Privacy Policy

At Magical20, we are committed to protecting and respecting our users’ privacy. This Privacy Policy aims to provide a clear understanding of how we collect, use, and protect the personal information you provide when using our website and mobile application. We recognize the importance of privacy and are dedicated to ensuring the security of your personal data in compliance with the current regulations in Spain and the European Union. We invite you to read this policy carefully to understand our practices regarding your personal data and the rights that protect you.

Introduction

At Magical20, we value and respect our users’ privacy. This Privacy Policy describes how we collect, use, and protect the personal information you provide through our website. Our commitment is to ensure that your personal data is handled in accordance with the applicable laws and regulations in Spain, including the General Data Protection Regulation (GDPR).

By accessing and using our website and/or mobile application, you agree to the practices described in this Privacy Policy. We recommend that you carefully read this document to understand our practices regarding your personal data. If you have any questions or concerns about our policy, please do not hesitate to contact us through the means provided in the Contact section.

This policy applies to all personal information collected through our website, mobile application, and related services. We are committed to protecting our users’ privacy and ensuring that their personal information is handled securely and responsibly.

Data Controller

The Data Controller is José Luis Salazar González, with an address at C/ Miguel de Mañara 36, Sevilla, 41300, Spain. He can be contacted via email at <[email protected]> or by phone at +34 954542624.

The Data Protection Officer is also José Luis Salazar González, available at the same email address and phone number +34 987 654 321.

Personal Data Collected

In the course of our operations, we collect various types of personal data from our users. This includes, but is not limited to, the full name, email address, unique identifier of the device used to access our services (to prevent misuse), and advertising identifier (used to personalize experiences and optimize promotional campaigns). Additionally, if the user chooses to link their social media accounts, we may also collect links to such platforms, such as Discord, among others.

Use of Personal Data

At Magical20, we use the personal data collected from our users for various purposes, always in compliance with the current data protection regulations in Spain. Below are the specific purposes for which we process personal data:

1. Provision of Services: Personal data is used to provide and manage the services requested by users, ensuring a personalized and efficient experience.
2. User Communication: We use contact information to send important notifications related to services, updates, changes to our terms and conditions, and other relevant communications.
3. Service Improvement: We analyze personal data to better understand the needs and preferences of our users, allowing us to improve and develop new services and features.
4. Legal Compliance: We process personal data to comply with applicable legal and regulatory obligations, including fraud prevention and other illegal activities.
5. Marketing and Promotions: With explicit user consent, we use personal data to send offers, promotions, and other marketing information that may be of interest to users.
6. Analysis and Statistics: We conduct analyses and statistical studies on the use of our services, using aggregated and anonymized data, to improve our offerings and understand market trends.

Personal data will not be used for purposes other than those mentioned above without prior user consent unless required by law. Additionally, we implement appropriate measures to ensure that the use of personal data is proportional and limited to what is necessary to fulfill the stated purposes.

Cookies, Interest-Based Advertising, and Advertising Options

At Magical20, we use cookies, tags, web beacons, and similar technologies to automatically collect information about our services. These technologies are pieces of code that allow our technology partners to collect information that generally does not directly identify you.

Where required by law, we request your consent before using cookies or other tracking technologies. This section describes our use of these technologies and your ability to control their use for advertising purposes.

Types of Cookies Used:

1. Necessary Cookies: Essential for the functioning of our Website and Application, such as accessing secure areas.
2. Performance Cookies: Help collect information on how our Website and Application are used to improve their performance.
3. Advertising Cookies: Used to show relevant ads based on your interests and measure the effectiveness of our advertising campaigns.

Users can manage or withdraw their consent for the use of cookies at any time by clicking the “Manage Cookies” link on our Website or Application.

Behavioral Remarketing with Facebook

We use remarketing services provided by Facebook to show relevant ads to users who have previously interacted with our services. This process groups users based on certain actions performed on our platform, such as visit duration or pages viewed, allowing us to display personalized advertising within the Facebook network, even when browsing other websites.

Tools and Services Used:

• Facebook Ads: Using Facebook’s advertising services, we collect data to create custom audiences based on interests or specific interactions with our services. Users can manage their preferences or opt-out of this type of advertising in the Facebook Ad Preferences.

For more information on how Facebook uses collected data, please refer to their Privacy Policy.

Protection of Personal Data

At Magical20, we are committed to ensuring the security of our users’ personal data. We implement appropriate technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include:

1. Data Encryption: We use industry-standard encryption protocols to protect personal data during transmission and storage.
2. Access Control: We limit access to personal data to employees, contractors, and agents who need this information to process it on our behalf and are subject to strict confidentiality obligations.
3. Audits and Monitoring: We conduct periodic internal and external audits to assess the effectiveness of our security measures and ensure compliance with applicable regulations.
4. Employee Training: We provide ongoing training to our staff on best practices for information security and personal data protection.
5. Incident Management: We have established procedures to manage any security incidents that may compromise personal data, including notifying the competent authorities and affected users when necessary.

Despite our efforts to protect your personal data, it is important to note that no security system is impenetrable. However, in the event of a security breach, we will take all necessary measures to mitigate its effects and prevent future incidents.

Data Retention Periods and Criteria

At Magical20, we retain personal data only for as long as necessary to fulfill the purposes for which it was collected. The criteria for determining retention periods include the duration of the contractual relationship, applicable legal obligations, and the legitimate interests of the company.

Once the data is no longer needed, we securely delete it using appropriate methods to ensure its confidentiality and prevent unauthorized access.

