Privacy Policy

Effective Date: May 28, 2025
Last Updated: October 1, 2025

1. Introduction

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you interact with Top10HRVoices.com and its subsites (e.g., www.top10hrvoices.com/XX and/or XX.top10hrvoices.com/XX) — whether by browsing, submitting editorial content, participating in awards, or engaging with our commercial offerings.

We handle your data lawfully, fairly, and transparently in accordance with the EU General Data Protection Regulation (GDPR) and applicable Cyprus law.

2. Controller & Contact

For the purposes of data protection law, Top10HRVoices acts as the Data Controller for processing conducted via the Site.

Contact:
📧 [email protected] (General)
📧 [email protected] (Privacy Queries)
📧 [email protected] (Formal GDPR Requests)
📍 Limassol, Cyprus

3. Categories of Data We Collect

a. Contributor & Nomination Data
Name, contact details, role/title, organization, headshot/photography, quotes, bios, submitted articles, references/sources, nomination details, and related correspondence.

b. Communications
Email content, attachments, and replies sent to our addresses (e.g., editor@ / privacy@ / legal@).

c. Site & Technical Data
Basic server logs, device/browser metadata, and aggregated usage metrics. Non-essential cookies/trackers are only activated with explicit consent. We use a GDPR-compliant consent tool (e.g., Osano) to capture and honor choices.

d. Commercial & Sponsorship Data
Contact and business details from prospective sponsors/partners, briefings, and negotiation records necessary to evaluate and administer potential agreements.

e. Awards & Jury Data
Eligibility and selection notes, conflict-of-interest declarations, jury communications, and operational logistics necessary to run an awards program.

4. Purposes of Processing

We process personal data to:

• Evaluate, edit, publish, and archive editorial features.
• Manage nominations, eligibility, jury operations, and awards administration.
• Communicate with contributors, nominators, sponsors/partners, and readers.
• Operate and secure the Site (including consent records, security logs, and basic analytics).
• Enforce our Terms & Conditions, including IP protection and takedown actions.
• Comply with legal obligations and respond to data subject requests.

We do not conduct advertising-based profiling or automated decision-making that produces legal or similarly significant effects.

5. Lawful Bases for Processing (GDPR Art. 6)

• Consent
for editorial submissions, publication of photos and quotes, newsletter opt-ins, non-essential cookies, and any clearly consented activity.
• Legitimate Interests
to operate a curated editorial platform, maintain a permanent professional archive, protect IP, manage awards administration and jury integrity, and to respond to inbound sponsorship/partnership enquiries. We conduct and document legitimate interest assessments (LIA) where appropriate.
• Contract / Pre-contractual Steps
to evaluate and negotiate commercial collaborations (e.g., sponsorships/partnerships) prior to a signed agreement, and to administer any signed terms thereafter.
• Legal Obligations
to comply with applicable laws, court orders, and regulatory requirements.

6. Editorial Archive & Freedom of Expression

Published contributions form part of a permanent editorial record. In line with our Terms & Conditions, we may preserve, reformat, update, or enhance published work without altering its core message or intent. Requests for factual corrections will be reviewed; however, full removal of published content is generally not provided in order to protect the integrity and continuity of the archive and our freedom of expression obligations.

7. Data Sharing & Processors

We share data only as necessary with: (i) internal editors/maintainers; (ii) vetted service providers under GDPR-compliant data processing agreements (e.g., Carrd for hosting, Zoho Mail for email, Osano for consent management); (iii) legal counsel, regulators, or authorities where required by law. We do not sell or rent personal data.

8. International Transfers

We endeavor to store and process data within the EEA. Where transfers outside the EEA occur (e.g., certain processors or sub-processors), we rely on appropriate safeguards such as adequacy decisions or the EU Commission’s Standard Contractual Clauses.

9. Retention

Editorial Archive: Published materials and related correspondence may be retained indefinitely to preserve a reliable professional record.
Operational Records: Routine communications, consent logs, and administrative files are kept only as long as necessary for the purposes stated above and applicable statutory limits.
Commercial Records: Sponsorship/partnership enquiries and agreements are retained for the life of the engagement and for a reasonable period thereafter for accountability.

10. Your Rights

Subject to GDPR and applicable exemptions, you may request: access, rectification, restriction, portability, or objection to certain processing. If processing is based on consent, you may withdraw consent at any time (without affecting prior lawful processing).

Editorial Limitation: Due to our obligations to preserve a trustworthy editorial archive and freedom of expression, full deletion of published content is not generally available. We consider factual correction requests fairly and in good faith.

You also have the right to lodge a complaint with the Cyprus Data Protection Commissioner.

11. Security

We employ reasonable technical and organizational controls, including SSL-secured email, role-based access, least-privilege principles, password-protected admin, infrastructure malware scanning, and periodic reviews of processor security. If a data incident poses a risk to your rights and freedoms, we will take appropriate steps consistent with GDPR.

12. Cookies & Consent

Essential cookies operate for core functionality. Non-essential cookies/trackers (if any) are disabled by default and require your explicit opt-in via our consent tool. You can change or withdraw consent at any time.

13. Awards, Conflicts & Jury Integrity

We process personal data to administer eligibility, protect impartiality, and manage conflicts of interest. Contributors invited to serve on a jury/panel are ineligible for nomination or recognition in that same award cycle.

14. AI-Assisted Submissions

Contributors must disclose any material use of AI tools in preparing submissions. Regardless of AI usage, the contributor remains responsible for originality, permissions, accuracy, and compliance with our editorial standards.

15. Legal Requests & Enforcement

We may process and share personal data as reasonably necessary to investigate, prevent, or respond to suspected violations of our Terms, alleged infringements, or legal/regulatory requests — including issuing or responding to takedown notices (e.g., DMCA) and GDPR Article 17/21 requests.

16. Changes to this Policy

We may update this Privacy Policy at any time. The “Last Updated” date reflects the most recent revision. Material changes that affect consent or contributor rights will be communicated through appropriate channels.
Continued use of the Site constitutes legal binding & acceptance of the updated policy.

17. Contact

For privacy questions or GDPR requests:
📧 [email protected] (Privacy Queries)
📧 [email protected] (Formal GDPR Requests)
📧 [email protected] (Editorial Contact)
📍 Limassol, Cyprus

This Privacy Policy should be read together with our Cookies Policy and Terms & Conditions;
together they constitute the entire understanding regarding the Site’s operation, your interaction with it, and supersede any prior communications or representations relating to the Site.