Skip to content

Privacy Policy

We, Clubee S.à r.l., with registered office in Luxembourg, thank you very much for your interest in our website and our services. The protection of your personal data is very important to us. We process these data in accordance with the provisions of the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) (the GDPR), the Luxembourg Data Protection Law of 1 August 2018, the e-Privacy Law of 30 May 2005 and other applicable laws on data protection (the "Data Protection Law").

In the following, we would like to inform you about the type of personal data processed during your use of our web pages, the web platform, the associated mobile applications, and our services.

1. Data controller

The controller for data processing is Clubee S.à r.l., 412, rue de l'Industrie, L-3895 Foetz.
The data protection officer of Clubee S.à r.l. can be reached here: Clubee S.à r.l., 412, rue de l'Industrie, L-3895 Foetz.
E-mail: info@clubee.com

2. Categories of data we are processing

In the following we would like to inform you which data we are processing when you visit our web pages, use our web platform, the associated mobile applications, and more generally our services, hereinafter also referred to as “Platform”.

“Data” or “Personal data” means any information relating to an identified or identifiable natural person, hereinafter also referred to as “data subject”; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to identity of that natural person.

For the purposes of this privacy policy, you, as a user of the website and/or member of the Platform if you have created your own account, are considered as a data subject.

Processing of access data relating to the visit of our Platform: If you only access our Platform without subscribing to one of our services, you may usually do so without providing any personal data. We only store access data such as date and time of your visit, the website from which you visit us, your browser’s type and language settings, the web pages you visit on our website, the amount of data transferred and the requesting provider.

Data provided to us by you: Within the scope of your use of our services, when using our Platform, subscribing to one of our plans, when contacting us, or when subscribing to our newsletter, we process the data provided to us by you. The relevant data input form will usually indicate the type of data involved. In particular, this relates to:

  • contact details such as your name, e-mail address and postal address, and your telephone number where applicable or required;
  • payment data such as the payment method you have selected and your invoicing details if applicable or required;
  • e-commerce data such as the list of your orders and acquisitions in the clubs’ and federations’ online shops if applicable or required,
  • behavioural data such as the tasks and actions you take, as well as content you publish on our Platform;
  • demographic data such as your birthday, gender, nationality, language and others if applicable or required;

Data that we receive about you from third parties: To the extent necessary for us and where permissible under Data Protection Law, we may collect data about you from third parties.

Cookies: We use “cookies”, technical information that is stored on a user's computer, to make it more attractive for you to visit our Platform, to enable you to subscribe to our services, or to use other functions. Cookies allow us in particular to adapt our Platform to user needs by collecting statistical information about user behaviour.

Some of the cookies we use are deleted after the end of the respective browser session, i.e., after the user closes the browser (“session cookies”). Other cookies will remain on the user's device and enable us to recognise the browser upon the user's next site access (“persistent cookies”).

Cookies, which are required for the performance of electronic communication transactions, or for the provision of certain functions you want to use (e.g., for the shopping cart function) or those that are necessary for the optimization (required cookies) of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited.

The operator of the website has a legitimate interest in the storage of required cookies to ensure the technically error free and optimized provision of the operator’s services. If your consent to the storage of the cookies and similar recognition technologies has been requested, processing occurs exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR; this consent may be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.

Additional information on cookies and similar technologies used by us is found further below in this Privacy Policy and in our cookie consent tool, which also allows you to change your cookie preferences at any time. Depending on your selected settings, some functionalities of our Platform may be limited. Our cookie consent is implemented in a way that you will not receive cookies before accepting. After accepting, the exact type of cookies and data are being defined as follows: https://www.clubee.com/cookies-settings

3. Purposes of the data processing

We process your data for the following purposes:

Provision of our Platform (website / web platform / mobile applications): Where we process access data as part of your visit of our Platform, this is done to ensure problem-free operation of the Platform and to improve our offerings and services.

The legal basis for this data processing is Article 6 (1) (b) GDPR, as the processing is necessary to ensure the functionality of our Platform and to deliver their contents correctly. In addition, the data serve to optimise our websites and to ensure the security of our IT systems; in this respect, the data processing is based on Article 6 (1) (f) GDPR.

Contact: If you contact us by telephone, e-mail or via an online form, we process the data provided by you on the basis of Article 6 (1) (a) GDPR to the extent necessary to process your request and to be able to prove that you have contacted us in accordance with legal requirements. We do not pass on this data without your consent. The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies.

