Neawolf Media Group
Domains: neawolf.com (canonical), neawolf.de, neawolf.blog, neawolf.cloud (mirror); neawolf.group (development/staging only)
Corporate hub of Neawolf Media Group, brand overview, central legal documents, and company information.
Neawolf Media Group · GDPR Compliance
Privacy Policy pursuant to GDPR Art. 13, 14 for all websites, platforms, and services operated by Neawolf Media Group
This page describes how Neawolf Media Group (neawolf.com and affiliated domains, processes personal data. In short: data minimisation under Art. 5 GDPR (only what is necessary for operations; contact: name, email, message; IP pseudonymised). Personal data is not used to train the Naciro engine. Transfers to the United States, where applicable, rely on the EU-US Data Privacy Framework (Art. 45 GDPR). No third-party tracking before your consent. Further details on rights, retention, and encryption appear below on this page.
Art. 4(7) GDPR; German sole proprietorship.
Data subject rights, access, erasure (Art. 15–21 GDPR).
Copyright, unlawful content, DMCA takedowns (U.S.).
Digital services worldwide; physical shipping where offered.
Primary hosting in the EU.
Where U.S. providers or U.S. users are involved.
Right to lodge a complaint under Art. 77 GDPR.
Tracking (Matomo, GA4) only after consent “all”.
Opt-out via consent or browser; Matomo honours Do Not Track.
In addition to any internal incident procedures.
No. Google AdSense is not active and is no longer listed as a service in the privacy policy.
Matomo (self-hosted; site ID 1 = nationfiles.com, 2 = Neawolf CMS divisions, 3 = Neawolf Shop) and Google Analytics 4 (measurement ID G-J0CW6ZQL6K, Google Ireland Ltd.)—each only after consent “all” in the cookie banner.
As controller: notify the supervisory authority within 72 hours (Art. 33 GDPR) where a risk to individuals is likely; notify data subjects without undue delay where there is a high risk (Art. 34 GDPR).
On this page (/en/company/privacy/) and as PDF; unified across all Neawolf Media Group brands (neawolf.group, shop, NationFiles, etc.).
The following divisions, platforms, and services are covered:
The company maintains one unified legal notice, privacy policy, and terms of service for all divisions and platforms. Linked at /company/legal-notice/, /company/privacy/, and /company/terms/ on all brand hosts.
Domains: neawolf.com (canonical), neawolf.de, neawolf.blog, neawolf.cloud (mirror); neawolf.group (development/staging only)
Corporate hub of Neawolf Media Group, brand overview, central legal documents, and company information.
Domains: nationfiles.com
AI-driven intelligence data, indices, and analyses (Naciro Engine). Not investment advice.
Domains: neawolf-publishing.com, neawolf-verlag.com (+ .de aliases)
Book publishing, catalog, author and publisher content (print & digital).
Domains: neawolf-records.com (+ .de alias)
Music label, releases, artist and label content (ISRC DE-1VC, GVL label code).
Domains: neawolf-broadcast.com, neawolf-video.com (+ .de aliases)
Video, show, and broadcast content across the media group.
Domains: neawolf-shop.com, neawolf.shop, label.productions, label.lc (+ .de aliases)
E-commerce: physical shipping worldwide where offered; EU withdrawal rights for distance sales; payment and shipping data per the privacy policy.
Domains: opoleo.com (+ .de alias)
Software venture of Neawolf Media Group; use subject to the same terms and privacy policy.
Domains: obravis.com (+ .de alias)
Software venture of Neawolf Media Group; use subject to the same terms and privacy policy.
Domains: network-wide across all division hosts
Unified account management (registration/login) for digital services worldwide; unified account management and consent per the privacy policy; no phone support.
Art. 6 Para. 1 GDPR
Data processing is based on your consent (lit. a), for contract fulfillment (lit. b), or due to legitimate interest (lit. f).
Art. 15-21 GDPR
© 2026 You have the right to free information (Art. 15), correction (Art. 16), deletion (Art. 17), or restriction of processing (Art. 18).
Please contact the privacy contact for this.
