We make every effort to ensure the accuracy of the content on our website. However, we assume no responsibility for the content of external links. The operators of linked websites are solely responsible for their content.
Effective date: 15 April 2026
Controller: The Arsenal (arsenal.eu) — incorporated in the United States
Registered address: The Counteroffensive Media Worldwide LLC
7901 4th St N, STE 300, St. Petersburg FL 33702 USA
Contact: [email protected]
Applicable law: GDPR (EU) 2016/679 applies by virtue of Art. 3(2) — extra-territorial scope
The Arsenal (“we,” “us,” or “our”) operates arsenal.eu, a specialist trade publication providing actionable business reporting on defence technology and regulation across Ukraine and European capitals.
This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit our website, subscribe to our publications, access our data products, or otherwise engage with our services. It applies to all personal data processed by us as a data controller.
Although The Arsenal is incorporated in the United States, GDPR applies under Article 3(2) because we offer services to individuals in the EEA and monitor their behaviour.
When you interact with our services, we may collect:
Full name and job title
Business email address and, where provided, telephone number
Organisation / employer name and country
Payment and billing information (processed via third-party payment providers; we do not store raw card data)
Correspondence and messages you send to our editorial or commercial team
Account credentials if you register for a subscriber account
Survey responses, event registrations, or research enquiries
When you visit arsenal.eu, our systems and third-party tools may automatically collect:
IP address and approximate geolocation (country/city level)
Browser type, version, and operating system
Pages viewed, links clicked, and time spent on each page
Referral source (how you arrived at our site)
Device identifiers and screen resolution
Cookie identifiers and similar tracking technologies (see Section 8)
We may receive data about you from:
Payment processors (transaction status and fraud-prevention signals)
Analytics partners aggregating behavioural data
Publicly available professional directories or social networks, where relevant to our editorial or commercial activities
We process personal data only where we have a valid legal basis under Article 6 GDPR. The table below sets out our primary processing activities:
| Purpose | Legal Basis | Examples |
|---|---|---|
| Delivering subscription content | Contract (Art. 6(1)(b)) | Newsletter delivery, article access, data product downloads |
| Processing payments | Contract (Art. 6(1)(b)) | Billing, invoicing, subscription management |
| Account management | Contract (Art. 6(1)(b)) | Registration, login, preferences |
| Editorial communications | Legitimate interests (Art. 6(1)(f)) | Responding to tips, source enquiries, press contacts |
| Website analytics & improvement | Legitimate interests (Art. 6(1)(f)) | Understanding readership, improving site performance |
| Direct marketing to existing subscribers | Legitimate interests (Art. 6(1)(f)) | Informing subscribers of related products and events |
| Marketing to prospects (with consent) | Consent (Art. 6(1)(a)) | Email sign-up forms, marketing cookies |
| Legal obligations | Legal obligation (Art. 6(1)(c)) | Tax records, responding to lawful authority requests |
| Fraud prevention & security | Legitimate interests (Art. 6(1)(f)) | Detecting abuse, protecting our systems |
We may share data in the following circumstances:
We engage trusted third-party processors who act on our instructions, including:
Email delivery and newsletter platforms
Payment processors (e.g. Stripe or equivalent — governed by their own GDPR-compliant policies)
Website hosting and content delivery network (CDN) providers
Analytics platforms (with data minimisation and IP anonymisation applied where possible)
Customer relationship management (CRM) tools
We may share aggregated, anonymised readership statistics with commercial partners or sponsors. No individually identifiable data is disclosed in this context.
We will disclose personal data where required by applicable law, court order, or competent regulatory authority. We will notify affected individuals where legally permissible before doing so.
In the event of a merger, acquisition, or sale of all or part of our assets, personal data may be transferred to the successor entity. We will notify subscribers and provide options where feasible.
We may share personal data with selected third-party partners for commercial purposes, including sponsored research, market intelligence, and audience insight products. We will ensure an appropriate legal basis exists for any such sharing.
The Arsenal is incorporated and operates in the United States. This means that when you provide personal data to us or we collect it through your use of arsenal.eu, that data is transferred to and processed in the United States, which the European Commission has not recognised as providing an adequate level of data protection equivalent to the EEA.