Contract-related data processing: If you create your own account and subscribe to one of our services through our web platform or via our mobile applications, we process the data provided by you on the basis of Article 6 (1) (b) GDPR. This is necessary to establish and manage your account and is therefore necessary for the performance of the contract of use or in order to take steps at your request prior to entering into a contract. In particular, when you create your own account

Customer support and customer service: During your subscription to our services, we may contact you via the contact data provided by you, where this should be necessary, to make suggestions to optimise your service or because of important information in connection with your subscription. The legal basis for this data processing is, as part of the performance of the contract, Article 6 (1) (b) GDPR.

Direct advertising after subscribing to our services: If you have subscribed to one of our services, we may send you information about our own similar services to the e-mail address. The legal basis for this data processing is Article 6 (1) (f) GDPR, because the advertising of related products by way of direct advertising represents a legitimate interest for us. The basis for direct advertising by e-mail is additionally Article 11 (2) of the e-Privacy law dated 30 May 2005. You may at any time object to the processing of your data for the purpose of direct marketing. We will then refrain from further processing for any such purposes.

Newsletter: If you register to receive our newsletter using the relevant function, we process the data provided by you for this purpose or the data available in your customer account, at a minimum your e-mail address, to send you our newsletters by e-mail from time to time. The legal basis for this data processing is the consent given by you when registering for our newsletter (Article 6 (1) (a), Article 7 GDPR). You will at any time be able to opt-out from the newsletter by clicking on the relevant link in our newsletter.

Marketing, web analytics and social media: We use cookies and similar technologies (such as tags or pixels) for marketing and analysis purposes, to make visiting our websites attractive for you and to enable you to use certain functions. The legal basis for this is your consent (Article 6 (1) (a), Article 7 GDPR) or the protection of our legitimate interests (Article 6 (1) (f) GDPR).

Detailed information on all cookies and similar technologies used can be found in our cookie consent tool ( https://www.clubee.com/cookies-settings ), which also allows you to change your cookie preferences at any time and to revoke your consent to the use of cookies with effect for the future. Depending on your selected settings, some functionalities of our Platform may be limited.

4. Data transfer to third parties

Your data will only be transferred to our carefully selected service providers and partner companies who are contractually obligated to comply with requirements of Data Protection Law. Otherwise, your data will only be transmitted in the event of an existing legal obligation. In the following you will find information about the companies to which we transfer data.

Transfer within affiliated companies: We may transfer your data to our affiliated companies for storage in central databases and for internal group billing and accounting purposes in connection with the conclusion and performance of the contract. The legal basis for this data processing is either Article 6 (1) (b) GDPR or Article 6 (1) (f) GDPR.

Data shared with clubs and federations: We may share your data with our affiliated clubs and federations for the purposes of managing your relationship with these organizations. The data that will be shared will generally be first name, last name, birthday, nationality, language, address, e-mail address and potentially other data that is required by your club, federation, or other affiliated organization and subject to your consent to provide this data to your club or federation. You may at any time withdraw your consent.

Transfer to service providers: We use several service providers that are working on our behalf to operate and optimise our web platform, to perform contracts and to process payment transactions. This relates, for example, to the hosting of our platform, the placement of advertising, the processing of payment transactions, the sending of newsletters as well as customer service and support. We transfer data to these service providers to the extent necessary for the provision of our services and the performance of contracts or where it serves to protect our legitimate interests. The legal basis for this data processing operations is usually Article 6 (1) (b) GDPR or Article 6 (1) (f) GDPR. These service providers mainly work for us as “processors” on our behalf and may therefore use the data provided exclusively in accordance with our instructions. We are legally responsible for appropriate data protection policies at the service providers which are processing data on our behalf and have agreed appropriate data protection and data security regimes with the service providers. Here you will find a list of our service providers:

  • "Amazon Web Services (AWS)" is a service of Amazon Web Services EMEA Sarl, 38 avenue John F. Kennedy, L-1855 Luxembourg (hereafter AWS). We use Amazon AWS as a partner for parts of our server infrastructure.
    Amazon AWS offers one of the most secure, innovative and carefully maintained data center infrastructures. This is where our servers are hosted and data is stored using very high security standards. This environment provides us with state-of-the-art security technologies to protect your data from misuse.
    When you use our service, your personal data may be processed on AWS servers. This may also result in the transfer of personal data to the parent company of AWS in the United States.
    The transfer of data to the US is based on the EU’s standard contractual clauses. For details please consult: https://aws.amazon.com/blogs/security/aws-gdpr-data-processing-addendum/.
    For more information, please see the AWS Data Privacy Policy: https://aws.amazon.com/privacy/?nc1=f_pr.

