address

4.2 Account & Subscription Data

• Login credentials (hashed)
• Subscription status
• Purchase history

4.3 Technical & Usage Data

• IP address
• Device identifiers
• Browser type
• Log files
• Cookies

4.4 Content & Communication Data

• Comments
• Submissions
• Messages to support
• Grievance filings

4.5 Payment & Transaction Data

• Payment method identifiers (processed via PCI-compliant providers)
• Billing records

WNS applies a data minimization principle. Personal data collected is limited to what is reasonably necessary, proportionate, and relevant to the specific purposes described in this Policy, consistent with international privacy standards.

5. DATA NOT INTENTIONALLY COLLECTED

worldnewsstudio.com does not intentionally collect:

• Biometric identifiers (unless legally required)
• Genetic data
• Health records
• Political affiliation
• Religious belief
• Sexual orientation

Except where:

Necessary for journalism in public interest

Explicitly provided by users

Lawfully required

6. LAWFUL BASES FOR PROCESSING — GLOBAL COMPARATIVE FRAMEWORK

worldnewsstudio.com processes personal data only where a lawful basis exists under applicable law. Because lawful bases differ globally, WNS applies a multi-layered legal mapping approach, recognizing all major regimes.

6.1 Lawful Bases Recognized Internationally

Across jurisdictions, lawful processing may be based on one or more of the following:

1. Consent
2. Contractual necessity
3. Legal obligation
4. Legitimate interests
5. Vital interests
6. Public interest / journalism exemption

These concepts appear in different terminology across:

• GDPR / UK GDPR
• India DPDP Act
• Brazil LGPD
• South Africa POPIA
• China PIPL
• Japan APPI
• Korea PIPA
• Singapore PDPA
• Canada PIPEDA
• US state privacy laws (contextual consent / notice)
• African, Middle Eastern, and Latin American statutes
• All other jurisdictions

6.2 Consent-Based Processing

Consent may be relied upon where required or appropriate, including for:

• Newsletter subscriptions
• Marketing communications
• Non-essential cookies
• Optional personalization features

Consent standards are interpreted according to:

• GDPR Articles 4 & 7
• UK ICO guidance
• India DPDP Act consent manager principles
• Brazil LGPD consent rules
• China PIPL express consent requirements
• ASEAN PDPA consent doctrines
• Others

Consent must be:

• Freely given
• Specific
• Informed
• Unambiguous
• Withdrawable

Withdrawal of consent does not affect prior lawful processing.

6.3 Contractual Necessity

Processing may be necessary to:

• Create and manage user accounts
• Deliver subscriptions
• Provide digital products
• Process payments
• Fulfill refund and cancellation requests

This lawful basis exists under:

• GDPR Article 6(1)(b)
• DPDP Act contractual necessity
• LGPD performance of contract
• PIPEDA reasonable purposes doctrine
• Civil code principles globally

6.4 Legal Obligation

WNS may process data to comply with:

• Tax laws
• Accounting regulations
• Court orders
• Regulatory reporting duties
• Law enforcement requests

Including obligations arising under:

India, EU, UK, US, China, Russia, Middle East states, African jurisdictions, Latin America, Central Asia, and Asia-Pacific countries.

6.5 Legitimate Interests (Balancing Test)

Where permitted, WNS may rely on legitimate interests for:

• Platform security
• Fraud prevention
• Service improvement
• Internal analytics
• Limited personalization

Legitimate interests are assessed using a balancing test, weighing:

• Necessity of processing
• Impact on individuals
• Reasonable expectations of users

Where local law restricts this basis (e.g., China PIPL, some African statutes), alternative lawful bases are used.

6.6 Vital Interests

Processing may occur to protect:

• Life
• Physical safety
• Public health

Including during:

• Natural disasters
• Terrorist incidents
• Public health emergencies

Recognized under virtually all global privacy regimes.

