NotaEurovision

Privacy Policy

1. Data Controller

Lionel Gilson - Belgium
Contact: info@lionel-g.com

2. Data Collected and Purposes

The following data is processed for the stated purposes:

  • First name, last name, date of birth, email address, username: account creation and management. Legal basis: performance of a contract.
  • Password: stored as a salted bcrypt hash, never readable in plain text.
  • IP address, user agent, device and approximate location: security, abuse detection and login history. IP geolocation is performed through IPinfo.io only if an API key is configured server-side. Legal basis: legitimate interest.
  • Preferences and settings: language, theme, filters and display preferences. Legal basis: performance of a contract.
  • Ratings, battles, rankings, playlists and social interactions: core functionality of the service. Legal basis: performance of a contract.
  • Application logs: significant actions, technical errors and security events. Legal basis: legitimate interest.
  • Failed login attempts: protection against brute-force attacks. Legal basis: legitimate interest.

3. Cookies, Sessions and Preferences

The site only uses functional cookies necessary for the requested service. No advertising, analytics or third-party tracking cookies are used.

  • PHPSESSID: identifies the PHP session, keeps the user logged in, protects forms with CSRF tokens and temporarily stores security elements such as the registration anti-bot check. Duration: browser session.
  • lang: remembers the selected language (fr, en, nl). Duration: up to 1 year.
  • remember_me: keeps you logged in if you check “Remember me”. It contains a random selector and validator, not the password. Duration: 30 days or until logout.
  • Preference cookies: selectedCompetition, selectedYear, selectedDecade and selectedFilterType keep your latest filters for 7 days. battleAlertDismissed_* cookies remember dismissed alerts for 1 year.

You can delete these cookies in your browser. Deleting PHPSESSID or remember_me may log you out.

4. Retention Periods

  • Account data: until the account is deleted or upon a valid request.
  • After account deletion: data is marked as deleted and physically erased no later than 30 days after the request.
  • Inactive accounts: an account with no login for 2 years may be deleted. An email reminder is sent about 1 month before permanent deletion, regardless of the deletion reason.
  • Application logs: automatic rotation, maximum 10 files of 5 MB, with a minimum retention of 60 days for existing files.
  • Failed login attempts: 24 hours.
  • Login history: 6 months. Older IP addresses for the user are automatically deleted on each new login.
  • “Remember me” tokens: 30 days or until explicit logout.

5. Recipients and Processors

Personal data is not sold or shared for commercial purposes. Access is limited to the site administrator. The third parties involved are:

  • Hostinger: hosting and storage of data on the site’s servers.
  • Resend: sending transactional emails, if configured.
  • IPinfo.io: approximate IP geolocation at login, only if an API key is configured.

6. Transfers Outside the European Union

Some providers, including IPinfo.io and Resend, may be established outside the European Union. When used, only the data necessary for the relevant purpose is transmitted: IP address for IPinfo.io, email address and message content for Resend. These processing operations rely on legitimate interest or performance of a contract depending on the case. Their policies are available here: IPinfo and Resend.

7. Your Rights

Under the GDPR, you have rights including access, rectification, erasure, restriction, objection and portability. To exercise these rights, use the options available in your profile or contact info@lionel-g.com.

8. Right to Lodge a Complaint

You may lodge a complaint with the Belgian Data Protection Authority (APD/GBA): Rue de la Presse 35, 1000 Brussels - contact@apd-gba.be - dataprotectionauthority.be.

Last updated: May 2026.