    AWS is used on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in a depiction of our platform that is as reliable as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR. This consent can be revoked at any time.
  • "Amazon CloudFront CDN" is a service of Amazon Web Services EMEA Sarl, 38 avenue John F. Kennedy, L-1855 Luxembourg.
    Amazon CloudFront CDN is a globally distributed Content Delivery Network. During these transactions, the information transfer between your browser and our website is technically routed via the Content Delivery Network. This enables us to boost the global availability and performance capabilities of our website. The use of Amazon CloudFront CDN is based on our legitimate interest in keeping the presentation of our services as error free and secure as possible (Art. 6(1)(f) GDPR). The data transfer to the United States is based on the Standard Contract Clauses of the EU Commission. You can find the details here: https://aws.amazon.com/blogs/security/aws-gdpr-data-processing-addendum/. For more information on Amazon CloudFront CDN please follow this link: https://aws.amazon.com/privacy/.
    We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our users only based on our instructions and in compliance with the GDPR.
  • "OVH" is a service of OVH Sas, 2 rue Kellermann, 59100 Roubaix, France. We use OVH as a partner for parts of our server infrastructure. OVH offers one of the most secure, innovative and carefully maintained data center infrastructures. This is where our servers are hosted and data is stored using very high security standards. This environment offers us state-of-the-art security technologies to protect your data from misuse.
    OVH is used on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in a depiction of our platform that is as reliable as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR. This consent can be revoked at any time.
    We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our users only based on our instructions and in compliance with the GDPR.
  • "Google Analytics" is a service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland for the statistical analysis of visitor access.
    Google Analytics enables us to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is assigned to the respective end device of the user. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.
    Google uses cookies (text files) that are stored on your computer and enable an anonymized analysis of your use of the website. The Google Analytics cookies are stored on the basis of Art. 6(1)(a) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. You can find more information on this topic here: https://support.google.com/analytics/answer/6004245?hl=en
    The ‘website use information’ recorded by Google is, as a rule, transferred to a Google server in the United States, where it is stored. You may revoke your consent at any time. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
    We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.
  • "Google Tag Manager" is a service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland for the statistical analysis of visitor access.
    The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
    The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR. This consent can be revoked at any time.
  • "Google Ads" is a service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland
    Google Ads enables us to display ads in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g., location data and interests; target group targeting). As the website operator, we can analyze these data quantitatively, for instance by analyzing which search terms resulted in the display of our ads and how many ads led to respective clicks.The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
  • "Google Maps" is a service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland
    To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer. In case Google Maps has been activated, Google has the option to use Google web fonts for the purpose of the uniform depiction of fonts. When you access Google Maps, your browser will load the required web fonts into your browser cache, to correctly display text and fonts.
    We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6(1)(f) GDPR. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR. This consent can be revoked at any time.
    Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en
  • "Google DoubleClick" is a service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland
    Google DoubleClick (hereinafter "DoubleClick") is used to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from being served ads more than once.
    The ads can be targeted to the interests of the respective viewer with the help of DoubleClick. For example, our advertisements can be displayed in Google search results or in advertising banners linked to DoubleClick. In order to be able to display interest-based advertising to users, DoubleClick must be able to recognize the respective viewer and associate him or her with the websites visited, clicks and other information on user behavior. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). The information collected is combined into a pseudonymous user profile in order to display interest-based advertising to the relevant user. The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR. The consent can be revoked at any time. For more information on how to object to the advertisements displayed by Google, please see the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated
