Privacy Policy
Information pursuant to Art. 13 / 14 GDPR
AFOA is being registered in the United States as a Florida LLC or Corporation. Where required by GDPR for visitors from the EU, the information below applies; final wording will be confirmed with counsel once the entity is registered.
1. Controller
The controller responsible for the processing of personal data on this website within the meaning of the GDPR is:
[TODO: legal entity name (LLC or Inc.)]
[TODO: principal office address]
Email: info@afoa.club
Phone: [TODO: phone number]
2. EU Representative (Art. 27 GDPR)
[TODO: as a US-incorporated entity offering services to EU users, AFOA must designate an EU representative under Art. 27 GDPR — name and contact of the EU representative once appointed]
3. Data Protection Officer
[TODO: name and contact of Data Protection Officer if appointment is required under Art. 37 GDPR / § 38 BDSG. If no DPO is appointed, remove this section or state the basis.]
4. General Information on Data Processing
Scope of processing
We process personal data of our users only insofar as necessary to provide a functional website along with our content and services. Processing generally takes place only with the user's consent or where a legal basis permits it.
Legal bases
- Art. 6(1)(a) GDPR — consent
- Art. 6(1)(b) GDPR — performance of a contract / pre-contractual measures
- Art. 6(1)(c) GDPR — legal obligation
- Art. 6(1)(f) GDPR — legitimate interest
Data deletion and retention period
Personal data is deleted or restricted as soon as the purpose for storage no longer applies. Storage may continue if required by European or national legislation in regulations, statutes, or other provisions.
5. Provision of the Website and Server Logfiles
Each time our website is accessed, our system automatically collects data and information from the requesting computer.
Data collected
- User's IP address
- Date and time of access
- Page / URL accessed
- Referrer URL
- Browser type and version
- Operating system
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in technically error-free provision).
Retention period: [TODO: state concrete duration — typically 7–30 days for server logs]
6. Hosting
This website is hosted by:
Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA
[TODO: confirm transfer to a third country (USA) — Standard Contractual Clauses per Art. 46(2) GDPR, plus reference to the EU–US Data Privacy Framework where applicable]
7. Cookies
[TODO: list cookies in use (strictly necessary vs. non-essential), each with purpose, retention period, and legal basis. If no non-essential cookies are used, state this explicitly.]
8. External Fonts (Google Fonts)
This website loads fonts from Google Fonts (Google Ireland Limited / Google LLC). When the page is accessed, technically required connection data (in particular the IP address) is transmitted to Google servers.
Legal basis: [TODO: consent under Art. 6(1)(a) GDPR via cookie banner — or alternatively, locally host the fonts to avoid the transfer]
Further information: https://policies.google.com/privacy
9. Email Contact
If you contact us by email (e.g. via info@afoa.club), the personal data you provide will be stored to handle your inquiry.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding).
Retention period: [TODO: until the inquiry is resolved, plus statutory retention periods if applicable]
10. External Links / Third-Party Services
[TODO: list any further services in use — e.g. analytics, tracking, embeds, CRM integrations. If none, state so explicitly.]
11. Rights of Data Subjects
You have the following rights at any time:
- Right of access to your personal data (Art. 15 GDPR)
- Right to rectification of inaccurate data (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to withdraw consent with effect for the future (Art. 7(3) GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
12. Competent Supervisory Authority
[TODO: competent data protection supervisory authority — if AFOA designates an EU representative, the authority of the EU representative's location applies]
13. Updates to this Privacy Policy
This Privacy Policy is currently valid as of [TODO: date of last update]. As our website evolves or as legal or regulatory requirements change, this Privacy Policy may need to be updated.
This page is a placeholder. All [TODO] fields must be replaced with binding information and reviewed by counsel before going live.