Loksa.camp

Privacy Policy

Last updated: 6 April 2026 · Compliant with GDPR (EU 2016/679) and Estonian Personal Data Protection Act (RT I, 04.01.2019, 11)

1. Data Controller

Loksa Camping OÜ, registered in Estonia, is the data controller for personal data collected through this platform. Contact: privacy@loksa.camp

2. Data We Collect

  • Account data: Name, email address, phone number
  • Identity documents: Driver's license, passport/ID (for verification)
  • Booking data: Rental dates, payment records, rental agreements
  • Usage data: IP address, browser type, pages visited (via Google Analytics 4)
  • Signature data: Electronic signature records and signing events

3. Legal Basis for Processing

  • Contract performance: Booking and rental management (Art. 6(1)(b) GDPR)
  • Consent: Marketing communications, cookies (Art. 6(1)(a) GDPR)
  • Legal obligation: Tax records, identity verification (Art. 6(1)(c) GDPR)
  • Legitimate interest: Fraud prevention, platform security (Art. 6(1)(f) GDPR)

4. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy. Booking records are retained for 7 years for tax purposes. Identity documents are deleted within 30 days of rental completion unless required by law.

5. Third-Party Services

  • Stripe: Payment processing (USA/EU) — transfers covered by Standard Contractual Clauses (SCCs, GDPR Art. 46(2)(c))
  • Supabase: Database and authentication (EU servers)
  • Vercel: Hosting and document storage (EU/USA) — SCCs apply; identity documents stored with restricted private access
  • Google Analytics 4: Usage analytics (anonymized IP)
  • DeepL: Automated translation
  • PostHog: Product analytics and session replay (EU servers, opt-in only)

6. Your Rights

Under GDPR and the Estonian Personal Data Protection Act, you have the right to: access your data, rectify inaccuracies, erase your data (“right to be forgotten”), restrict processing, data portability, and object to processing. You can delete your account and all associated personal data directly from your dashboard. To exercise other rights or for manual erasure requests, email privacy@loksa.camp. We will respond within one month (GDPR Art. 12; Estonian PDPA §27).

7. Cookies

We use essential cookies for authentication and functional cookies for preferences. Analytics cookies (Google Analytics 4 and PostHog) are only set with your consent. See our Cookie Policy for details.

8. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you within 72 hours as required by GDPR Art. 33-34.