Privacy Policy

Last updated: 21 May 2026

This Privacy Policy explains how Rising Conventions (RisingCon), operated by Dorus Ammon Blanken / ITheodorus (“we”, “us”, “our”), collects, uses, stores, and protects your personal data when you use our platform. We are committed to transparency and to complying with the EU General Data Protection Regulation (GDPR) and applicable German data protection law.

1. Data Controller

The data controller responsible for processing your personal data is:

Dorus Ammon Blanken / ITheodorus
Schulstr. 65
61381 Friedrichsdorf
Germany
admin@risingcon.org

2. Data We Collect

We collect personal data only to the extent necessary to provide the platform. This includes:

  • Account data: name, email address, password (stored as a secure hash), date of birth (where required for age-verification or convention eligibility), and any profile information you choose to add.
  • Convention registration data: convention organisers may define custom registration fields (e.g., dietary requirements, ward/stake affiliation, emergency contact). We store this data on your behalf. The specific fields depend on each convention.
  • Technical/session data: session credentials stored in cookies to keep you logged in, and UI preferences (light/dark mode, dashboard column visibility) stored in cookies or local storage. No analytics or tracking cookies are used.
  • Log data: basic server-side access logs (IP address, request path, timestamp) for security and debugging. These are not linked to your account beyond session authentication.

3. Legal Basis for Processing (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)): processing your account and registration data is necessary to provide the platform services you have signed up for.
  • Legitimate interests (Art. 6(1)(f)): server logs are kept for a limited period for security and fraud-prevention purposes.
  • Consent (Art. 6(1)(a)): where convention organisers request special- category data (e.g., dietary needs, religious affiliation), explicit consent is obtained at the time of registration for that convention.

4. Special Category Data

Some conventions may request data that falls under GDPR Article 9 “special category” data (e.g., religious affiliation, dietary restrictions related to health). Such data is only collected when explicitly requested by the convention organiser and only with your explicit consent given at the time of registration. You may withdraw that consent at any time by contacting us or the relevant convention organiser.

5. How We Use Your Data

  • To create and manage your account.
  • To register you for conventions and share your registration data with the relevant convention organiser.
  • To send essential transactional emails (e.g., registration confirmation, password reset).
  • To maintain platform security and prevent abuse.
  • We do not sell, rent, or share your data with third parties for marketing purposes.
  • We do not use your data for automated decision-making or profiling.

6. Data Sharing and Third Parties

We do not share your personal data with third parties except in the following cases:

  • Convention organisers: when you register for a convention, your registration data is accessible to the organisers of that convention for participant management purposes.
  • Hosting providers: our infrastructure provider processes data on our behalf under a data processing agreement (DPA).
  • Legal obligation: we may disclose data if required by law or in response to a lawful request from a public authority.

7. Cookies and Local Storage

We use only technically necessary cookies and browser storage. No tracking, advertising, or analytics cookies are used. The data stored includes:

  • Login related data — required to keep you logged in.
  • Theme preference (light/dark) — stores your display preference.
  • Dashboard UI state — stores your column and tab preferences in the dashboard for convenience.
  • Convention setup wizard draftstemporary cookies used by the convention setup wizard to preserve unsaved form data when navigating between steps.

You can clear these at any time by clearing your browser cookies and site data. Doing so will log you out and reset your preferences. Wizard draft cookies can also be discarded individually via the “Discard” button in the wizard’s unsaved-changes banner.

8. Data Retention

  • Account data is retained for as long as your account is active, or until you request deletion.
  • Convention registration data is retained for the duration of the convention and a reasonable period afterwards (typically 12 months), unless the convention organiser or applicable law requires a different retention period.
  • Server logs are retained for a maximum of 30 days.

9. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access (Art. 15): request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): correct inaccurate or incomplete data.
  • Right to erasure (Art. 17): request deletion of your data (“right to be forgotten”).
  • Right to restriction (Art. 18): request that we limit processing of your data.
  • Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): object to processing based on legitimate interests.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us at admin@risingcon.org. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection supervisory authority. Locally, this is the Hessischer Beauftragter für Datenschutz und Informationsfreiheit (HBDI) (datenschutz.hessen.de).

10. International Data Transfers

Our platform is currently primarily intended for users in Europe. If data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses) in accordance with GDPR Chapter V.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes password hashing, HTTPS encryption, and access controls. However, no method of transmission over the internet is 100% secure.

12. Age

RisingCon is intended for users aged 18 to 35. Conventions targeting younger or older audiences are not to be hosted here. We do not knowingly collect personal data from children under 18.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via the platform or by email. The date at the top of this page indicates when the policy was last revised.

14. Contact

For any questions or requests regarding this Privacy Policy or our data processing practices, please contact:

Dorus Ammon Blanken / ITheodorus
Schulstr. 65, 61381 Friedrichsdorf, Germany
admin@risingcon.org
→ View Imprint