Privacy Policy

Last updated: December 9, 2025

Your privacy is important to us. This Privacy Policy explains how YouClub collects, uses, and protects your personal information when you use our platform.

1. Introduction

YouClub GmbH ("we," "us," or "our") operates the YouClub platform, which provides a digital marketplace for voucher purchases and redemptions. This Privacy Policy describes how we handle personal data in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

By using YouClub, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our services.

2. Data Controller

The data controller responsible for your personal data is:

YouClub GmbH
Austria
Email: privacy@youclub.com
Data Protection Officer: dpo@youclub.com

3. Information We Collect

3.1 Information You Provide

When you create an account or use our services, we collect:

  • Account Information: Username, email address, password (hashed), name
  • Profile Information: Optional profile details, preferences, and settings
  • Payment Information: Payment card details (processed by third-party providers)
  • Transaction Data: Voucher purchases, redemptions, and transaction history
  • Communications: Messages sent to customer support or feedback forms
  • Two-Factor Authentication: TOTP secrets and backup codes (encrypted)

3.2 Information Collected Automatically

When you use YouClub, we automatically collect:

  • Usage Data: Pages visited, features used, time spent on platform
  • Device Information: Device type, operating system, browser type
  • Log Data: IP address, access times, error logs
  • Cookies: Session cookies for authentication and functionality
  • Location Data: Approximate location based on IP address (for partner browsing). With your explicit consent, we may also collect and store precise location data from your browser or mobile device to enhance partner discovery and provide location-based services

3.3 Information from Third Parties

  • Payment Providers: Transaction status and payment confirmations
  • Authentication Services: If you use third-party login (future feature)

4. How We Use Your Information

We process your personal data for the following purposes:

4.1 Service Provision (Contractual Necessity)

  • Create and manage your account
  • Process voucher purchases and redemptions
  • Facilitate transactions between customers and partners
  • Provide customer support and respond to inquiries
  • Authenticate users and maintain account security

4.2 Legal Compliance

  • Comply with legal obligations (tax, accounting, anti-fraud regulations)
  • Prevent fraud, money laundering, and illegal activities
  • Respond to legal requests and enforce our terms

4.3 Legitimate Interests

  • Improve and optimize platform functionality
  • Analyze usage patterns and user behavior (anonymized)
  • Develop new features and services
  • Secure our platform against threats and vulnerabilities
  • Send important service notifications and updates

4.4 With Your Consent

  • Send marketing communications (opt-in required)
  • Use precise location data for enhanced partner discovery
  • Process data for other purposes with explicit consent

5. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contractual Necessity: To fulfill our contract with you (account management, transactions)
  • Legal Obligation: To comply with applicable laws and regulations
  • Legitimate Interests: For business operations, security, and service improvement
  • Consent: For marketing and optional features (can be withdrawn anytime)

6. How We Share Your Information

We share your information only in the following circumstances:

6.1 With Partner Businesses

  • When you redeem a voucher, partners receive transaction details necessary for redemption
  • Partners see: customer name, voucher code, redemption amount, transaction time
  • Partners do not receive payment information or full account details

6.2 With Service Providers

  • Payment Processors: Third-party payment providers (for secure payment processing)
  • Email Services: Third-party email delivery services (for transactional emails and notifications)
  • Analytics: Self-hosted analytics (no third-party tracking)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

6.3 For Legal Reasons

  • To comply with legal obligations, court orders, or regulatory requirements
  • To protect our rights, property, or safety, or that of our users
  • To investigate and prevent fraud, security threats, or illegal activities

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. You will be notified of any such change.

7. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active
  • Transaction Records: Retained for 7 years (tax and accounting requirements)
  • Support Communications: Retained for 3 years after resolution
  • Marketing Consent: Retained until consent is withdrawn
  • Log Data: Retained for 90 days (security and troubleshooting)

After the retention period, we securely delete or anonymize your data. Some anonymized data may be retained indefinitely for statistical purposes.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data we hold
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing or optional features
  • Right to Lodge a Complaint: File a complaint with your data protection authority

To exercise these rights, contact us at privacy@youclub.com. We will respond within 30 days as required by GDPR.

9. Data Security

We implement robust security measures to protect your personal data:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access with principle of least privilege
  • Authentication: Bcrypt password hashing and optional two-factor authentication
  • Monitoring: Continuous security monitoring and intrusion detection
  • Regular Audits: Security assessments and penetration testing
  • Secure Development: Security-first development practices and code reviews

While we strive to protect your data, no system is 100% secure. Report any security concerns to security@youclub.com.

10. Cookies and Tracking

YouClub uses cookies and similar technologies:

10.1 Essential Cookies (Always Active)

  • Session Cookies: Maintain your login session and authentication
  • Security Cookies: CSRF protection and security features
  • Preference Cookies: Remember your language and display preferences

10.2 Optional Cookies (Require Consent)

  • Analytics Cookies: Self-hosted analytics (no third-party tracking)
  • Performance Cookies: Monitor platform performance and errors

You can manage cookie preferences in your browser settings. Disabling essential cookies may affect platform functionality.

11. International Data Transfers

YouClub primarily operates within the European Union. Some service providers may process data outside the EU/EEA. When we transfer data internationally, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Additional safeguards where required by GDPR

12. Children's Privacy

YouClub is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@youclub.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated via email or platform notification at least 30 days before taking effect.

The "Last updated" date at the top of this policy indicates when it was last revised. Continued use of YouClub after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact:

Supervisory Authority:
If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority (DPA).

Terms of Service Contact Us