Introducción y definiciones
This Data Processing Agreement (“DPA”) forms part of and supplements the CampsBooking Terms and Conditions and the Camp Provider Agreement (together, the “Agreement”) and applies to the processing of Personal Data in connection with the use of the CampsBooking platform (the “Platform”).
This DPA is entered into between:
Taisana Technologies FZE LLC, operating CampsBooking (“CampsBooking”, “we”, “us”, or “our”)
and
any Camp Provider or User processing Personal Data through the Platform (“you”, “Provider”, or “User”).
For the purposes of this DPA, “Personal Data”, “Data Controller”, “Data Processor”, and “Data Subject” shall have the meanings given in applicable data protection laws, including but not limited to the GDPR and UK GDPR.
Propósito y alcance
This DPA governs the processing of Personal Data by CampsBooking and Camp Providers in connection with:
- operation of the Platform
- Listings and Bookings
- communication between Users and Providers
- related services
This DPA applies where Personal Data is processed under applicable data protection laws, including but not limited to:
- GDPR (EU/EEA)
- UK GDPR
- UAE data protection laws
- other applicable laws
Roles de las partes
In most cases:
- CampsBooking acts as an independent Data Controller
- Camp Providers act as independent Data Controllers
Each party acts as an independent controller and is individually responsible for its own compliance with applicable data protection laws in relation to the Personal Data it processes.
Each party independently determines:
- purposes of processing
- means of processing
2.2 Limited Processor Role
Where CampsBooking processes Personal Data strictly on behalf of a Provider (e.g. payment facilitation, communication tools), CampsBooking may act as a Data Processor.
Where applicable:
- CampsBooking processes data only on documented instructions
- does not use data for its own unrelated purposes
Tipos de datos personales
Personal Data processed may include:
User Data
- name, email, phone
- country of residence
- account details
Booking Data
- camp selection
- travel details
- preferences
Child-Related Data
- age / age range
- educational preferences
- special requirements (including health-related data where provided)
Technical Data
- IP address
- device and browser data
- cookies and similar online identifiers
Transaction Data
- payment status
- billing metadata
Finalidades y base legal
Personal Data may be processed for:
- facilitating Bookings
- enabling communication between Users and Providers
- providing customer support
- fraud prevention and security
- compliance with legal obligations
- improving Platform functionality
Providers may process Personal Data solely for:
- delivering Camp Programs
- managing Bookings
- complying with legal obligations
Each party is responsible for ensuring it has a valid legal basis, including:
- contract performance
- legal obligation
- legitimate interest
- consent (especially for child-related or health data where required)
Where special category Personal Data (including health information) is processed, each party shall ensure that an appropriate condition under applicable law (such as explicit consent) is satisfied.
Datos de menores y compartición
Given the nature of the Platform:
- Personal Data of minors may be processed
Requirements:
- must be provided by a Parent/Guardian
- must be limited to what is necessary
- must be handled with enhanced protection
Providers must:
- implement appropriate safeguarding measures
- ensure lawful processing under applicable laws
Providers shall not collect Personal Data directly from minors via the Platform interface and shall rely on Parents/Guardians as the primary point of contact, except where expressly permitted by applicable law.
CampsBooking may share Personal Data with Providers to:
- process inquiries
- enable Bookings
Providers must:
- use such data only for intended purposes
- not use data for unrelated marketing without legal basis
Each party remains independently responsible for providing appropriate privacy notices to Data Subjects and for documenting its lawful basis for any Personal Data it receives from the other party.
Transferencias y seguridad
Personal Data may be transferred internationally.
Safeguards may include:
- Standard Contractual Clauses (SCCs)
- equivalent mechanisms under applicable law
Each party shall implement appropriate technical and organizational measures, taking into account:
- the nature, scope, context, and purposes of processing
- the risks to individuals
Such measures shall at a minimum include measures designed to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
Conservación, derechos e infracciones
Personal Data shall be retained only as long as necessary for:
- Bookings
- legal compliance
- dispute resolution
Retention may extend up to 7 years where required.
Users may exercise rights including:
- access
- correction
- deletion
- restriction
- portability
Each party is responsible for responding to requests relating to its own processing.
Where a data subject request reasonably relates to processing carried out by the other party, the receiving party shall, where appropriate and lawful, forward the request to the other party or otherwise cooperate to enable a timely response.
In case of a Personal Data breach:
Each party shall:
- notify the other party without undue delay where the breach may affect Personal Data received from the other party
- provide relevant information
- cooperate on mitigation
Nothing in this section shall prevent either party from complying with its own independent obligations to notify supervisory authorities or Data Subjects under applicable law.
Subencargados y obligaciones
CampsBooking may use sub-processors (e.g. hosting, analytics, payment providers).
CampsBooking shall:
- ensure appropriate safeguards
- remain responsible for sub-processor compliance
Where required by law, CampsBooking shall enter into written data processing terms with its sub-processors that provide at least the level of protection required by applicable data protection laws.
Providers shall:
- comply with applicable data protection laws
- implement security measures
- not misuse User data
- not contact Users for off-platform transactions (except where permitted)
- not sell or share Personal Data unlawfully
Where a Provider engages third parties to process Personal Data obtained via the Platform, the Provider shall ensure that such parties are bound by written obligations providing at least the same level of data protection as this DPA.
Responsabilidad, ley y aceptación
Each party is responsible for:
- its own compliance
- its own processing activities
Nothing in this DPA creates joint liability beyond applicable law.
This DPA remains in effect:
- for as long as Personal Data is processed
- and survives termination where required
This DPA shall be governed by the laws of the United Arab Emirates, without prejudice to the mandatory data protection laws applicable to the processing in question (such as the GDPR or UK GDPR).
For data protection matters:
Taisana Technologies FZE LLC
AMC-BLA-B.C-6010471, AMC - Boulevard-A Building, Ajman Media City, UAE
License / Registration No.: 53582
[email protected]
In case of conflict:
- this DPA prevails over other agreements regarding data protection
By using the Platform or acting as a Camp Provider, you acknowledge and agree to this Data Processing Agreement.