6.7 Public Interest and Journalism Exemption

As a global news and journalism platform, WNS may process data under journalistic, academic, or public-interest exemptions, including:

• GDPR Article 85
• UK Data Protection Act journalism exemption
• India IT Rules and constitutional free speech doctrines
• Brazil LGPD journalism carve-outs
• South Africa POPIA exemptions
• Council of Europe press freedom jurisprudence
• Inter-American Court standards
• African Commission principles
• Others

This exemption is applied narrowly and responsibly, balancing:

• Freedom of expression
• Right to privacy
• Safety of individuals

7. CONSENT MANAGEMENT AND USER CONTROL

7.1 Obtaining Consent

Consent may be obtained via:

• Website forms
• App interfaces
• Cookie banners
• Email confirmations

Consent interfaces are designed to comply with:

• WCAG accessibility standards
• Dark-pattern prohibitions
• EU DSA transparency expectations
• FTC unfair practices guidance

7.2 Withdrawing Consent

Users may withdraw consent by:

• Account settings
• Unsubscribe links
• Cookie preference panels
• Contacting support or DPO

Withdrawal is honored within reasonable timeframes, subject to:

• Technical feasibility
• Legal retention obligations

7.3 Consent of Children and Minors

Consent rules for children vary globally:

• Under 13: COPPA (USA)
• Under 16 (or 13–15 depending on state): GDPR
• Under 18: India DPDP Act (with parental consent)
• China, Middle East, Africa, and Latin America: varying age thresholds

WNS undertakes good-faith efforts to:

• Avoid knowingly collecting children’s data unlawfully
• Obtain parental consent where required
• Remove data upon verified request

8. CHILDREN’S DATA AND YOUTH PROTECTION

8.1 General Principle

worldnewsstudio.com is not primarily directed at children, but may be accessed by minors in educational or public-interest contexts.

Children’s data is treated with heightened protection.

8.2 Applicable Global Laws

Children’s personal data is subject to heightened legal protection across jurisdictions. World News Studio (“WNS”) designs its privacy and safety practices to comply with, or reflect the principles of, applicable child-data and youth-protection laws worldwide, including but not limited to:

United States

• Children’s Online Privacy Protection Act (COPPA) and FTC enforcement guidance

European Union / EEA

• General Data Protection Regulation (GDPR), including Article 8 (children’s consent)
• National child-data and youth-protection laws of EU Member States

United Kingdom

• UK GDPR
• Age-Appropriate Design Code (Children’s Code)

India

• Digital Personal Data Protection Act, 2023
• Child-protection and intermediary obligations under applicable IT and constitutional frameworks

Canada

• PIPEDA and provincial privacy statutes, including Quebec Law 25
• Child-focused consumer and online safety protections

Australia

• Privacy Act, 1988 (including children’s personal information protections)
• Online Safety Act and eSafety Commissioner guidance

New Zealand

• Privacy Act, 2020
• Online content and child-safety regulatory frameworks

China

• Personal Information Protection Law (PIPL)
• Cybersecurity Law and minor-specific data protection rules

Russia

• Federal Law on Personal Data
• Child-protection and online safety regulations, including data-localization requirements where applicable

Japan

• Act on the Protection of Personal Information (APPI), including protections for minors

Republic of Korea

• Personal Information Protection Act (PIPA)
• Youth Protection Act and related online-service rules

Latin America

• Brazil LGPD (including heightened protections for children and adolescents)
• Argentina, Mexico, Chile, Colombia, and Peru child-data provisions

Africa

• South Africa POPIA
• Nigeria Data Protection Act
• Kenya Data Protection Act
• Child-protection and digital-rights statutes across African Union Member States

Middle East

• UAE Personal Data Protection Law
• Saudi Arabia Personal Data Protection Law
• Qatar Data Protection Law
• Child-protection and family-law-linked cyber statutes across the region

Asia–Pacific and Other Jurisdictions

• Singapore PDPA
• Indonesia PDP Law
• Vietnam Cybersecurity Law
• Other national child-data and youth-protection regimes

Where no specific children’s data statute exists, WNS applies international best-practice standards, including the UN Convention on the Rights of the Child (CRC), ensuring that children’s personal data is processed with enhanced care, proportionality, and safety safeguards.

8.3 Protective Measures

WNS undertakes ongoing good-faith efforts to:

• Minimize data collection from minors
• Disable behavioral advertising for children
• Restrict access to age-sensitive content
• Provide parental contact channels

No system can guarantee perfect age verification; WNS applies proportionate safeguards.

