Your trust is part of our work. Here we explain, without unnecessary jargon, what data we collect, why we collect it, how long we keep it, and which rights you can exercise at any time.
An email address is all you need to register. Your name, city, profession and interests are always optional.
Card details never pass through our servers: they are handled by Stripe.
Information that could identify a source is never disclosed to third parties.
Data controller
Clarionfold Press OÜ determines the purposes and means of the processing relating to the operation of the website, subscriptions, donations, the members’ area, editorial and user communications, and the journalistic activity of Silere non possum.
Scope of this notice
This notice applies to the processing of personal data carried out through:
- the website silerenonpossum.com and its members’ area;
- subscription services and donations;
- editorial communications and messages sent by users to the Controller;
- the technical activities necessary for the operation and security of the website;
- the journalistic, editorial and publishing activities of Silere non possum.
It does not apply to third-party websites reachable via links on the site: those sites act as independent controllers and apply their own privacy notices.
What personal data we process
3.1 Browsing and technical data
While you browse, we may process data necessary for the operation, security and maintenance of the site: IP address, date and time of access, requested URLs, browser type, operating system, device type, server logs and any data relating to errors, unauthorised access attempts and abuse prevention.
3.2 Account and members’ area data
When you create an account or take out a subscription: email address, first name and surname (if provided), technical login credentials, subscription status, registration and last-login dates, and account preferences. Any password is stored in unreadable form; session tokens maintain access and keep your session secure.
3.3 Optional profile data
You may provide further details — date of birth, city, profession, editorial preferences. These are optional: choosing not to provide them does not prevent you from using the essential services. Where a freely given preference may reveal religious, philosophical or political beliefs (special categories of data, Art. 9 GDPR), processing takes place only with your explicit consent and strictly to the extent necessary for the requested function.
3.4 Subscriptions, payments and donations
For the management of subscriptions and donations: first name and surname (if provided), email, amount, currency, date and time, outcome and transaction ID, subscription status and any data required for receipts and tax obligations.
Payments are handled by Stripe. Full card details are never stored on the Controller’s servers.
3.5 Service and editorial communications
The Controller may send communications concerning account management, subscriptions, renewals, expiry dates, payments, security, changes to the service, and editorial initiatives or support campaigns. Communications that are not strictly necessary are sent only at your request or with your consent; you may object at any time by writing to the Controller.
3.6 Messages sent to the Controller
When you contact us by email or through forms: your contact details, the content of your message, any attachments and the technical metadata needed to reply. Please avoid sending data that is not necessary, irrelevant third-party data or special categories of data, unless it is essential.
3.7 Comments and user-submitted content
Where the site allows comments or interactions: the published content, the displayed name or username, date and time, IP address and technical security data. The Controller may moderate or remove content that is unlawful, offensive, defamatory, abusive or spam.
3.8 Cookies, similar technologies and local storage
Your reading history and reading progress are stored only in your browser (localStorage) and are never transmitted to our servers. For details on cookies and tracking, see the Cookie Policy.
3.9 Data processed for journalistic purposes
In the course of its editorial activity, the Controller may process data relating to individuals mentioned in articles, investigations and documents, drawn from public sources, lawfully accessible records, press releases, public statements, archives, confidential sources and tip-offs. Journalistic processing is governed by section 11.
Purposes and legal bases
The Controller processes data for the purposes and on the legal bases set out below (Art. 6 GDPR):
| Purpose | Legal basis |
|---|---|
| Operation of the website, browsing and technical security | Legitimate interest — Art. 6(1)(f) |
| Registration, account and members’ area | Contract / pre-contractual measures — Art. 6(1)(b) |
| Subscriptions, restricted content, renewals and customer support | Contract — Art. 6(1)(b); accounting/tax obligations — Art. 6(1)(c) |
| Management of donations | User’s request — Art. 6(1)(b); legal obligations — Art. 6(1)(c); legitimate interest — Art. 6(1)(f) |
| Payments via Stripe (fraud prevention and security) | Contract — Art. 6(1)(b); legal obligation — Art. 6(1)(c); legitimate interest — Art. 6(1)(f) |
| Optional profile data | Consent — Art. 6(1)(a); for special categories, explicit consent — Art. 9(2)(a) |
| Service communications (account, payments, security) | Contract — Art. 6(1)(b); legal obligation — Art. 6(1)(c); legitimate interest — Art. 6(1)(f) |
| Editorial communications and support campaigns | Consent — Art. 6(1)(a) or legitimate interest — Art. 6(1)(f) |
| Responding to user enquiries and reports | Legitimate interest — Art. 6(1)(f); contract/legal obligation where applicable |
| Protection of rights, disputes, fraud prevention and requests from the authorities | Legitimate interest — Art. 6(1)(f); legal obligation — Art. 6(1)(c) |
| Accounting, tax and administrative obligations | Legal obligation — Art. 6(1)(c) |
| Statistics and advertising (Google Analytics, Google Ads) | Consent — Art. 6(1)(a); see the Cookie Policy for details |
| Journalistic, editorial and archiving activity | Freedom of expression and information — Art. 85 GDPR and the Estonian Personal Data Protection Act (IKS); legitimate interest — Art. 6(1)(f) |
Provision of data
Providing your email address is necessary in order to create an account, access the members’ area, manage a subscription and complete payments or donations. The data required to process a payment is essential for subscriptions and donations; data required for accounting or tax purposes is mandatory where the law so provides.
Providing optional profile data and consenting to non-essential communications is entirely voluntary: choosing not to do so does not prevent registration, subscription or use of the other services.
Recipients of data and service providers
Data may be processed by authorised persons and by external providers which, when acting on the Controller’s behalf, act as data processors (Art. 28 GDPR), bound by appropriate agreements:
Data is never sold to third parties or passed on for their own marketing purposes.
