Privacy Policy

Last update: October 2025 | Effective date: October 2025

This Privacy Policy explains how CertifiedPressReleases.com (“CPR“, “we”, “us”, “our”) processes personal data when you submit press releases via our submission form, in compliance with EU GDPR and applicable privacy laws.

1. Data Controller & Contact Information

Data Controller: CertifiedPressReleases.com
Operator: Informatica in Azienda
Address: Via Vaccaro 5, Bologna, Italy
General contact: info@certifiedpressreleases.com
Privacy contact: privacy@certifiedpressreleases.com

2. Our Service Model

CPR operates as a curated publication platform:

• Clients submit press releases via our submission form
• We review submissions for compliance and quality
• Approved content is published by our editorial team
• Optional digital certification is provided through ContentProtector.eu
• No user accounts: Clients do not receive platform access or login credentials

3. Personal Data We Collect

3.1 Submission Form Data

• Contact information: Full name, email address, phone number
• Organization details: Company name, job title, business address
• Press release content: Text, headlines, descriptions, metadata
• Media files: Images, documents, videos uploaded with submission
• Publication preferences: Certification requests, distribution options

3.2 Technical Data (Website Visitors)

• Access logs: IP address, timestamps, pages viewed, user agent
• Form analytics: Submission success rates, form completion data
• Security monitoring: Abuse prevention, spam filtering

3.3 Payment Data (When Applicable)

• Billing information: Name, address, VAT number for invoicing
• Transaction data: Payment confirmations, invoice records
• Payment processing: Handled exclusively by certified processors (Stripe, PayPal)

4. Legal Bases for Processing (Article 6 GDPR)

4.1 Contract Performance (Art. 6(1)(b))

• Processing submission requests and communications
• Publishing approved press releases
• Providing certification services
• Customer support and correspondence

4.2 Legal Compliance (Art. 6(1)(c))

• Tax and accounting record keeping
• Response to legal orders and investigations
• Anti-money laundering compliance

4.3 Legitimate Interest (Art. 6(1)(f))

• Platform security: Spam prevention, abuse detection
• Service improvement: Analytics, performance monitoring
• Quality assurance: Editorial review and content standards

4.4 Consent (Art. 6(1)(a))

• Marketing communications (optional newsletter)
• Non-essential cookies and tracking
• Additional data processing for enhanced features

5. How We Use Your Data

5.1 Submission Processing

• Review submitted content for editorial standards
• Contact you regarding submission status or clarifications
• Format and prepare content for publication
• Generate invoices for publication and certification services

5.2 Publication & Archive

• Display approved press releases publicly on our website
• Include author/organization information as provided
• Maintain permanent archive for legal and historical purposes
• Enable search engine indexing and social media sharing

5.3 Certification Services

• Coordinate with ContentProtector.eu for digital certification
• Generate qualified timestamps and SHA-256 hashes
• Provide legal evidence documentation
• Maintain certification records and verification systems

6. Digital Certification & ContentProtector.eu Partnership

When you request certification services:

• Joint processing: CPR and ContentProtector.eu work together to provide certification
• Data shared: Document content, metadata, timestamps for certification generation
• eIDAS compliance: Qualified timestamps meet EU eIDAS regulation standards
• Legal value: Certificates provide legal evidence of document integrity and timestamp
• Partner privacy: ContentProtector.eu’s privacy practices are available at their website

7. Data Sharing & Third Parties

7.1 Service Providers (Data Processors)

• Web hosting: Platform infrastructure and content delivery
• Email services: Communication delivery and notifications
• Security services: DDoS protection, spam filtering, security monitoring
• Analytics: Website performance and usage analysis (anonymized)

7.2 Payment Processors (Independent Controllers)

• Stripe/PayPal: Payment processing according to their privacy policies
• Limited data: Only transaction confirmations and billing data
• No card storage: CPR never receives or stores payment card details

7.3 Legal Requirements

We may disclose personal data when required by:

• Court orders or legal process
• Law enforcement investigations
• Tax and regulatory compliance
• Protection of legal rights and safety

8. Published Content & Public Information

⚠️ Important: Approved press releases become publicly accessible and include:

• Full press release text and media
• Author and organization information you provide
• Contact details included in the release
• Publication and certification timestamps

Your responsibility: Only provide personal data you have the right to publish. Ensure compliance with GDPR and privacy laws for any individuals mentioned.

