Loksa.camp

Privacy Policy

Last updated: 1 January 2025 · Compliant with GDPR (EU 2016/679)

1. Data Controller

Loksa Camping OĂś, registered in Estonia (registry code: XXXXXXXX), is the data controller for personal data collected through this platform. Contact: privacy@loksa.camp

2. Data We Collect

  • Account data: Name, email address, phone number
  • Identity documents: Driver's license, passport/ID (for verification)
  • Booking data: Rental dates, payment records, rental agreements
  • Usage data: IP address, browser type, pages visited (via Google Analytics 4)
  • Smart-ID data: Digital signature certificate and signing events

3. Legal Basis for Processing

  • Contract performance: Booking and rental management (Art. 6(1)(b) GDPR)
  • Consent: Marketing communications, cookies (Art. 6(1)(a) GDPR)
  • Legal obligation: Tax records, identity verification (Art. 6(1)(c) GDPR)
  • Legitimate interest: Fraud prevention, platform security (Art. 6(1)(f) GDPR)

4. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy. Booking records are retained for 7 years for tax purposes. Identity documents are deleted within 30 days of rental completion unless required by law.

5. Third-Party Services

  • Stripe: Payment processing (USA/EU, Privacy Shield certified)
  • Supabase: Database and authentication (EU servers)
  • Vercel: Hosting and blob storage (EU/USA)
  • Google Analytics 4: Usage analytics (anonymized IP)
  • DeepL: Automated translation
  • SK ID Solutions: Smart-ID digital signatures (Estonia)

6. Your Rights

Under GDPR, you have the right to: access your data, rectify inaccuracies, erase your data (“right to be forgotten”), restrict processing, data portability, and object to processing. To exercise these rights, email privacy@loksa.camp.

7. Cookies

We use essential cookies for authentication and functional cookies for preferences. Analytics cookies (Google Analytics 4) are only set with your consent. See our Cookie Policy for details.

8. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you within 72 hours as required by GDPR Art. 33-34.