Where we transfer personal data to the United States, we take steps to ensure appropriate safeguards are in place in accordance with applicable law.
We apply the same data protection standards described in this Policy regardless of where your data is processed.
Please be aware that US law (including national security laws such as FISA Section 702) may allow US authorities to access personal data held in the United States in circumstances broader than those permitted under GDPR. Our supplementary measures are designed to mitigate this risk, but cannot eliminate it entirely.
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting obligations. The criteria we use to determine appropriate retention periods include the nature and sensitivity of the data, the purposes for which it is processed, our ongoing contractual or commercial relationship with you, and any applicable legal or regulatory requirements.
When personal data is no longer required, it is securely deleted or anonymised.
You have the following rights in relation to your personal data. These rights may be subject to certain conditions and exemptions under applicable law:
Right of access (Article 15): You may request a copy of the personal data we hold about you.
Right to rectification (Article 16): You may ask us to correct inaccurate or incomplete data.
Right to erasure (Article 17): You may ask us to delete your data in certain circumstances (‘right to be forgotten’).
Right to restriction (Article 18): You may ask us to restrict processing of your data in certain circumstances.
Right to data portability (Article 20): Where processing is based on consent or contract, you may receive your data in a structured, machine-readable format.
Right to object (Article 21): You may object to processing based on legitimate interests or for direct marketing purposes. We will cease marketing processing upon receipt of your objection.
Rights related to automated decision-making (Article 22): We do not make solely automated decisions producing significant legal or similar effects.
Right to withdraw consent: Where processing relies on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month. We may ask you to verify your identity before fulfilling a request. There is no charge for exercising your rights.
You have the right to lodge a complaint with the data protection supervisory authority in your Member State.
We use cookies and similar technologies (including pixels and local storage) to operate and improve our website. Cookies are small text files placed on your device.
Strictly necessary cookies: Essential for the website to function (e.g. session management, paywall access). These do not require your consent.
Analytics cookies: Help us understand how visitors interact with our site (e.g. Google Analytics or equivalent). We apply IP anonymisation. These are set only with your consent.
Preference cookies: Remember your settings and choices. Set with your consent.
Marketing / targeting cookies: Used to deliver relevant content or measure campaign effectiveness. Set only with your explicit consent.
When you first visit arsenal.eu, you will be presented with a cookie consent banner allowing you to accept, reject, or customise non-essential cookies. You may change your preferences at any time via the “Cookie Settings” link in the website footer.
You may also manage cookies via your browser settings. Note that disabling certain cookies may affect website functionality.
For more information about cookies, visit allaboutcookies.org.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction, including:
Transport Layer Security (TLS/HTTPS) encryption for all data in transit
Access controls limiting data access to authorised personnel on a need-to-know basis
Periodic review of our security practices.
Secure deletion procedures for data no longer required
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware, and affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, in accordance with Article 33 and 34 GDPR.
Our services are directed at professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected] and we will delete it promptly.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
| Field | Details |
|---|---|
| Publication | The Arsenal |
| Country of incorporation | United States |
| Registered address | The Counteroffensive Media Worldwide LLC, 7901 4th St N, STE 300, St. Petersburg FL 33702 USA |
| Website | arsenal.eu |
| General enquiries | [email protected] |
| Data / GDPR requests | [email protected] |
As a US-based controller subject to GDPR, we have designated an EU Representative. EEA residents may contact our EU Representative directly regarding data protection matters:
| Field | Details |
|---|---|
| EU Representative | [INSERT NAME OF EU REPRESENTATIVE] |
| Address | [INSERT EU ADDRESS] |
| [INSERT EU REPRESENTATIVE EMAIL] |
If your query relates to your rights under GDPR, please use the subject line “GDPR Request” to ensure prompt routing. We will respond within one calendar month.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. We will publish the revised Policy on this page with an updated effective date. For material changes, we will notify subscribers by email before the change takes effect.
We encourage you to review this Policy periodically. Your continued use of our services after the effective date of a revised Policy constitutes your acknowledgement of the changes.
We make every effort to ensure the accuracy of the content on our website. However, we assume no responsibility for the content of external links. The operators of linked websites are solely responsible for their content.