9. JOURNALISM, PUBLIC INTEREST, AND PRIVACY BALANCING

9.1 Editorial Freedom and Privacy Tension

Journalism inherently involves tension between:

• Right to privacy
• Right to information
• Public accountability

WNS applies a case-by-case balancing test, considering:

• Newsworthiness
• Public role of individuals
• Consent or expectation of privacy
• Harm risk
• Availability of less intrusive alternatives

9.2 Protection of Vulnerable Individuals

Heightened care applies to:

• Children
• Survivors of violence
• Refugees and displaced persons
• Whistleblowers
• Non-public figures

WNS undertakes good-faith efforts to:

• Anonymize identities
• Avoid unnecessary detail
• Limit harm while reporting truthfully

9.3 Right to Erasure vs Public Record

Requests to delete journalistic content are evaluated against:

• Public interest
• Historical record value
• Freedom of expression protections

Under:

• GDPR “right to be forgotten” jurisprudence
• Indian constitutional law
• Latin American and African court standards

9.4 Protection of Journalistic Sources

WNS recognizes the essential role of confidential sources and whistleblowers in investigative journalism. Where legally permissible, WNS applies heightened confidentiality, restricted access controls, and enhanced security safeguards to protect the identity of journalistic sources.

Source protection practices are maintained consistent with constitutional free press principles, applicable shield laws, and international human rights standards.

10. AUTOMATED PROCESSING, AI, AND PROFILING

10.1 Use of Automation

WNS may use automated systems for:

• Content recommendations
• Spam detection
• Fraud prevention
• Language translation
• Analytics

10.2 No Solely Automated Decisions with Legal Effect

WNS does not make decisions with legal or similarly significant effects solely by automated means where prohibited by law.

Human review is incorporated where required under:

• GDPR Article 22
• China PIPL
• Brazil LGPD
• Global AI governance principles

Where legally required, individuals may request meaningful human intervention, express their point of view, and contest automated decisions.

10.3 AI Ethics and Transparency

AI usage is governed by:

• AI-Generated Content Disclosure Policy
• UNESCO AI Ethics Recommendations
• OECD AI Principles
• EU AI Act (where applicable)

Where AI-generated content is published, WNS applies disclosure practices consistent with its AI-Generated Content Disclosure Policy and evolving international transparency standards.

10.4 AI Model Training and Third-Party AI Services

WNS does not use user personal data to train general-purpose artificial intelligence models for unrelated commercial exploitation.

Where AI tools or third-party providers are used to support editorial workflows, moderation, fraud detection, translation, analytics, or accessibility features, processing is conducted under contractual safeguards and limited to defined operational purposes.

Any future use of personal data for AI training beyond service delivery would be subject to lawful basis requirements and appropriate notice.

11. DATA SHARING, DISCLOSURE, AND RECIPIENT CATEGORIES (GLOBAL)

worldnewsstudio.com does not sell personal data as a commodity.
However, personal data may be shared or disclosed in limited, lawful, and proportionate circumstances as described below.

11.1 Core Principles Governing Data Sharing

All data sharing is guided by:

• Lawfulness
• Purpose limitation
• Data minimization
• Proportionality
• Security safeguards
• Accountability

These principles are reflected across:

• GDPR / UK GDPR
• India DPDP Act
• Brazil LGPD
• South Africa POPIA
• China PIPL
• Japan APPI
• Korea PIPA
• ASEAN PDPA regimes
• OECD and APEC privacy frameworks

12. CATEGORIES OF DATA RECIPIENTS

12.1 Internal Access (Need-to-Know Basis)

Within Badana Communications and Business Pvt. Ltd., access is limited to:

• Editorial teams (where relevant to content)
• Customer support and grievance teams
• Legal and compliance officers
• IT and security personnel

Access is role-based, logged, and periodically reviewed.

12.2 Service Providers and Processors

Data may be shared with trusted third-party processors, including:

• Cloud hosting providers
• Content delivery networks (CDNs)
• Email and notification services
• Payment processors
• Analytics and security vendors

All processors are subject to:

• Written data processing agreements
• Confidentiality obligations
• Security requirements
• Audit and termination clauses

As required under GDPR, DPDP Act, LGPD, POPIA, PIPL, PDPA regimes, and equivalent laws.