  • "Mailgun" (optional) is a service provided by Mailgun Technologies Inc, 112 E. Pecan St. 1135, San Antonio, TX 78205, USA. This service can be optionally activated for you at Clubee if you wish to use this tool. Mailgun is used when you want to send e-mail marketing to your members via Clubee, and send e-mails to your members via our platform. When using this tool, the member's e-mail address is transferred to Mailgun, so that your e-mail communications can be easily distributed in large quantities using Mailgun. This tool is also used when activation links are sent from the association to members to invite them to use the platform. More information on this topic can be found here: https://www.mailgun.com/gdpr/
    We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
  • "Stripe" (optional) is a service from Stripe, 510 Townsend Street, San Francisco, CA 94103, USA. This service can be optionally activated for you at Clubee if you wish to take advantage of this tool. Stripe serves as a payment provider and can be used by the club to accept online payments from its members via credit card, SEPA direct debit, etc. For this purpose you will be asked explicitly by Stripe to create an account. This account can then be connected to Clubee.
    Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://stripe.com/privacy and https://stripe.com/guides/general-data-protection-regulation.
    Details can be found in Stripe’s Privacy Policy at the following link: https://stripe.com/privacy
  • "Bubble" is a service from Bubble Group, Inc., 1811 Silverside Road, Wilmington, New Castle County, Delaware 19801. We use Bubble to design and develop different functionalities of our platform. Bubble is used on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in a depiction of our platform that is as reliable as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR. This consent can be revoked at any time.
    More information on this topic can be found here: https://bubble.io/privacy
    We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
  • "Sentry" is a service of Sentry Inc., 45 Fremont Street, 8th floor, San Francisco, CA 94105, USA. This is an error management tool that serves to improve the technical stability of our service by monitoring system stability and identifying code errors. Sentry serves these purposes alone and does not evaluate data for advertising purposes. User data, such as details of the device or the time of the error, are collected anonymously and are not used in a personalised manner and are subsequently deleted.
    Details of this can be found in Sentry's privacy policy at the following link: https://sentry.io/privacy/
    The data transfer to the United States is based on the Standard Contract Clauses of the EU Commission.
    You can find the details here: https://sentry.io/legal/dpa/
  • ”Vercel” is a service provided by Vercel Inc, 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel is a cloud platform through which we provide our platform. The data processing is based on Art. 6 (1)(f) GDPR. The data transfer is necessary so that you can use our website.
    This means that your visit to our website is processed or passed through Vercel's servers. The data associated with your visit to our website is also transmitted to Vercel. This is necessary in order for your browser request to be processed successfully. This data may include the browser type/version, the operating system used, the referrer URL (the previously visited page), the IP address, the time of the server request and cookies.
    Depending on the server location, this data may also be transferred to the USA. We have concluded an order processing contract with Vercel. In addition, Vercel is certified under the EU-US data protection agreement and thus obliged to comply with EU data protection requirements.
    You can find Vercel's privacy policy at https://vercel.com/legal/privacy-policy.
  • ”Printful” is a service provided by Printful,Inc. 11025 Westlake Drive, Charlotte, C28273, USA. We use Printful for the provision and shipping processing of goods ordered via the online stores of the clubs. Name, address and, if applicable, other personal data will be passed on to Printful in accordance with Art. 6(1)(b) GDPR exclusively for the purpose of processing the online order. Your data will only be passed on to the extent that this is actually necessary for the processing of the order. Details on the data protection of Printful and the privacy policy of Printful, Inc. are available at https://www.printful.com/policies/privacy
  •  
  • ”Vimeo” is a service of Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages equipped with a Vimeo video, a connection to the Vimeo servers is established. In the process, the Vimeo server is informed which of our pages you have visited. In addition, Vimeo obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA. If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account. To recognize website visitors, Vimeo uses cookies or comparable recognition technologies (e.g. device fingerprinting). The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR. The consent can be revoked at any time. The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests". Details can be found here: https://vimeo.com/privacy. For more information on how we handle user data, please see Vimeo's privacy policy at: https://vimeo.com/privacy.
  • ”YouTube” is a service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland
    When you visit one of our websites on which YouTube is embedded, a connection to the YouTube servers is established. In the process, the YouTube server is informed which of our pages you have visited. Furthermore, YouTube may store various cookies on your end device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts. If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If a corresponding consent has been requested, the processing is based exclusively on Art. 6(1)(a) GDPR. The consent can be revoked at any time. For more information on the handling of user data, please refer to YouTube's privacy policy at: https://policies.google.com/privacy?hl=en.

