Privacy Policy and Information Obligations according to GDPR

Identity and contact data

In the course of a registration or an inquiry to our support, we collect basic information. This includes your full name, email address, and date of birth. The date of birth is essential for us to carry out the legally required age verification (18+) and to ensure that our services are only used by authorized persons. We may also request additional identification documents to confirm the accuracy of this information.

Technical Usage and Device Data

Each time you access Hot Chilli Bells, log data is automatically created. This includes your IP address, the browser type and version used, the operating system of your device, the referrer URL, and the time of the server request. This data is technically necessary to ensure the stability of the platform and to detect potential security threats early. We also analyze this data to optimize the user experience for various devices.

Transaction and Financial Data

If you use paid services or payment functions on our platform, we collect details about your transactions. This includes deposited amounts, timestamps, and the chosen payment method. We point out that full credit card data is never stored on our own servers but is processed directly by certified payment service providers who comply with the highest security standards.

Communication History

All correspondence you have with our customer service via the official address [email protected] will be archived. This serves quality assurance, efficient processing of your concerns, and documentation in case of legal inquiries. We store these records in a secure environment to which only authorized personnel have access.

We process your data exclusively on the basis of clearly defined legal grounds:

• Fulfillment of contractual obligations: To enable you to access the platform and the services located thereon in accordance with the terms of use.
• Legal obligations: To comply with Austrian laws, for example, for identity verification or to prevent criminal activities.
• Legitimate interest: For the continuous improvement of our services, for conducting internal analyses, and for ensuring IT security.
• Consent: If you have explicitly given us permission, for example, for receiving newsletters or using certain analytics cookies.

The collected data is used for the following purposes:

1. Provision, operation, and maintenance of the Hot Chilli Bells platform.
2. Verification of your age and identity to comply with compliance requirements.
3. Personalization of the user interface based on your preferences.
4. Performing security analyses for fraud prevention and abuse detection.
5. Answering inquiries and providing technical support.
6. Fulfillment of governmental requests, provided we are legally obliged to do so.

We store personal data only for as long as it is necessary for the fulfillment of the purposes mentioned above. After an account termination, certain data remains stored due to legal retention obligations in Austria (e.g., tax records for up to seven years). Data not subject to a legal deadline will be deleted after the processing purpose ceases to exist or will be altered by anonymization so that no personal reference can be established. We conduct regular audits to ensure that no longer needed data is securely removed.

Hot Chilli Bells employs modern technical and organizational measures (TOMs) to protect your data from loss, manipulation, or unauthorized access. We use SSL/TLS encryption for all data transfers and restrict physical and digital access to sensitive data. However, we point out that despite the highest standards, absolute security on the internet cannot be guaranteed. We recommend that you also take protective measures yourself, such as using strong passwords.

Your data will only be transmitted to trusted service providers (e.g., hosting providers, IT security experts, or payment processors) who are contractually obliged to comply with GDPR standards. Disclosure for marketing purposes to uninvolved third parties never takes place without your explicit consent. Should data be transferred to countries outside the EU/EEA, we ensure an equivalent level of protection through standard contractual clauses.

According to the GDPR, you have extensive rights:

• Right of access: You can request a copy of your data stored with us.
• Right to rectification: You can request the correction of inaccurate data.
• Right to erasure: You can request the deletion of your data, provided there is no retention obligation.
• Right to restriction of processing: You can request that we only process your data to a limited extent.
• Right to data portability: You have the right to receive your data in a machine-readable format.
• Right to object: You can object to processing based on legitimate interest at any time.

To exercise these rights, please contact us at [email protected]. We will process your request within the statutory period of one month.