Privacy Policy

Privacy Policy

Please note that before you begin using any of the services or features of our website, you must read and accept this Privacy Policy. Below, we clearly and simply explain what we do with your personal data and what we use it for.

What is the privacy policy?

The purpose of this Privacy Policy is to inform you about how we collect, use, and protect your personal data when you browse our website or use our services, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Data Controller

The data controller for your personal data is DANIEL ROSSELLÓ

[email protected]

What personal data do we collect?

In order to provide you with our services, we need to collect the following personal data:

  • Identifying data: name and email address.
  • Registration data: registration information from our forms.
  • Usage data: information about your use of our services.

What do we use your data for?

Your personal data is used solely and exclusively for the following purposes, in compliance with the GDPR and the LSSI-CE:

  • Main Purpose and Service: To carry out the assignment and email delivery of the automated and fair Secret Santa draw among the added participants. (Data: Names and Email addresses).
  • Essential Communications: For sending reminders or resending the draw assignment to participants who request it, ensuring the proper provision of the service. (Data: Email addresses).
  • Security and Fraud: To ensure the security, integrity, and correct functioning of our tool, preventing improper or fraudulent use.
  • Service Improvement: For internal statistical and analytical purposes regarding the use of the tool (in an anonymous or pseudonymised form), which allows us to improve functionality and user experience.

Integration with AI assistants (ChatGPT)

If you use Secret Santa Raffle inside ChatGPT, OpenAI processes your conversation in order to identify your intent and select the right tool to invoke. When a tool is invoked, OpenAI transmits to our gateway server (mcp.secretsantaraffle.net) only the parameters necessary to fulfil your request — typically a draw date, an optional budget, and the names and email addresses of the participants you describe.

Our gateway is a stateless intermediary: it does not store any of this data locally. It forwards the request to the same backend that powers our website and mobile app, where the data is treated under the identical terms described in this policy. We do not enrich, cross-reference or sell anything received via ChatGPT.

Note that your conversation with ChatGPT itself is governed by OpenAI's privacy policy (openai.com/privacy), not this one. We have no access to the conversation beyond the parameters explicitly passed to our tools.

How long do we keep your data?

Identification data (names and email addresses) is retained for as long as necessary for the provision of the service and the functionality of the draws.

Data is not deleted automatically. If you wish us to delete your personal data, you may exercise your right to erasure at any time by contacting us through the email address indicated in this policy. We will process your request within the legally established timeframe.

How do we protect your data?

We implement the necessary technical and organisational measures to guarantee the security of your personal data and to prevent its loss, unauthorised processing, or access. These measures include:

  • Encryption of sensitive data.
  • Data access control.
  • Intrusion detection systems.
  • Staff training and awareness on data protection.

How long do we keep your data?

We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, unless there is a legal obligation to retain it for a longer period.

Who do we share your data with?

We may share your personal data with:

  • Service providers that help us provide our services.
  • Governmental authorities when required by law.
  • Other entities with your express consent.

What are your rights?

As the data subject, you have the following rights:

  • Right of access: You may request information about the personal data we hold about you.
  • Right to rectification: You may request the correction of inaccurate or incomplete data.
  • Right to erasure: You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
  • Right to data portability: You may request that your data be transferred to another data controller.
  • Right to object: You may object to certain processing of your data.
  • Right to lodge a complaint: You may lodge complaints with the competent supervisory authority.

How to exercise your rights?

You may exercise your rights by sending an email to:

[email protected]

Cookies

Our website uses cookies to improve your browsing experience. Cookies are small text files that are stored on your device when you visit our website. You can configure your browser to accept or reject cookies.

For more information about our cookie policy, you can consult our dedicated Cookie Policy section.

Modifications to the privacy policy

We reserve the right to modify this privacy policy at any time. Modifications shall take effect from the moment of their publication on our website.

Contact

If you have any questions about our privacy policy or the processing of your personal data, please do not hesitate to contact us:

[email protected]