Se connecter S'abonner

GDPR

GDPR
Photo by Tingey Injury Law Firm / Unsplash

Privacy Policy

This privacy policy informs you about the type, scope, and purpose of processing personal data (hereafter “data”) within our online offerings and associated websites, functions, content, and external online presences, such as our social media profiles (hereafter collectively referred to as “Online Offering”). The terms used, such as “processing” or “controller,” follow the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

MAGICA Club Lëtzebuerg
1, rue de la Forge, L-3322 Bivange
Email: [email protected]
Telephone: 691 302 584
Account: IBAN LU14 0019 6900 0379 0000, BIC BCEELULL

Types of Data Processed

  • Inventory data (e.g., names, addresses)
  • Contact data (e.g., email, phone numbers)
  • Content data (e.g., text entries, photos, videos)
  • Usage data (e.g., visited websites, content interests, access times)
  • Meta-/communication data (e.g., device information, IP addresses)

Categories of Data Subjects

Visitors and users of the Online Offering (hereafter collectively referred to as “users”).

Purpose of Processing

  • Providing the Online Offering, its functions, and content
  • Responding to contact requests and communicating with users
  • Security measures
  • Reach measurement / marketing

Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data, whether automated or not.
  • Pseudonymization: Processing personal data so that it cannot be attributed to a specific individual without additional information.
  • Profiling: Automated processing of personal data to evaluate personal aspects relating to a natural person.
  • Controller: Person or entity determining the purpose and means of processing personal data.
  • Processor: Person or entity processing personal data on behalf of the controller.
  • Consent: Art. 6(1)(a) & Art. 7 GDPR
  • Contract: Art. 6(1)(b) GDPR
  • Legal obligation: Art. 6(1)(c) GDPR
  • Legitimate interests: Art. 6(1)(f) GDPR
  • Vital interests: Art. 6(1)(d) GDPR

Security Measures

We implement technical and organizational measures according to Art. 32 GDPR to ensure appropriate security of data, including confidentiality, integrity, availability, and access control.

Cooperation with Processors and Third Parties

Data is shared with third parties only on legal grounds, with consent, or under legitimate interest. Contracts with processors follow Art. 28 GDPR.

Data Transfers to Third Countries

Transfers outside the EU/EWR occur only under GDPR conditions, such as adequacy decisions, Privacy Shield, or Standard Contractual Clauses.

Rights of Data Subjects

  • Right to access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure / restriction (Arts. 17 & 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to lodge a complaint (Art. 77 GDPR)

You may withdraw consent at any time with effect for the future (Art. 7(3) GDPR).

Right to Object

You may object to future processing at any time, especially for direct marketing (Art. 21 GDPR).

Cookies and Direct Marketing

Cookies store small files on user devices. Temporary (session) cookies are deleted when the browser closes; persistent cookies remain longer. Users can disable cookies in browser settings. Opt-out for marketing cookies is possible via aboutads.info or youronlinechoices.com.

Data Deletion

Data is deleted or restricted according to Arts. 17 & 18 GDPR. Retention may be required by law (Germany: 6–10 years; Austria: 7–22 years).

Provision of Statutory and Business Services

We process data of members, supporters, customers, etc., based on contracts or legitimate interests (administration, PR). Data includes personal, contact, contract, and payment data. Data is deleted when no longer needed.

Registration

Users can create accounts. Data processed includes login info and email. IP addresses and timestamps are stored for security purposes and deleted after 7 days.

Comments and Subscriptions

  • IPs may be stored for 7 days to prevent abuse.
  • Users can subscribe to follow-up comments (Double Opt-In).
  • Newsletter subscriptions use Mailbullet with GDPR-compliant handling.

Third-Party Services

  • Akismet: Spam filtering, stores comment data temporarily.
  • Emojis/Smilies: Served by Automattic servers, IPs collected.
  • Google Analytics: IP anonymized; data used for website analysis.
  • Tinybird: Visitor statistics.
  • Social Media: Facebook, Twitter, Instagram, YouTube, Vimeo, Google Maps. Data handled according to their privacy policies.

Contact

Data provided via contact forms, email, phone, or social media is processed for communication and stored in CRM systems.

Generated with Datenschutz-Generator.de by RA Dr. Thomas Schwenke
https://datenschutz-generator.de/