Privacy & GDPR Notice

Last updated: 2025-09-03

This notice explains how Lynko.tv complies with the EU General Data Protection Regulation (GDPR) and Dutch law (Uitvoeringswet Algemene verordening gegevensbescherming - UAVG). It applies to all users of Lynko.tv.

1) Who we are

Mother Company
Madeliz® (BOIP reg. no. 1442741)
Official registered brand
Lynko (BOIP reg. no. 1530871)
Located at
The Netherlands
Chamber of Commerce (KvK)
77510194
Contact
Click here

Note: Lynko and Madeliz® are registered trademarks in the Benelux (BOIP).

2) What data we collect

  • Account data: username, email, password (hashed).
  • Transactional emails: activation and security notices.
  • Optional tokens (short-lived): activation token (hashed) with expiry, password-reset token (hashed) with expiry, deletion-confirm token (hashed) with expiry.

We do not intentionally collect special categories of data.

3) Why we process your data (legal bases)

  • Contract (Art. 6(1)(b) GDPR): create and maintain your account, provide the service, send activation and transactional emails.
  • Legitimate interests (Art. 6(1)(f) GDPR): protect the service from abuse and fraud, secure accounts, prevent mass free-account misuse via a Two-account-per-IP rule. You may object anytime (Art. 21).
  • Consent (if applicable): only for optional features that require it, like marketing emails or non-essential cookies. Not used by default.

4) Two account per IP (and appeals)

To limit abuse, we allow Two account per IP address. We store the IP used at registration to enforce this. Shared networks can be affected. If you are blocked by a shared IP, contact support and we will review and - if appropriate - grant an exception.

5) Cookies

  • Essential only: session cookie and CSRF token. Required for security and login.
  • No tracking cookies by default: if we add analytics or ads later, we will request consent first.

6) Retention

  • Unactivated accounts: deleted after 3 days.
  • Activation tokens: stored as a hash, expire after 3 days, cleared on activation or expiry.
  • Password-reset and deletion tokens: stored as a hash, typically valid 24 hours, cleared on use or expiry.
  • Login IP/UA and timestamps: we keep only the latest values during the life of the account and delete them when the account is deleted.
  • Backups: retained for a limited period for disaster recovery, then overwritten.

7) Our processor

We use one trusted hosting provider to run our service. They act as our GDPR processor and handle data only on our instructions. They do not access your content, and we do not allow them to use any data for their own purposes.

Our servers are located in the Netherlands, so your data is stored in the Netherlands (within the EU/EEA). We only store and deliver your data as needed to provide the service. We do not create or otherwise use your data beyond that.

If we ever change our hosting setup or add another processor, we will update this page before the change takes effect. You can contact us if you want the current hosting partner’s details.

8) International transfers

If data is transferred outside the EEA, we use appropriate safeguards such as the European Commission Standard Contractual Clauses and additional measures where needed.

9) How to exercise your rights

To access, rectify, erase, restrict, port, or object to processing, contact us. We will respond within 30 days. We may ask for information to verify your identity.

10) Complaints

You can lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can also seek a remedy in court.

11) Security measures

  • Password hashing.
  • CSRF protection and secure session cookies (HttpOnly, SameSite, HTTPS).
  • Minimal data principle: token hashes (not raw tokens), only latest login IP/UA.
  • Abuse prevention: two-account-per-IP with support override.
  • Access controls and least-privilege for systems handling personal data.

12) Polls and voting data

  • One-vote protection: temporary storage of IP (binary) and session hash to prevent duplicate votes.
  • Data minimization: only poll ID, option index, IP (binary), and session hash are stored.
  • Retention limit: technical identifiers are deleted automatically once the poll closes.
  • Aggregation: after closure, only total counts per option are kept, fully anonymous.
  • No profiling: voting data is never used for advertising, tracking, or cross-service identification.

13) Children

Lynko.tv is not directed at children under 16. Do not register if you are under 16.

14) Changes to this notice

We may update this notice. Material changes will be highlighted here. Please review it periodically.

15) Contact

For privacy questions or requests, Contact us

This notice summarizes our privacy practices to help you understand how we process your personal data under the GDPR and Dutch law (UAVG).