12.3 Payment and Financial Partners

Payment data is processed by PCI-DSS compliant providers.
worldnewsstudio.com does not store full payment card numbers on its own servers.

Sharing is governed by:

• Banking secrecy laws
• Financial regulations
• Anti-money laundering (AML) statutes
• Consumer protection laws

Across India, EU, UK, US, China, Middle East, Africa, Latin America, and Asia-Pacific.

12.4 Advertising, Sponsorship, and Analytics Partners

Limited data may be shared for:

• Ad delivery (non-sensitive, aggregated)
• Sponsorship reporting
• Audience measurement

Such sharing is governed by:

• Advertising Policy
• Sponsored Content Policy
• Affiliate Disclosure Policy
• Cookie controls and consent mechanisms

Behavioral advertising is restricted or disabled where required by law (e.g., EU, UK, children’s data globally).

12.5 Legal, Regulatory, and Law Enforcement Disclosure

Data may be disclosed when required by:

• Court orders
• Subpoenas
• Statutory notices
• Regulatory investigations

Including under laws in:

India, EU member states, UK, US, Canada, China, Russia, Middle East countries, African jurisdictions, Latin America, Central Asia, Southeast Asia, and Pacific nations.

Disclosures are:

• Reviewed for legal validity
• Narrowly scoped
• Documented

13. GOVERNMENT REQUESTS AND PUBLIC AUTHORITY ACCESS

13.1 Nature of Government Requests

Requests may relate to:

• Criminal investigations
• National security
• Cybercrime
• Tax enforcement
• Regulatory oversight

13.2 Review and Challenge of Requests

worldnewsstudio.com undertakes good-faith efforts to:

• Verify legal authority
• Assess jurisdictional competence
• Challenge overbroad or unlawful requests
• Seek clarification where appropriate

However, WNS will comply with binding and enforceable legal orders issued by competent authorities in accordance with applicable law.

13.3 Transparency Reporting

Where permitted by law, aggregate information about government requests is published under the:

• Transparency Report Policy

Some jurisdictions prohibit disclosure of such requests.

Transparency reports may include aggregate information relating to privacy requests, government data access demands, and enforcement actions, subject to legal restrictions.

13.4 Government Request Safeguards

WNS applies the following safeguards when handling government or public authority data access requests:

• Verification of legal validity and jurisdiction
• Assessment of scope and proportionality
• Internal legal review
• Challenge or narrowing of overbroad demands where legally permissible
• Documentation of all disclosures

WNS does not provide direct or bulk access to its systems to any government authority.

14. CROSS-BORDER DATA TRANSFERS — GLOBAL FRAMEWORK

As a global platform, worldnewsstudio.com transfers data across borders as part of normal operations.

14.1 General Principle

Cross-border transfers occur only where lawful and subject to appropriate safeguards.

14.2 European Union & United Kingdom

Transfers from EU/UK are conducted under:

• Adequacy decisions
• Standard Contractual Clauses (SCCs)
• International Data Transfer Agreements (UK)
• Supplementary measures (encryption, access controls)

In accordance with GDPR, UK GDPR, Schrems II jurisprudence.

Where Article 27 of the GDPR becomes applicable based on targeting criteria or operational nexus, WNS will comply with representative designation requirements in accordance with mandatory law. If a representative is appointed, contact details will be published on this page.

14.3 India

Under the DPDP Act:

• Transfers may occur except to restricted countries (if notified)
• WNS monitors government notifications and adjusts transfers accordingly

14.4 China

Under PIPL and Cybersecurity Law:

• Certain data may require localization
• Security assessments may apply
• Transfers are restricted for “important data”

Where required, data relating to China-based users may be processed locally or under approved mechanisms.

14.5 Russia

Under Russian data localization laws:

• Certain personal data of Russian citizens must be stored on servers located in Russia

WNS undertakes good-faith efforts to comply where applicable.

14.6 Middle East

Countries such as:

• UAE
• Saudi Arabia
• Qatar
• Bahrain
• Oman

Impose varying cross-border transfer conditions, including adequacy, consent, or regulator approval.