Payment transactions: The respective payment service provider or bank receives the necessary payment data for the processing of payment transactions. The legal basis for the data processing is Art. 6(1) (b) GDPR. Generally, however, you enter this information directly in the input window of the respective payment service provider or bank. In these cases, we do not receive and store any payment data.

Transfer to third countries: Specific legal requirements apply to the transfer of personal data out of the EEA. The “transfer” of data includes sending data to another country or allowing that data to be accessed remotely in another country, regardless of whether Clubee transfers personal data outside the EEA itself or a data processor does so when acting on Clubee’s behalf. Personal data must not be transferred outside the EEA unless the recipient country ensures an adequate level of protection for the rights and freedoms of data subjects. This requirement can be satisfied by:

  • the recipient country having been subject to an “adequacy determination” by the European Commission (such as Canada and Israel);
  • the entry into a data transfer agreement between the Company and the non-EEA recipient of the personal data which contains standard contractual clauses that have been approved by the European Commission; or
  • Clubee will ensure that any transfer outside the EEA will be subject to appropriate safeguards or is otherwise permitted under applicable law. You may obtain a copy of these safeguards by contacting Clubee.

Transfer to other third parties: Apart from the above mentioned transfers, we only transfer your data to third parties or to official authorities if we are legally obligated to do so under existing Data Protection Law, such as due to official or court orders, or if we are entitled to do so, e.g., because it is necessary for the exercise or enforcement of our rights or claims. The legal basis for the respective data processing in these cases is Art. 6 (1) (c) GDPR or Art. 6 (1) (f) GDPR.

5. General information

Retention of data: Personal data must not be retained for longer than is necessary for the lawful purposes for which it is processed. To achieve this, each category of personal data processed by us must be subject to a retention period which can be justified by reference to those lawful grounds. Retention periods must be monitored and, upon their expiry, the relevant personal data must be deleted or anonymised (so that it is no longer possible to identify the data subject to whom the personal data relates). Some data will need to be kept for longer periods than others, for example where it is necessary to retain certain records in order for the Company to comply with its legal obligations.

Personal data must be disposed of securely in a way that protects the rights and privacy of data subjects and ensures the permanent erasure of the data (e.g. shredding, disposal as confidential waste, or secure electronic deletion).

SSL and/or TLS encryption: For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.
If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

6. Your data protection rights

As a visitor of our Platform and as a user of our services, you are entitled to various rights granted by the GDPR. Please use the information in the Contact section to assert your rights against us and make sure that we are able to clearly identify your person.

In the following we explain your essential rights as a data subject.

Right of confirmation and access: A data subject has the right, granted by the GDPR, to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed; where that is the case, the data subject has a right of access to the personal data and to further information to the extent provided for by law.

Right to rectification: A data subject has the right, granted by the GDPR, to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. In this respect, taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (“right to be forgotten”): A data subject has the right granted by the GDPR to obtain from the controller the erasure of personal data concerning him or her without undue delay; the controller has the obligation to erase personal data without undue delay where one of the grounds provided for by law applies and where the processing is not necessary. Excluded from the right to erasure are, for example, stored data relating to business processes that are subject to the legal obligation to retain data.

Right to restriction of data processing: As a data subject, you have the right, granted by the GDPR, to obtain from the controller restriction of processing where one of the conditions provided by law is met.

Right to object: As a data subject, you have the right, granted by the GDPR, to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you by us as controller; we will then no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as a data subject or for the establishment, exercise or defence of legal claims. If personal data is being processed in order to engage in direct advertising, you have the right to object to the processing of your affected personal data for the purposes of such advertising at any time. This also applies to profiling to the extent that it is affiliated with such direct advertising. If you object, your personal data will subsequently no longer be used for direct advertising purposes (objection pursuant to Art. 21(2) GDPR).

Right to data portability: As a data subject, you have the right, as granted by the GDPR, to receive the personal data concerning you which you have provided to us as controller in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us as controller to which the personal data have been provided, subject to the conditions provided for by law.

Revocation of consent: Where you may have given us your consent to process your data within the scope of your use of our Platform or as part of the use of our services, you may withdraw such consent at any time with effect for the future. The lawfulness of the processing of your data before your withdrawal remains unaffected. After receipt of your withdrawal by us, we will stop the relevant use of the data without delay. Where the use of the data was necessary for the provision of our services, there may be restrictions in relation to your use of our services.

7. Complaints to supervisory authorities

In the event of complaints regarding the processing of your data, you have the right to contact the competent supervisory authorities. You may do so by contacting the data protection authority responsible for your place or state of residence or the data protection authority responsible for us, which is the National Commission for Data Protection (CNPD), 15, Boulevard du Jazz, L-4370 Belvaux (https://cnpd.public.lu).

8. Notices

These Privacy Policies were written in English, and translated into other languages for visitors and Customers/Users convenience. Visitors and Customers/Users may access and view other language versions by changing Customers/Users Clubee website language settings. If a translated (non-English) version of these Privacy Policies conflicts in any way with their English version, the provisions of the English version shall prevail.

We may provide Customers/Users with notices via our Services, by e-mail or through any other contact means Customers/Users provided us.

The Clubee Privacy Policy, and Customers/Users use of the Clubee Services, do not, and shall not be construed to create any partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between Clubee and their Customers/Users.

Clubee may transfer and assign its rights and/or obligations hereunder and/or transfer ownership rights and title in the Clubee Services and/or Licensed Content to a third party, without Customers/Users consent or prior notice to Customers/Users. Customers may not assign or transfer any of Customers rights and obligations hereunder without the prior written consent of Clubee. Any attempted or actual assignment thereof without Clubee's prior explicit and written consent will be null and void.