NACIRO ENGINE
No profiling, no training with user data, no automated individual decision-making (Art. 22 GDPR). Processor: Exclusively own infrastructure in Germany (Contabo).
All analyses are AI-generated – no legal advice.
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially.
Neawolf Media Group, Owner Sven Schmidt, is responsible for data processing on this platform.
Processing according to Art. 6 Para. 1 lit. a (consent), lit. b (contract), and lit. f (legitimate interest).
In accordance with Art. 5 Para. 1 lit. c GDPR, we only collect data that is strictly necessary for operation.
Processing under Art. 6 Para. 1 lit. f is based on a positive balancing test to maintain platform integrity.
Data is deleted as soon as the purpose no longer exists or legal deadlines require it. Contact requests are deleted after the matter is resolved.
Contact requests: until the matter is resolved; server logs: 30 days (IP anonymized). Aggregated source data and wanted-person data are obtained read-only from public sources and processed in compliance with source licenses and operational retention periods.
Technical and organizational measures (TOM) protect against unauthorized access.
Competent: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW).
We adapt this statement in the event of technical further development or legal changes.
Use of the platform is only permitted for persons under 16 years of age with parental consent.
Order, payment, shipping, and invoice data; withdrawal and customer-service communication; retention per commercial and tax law (10 years under German § 147 AO). Shop platform: Shopify Inc. (data processor under Art. 28 GDPR, headquarters: Canada/USA, EU-US Data Privacy Framework certified). Payment providers: PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg) and Stripe Payments Europe Ltd. (Ireland) as data processors for credit card payments (Visa, Mastercard, American Express). Data transmission to payment service providers is encrypted via PCI-DSS compliant interfaces.
Account data (email, password hash, profile details where provided), session and authentication data, consent and device identification network-wide across affiliated domains.
Usage and log data, pseudonymized IP, optional user submissions; no Naciro Engine training on personal profile data.
Newsletter, contact, and media inquiries; streaming/download metadata where technically required; no disclosure to third parties without legal basis.
Software usage data, error logs, license and account data as required for operation; processing via Neawolf infrastructure in the EU.
For the highly automated processing of personal data in the NationFiles Intelligence division (predictive analytics, algorithmic forecasting, aggregation of large datasets from public sources), we have conducted a Data Protection Impact Assessment (DPIA) pursuant to Art. 35 GDPR. The assessment includes the evaluation of risks to the rights and freedoms of data subjects, particularly in profiling based on publicly available data (media, weather data, economic indicators). Our DPIA concluded that the processing represents an acceptable risk through technical and organizational measures (pseudonymization, encryption, access restrictions, regular audits). Data subjects have the right to access information about their processed data (Art. 15 GDPR). The DPIA is reviewed regularly and updated when there are significant changes to processing activities.
We engage external service providers as data processors that process personal data on our behalf. Data Processing Agreements (DPA) have been concluded with all data processors in accordance with Art. 28 GDPR, ensuring compliance with the General Data Protection Regulation. Data processors: (1) Contabo GmbH (Germany, ISO 27001) – hosting, servers, databases; (2) Shopify Inc. (Canada/USA, EU-US Data Privacy Framework) – e-commerce platform for neawolf-shop.com; (3) PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg) – payment processing; (4) Stripe Payments Europe Ltd. (Ireland) – credit card payments (PCI-DSS compliant); (5) Cloudflare Inc. (USA, EU-US Data Privacy Framework) – CDN, DDoS protection, DNS. All data processors are contractually obliged to process personal data exclusively according to our instructions and to implement appropriate technical and organizational measures (TOM) to protect the data. Transfer to subcontractors only occurs with our prior written consent. Data subjects may at any time request information about the data processors we use (privacy@neawolf.com).
The company maintains one unified legal notice, privacy policy, and terms of service for all divisions and platforms. Linked at /company/legal-notice/, /company/privacy/, and /company/terms/ on all brand hosts. These legal documents apply uniformly to all websites, platforms, and services operated by Neawolf Media Group—including neawolf.com (corporate brand), nationfiles.com (intelligence), neawolf-publishing.com (publishing), neawolf-records.com (records), neawolf-broadcast.com (broadcast), neawolf-shop.com (commerce/shop), opoleo.com and obravis.com (software), affiliated alias domains, registration/login, digital products, and physical shipping.