14.7 Africa

Data transfer rules vary widely:

• POPIA (South Africa) — adequacy and consent
• Nigeria Data Protection Act — safeguards
• Kenya, Ghana, Egypt — localization tendencies

Where no clear rule exists, WNS applies international best practice.

14.8 Latin America

Under LGPD (Brazil) and regional laws:

• Transfers require adequacy, safeguards, or consent

14.9 Asia–Pacific

Including:

• Japan APPI
• Korea PIPA
• Singapore PDPA
• Indonesia PDP Law
• Vietnam Cybersecurity Law

Each imposes different transfer requirements.

15. DATA LOCALIZATION AND CONFLICTS OF LAW

15.1 Localization Obligations

Some countries mandate local storage or processing, including:

• China
• Russia
• Vietnam
• Indonesia
• Certain Middle Eastern and African states

15.2 Conflict Resolution Approach

Where localization laws conflict with foreign legal demands:

• WNS applies local law first
• Seeks legal remedies or clarifications
• Limits transfers where required

No platform can guarantee compliance with mutually contradictory laws; WNS applies good-faith, proportionate solutions.

References in this Policy to data-localization regimes or foreign legal frameworks do not constitute representation of physical establishment, server infrastructure, regulatory registration, or licensed presence in any such jurisdiction unless expressly stated elsewhere. Compliance obligations apply only where required by law based on operational nexus or legal applicability.

16. INTERNATIONAL COOPERATION AND MLAT FRAMEWORKS

Cross-border data access by governments occurs through:

• Mutual Legal Assistance Treaties (MLATs)
• Letters rogatory
• International cooperation mechanisms

WNS does not provide voluntary bulk data access outside lawful processes.

17. DATA SHARING IN CORPORATE TRANSACTIONS

In the event of:

• Merger
• Acquisition
• Asset sale
• Corporate restructuring

Personal data may be transferred as part of the transaction, subject to:

• Confidentiality obligations
• Continued privacy protections
• Notice where required by law

18. NO UNAUTHORIZED COMMERCIAL SALE OF DATA

worldnewsstudio.com does not:

• Sell personal data
• Rent personal data
• Trade personal data as an asset class

For purposes of United States state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the term “sale” shall be interpreted in accordance with applicable statutory definitions. World News Studio does not knowingly engage in the sale of personal data as defined under applicable law.

WNS does not knowingly engage in the “sharing” of personal data for cross-context behavioral advertising as defined under applicable United States state privacy laws.

Any monetization involving data is:

• Aggregated
• De-identified where feasible
• Conducted within lawful advertising and analytics frameworks

19. INFORMATION SECURITY SAFEGUARDS (TECHNICAL & ORGANIZATIONAL)

worldnewsstudio.com implements a defense-in-depth security program designed to protect personal data against unauthorized access, loss, alteration, or disclosure. Security measures are risk-based, continuously reviewed, and adapted to regional legal requirements.

19.1 Governance and Security Management

Security governance includes:

• Designated security leadership and accountable officers
• Documented information security policies
• Periodic risk assessments and threat modeling
• Vendor security due diligence and audits
• Incident response planning and tabletop exercises

Frameworks referenced and aligned (where applicable):

• ISO/IEC 27001 & 27002
• NIST Cybersecurity Framework
• CIS Critical Security Controls
• EU DSA systemic risk mitigation (security aspects)
• India IT Rules 2021 (reasonable security practices)
• China Cybersecurity Law security duties
• Sectoral guidance from regulators in the US, UK, EU, APAC, Middle East, Africa, and Latin America

19.2 Technical Safeguards

Measures may include (subject to feasibility and proportionality):

• Encryption in transit (TLS) and at rest
• Network segmentation and firewalls
• Secure configuration and patch management
• Multi-factor authentication for privileged access
• Access logging and monitoring
• DDoS mitigation and traffic filtering
• Secure backups and disaster recovery

No system is perfectly secure; WNS undertakes ongoing good-faith efforts to maintain appropriate safeguards.

Security measures are designed to reduce risk but cannot eliminate all potential vulnerabilities inherent in internet-based systems.

