Privacy Policy

Your privacy matters. We process personal data in line with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Controller

KEYHOLE CLUB CONGRESS
c/o Leonard Berinson & Kean Farrar
info@keyhole.cc

2. Purpose and Categories of Data

We process personal data only as needed to provide this website and related services. This includes:

• Newsletter: email address (and optional name/preferences)
• Website operation/security: server log data (IP address, date/time, referrer, user agent, requested URL)
• Communication: data you send us by email or forms

3. Newsletter via MailerLite

When you subscribe, we use the double opt-in procedure: you receive a confirmation email and your subscription becomes active only after you click the link. We use MailerLite for sending newsletters.

Processor: MailerLite Limited, North Wall Quay, Dublin 1, Ireland. We have a Data Processing Agreement (Art. 28 GDPR) with MailerLite. According to MailerLite, data is processed within the EU or under appropriate safeguards.

Legal basis: Art. 6(1)(a) GDPR (consent). You can withdraw your consent at any time via the unsubscribe link in every newsletter. After unsubscribing, your data is deleted unless statutory retention obligations apply.

4. Hosting & Server Logs

Our website is hosted on GitHub Pages (GitHub, Inc., USA). GitHub provides static hosting and may process technical data (e.g., IP address, user agent, timestamp, requested resource) in server or edge/CDN logs to deliver the site securely and reliably. GitHub may use sub-processors such as content delivery networks to provide the service.

We have concluded a data processing arrangement where applicable. If data is transferred outside the EU/EEA, this is done on the basis of appropriate safeguards, such as the EU Standard Contractual Clauses (Art. 46 GDPR).

Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in secure, efficient website delivery).

5. Cookies

We may use essential cookies to provide core functions (e.g., form submissions). You can configure your browser to block cookies or to delete them automatically. If we deploy any non-essential cookies in the future (e.g., analytics/marketing), we will request your prior consent via a banner (Art. 6(1)(a) GDPR).

6. Data Recipients

We only share data with processors we have contracted under Art. 28 GDPR (e.g., hosting, MailerLite) and only as required to provide our services. No sale of personal data.

7. Retention

We retain personal data only as long as necessary for the respective purpose or as required by statutory retention periods. After the purpose ceases or retention expires, data is deleted or anonymized.

8. Your Rights

• Access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17)
• Restriction (Art. 18), portability (Art. 20)
• Objection (Art. 21) where processing is based on legitimate interests
• Withdrawal of consent at any time (Art. 7(3)) with future effect

You also have the right to lodge a complaint with a supervisory authority, e.g., your local German Data Protection Authority.

9. International Transfers

If in individual cases data is transferred outside the EU/EEA, we ensure appropriate safeguards (e.g., Standard Contractual Clauses) in accordance with Art. 44 et seq. GDPR.

10. Contact

For questions about this Privacy Policy or to exercise your rights, contact us at the details above.

11. Updates

We may update this Privacy Policy to reflect changes in law or our services. The version date is indicated at the top.