Domains: neawolf.com (canonical), neawolf.de, neawolf.blog, neawolf.cloud (mirror); neawolf.group (development/staging only). Corporate hub of Neawolf Media Group, brand overview, central legal documents, and company information.
Domains: nationfiles.com. AI-driven intelligence data, indices, and analyses (Naciro Engine). Not investment advice.
Domains: neawolf-publishing.com, neawolf-verlag.com (+ .de aliases). Book publishing, catalog, author and publisher content (print & digital).
Domains: neawolf-records.com (+ .de alias). Music label, releases, artist and label content (ISRC DE-1VC, GVL label code).
Domains: neawolf-broadcast.com, neawolf-video.com (+ .de aliases). Video, show, and broadcast content across the media group.
Domains: neawolf-shop.com, neawolf.shop, label.productions, label.lc (+ .de aliases). E-commerce: physical shipping worldwide where offered; EU withdrawal rights for distance sales; payment and shipping data per the privacy policy.
Domains: opoleo.com (+ .de alias). Software venture of Neawolf Media Group; use subject to the same terms and privacy policy.
Domains: obravis.com (+ .de alias). Software venture of Neawolf Media Group; use subject to the same terms and privacy policy.
Domains: network-wide across all division hosts. Unified account management (registration/login) for digital services worldwide; unified account management and consent per the privacy policy; no phone support.
Storage of IP, browser, and timestamp for 30 days for threat prevention (Art. 6 Para. 1 lit. f GDPR).
End-to-end AES-256 SSL encryption for all data transfers (Grade A+).
Data processing by Contabo GmbH on ISO 27001 certified servers in Germany.
MariaDB instances with encryption of data at rest.
Encrypted off-site backups to ensure integrity according to Art. 32 GDPR.
Notification of personal data breaches to the supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware (Art. 33(1) GDPR), where the breach is likely to pose a risk to data subjects.
We use cookies and similar technologies (e.g. session IDs, local storage) for authentication, session management, and delivery of personalized content. Technically necessary cookies for session, device identification, and consent have a validity of up to 365 days. They enable consistent use across affiliated Neawolf domains and store your consent preferences network-wide in encrypted server storage in the EU, without tracking-based redirects. An optional visitor hint is based on technical connection data (e.g. IP address, browser identifier) and is processed only in hashed form. Analytics and marketing cookies are only set after express consent (Art. 6 para. 1 lit. a GDPR). You can adjust your cookie settings at any time via the cookie banner or in the privacy settings.
Before consent, we do not load analytics scripts (Matomo, Google Analytics 4). The banner offers “Accept all” and “Necessary only”. Necessary: session cookies, device identification, and consent status (cross-domain, up to 365 or 182 days respectively), and language/design preferences in local storage where used. After “Accept all”: Matomo (self-hosted) and GA4 (G-J0CW6ZQL6K). Legal bases: Art. 6(1)(a) GDPR (consent), (f) (operation/security), and Sec. 25 TDDDG. You may withdraw consent at any time via the cookie banner or privacy settings.
Storage of dark mode choice in LocalStorage (legitimate interest).
Local storage of language choice to provide country-specific data.
IP addresses are anonymized before any statistical evaluation.
Use of TLS encryption (AES-256, Grade A+), access control, hashing (e.g. SHA-256 for IP pseudonymization), and log minimization. No transfer of raw data to third parties.
Compliance with the EU AI Act: Labeling of all AI-generated analysis content.
No use of your personal data for training machine learning models.
Algorithmic results are regularly validated by experts (human-in-the-loop).
No automated creation of personality profiles (Art. 22 GDPR).
AI calculations are based on aggregated metadata, not on your identity.
Processing of public data (OSINT) with strict separation from user profiles.
Predictive Layer analyzes geopolitical macro trends, not individual behavior.