19.3 Organizational Measures

• Role-based access controls (least privilege)
• Staff confidentiality obligations
• Security awareness and training
• Incident escalation procedures
• Secure development lifecycle practices

19.4 Third-Party Security

Service providers are selected based on:

• Security posture and certifications
• Contractual security obligations
• Data protection agreements
• Right-to-audit or assurance mechanisms

20. DATA BREACH MANAGEMENT AND NOTIFICATION (GLOBAL)

20.1 Detection and Assessment

A “personal data breach” may include:

• Unauthorized access
• Accidental disclosure
• Loss or destruction of data

Upon detection, WNS undertakes good-faith efforts to:

• Contain the incident
• Assess scope and impact
• Identify affected data and individuals
• Preserve evidence

20.2 Notification to Authorities

Notification obligations vary by jurisdiction and include:

• EU / EEA: GDPR Articles 33–34 (72-hour rule where applicable)
• UK: UK GDPR / ICO guidance
• India: DPDP Act + CERT-In directions (as applicable)
• US: State breach notification laws (timelines vary)
• Canada: PIPEDA breach reporting
• Brazil: LGPD authority notification
• China: PIPL and CAC reporting rules
• Australia: Notifiable Data Breaches scheme
• Africa, Middle East, Latin America: National breach statutes where enacted

Where no explicit statute exists, WNS follows international best practice.

20.3 Notification to Affected Individuals

Where legally required and appropriate, WNS may notify affected users, considering:

• Likelihood of harm
• Sensitivity of data
• Risk mitigation measures already taken

Notifications may be delayed or limited where permitted by law to avoid compromising investigations or public safety.

21. USER RIGHTS — GLOBAL, COUNTRY-BY-COUNTRY FRAMEWORK

worldnewsstudio.com recognizes that user rights vary significantly by jurisdiction. The sections below summarize rights commonly available, noting regional differences.

21.1 Core Rights Recognized Internationally

Depending on location and law, users may have the right to:

• Access their personal data
• Rectify inaccurate data
• Delete or erase data
• Restrict or object to processing
• Data portability
• Withdraw consent
• Lodge complaints with authorities

21.2 European Union / EEA (GDPR)

Rights include:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (“right to be forgotten”) (Art. 17)
• Right to restriction (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21), including the unconditional right to object to processing for direct marketing purposes.
• Rights related to automated decision-making (Art. 22)

Supervisory authorities in each Member State provide enforcement.

21.3 United Kingdom

Rights mirror GDPR under UK GDPR, enforced by the ICO.

21.4 India

Under the DPDP Act, 2023, data principals may have rights to:

• Access information about processing
• Correction and erasure
• Grievance redressal
• Nomination

Subject to statutory exemptions (including journalism).

21.5 United States

Rights vary by state, including:

• Access and deletion (e.g., California CPRA)
• Correction (some states)
• Opt-out of targeted advertising or sale (where defined)
• Right to limit the use and disclosure of sensitive personal information where applicable under state law (e.g., California CPRA).

No single federal privacy right exists; WNS applies state-specific compliance.

Where applicable, users may also designate an authorized agent to submit privacy rights requests on their behalf, subject to reasonable verification procedures.

21.6 Canada

Under PIPEDA and provincial laws:

• Right to access and correct
• Right to challenge compliance

21.7 Brazil

Under LGPD:

• Confirmation of processing
• Access, correction, deletion
• Portability
• Information about sharing

21.8 China

Under PIPL:

• Right to know and decide
• Right to access and copy
• Right to correction and deletion
• Right to withdraw consent

Subject to significant public-interest and journalism exceptions.

21.9 Africa

Rights under statutes such as:

• POPIA (South Africa)
• Nigeria Data Protection Act
• Kenya Data Protection Act

Include access, correction, and objection, subject to national exemptions.

21.10 Middle East

Rights under laws such as:

• UAE PDPL
• Saudi PDPL
• Qatar Data Law

Vary and may be subject to broad national security exemptions.

21.11 Asia–Pacific

Rights under APPI (Japan), PIPA (Korea), PDPA regimes (Singapore, etc.) include access and correction, with local variations.

21.12 Non-Discrimination

WNS does not discriminate against users for exercising privacy rights. Users will not be denied services, charged different prices, or provided a different level or quality of service solely because they exercised rights under applicable data protection laws, subject to lawful and proportionate operational requirements.

