Join us on Facebook
Join us on Discord
Follow us on Instagram
More clubs in Belgium
Privacy & Cookie Policy
Last updated: 20 December 2025
1. Introduction
D&D Gent VZW (“we,” “us,” or “our”) operates a website and online community that organizes real-life tabletop role-playing sessions and related events.
This Privacy & Cookie Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable Belgian privacy laws.
2. Data Controller
D&D Gent VZW
Filips de Goedekaai 20 bus 0301
9000 Gent, Belgium
Enterprise number: 1014.695.026 – RPR Gent
Email: privacy@dnd.gent
3. Personal Data We Collect
When you interact with our website or participate in our activities, we may collect and process the following categories of personal data:
- Identification Data: First name, last name.
- Contact Data: Email address, postal code, country.
- Demographic Data: Date of birth (to verify eligibility for events).
- Authentication Data: We collect your email address to send secure, one-time login links ("magic links"). For social logins, we collect unique identifiers from Google, Facebook, or Discord and your avatar image.
- Guardian Information (for minors): Name and contact details of a legal guardian when required by law.
- Technical Data: Cookies, IP address, browser type, and analytics data.
4. Protection of Minors
We are committed to protecting the privacy of children. In accordance with the Belgian Data Protection Act of 30 July 2018:
- Age of Consent: Users aged 13 and older can legally provide their own consent for our digital services.
- Users Under 13: If you are under the age of 13, you may only use our services and provide personal data with the explicit authorization of a parent or legal guardian.
- Verification: We reserve the right to request proof of age or guardian consent. If we discover that we have collected data from a child under 13 without verifiable parental consent, we will delete that information immediately.
5. How We Collect Your Data
We collect personal data when you:
- Request a Magic Link: When you enter your email to log in, we use this to authenticate you. If no account exists for that email, an account is automatically created to facilitate your access to our services.
- Sign in using Google, Facebook, or Discord.
- Register for or cancel participation in D&D sessions or events.
- Give consent to receive newsletters or marketing communications.
- Contact us by email or other communication channels.
6. Legal Bases for Processing
We process your personal data based on one or more of the following legal grounds:
- Performance of a contract (Article 6(1)(b) GDPR): to manage your account, process event registrations, and provide secure authentication via magic links.
- Compliance with a legal obligation (Article 6(1)(c)): when we must retain certain information for recordkeeping or liability purposes.
- Consent (Article 6(1)(a)): for sending marketing emails, using non-essential cookies, or processing minors' data with guardian consent.
- Legitimate interest (Article 6(1)(f)): to ensure the security and proper functioning of our platform.
7. How We Use Your Data
We use your personal data for the following purposes:
- Account Management: To create and manage your user account, maintain membership, and facilitate passwordless authentication.
- Event Registration: To process and manage registrations, waiting lists, and attendance.
- Communication: To send transactional emails via Mailgun (e.g., magic links, confirmations) and, with your consent, marketing updates.
- Community Features: To display your avatar publicly within the community platform.
- Legal Compliance and Security: To comply with applicable laws and prevent unauthorized access or misuse.
8. Data Storage and Security
Your data is securely stored on AWS (Amazon Web Services) servers located in the EU (eu-central-1 region).
We implement the following security measures:
- Encryption: Stored data is encrypted using AES-256.
- Access Controls: We apply the principle of least privilege (PoLP).
- Secure Transmission: All communication is protected via HTTPS (TLS).
9. Cookies and Tracking Technologies
9.1 Types of Cookies We Use
| Type | Purpose | Example |
|---|---|---|
| Essential | Required for the website to function properly (e.g., login sessions, security) | Authentication cookies |
| Analytics | Help us understand site usage via Google Analytics | Google Analytics |
| Preference | Remember user choices such as cookie consent | Consent manager |
10. Data Retention
We retain personal data for a maximum of one (1) year after your last interaction with our platform or events. After this period of inactivity, your account and personal data will be automatically deleted or anonymized. You may also request manual deletion at any time by contacting privacy@dnd.gent.
11. Data Sharing and Processors
We share data only with trusted providers under strict confidentiality agreements:
- AWS (Amazon Web Services): Cloud hosting (EU).
- Mailgun: Transactional email delivery for magic links (EU servers).
- Google Analytics: Website analytics (EU data region).
- Google Sheets / Cognito Forms: Internal organization and event registration.
12. Your Rights
Under the GDPR, you have the right to Access, Rectification, Erasure, Restriction, Portability, and Objection regarding your data. You may withdraw consent at any time. To exercise these rights, contact us at privacy@dnd.gent. We will respond within 30 days.
If you believe your data has been mishandled, you have the right to lodge a complaint with the Belgian Data Protection Authority (GBA/APD): https://www.gegevensbeschermingsautoriteit.be.
13. Changes to This Policy
Significant changes will be communicated via email or on our platform. The latest version is always available at https://dnd.gent.