9. Data Retention

10. Your Rights Under GDPR

10.1 Individual Rights

• Right of Access (Art. 15): Request copies of personal data we hold about you
• Right to Rectification (Art. 16): Correct inaccurate personal data
• Right to Erasure (Art. 17): Request deletion (limited for published content)
• Right to Restrict Processing (Art. 18): Limit how we process your data
• Right to Data Portability (Art. 20): Receive your data in structured format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Consent withdrawal: Withdraw consent for marketing communications

10.2 How to Exercise Your Rights

Contact us at privacy@certifiedpressreleases.com with:

• Your full name and email address used in the submission
• Proof of identity (copy of government-issued ID)
• Specific right you wish to exercise
• Reference to your press release submission or publication

Response time: Within 30 calendar days (may extend to 60 days for complex requests).

10.3 Limitations on Data Deletion

Once published, press releases become part of the permanent public record. We may retain:

• Published content for legal integrity and historical purposes
• Certification records for legal evidential value
• Minimal contact data for legal compliance and dispute resolution
• Technical logs required for security and legal protection

11. Data Security

We implement appropriate technical and organizational measures:

• Encryption: All data encrypted in transit (TLS/SSL) and at rest
• Access controls: Limited access on need-to-know basis
• Secure infrastructure: Protected hosting with regular security updates
• Backup systems: Secure data backup with encryption
• Monitoring: Continuous security monitoring and incident detection

12. International Data Transfers

When using service providers outside the EU/EEA, we ensure adequate protection through:

• Adequacy decisions: EU Commission-approved safe countries
• Standard Contractual Clauses: EU-approved transfer mechanisms
• Additional safeguards: Encryption and technical measures

13. Cookies & Website Analytics

We use minimal cookies for:

13.1 Essential Cookies (No Consent Required)

• Form submission security and spam prevention
• Basic website functionality and navigation
• Load balancing and performance optimization

13.2 Analytics Cookies (Consent Required)

• Website usage statistics (anonymized)
• Submission form performance analysis
• Content popularity and engagement metrics

Detailed cookie information: Cookie Policy

14. Digital Certification Process

When you request certification:

• Partner processing: ContentProtector.eu provides eIDAS-compliant timestamps
• Data shared: Document content, metadata, hash values
• Purpose: Generate qualified digital certificates with legal validity
• Legal basis: Contract performance and legitimate interest in document integrity
• Certification records: Maintained permanently for legal evidential purposes

15. Marketing Communications

We may contact you for:

• Service communications: Submission status, publication notifications (legitimate interest)
• Marketing communications: Newsletter, service updates, promotional offers (consent required)
• Unsubscribe: Easy opt-out available in all marketing emails

16. Data Breaches & Security Incidents

In case of a personal data breach:

• Authority notification: Relevant supervisory authority within 72 hours
• Individual notification: Affected persons if high risk to rights and freedoms
• Immediate response: Containment and remediation measures
• Documentation: Full incident records and response actions

17. Children’s Privacy

• Age restriction: Services intended for users 18 years and older
• Business context: Submissions typically made in professional capacity
• No targeted collection: We do not knowingly collect data from children under 16
• Parental rights: Parents may contact us regarding any underage data collection

18. Automated Decision-Making

• Spam filtering: Automated detection of suspicious submissions
• Content screening: Initial automated review for policy compliance
• No automated publication: Final publication decisions are always human-reviewed
• No profiling: We do not create detailed personal profiles for automated decisions

19. Third-Party Content Responsibility

Important Notice: When personal data appears in published press releases:

• Publisher responsibility: The submitter is responsible for GDPR compliance
• Lawful basis required: Publishers must have legal grounds for including personal data
• Our role: CPR acts as a hosting platform, not data controller for third-party personal data
• Removal requests: We will respond to valid privacy complaints regarding published content

20. Privacy by Design & Data Minimization

• Minimal collection: We only collect data necessary for service provision
• Purpose limitation: Data used only for specified, legitimate purposes
• Storage limitation: Data retained only as long as necessary
• Accuracy: We maintain accurate and up-to-date records
• Integrity: Appropriate security measures protect data integrity

21. Updates to This Privacy Policy

• Notification method: Website notice and email to recent submitters
• Effective date: Changes take effect 30 days after notification
• Material changes: Significant changes will be clearly highlighted
• Version control: Previous versions archived and available upon request

22. Supervisory Authority

You have the right to lodge a complaint with:

• Italian Authority: Garante per la Protezione dei Dati Personali
• Your local authority: Data protection authority in your EU member state
• Contact details: Available at European Data Protection Board

23. Contact Information

For all privacy inquiries:

• Privacy Officer: privacy@certifiedpressreleases.com
• General inquiries: info@certifiedpressreleases.com
• Data removal requests: abuse@certifiedpressreleases.com
• Response time: We respond to privacy inquiries within 48 hours

This Privacy Policy reflects our commitment to data protection and transparency. We continuously review and improve our privacy practices to maintain the highest standards of data protection.