22. EXERCISING YOUR RIGHTS

22.1 How to Submit Requests

Requests may be submitted via:

• Account settings (where available)
• Email to the DPO or privacy contact
• Grievance Redressal channels

22.2 Identity Verification

WNS may require reasonable verification to prevent fraud.

22.3 Timelines

Response timelines vary:

• GDPR: typically 30 days
• Other jurisdictions: “reasonable time” or statutory limits

Extensions may apply where permitted by law.

22.4 Limitations and Exemptions

Requests may be limited where:

• Journalism exemptions apply
• Legal obligations require retention
• Requests are manifestly unfounded or excessive
• Disclosure would infringe rights of others

23. DATA RETENTION AND DELETION

23.1 Retention Principles

Data is retained:

• Only as long as necessary
• In accordance with legal obligations
• For legitimate business and public-interest purposes

23.2 Retention Categories

Retention may vary for:

• Account data
• Subscription records
• Transaction data
• Editorial archives
• Grievance records

23.3 Secure Deletion

When deletion occurs, WNS undertakes good-faith efforts to:

• Remove data from active systems
• Apply deletion to backups over time

Immediate deletion from all backups cannot always be guaranteed.

23.4 Standard Retention Periods

Unless a longer retention period is required by law, the following general retention periods apply:

Account Data: Retained while the account remains active and up to 24 months after inactivity.
Subscription & Transaction Records: Retained for up to 7 years to comply with tax and accounting laws.
Marketing Consent Records: Retained for the duration of consent and up to 3 years after withdrawal.
Security Logs: Retained for up to 12 months, unless required for investigation.
Grievance & Legal Records: Retained for the duration of the dispute and applicable limitation periods.
Editorial Archives: Retained as part of the historical public record, subject to correction rights, lawful takedown orders, court directives, and applicable erasure or privacy rights where legally required.

Actual retention may vary depending on jurisdictional requirements and ongoing legal obligations.

Retention periods may be extended where necessary to comply with legal holds, litigation requirements, regulatory investigations, or enforcement proceedings.

24. COOKIES, TRACKING TECHNOLOGIES, AND ONLINE IDENTIFIERS (GLOBAL)

24.1 What Are Cookies and Similar Technologies

Cookies and related technologies (pixels, SDKs, local storage, server logs) are small data elements placed on user devices to:

• Enable core website functionality
• Maintain session continuity
• Remember preferences
• Measure audience engagement
• Improve security and fraud prevention

24.2 Categories of Cookies Used

worldnewsstudio.com may use the following categories, subject to law and consent:

1. Strictly Necessary Cookies
   • Essential for site operation
   • Security and load balancing
   • Authentication and session management
2. Functional Cookies
   • Language preferences
   • Accessibility settings
3. Analytics / Measurement Cookies
   • Aggregated usage statistics
   • Performance optimization
4. Advertising / Marketing Cookies (where lawful)
   • Limited audience measurement
   • Sponsored content reporting

24.3 Global Consent Frameworks

Cookie usage is governed by:

• EU / EEA: ePrivacy Directive + GDPR consent
• UK: PECR + UK GDPR
• India: DPDP Act notice & consent principles
• US: State privacy laws (opt-out regimes)
• Brazil: LGPD consent and transparency
• China: PIPL consent rules
• Africa, Middle East, Latin America, Asia-Pacific: National cookie and tracking guidance where available

Where no explicit cookie law exists, WNS applies international best practice.

24.4 Cookie Controls

Users may manage cookies via:

• Cookie consent banners
• Browser settings
• Platform preference panels

Disabling cookies may affect functionality.

25. MARKETING COMMUNICATIONS AND NEWSLETTERS

25.1 Subscription-Based Communications

Marketing emails, newsletters, and alerts are sent only where:

• Users have opted in
• Law permits soft opt-in (transactional relationship)

In compliance with:

• GDPR
• CAN-SPAM Act (USA)
• CASL (Canada)
• India IT Rules
• Australia Spam Act
• UK PECR
• Similar statutes worldwide

25.2 Unsubscribing

Users may opt out at any time via:

• Unsubscribe links
• Account settings
• Contacting support

Opt-out requests are honored within reasonable timeframes.

