Join us on Facebook
Join us on Discord
Follow us on Instagram
More clubs in Belgium
Privacy & Cookie Policy
Last updated: 8 November 2025
1. Introduction
D&D Gent VZW (“we,” “us,” or “our”) operates a website and online community that organizes real-life tabletop role-playing sessions and related events.
This Privacy & Cookie Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable Belgian privacy laws.
2. Data Controller
D&D Gent VZW
Filips de Goedekaai 20 bus 0301
9000 Gent, Belgium
Enterprise number: 1014.695.026 – RPR Gent
Email: privacy@dnd.gent
3. Personal Data We Collect
When you interact with our website or participate in our activities, we may collect and process the following categories of personal data:
- Identification Data: First name, last name
- Contact Data: Email address, postal code, country
- Demographic Data: Date of birth (to verify eligibility for events)
- Account and Authentication Data: Unique social login identifiers (Google, Facebook, Discord) and avatar image
- Guardian Information (for minors): Name and contact details of a legal guardian when required by law
- Technical Data: Cookies, IP address, browser type, and analytics data (see section 8)
4. How We Collect Your Data
We collect personal data when you:
- Create an account or sign in using Google, Facebook, or Discord
- Register for or cancel participation in D&D sessions or events
- Give consent to receive newsletters or marketing communications
- Contact us by email or other communication channels
5. Legal Bases for Processing
We process your personal data based on one or more of the following legal grounds:
- Performance of a contract (Article 6(1)(b) GDPR): to manage your account and process event registrations
- Compliance with a legal obligation (Article 6(1)(c)): when we must retain certain information for recordkeeping or liability purposes
- Consent (Article 6(1)(a)): for sending marketing emails, using non-essential cookies, or processing minors’ data with guardian consent
- Legitimate interest (Article 6(1)(f)): to ensure the security and proper functioning of our platform
You may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.
6. How We Use Your Data
We use your personal data for the following purposes:
- Account Management: To create and manage your user account and maintain your membership
- Event Registration: To process and manage your registrations, waiting lists, and attendance
- Communication: To send transactional emails (e.g., confirmations, cancellations) and, with your consent, marketing updates or newsletters
- Community Features: To display your avatar publicly within the community platform
- Legal Compliance and Security: To comply with applicable laws and prevent unauthorized access or misuse
We do not sell or share your personal data with third parties for commercial purposes.
7. Data Storage and Security
Your data is securely stored on AWS (Amazon Web Services) servers located in the EU (eu-central-1 region).
We implement the following security measures:
- Encryption: All stored data is encrypted using AES-256
- Access Controls: We apply the principle of least privilege (PoLP)
- Secure Transmission: All communication between your browser and our servers is protected via HTTPS (TLS)
Although we maintain high standards of security, no system is entirely immune to breaches.
In case of a data breach, we will notify you and the relevant supervisory authority as required by law.
8. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to improve your experience, analyze traffic, and remember your preferences.
8.1 What Are Cookies?
Cookies are small text files stored on your device that help websites remember certain information about your visit.
They can be first-party (placed by us) or third-party (placed by external services such as analytics tools).
8.2 Types of Cookies We Use
| Type | Purpose | Example |
|---|---|---|
| Essential cookies | Required for the website to function properly (e.g., login sessions, security) | Authentication cookies |
| Analytics cookies | Help us understand how visitors use our site | Google Analytics |
| Preference cookies | Remember user choices such as cookie consent | Cookie consent manager |
8.3 Google Analytics
We use Google Analytics (EU data region) to collect anonymized usage data.
IP addresses are truncated, and no personally identifiable information is shared with Google.
Google acts as a data processor under the Google Data Processing Agreement compliant with GDPR.
8.4 Cookie Consent
- Non-essential cookies (such as analytics) are only placed after you give consent via our cookie banner.
- You can withdraw or change your cookie preferences at any time through the cookie manager on our website.
- Most browsers also allow you to delete or block cookies through their settings.
9. Data Retention
We retain personal data for a maximum of one (1) year after your last interaction with our platform or events, unless longer retention is required by law.
After this period, your data will be anonymized or securely deleted.
You may request anonymization or deletion at any time by contacting privacy@dnd.gent.
10. Data Sharing and Processors
We only share personal data with trusted service providers who process it on our behalf and under strict confidentiality agreements. These include:
- AWS (Amazon Web Services) – Cloud hosting (EU)
- Google Analytics – Website analytics (EU data region)
- Google Sheets – Internal organization and event management
- Cognito Forms – Form submissions and registration data
Each processor complies with GDPR requirements, and data is stored within the EEA where possible.
If any transfer occurs outside the EEA, it is covered by Standard Contractual Clauses (SCCs) approved by the European Commission.
11. Minors
If you are under 16 years old, you may only register or participate with the explicit consent of a parent or legal guardian.
We collect and store the guardian’s name and contact information solely for verification and safety purposes.
12. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Access: Obtain a copy of the data we hold about you
- Rectification: Correct inaccurate or incomplete data
- Erasure (“Right to be Forgotten”): Request deletion of your personal data
- Restriction: Limit the processing of your data in specific cases
- Portability: Receive your data in a structured, commonly used, machine-readable format
- Objection: Object to processing based on legitimate interests or to direct marketing
- Withdrawal of Consent: Withdraw consent at any time (for cookies or newsletters)
To exercise any of these rights, contact us at privacy@dnd.gent.
We will respond within 30 days of receiving your request.
If you believe your data has been mishandled, you also have the right to lodge a complaint with the Gegevensbeschermingsautoriteit (GBA/APD):
https://www.gegevensbeschermingsautoriteit.be
13. Marketing Communications
You may choose to receive updates about future sessions, events, and community news by subscribing to our newsletter.
We will only send these communications with your explicit consent, and each message will include an unsubscribe link.
You can withdraw consent or unsubscribe at any time.
14. Changes to This Policy
We may update this Privacy & Cookie Policy periodically.
The latest version will always be available on https://dnd.gent, with the “Last updated” date clearly indicated.
Significant changes will be communicated via email or on our platform.