Transfers to third countries
Data is processed mainly within the European Economic Area or by providers based in Europe. Some providers (e.g. Stripe, Google) may also process data outside the EEA. In such cases, transfers take place only under one of the safeguards provided for by the GDPR:
- an adequacy decision of the European Commission;
- the EU–US Data Privacy Framework, where the provider validly adheres to it;
- Standard Contractual Clauses approved by the European Commission, together with any supplementary measures;
- another basis provided for by Arts. 44 et seq. GDPR.
Retention periods
Data is kept only for as long as necessary for the relevant purposes, unless the law requires otherwise or the Controller needs to protect its rights.
| Category | Retention period |
|---|---|
| Account data | For the life of the account; upon a deletion request, erased or anonymised within 30 days, unless the law requires otherwise |
| Subscription data | For the duration of the relationship, plus the period needed to meet accounting/tax obligations and protect legal rights |
| Payments and donations | 7 years from the end of the financial year (Estonian accounting legislation) |
| Accounting and tax records | 7 years from the end of the financial year in which they were recorded |
| Non-essential editorial communications | Until you withdraw consent or object; then for a limited period to document your request and prevent unsolicited mailings |
| Messages sent to the Controller | For as long as needed to reply and, as a rule, no more than 24 months, unless legal obligations or disputes require otherwise |
| Technical and security logs | For a limited period, normally up to 180 days, except in the event of security incidents or requests from the authorities |
| Reading history (localStorage) | Remains on your device until you delete it |
| Data processed for journalistic purposes | Kept in the editorial archives for as long as necessary for journalistic, documentary and archiving purposes |
Your rights
Within the limits and under the conditions set out in the GDPR, you have the right to:
- access your data and obtain a copy of it (Art. 15);
- have inaccurate data rectified (Art. 16);
- have your data erased (Art. 17);
- restrict processing (Art. 18);
- data portability (Art. 20);
- object to processing based on legitimate interest (Art. 21);
- withdraw consent at any time, without affecting the lawfulness of processing carried out beforehand;
- not be subject to solely automated decision-making in the cases set out in Art. 22.
Requests should be sent to [email protected] (subject line: “PRIVACY”). For security reasons, the Controller may ask for information in order to verify your identity.
Restrictions on rights
The exercise of these rights may be restricted where necessary and proportionate in order to protect freedom of expression and information, journalistic activity, the confidentiality of sources, the security of the website, fraud prevention, legal obligations and the rights of the Controller or of third parties.
For data relating to accounts, payments, subscriptions, donations and editorial communications, your rights remain exercisable under the ordinary rules of the GDPR, subject to any restrictions arising from legal obligations.
Processing for journalistic purposes
Silere non possum is an independent international online newspaper (ISSN 3125-5205) published by Clarionfold Press OÜ. In the course of its journalism, the Controller may collect, verify, process, store and publish personal data where necessary to inform the public about facts, acts, statements, documents and matters of public interest.
Processing is carried out in compliance with the GDPR, Art. 85 GDPR and Estonian law (the Personal Data Protection Act, IKS), which balance data protection with freedom of expression and freedom of information. Certain information requirements (Arts. 13–14) and certain rights may be restricted where they would compromise the journalistic purpose, the verification of facts, the confidentiality of sources or the public’s right to be informed.
Requests for correction, right of reply or updating of published content should be sent in the manner set out in the Impressum, stating: the URL of the content, the identity of the requester, the reason for the request, the parts contested, any supporting documentation and the proposed text.
Protection of sources
The protection of journalistic sources is an essential principle of the editorial work of Silere non possum. Information capable of identifying a source is handled under enhanced confidentiality measures and is never disclosed to third parties.
The Controller may restrict access, disclosure, rectification, erasure or other operations on data where necessary to protect the confidentiality of sources and its journalistic activity.
Children
The site is not specifically aimed at children. In Estonia, for information society services, a child’s consent is valid from the age of 13; below that age, the authorisation of the holder of parental responsibility is required. The Controller does not knowingly collect data from children under 13 without such authorisation and, if it becomes aware of having done so, takes reasonable steps to delete the data, unless a legal obligation or an overriding journalistic public interest applies.
Data security
The Controller adopts appropriate technical and organisational measures against unauthorised access, loss, destruction, alteration or disclosure. These include:
- HTTPS connections and access controls;
- individual credentials and secure password storage;
- protected session tokens, backups and technical updates;
- security monitoring, with access restricted to authorised persons only;
- agreements with providers and confidentiality measures for editorial data and sources.
No system can guarantee absolute security. In the event of a breach, the Controller carries out the required assessments and, where necessary, makes the notifications provided for by the GDPR.
Automated decision-making and profiling
The Controller does not make decisions based solely on automated processing that produce legal or similarly significant effects (Art. 22 GDPR). The site uses statistical cookies (Google Analytics) and advertising cookies (Google Ads): both are activated only with your prior consent and are governed in detail by the Cookie Policy, which includes links to Google’s own notices. Interest-based advertising does not produce legal or similarly significant effects on users.
Complaints to the supervisory authority
If you believe your rights have been infringed, you may lodge a complaint with the competent supervisory authority. For Clarionfold Press OÜ, the lead authority is:
You also retain the right to contact the authority of your country of residence, place of work or the place of the alleged infringement, in the cases provided for by the GDPR.
Changes to this notice
The Controller may update this notice to reflect legal, technical, organisational or editorial changes. The current version is always published on this page, together with the date of the most recent update. In the event of substantial changes affecting the rights of registered users, the Controller may inform them by email or by a notice on the site.