Statistical evaluation of global intelligence briefing sentiment without personal reference.
Automated determination of relationships on a purely mathematical basis.
Permanent monitoring of the AI engine for bias and factual correctness.
Registration, login, and digital services may be used internationally. Transfers to the United States rely, where required, on the EU-US Data Privacy Framework, Standard Contractual Clauses (Art. 46 GDPR), and/or your consent. U.S. state privacy laws (CCPA/CPRA): see below.
Web analytics with Google Analytics 4 (Google Ireland Limited / Google LLC) only after consent (Art. 6(1)(a) GDPR). Measurement ID: G-J0CW6ZQL6K; IP anonymization enabled. Data may be transferred to the United States (EU-US Data Privacy Framework / SCC). Details: Google privacy notices. You may withdraw consent at any time; objection under Art. 21 GDPR is possible.
After consent, we use Matomo (self-hosted; technical base on nationfiles.com). Tracker requests are first-party on each CMS host you visit (e.g. neawolf-publishing.com), while the Neawolf Shop and CDN contexts use neawolf.group/assets/nw-pulse.php—not the neawolf.cloud asset CDN (tracking hits are not cached). Measurement is split across Matomo websites: site ID 1 for nationfiles.com (NationFiles Intelligence), site ID 2 for Neawolf CMS divisions (e.g. neawolf.group, Publishing, Records, Broadcast), and site ID 3 for the Neawolf Shop (neawolf-shop.com and related shop domains such as neawolf-shop.de, neawolf.shop, label.productions). Processed data includes page views, referrers, and technical device data; after consent, a pseudonymous device identifier (NW_DEVICE) may be sent as a user ID. No Matomo Cloud. Legal basis: Art. 6(1)(a) GDPR. Consent can be withdrawn in the cookie banner.
Transfer to third countries only if adequacy decisions or SCCs are in place.
Embedding in 'Enhanced Data Protection Mode' to prevent advance tracking.
Financial data retrievals are anonymized without transferring end-user data.
Display of INTERPOL, FBI Most Wanted, and OpenSanctions data occurs server-side without user tracking.
Processing of wanted-person data is read-only and based on Art. 6(1)(e) GDPR in conjunction with public interest in security. No data is transmitted to the sources.
Wanted-person data may include name, photo, offense, nationality, date of birth, and other details provided by the source. See Source Registry (Legal → Sources) for details.
Links to external platforms only transfer data to the provider upon clicking.
Use of partner links occurs without linking to your Neawolf account.
Technical defense mechanisms against bot attacks (Art. 6 Para. 1 lit. f GDPR).
Securing international data flows through EU Standard Contractual Clauses.
NationFiles automatically ingests aggregated, non-personal data from public and licensed sources (e.g. World Bank, Open Data Commons). A full list of providers and licenses is available in the Source Registry (Legal → Sources).
You have the right to confirmation and a copy of your stored data (Art. 15 GDPR).
Immediate correction of incorrect data according to Art. 16 GDPR.
Claim to data deletion (right to be forgotten) according to Art. 17 GDPR.
Limitation of processing under the conditions of Art. 18 GDPR.
Provision of your data in a machine-readable format (Art. 20 GDPR).
Objection to data processing for special reasons (Art. 21 GDPR).
Anytime revocation of consent with effect for the future.
Right to lodge a complaint with the competent supervisory authority (LDI NRW).
There is no contractual or legal obligation to provide data.
Central contact for data subject rights: privacy@neawolf.com.
Compliance with Californian privacy rights including 'Do Not Sell' policy.
Compliance with the Lei Geral de Proteção de Dados for users in Brazil.
Protection measures according to the Personal Information Protection Law of the PR China.
Strict protection of children's privacy according to US federal law.
Central process for takedown requests regarding AI content.
Protection of the Neawolf® brand and associated user data stocks.
Data processing to identify misuse and manipulation.
Prohibition of the use of our contact details for marketing purposes.
Storage of user votings occurs exclusively in anonymized form.
Validity of the statement remains even if individual clauses are partially ineffective.