Data Protection Policy – BoardQuest

1. Introduction

At BoardQuest, protecting the privacy and personal data of our members, visitors, and participants is a top priority. Our club is a place where people gather to enjoy board games, tournaments, workshops, and community events. This Data Protection Policy explains how we collect, process, store, and safeguard personal information when you engage with our club activities, register as a member, or attend our events.

2. Scope of the Policy

This policy applies to all personal data collected by the Board Games Club, whether gathered directly during in-person registration, at events, through membership applications, or via digital communication platforms. It covers data of members, visitors, suppliers, and staff, ensuring consistent standards of privacy protection.

3. Data We Collect

• Identity Data: name, surname, date of birth, and membership ID.
• Contact Information: phone number, email address, and optional home address.
• Membership Records: subscription details, attendance history, and participation in tournaments or events.
• Payment Information: transaction records for membership fees, event tickets, or purchases, processed securely.
• Participation Data: records of board games played, achievements in tournaments, and attendance in workshops.
• Security Data: access logs, photographs, or video recordings for safety and event promotion (with consent).
• Communication Data: messages, feedback, or inquiries submitted to club organizers.
• Marketing Preferences: consented options regarding newsletters or upcoming events.

Sensitive data is collected only when strictly necessary and always with explicit consent.

4. Purposes of Processing

• Membership Administration: creating and managing accounts, verifying identity, and maintaining accurate records.
• Event Organization: registering players, arranging tournaments, and tracking results.
• Payment Handling: processing membership dues and other fees securely.
• Club Services: ensuring smooth participation in board games, community events, and educational workshops.
• Security and Safety: protecting club property, preventing misuse, and ensuring a safe environment for all.
• Communication: responding to inquiries, informing members about schedules, and handling service requests.
• Marketing (with consent): sending newsletters, invitations, and promotions about club activities.
• Legal Compliance: fulfilling obligations required by applicable laws and regulations.

5. Legal Basis for Processing

• Contractual necessity – to deliver services such as memberships and event participation.
• Consent – for optional activities such as promotional photos or newsletters.
• Legitimate interest – to improve club activities and maintain security.
• Legal obligation – where compliance with legal frameworks is required.

6. Data Retention

Personal data will be retained only as long as necessary for the purposes outlined. Membership details are kept for the duration of active participation, while payment and accounting records may be stored longer to comply with financial regulations. Once data is no longer required, it will be deleted or anonymized.

7. Data Sharing

The club does not sell or trade personal data. Data may be shared only when necessary, including with:

• Service Providers: for payment processing or IT support.
• Event Partners: co-hosts or tournament sponsors, limited to relevant details.
• Authorities: if required by law or legal processes.
• Authorized Personnel: internal staff handling administration or security.

All third parties are contractually obliged to follow strict confidentiality and data protection standards.

8. Data Security

• Restricted access to personal data.
• Secure storage systems with technical protection.
• Encryption of sensitive information.
• Staff training on data protection practices.
• Regular review of security procedures.

9. Children’s Data

If the club admits younger participants, parental or guardian consent will always be required for registration and participation. We do not knowingly collect or process personal information of minors without such consent.

10. Member Rights

• Access their personal data held by the club.
• Correct or update inaccurate information.
• Request deletion of their data when legally permissible.
• Object to specific processing activities.
• Withdraw consent for optional uses such as marketing.
• Request data portability in applicable cases.

Requests should be directed to the club’s management, and verification of identity may be required.

11. Updates to This Policy

This policy may be updated to reflect operational or legal changes. Members will be notified of significant updates. Continued use of club services will be regarded as acceptance of any changes.