Privacy Policy

Overview

Hidden Library ("we", "us", "our") operates the Hidden Library website and newsletter service. This Privacy Policy explains how we collect, use, store, and protect your Personal Data when you interact with our service.

By using Hidden Library, you consent to the practices described in this policy.

Last updated: November 2025

1. Data Controller

The Data Controller responsible for your personal data is:

Tatjana Chernenko
Bergheimer Str. 38, 69115 Heidelberg
Email: email@hiddenlibrary.club

If you have any questions about this Privacy Policy, please contact us.

2. Information We Collect

While using our service, we may collect the following types of Personal Data:

Required:

  • Email address

Optional:

  • Name
  • Genre preferences
  • Book submission data (for authors)

Automatically collected:

  • Server logs (IP address, browser type, date/time, referrer)
  • Technical usage information necessary for security and operation

We do not intentionally collect data from individuals under the age of 18.

3. Legal Basis for Processing (GDPR Art. 6)

We process your data on the following legal bases:

Consent (Art. 6(1)(a))

For sending newsletters and marketing emails.

Performance of a contract (Art. 6(1)(b))

For managing author submissions and platform accounts.

Legitimate interest (Art. 6(1)(f))

For security, fraud prevention, server logs, analytics, and service improvement.

Compliance with legal obligations (Art. 6(1)(c))

When required by German or EU law.

You may withdraw consent at any time.

4. How We Use Your Personal Data

We use collected information to:

  • Deliver newsletter updates and book promotions
  • Manage author submissions and communication
  • Improve the quality, stability, and security of our service
  • Analyse usage patterns (minimal technical analytics)
  • Maintain internal records and operational logs

We do not sell personal data.

5. Third-Party Service Providers (Data Processors)

We use the following service providers to operate Hidden Library:

  • Supabase – database, authentication, and secure data storage
  • Resend – transactional email delivery
  • Vercel – website hosting and serverless infrastructure

Each provider processes data in accordance with its own privacy policy.

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), including the United States.

Where data is transferred internationally, we rely on:

  • The EU–US Data Privacy Framework, when applicable
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Additional safeguards required under GDPR

You may request a copy of the relevant transfer mechanism.

7. Cookies and Tracking Technologies

Hidden Library uses only essential cookies required for:

  • Session management
  • Security
  • Authentication

We do not use tracking, marketing, or advertising cookies unless explicitly introduced later. If such technologies are added, this policy will be updated.

8. Email Communications (CAN-SPAM, UK GDPR, Spam Act 2003)

By subscribing to the newsletter, you agree to receive emails from us.

To comply with global requirements:

  • All emails include a functional unsubscribe link
  • You may opt out at any time
  • Emails clearly identify the sender
  • We retain a minimal record of unsubscribed addresses to prevent resending

We comply with:

  • CAN-SPAM Act (USA)
  • UK GDPR
  • Australia Spam Act 2003

9. Data Storage and Security

Your data is stored securely using industry-standard encryption and access controls.

We implement appropriate technical and organisational measures, but note that no method of internet transmission is 100% secure.

10. Data Retention

We retain personal data only as long as necessary for:

  • Providing the service
  • Legal and operational requirements
  • Security purposes

We do not hard-delete data immediately; instead, we may archive or anonymise it.

You may request permanent deletion (see Section 11).

11. Your Data Protection Rights (GDPR)

If you are located in the EEA or UK, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request erasure ("right to be forgotten")
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent
  • Lodge a complaint with your local data protection authority

To exercise these rights, contact us at the address above. We respond within 30 days.

12. Data Breach Notification

In the unlikely event of a data breach:

  • We will assess the risk
  • Notify affected users without undue delay if there is a high risk
  • Notify relevant authorities in accordance with GDPR

13. Children's Privacy

Hidden Library is not intended for individuals under 18. We do not knowingly collect data from children. Please inform us if such data was submitted.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a new "Last updated" date.

15. Contact Us

If you have any questions about this Privacy Policy or your personal data:

Email: email@hiddenlibrary.club

We are happy to assist you.

Return to Homepage