26. THIRD-PARTY LINKS, EMBEDS, AND EXTERNAL SERVICES

26.1 Embedded Content

Articles may include:

• Embedded videos
• Social media posts
• Interactive maps
• External widgets

Such third-party services may collect data under their own privacy policies.

26.2 External Websites

worldnewsstudio.com is not responsible for the privacy practices of external websites linked from the Platform. Users are encouraged to review third-party privacy notices.

27. COMPLAINTS, REGULATORS, AND ENFORCEMENT

27.1 Contacting the Data Protection Officer / Privacy Team

Privacy-related requests and complaints may be submitted to the designated privacy contact or Data Protection Officer (where required by law) via:

• Email: legal@worldnewsstudio.com
• Grievance Redressal channels
• Designated privacy forms (where available)

27.2 Supervisory Authorities

Users may lodge complaints with relevant authorities, including but not limited to:

• EU Data Protection Authorities
• UK Information Commissioner’s Office
• India Data Protection Board
• US State Attorneys General
• Canada Privacy Commissioners
• Brazil ANPD
• China CAC
• National authorities in Africa, Middle East, Latin America, Asia-Pacific

Users are encouraged to contact WNS prior to lodging a complaint with a supervisory authority so that concerns may be addressed promptly, without limiting statutory rights.

27.3 No Retaliation

WNS undertakes good-faith efforts to ensure users are not retaliated against for exercising privacy rights.

28. RECORDKEEPING, AUDIT, AND ACCOUNTABILITY

worldnewsstudio.com maintains records of:

• Processing activities
• Consent logs
• Breach incidents
• Rights requests

As required under:

• GDPR Article 30
• DPDP Act accountability provisions
• LGPD, POPIA, PIPL, and similar laws

Periodic reviews are conducted to improve compliance.

Where processing activities are likely to result in high risk to the rights and freedoms of individuals, WNS undertakes Data Protection Impact Assessments (DPIAs) or equivalent documented risk assessments, including assessments relating to cross-border transfers, large-scale profiling, or emerging technologies, where required by applicable law.

29. POLICY UPDATES AND VERSION CONTROL

29.1 Right to Update

This Privacy Policy may be updated to reflect:

• Legal changes
• Regulatory guidance
• Technological developments
• Business expansion

29.2 Notice of Changes

Where required by law, notice will be provided via:

• Website postings
• Email notifications
• In-platform alerts

Continued use of the Platform following publication of updates indicates acknowledgment of the revised Policy, subject to rights available under applicable law.

Prior versions of this Privacy Policy may be retained for audit and transparency purposes and may be made available upon reasonable request where appropriate.

30. SEVERABILITY AND NON-WAIVER

• If any provision is held invalid, remaining provisions remain effective.
• Failure to enforce any provision does not waive future enforcement.

31. GOVERNING LAW AND JURISDICTION (PRIVACY MATTERS)

Subject to mandatory local privacy laws:

• This Privacy Policy is governed by the laws of India.
• Disputes are subject to the jurisdiction of courts at Srinagar, Jammu & Kashmir, India, without prejudice to statutory regulator powers.

Nothing in this section limits mandatory data protection rights or supervisory authority powers that apply by operation of applicable law in the user’s jurisdiction.

32. GOOD-FAITH PRIVACY COMMITMENT

worldnewsstudio.com commits to ongoing, good-faith efforts to:

• Respect user privacy
• Protect personal data
• Balance privacy with journalism and public interest
• Adapt to evolving global standards

This commitment reflects ethical responsibility but does not constitute an absolute guarantee or waiver of lawful defenses.

Contact & Official Communication

Primary Contact Officer
Akhtar Badana
info@worldnewsstudio.com

Phone: +91-9419061646

Correspondence & PR Office
1st Floor, Bhat Complex
Near Astan, Airport Road
Humhama, Srinagar – 190021
Jammu & Kashmir, India

Editorial & Media: editor@worldnewsstudio.com

Grievances: grievances@worldnewsstudio.com

Legal, privacy & Compliance: legal@worldnewsstudio.com

Advertising: advertise@worldnewsstudio.com

Editorial correspondence does not substitute for formal legal or grievance submissions. Grievance submissions are subject to preliminary review for completeness prior to formal registration.