User Rights

In compliance with the General Data Protection Regulation (GDPR) of the European Union, users are guaranteed certain rights regarding their personal data. Below are these rights and how they can be exercised:

1. Right of Access: Users have the right to request confirmation of whether their personal data is being processed and, if so, to access it. This includes obtaining a copy of the personal data being processed.
2. Right of Rectification: Users may request the correction of inaccurate or incomplete personal data. It is important for personal data to be accurate and up to date.
3. Right to Erasure (Right to be Forgotten): Users have the right to request the deletion of their personal data when it is no longer necessary for the purposes for which it was collected, among other circumstances.
4. Right to Restriction of Processing: Users may request the restriction of the processing of their personal data in certain situations, such as when the accuracy of the data is contested or the processing is unlawful.
5. Right to Data Portability: Users have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller without hindrance, where technically feasible.
6. Right to Object: Users may object to the processing of their personal data at any time, on grounds relating to their particular situation, where the processing is based on legitimate interests or the performance of a public interest task.
7. Right Not to Be Subject to Automated Decision-Making: Users have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them.

To exercise any of these rights, users may contact the data controller through the means indicated in the “Contact” section of this policy. They will be asked to provide sufficient information to verify their identity before their request is processed. Requests will be handled within a maximum period of one month unless the complexity or volume of requests requires an extension of up to two additional months, in which case the user will be notified of the extension.

Use of Third-Party Services

For the proper functioning of our application, both web and mobile, we use third-party services that help us improve and optimize our services. Currently, we employ the following services:

• OpenRouter: Provides routing and connectivity services. More information at OpenRouter. Shared data includes texts that enable generative AI responses, such as messages and instructions, in an anonymous manner.
• Freepik: Offers graphic and design resources. More details at Freepik. Context about the images to be created is provided, including parts of the conversation or individual instructions, always anonymously.
• Supabase: Provides database and authentication services. Visit Supabase for more information. Shared data includes user information, such as messages and material created within the platform, to manage secure access to the application.

These services are essential to ensure an optimal and secure user experience.

Data Transfer Outside the EEA

At Magical20, we are committed to ensuring that the transfer of personal data outside the European Economic Area (EEA) complies with the applicable data protection regulations, specifically the General Data Protection Regulation (GDPR).

Any transfer of personal data to countries outside the EEA will be conducted strictly in accordance with the provisions of the GDPR. This includes implementing appropriate safeguards to protect the rights and freedoms of the data subjects.

To ensure an adequate level of protection for personal data, we use one or more of the following transfer mechanisms:

• Adequacy Decisions: We transfer personal data to countries that the European Commission has recognized as providing an adequate level of data protection.
• Standard Contractual Clauses: In the absence of an adequacy decision, we use standard contractual clauses approved by the European Commission to ensure that personal data transferred outside the EEA is protected.
• Binding Corporate Rules: In the case of transfers within a corporate group, we may use binding corporate rules that have been approved by the competent data protection authorities.

In situations where specific transfers of personal data outside the EEA are necessary, we ensure that they are carried out only when necessary for the performance of a contract between the user and Magical20 or when the user has given explicit consent for such a transfer.

For more information about the transfers of personal data outside the EEA and the safeguards implemented, users can contact us through the contact details provided in the “Contact” section of this Privacy Policy.

We are committed to reviewing and updating our data transfer practices to ensure ongoing compliance with applicable laws and regulations.

Changes to the Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes we make in the future will be posted on this page and, where appropriate, notified to users by email or via a notice on our platform. We recommend that users periodically review this page to stay informed of any updates.

The date of the last modification of this Privacy Policy will be indicated at the beginning of the document. Changes will take effect immediately upon their publication on this page, unless otherwise specified. Continued use of our services after the publication of changes will constitute the user’s acceptance of such changes.

If we make significant changes to the way we handle users’ personal data, we will provide a clear and prominent notice before such changes take effect. Where necessary, we will obtain the user’s consent for the processing of their personal data in accordance with the new terms.

If the changes affect the processing of personal data in a way that requires the user’s consent, we will request such consent explicitly and clearly, ensuring that users understand the implications of the proposed changes.

For any questions or concerns about changes to this Privacy Policy, users can contact us through the means indicated in the “Contact” section of this document.

Legal References

This Privacy Policy is governed by the current regulations on personal data protection in Spain, specifically by the following legal provisions:

1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation or GDPR): This regulation establishes the rules concerning the protection of natural persons regarding the processing of personal data and the free movement of such data.
2. Organic Law 3/2018 of December 5 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD): This law adapts the Spanish legal system to the GDPR and regulates specific aspects of personal data processing in Spain.
3. Guidelines and Recommendations of the Spanish Data Protection Agency (AEPD): The AEPD is the supervisory authority in Spain responsible for ensuring compliance with data protection regulations. Its guidelines and recommendations are fundamental for the correct application of these regulations.
4. Other Applicable Regulations: Any other regulations that may, in the future, complement or replace those mentioned above in the field of personal data protection.

It is the responsibility of the data controller to ensure compliance with these regulations and to keep this Privacy Policy updated in accordance with any legislative or judicial changes that may affect the processing of personal data.

Contact

If you have any questions, comments, or concerns about this Privacy Policy or the processing of your personal data, you can contact us through the following means:

• Email: <[email protected]>
• Phone: +34 954542624
• Postal Address: C/ Miguel de Mañara 36, Sevilla (41300) Spain.

Our privacy team is available to address your inquiries and provide the necessary assistance regarding your rights and the handling of your personal data. We are committed to responding to your requests as quickly as possible and providing you with the information you need to understand how we manage your personal data.