Privacy Policy
Last updated: January 2025
GDPR Compliance Statement: Wave2.Club is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy outlines your rights and our responsibilities regarding your personal data.
1. Introduction
Wave2.Club ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our synchronized mobile light show platform.
For the purposes of applicable data protection laws, including the EU General Data Protection Regulation (GDPR), Wave2.Club is the data controller of your personal information.
2. Information We Collect
2.1 Personal Information
We may collect the following personal information when you register or use our service:
- Name and email address
- Account credentials
- Event creation and participation data
- Communication preferences
- Payment information (processed securely through third-party providers)
2.2 Technical Information
We automatically collect certain technical information:
- Device type, operating system, and browser information
- IP address and general location data
- Usage patterns and interaction data
- Performance and error logs
- Cookies and similar tracking technologies
2.3 Event Participation Data
When you participate in events, we may collect:
- Device synchronization data
- Participation timestamps
- Event engagement metrics
- Device capabilities and performance data
2.4 Special Categories of Data
We do not intentionally collect any special categories of personal data (such as information about your health, race, ethnicity, political opinions, religious beliefs, sex life or sexual orientation) unless you explicitly provide such information (for example, in accessibility requirements for events).
3. Legal Basis for Processing
Under the GDPR and applicable data protection laws, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:
| Processing Activity | Data Categories | Legal Basis | Explanation |
|---|---|---|---|
| Account registration and management | Name, email, credentials | Contract Performance | Necessary to provide you with our services per our Terms of Service |
| Event synchronization and delivery | Device data, timing information | Contract Performance | Core functionality needed to provide synchronized events |
| Payment processing | Payment information | Contract Performance | To process transactions you request |
| Customer support | Contact information, usage data | Legitimate Interest | To provide assistance and resolve issues |
| Service improvement | Usage analytics, performance data | Legitimate Interest | To enhance our platform and user experience |
| Security monitoring | Technical data, access logs | Legitimate Interest | To protect our systems and users from fraud and abuse |
| Marketing communications | Contact information, preferences | Consent | You can opt in/out of these communications at any time |
| Regulatory compliance | Account and transaction data | Legal Obligation | To comply with applicable laws and regulations |
3.1 Legitimate Interest Assessment
Where we rely on legitimate interests, we have conducted balancing tests to ensure that our interests do not override your fundamental rights and freedoms. You can request information about these assessments by contacting us.
4. Information Sharing and Disclosure
4.1 We Do Not Sell Your Data
We do not sell, rent, or trade your personal information to third parties for their commercial purposes.
4.2 Data Processors and Sub-processors
We share your information with the following categories of service providers who process data on our behalf:
- Cloud Infrastructure: AWS (Amazon Web Services) - USA (EU data stored in EU region)
- Payment Processing: Paddle - UK (with appropriate safeguards)
- Analytics: Google Analytics - USA (with EU-US Data Privacy Framework)
- Customer Support: Zendesk - USA (with EU-US Data Privacy Framework)
- Email Service: SendGrid - USA (with EU-US Data Privacy Framework)
All processors are bound by data processing agreements that comply with GDPR Article 28 requirements.
4.3 Legal Requirements and Protection
We may disclose your information when required by law, court order, or government request, or to protect our users, service, or the public from harm.
4.4 Business Transfers
In connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your personal information.
5. Data Security
We implement technical and organizational measures to protect your information:
- Encryption of data in transit (TLS/SSL) and at rest (AES-256)
- Regular security assessments and penetration testing
- Security incident response procedures
- Employee security training and confidentiality agreements
- Regular backup and disaster recovery testing
6. Data Retention
We retain your information only for as long as necessary to fulfill the purposes for which it was collected:
| Data Category | Retention Period | Justification |
|---|---|---|
| Account Information | Until account deletion + 30 days | To provide services and allow recovery period |
| Event Data | 24 months after event completion | For analytics, support, and service improvement |
| Technical Logs | 90 days | For security, troubleshooting, and performance monitoring |
| Payment Records | 7 years | Tax and financial regulatory compliance |
| Marketing Preferences | Until consent withdrawn | To respect communication preferences |
| Support Communications | 3 years | To maintain service history and improve support |
7. Your Data Protection Rights
Under the GDPR and similar regulations, you have specific rights regarding your personal data:
- Right to Access: You can request a copy of all personal data we hold about you.
