GDPR Compliance Notice

Introduction

This GDPR Compliance Notice explains how MiniHeroClub complies with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and how personal data of users located in the European Economic Area (EEA) is collected, processed, and protected.

Data Controller

For the purposes of GDPR, MiniHeroClub acts as the data controller and determines the purposes and means of processing personal data in connection with its services.

Personal Data We Collect

We may collect limited personal data including name, email address, submitted messages, and basic usage data when users interact with our website, contact forms, or AI-powered discovery features.

Purposes of Processing

Personal data is processed for purposes such as responding to user inquiries, improving platform performance, personalizing discovery results, maintaining service security, and developing MiniHero AI recommendations.

Legal Bases for Processing

Processing of personal data is based on one or more of the following legal grounds under GDPR: user consent, performance of a contract or pre-contractual steps, compliance with legal obligations, and legitimate interests pursued by MiniHeroClub.

Data Sharing and Transfers

Personal data is not sold or shared with third parties for commercial purposes. Data may be shared with trusted service providers solely for technical and operational needs, under strict confidentiality and GDPR-compliant safeguards.

International Data Transfers

If personal data is transferred outside the European Economic Area, such transfers are carried out using appropriate safeguards, including standard contractual clauses approved by the European Commission.

Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws. Data is securely deleted or anonymized thereafter.

Data Subject Rights

Under GDPR, users have the right to access, rectify, erase, restrict processing, object to processing, and request data portability of their personal data. Users also have the right to withdraw consent at any time.

Exercising Your Rights

Requests regarding personal data rights can be submitted by contacting us at info@miniheroclub.net. Requests will be reviewed and responded to within the timeframes required by GDPR.

Data Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure, including secure infrastructure and access controls.

Updates to This Notice

This GDPR Compliance Notice may be updated from time to time to reflect changes in legal requirements or our data processing practices. The most current version will always be available on this page.