- Right to Rectification: You can request correction of inaccurate or incomplete data.
- Right to Erasure (Right to be Forgotten): You can request deletion of your personal data when it's no longer necessary, when you withdraw consent, or when there's no legitimate basis for processing.
- Right to Restriction of Processing: You can request that we limit how we use your data.
- Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format.
- Right to Object: You can object to processing based on legitimate interests, direct marketing, or research/statistical purposes.
- Rights related to Automated Decision Making and Profiling: You have the right not to be subject to decisions based solely on automated processing that produce legal or similar significant effects.
- Right to Withdraw Consent: You can withdraw previously given consent at any time.
7.1 How to Exercise Your Rights
To exercise any of these rights, please contact our Data Protection Officer at dpo@wave2.club. We will respond to your request within 30 days. If we need to extend this period, we'll notify you.
We may need to verify your identity before processing certain requests to ensure your data security.
7.2 Complaint Procedure
If you believe we are not processing your data in accordance with this policy or applicable law:
- Contact us directly at privacy@wave2.club to resolve the issue.
- If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.
For EU residents, you can find your national data protection authority through the European Data Protection Board.
8. Cookies and Tracking Technologies
8.2 Managing Cookie Preferences
You can set and update your cookie preferences at any time:
- Through our Cookie Consent Banner when you first visit our site
- By clicking the "Cookie Settings" link in the footer of our website
- By adjusting settings in your browser (see browser help for instructions)
| Name | Provider | Purpose | Expiry | Category |
|---|---|---|---|---|
| session | wave2.club | Maintains session state | Session | Necessary |
| auth_token | wave2.club | Authentication | 30 days | Necessary |
| _ga | Analytics | 2 years | Performance | |
| _gid | Analytics | 24 hours | Performance | |
| ui_preference | wave2.club | User preferences | 1 year | Functional |
9. International Data Transfers
Wave2.Club operates globally, which means your information may be transferred to and processed in countries outside your country of residence, including the United States.
9.1 Safeguards for International Transfers
When transferring data from the European Economic Area (EEA), UK, or Switzerland to countries without adequate data protection as determined by the European Commission, we implement appropriate safeguards:
- EU-US Data Privacy Framework: We participate in the EU-US Data Privacy Framework for certain transfers
- Standard Contractual Clauses (SCCs): We use European Commission-approved contractual clauses
- Supplementary Measures: Including encryption, pseudonymization, and access controls
- Data Localization: Where possible, EEA user data is stored on servers within the EEA
You can request a copy of the safeguards we use for specific transfers by contacting our Data Protection Officer.
10. Children's Privacy
Wave2.Club is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will delete that information promptly.
11. Automated Decision Making
We do not currently use automated decision-making processes, including profiling, that produce legal effects or similarly significant effects on individuals. Should this change in the future, we will update this policy and provide appropriate notice and options.
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, and other factors. When we make material changes, we will:
- Post the updated policy on our website with an effective date
- Email registered users about significant changes
- Obtain new consent where required by applicable law
We encourage you to periodically review this page for the latest information on our privacy practices.
13. Data Protection Officer and Contact Information
For privacy-related inquiries:
Data Protection Officer: Marina Prochazka
Email: dpo@wave2.club
General Privacy Inquiries:
Email: privacy@wave2.club
EU Representative (Art. 27 GDPR):
EU Privacy Representative Services
Email: eurep@wave2.club
Response Time: We aim to respond to privacy requests within 30 days.