CAMPSBOOKING DATA PROCESSING AGREEMENT (DPA)

Version v1 · Effective March 27, 2026

Introduction & Definitions

This Data Processing Agreement (“DPA”) forms part of and supplements the CampsBooking Terms and Conditions and the Camp Provider Agreement (together, the “Agreement”) and applies to the processing of Personal Data in connection with the use of the CampsBooking platform (the “Platform”).

This DPA is entered into between:

Taisana Technologies FZE LLC, operating CampsBooking (“CampsBooking”, “we”, “us”, or “our”)

and

any Camp Provider or User processing Personal Data through the Platform (“you”, “Provider”, or “User”).

For the purposes of this DPA, “Personal Data”, “Data Controller”, “Data Processor”, and “Data Subject” shall have the meanings given in applicable data protection laws, including but not limited to the GDPR and UK GDPR.

Purpose & Scope

This DPA governs the processing of Personal Data by CampsBooking and Camp Providers in connection with:

  • operation of the Platform
  • Listings and Bookings
  • communication between Users and Providers
  • related services

This DPA applies where Personal Data is processed under applicable data protection laws, including but not limited to:

  • GDPR (EU/EEA)
  • UK GDPR
  • UAE data protection laws
  • other applicable laws

Roles of the Parties

In most cases:

  • CampsBooking acts as an independent Data Controller
  • Camp Providers act as independent Data Controllers

Each party acts as an independent controller and is individually responsible for its own compliance with applicable data protection laws in relation to the Personal Data it processes.

Each party independently determines:

  • purposes of processing
  • means of processing

2.2 Limited Processor Role

Where CampsBooking processes Personal Data strictly on behalf of a Provider (e.g. payment facilitation, communication tools), CampsBooking may act as a Data Processor.

Where applicable:

  • CampsBooking processes data only on documented instructions
  • does not use data for its own unrelated purposes

Types of Personal Data

Personal Data processed may include:

User Data

  • name, email, phone
  • country of residence
  • account details

Booking Data

  • camp selection
  • travel details
  • preferences

Child-Related Data

  • age / age range
  • educational preferences
  • special requirements (including health-related data where provided)

Technical Data

  • IP address
  • device and browser data
  • cookies and similar online identifiers

Transaction Data

  • payment status
  • billing metadata

Purposes & Legal Basis

Personal Data may be processed for:

  • facilitating Bookings
  • enabling communication between Users and Providers
  • providing customer support
  • fraud prevention and security
  • compliance with legal obligations
  • improving Platform functionality

Providers may process Personal Data solely for:

  • delivering Camp Programs
  • managing Bookings
  • complying with legal obligations

Each party is responsible for ensuring it has a valid legal basis, including:

  • contract performance
  • legal obligation
  • legitimate interest
  • consent (especially for child-related or health data where required)

Where special category Personal Data (including health information) is processed, each party shall ensure that an appropriate condition under applicable law (such as explicit consent) is satisfied.

Children’s Data & Sharing

Given the nature of the Platform:

  • Personal Data of minors may be processed

Requirements:

  • must be provided by a Parent/Guardian
  • must be limited to what is necessary
  • must be handled with enhanced protection

Providers must:

  • implement appropriate safeguarding measures
  • ensure lawful processing under applicable laws

Providers shall not collect Personal Data directly from minors via the Platform interface and shall rely on Parents/Guardians as the primary point of contact, except where expressly permitted by applicable law.

CampsBooking may share Personal Data with Providers to:

  • process inquiries
  • enable Bookings

Providers must:

  • use such data only for intended purposes
  • not use data for unrelated marketing without legal basis

Each party remains independently responsible for providing appropriate privacy notices to Data Subjects and for documenting its lawful basis for any Personal Data it receives from the other party.

Transfers & Security

Personal Data may be transferred internationally.

Safeguards may include:

  • Standard Contractual Clauses (SCCs)
  • equivalent mechanisms under applicable law

Each party shall implement appropriate technical and organizational measures, taking into account:

  • the nature, scope, context, and purposes of processing
  • the risks to individuals

Such measures shall at a minimum include measures designed to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.

Retention, Rights & Breaches

Personal Data shall be retained only as long as necessary for:

  • Bookings
  • legal compliance
  • dispute resolution

Retention may extend up to 7 years where required.

Users may exercise rights including:

  • access
  • correction
  • deletion
  • restriction
  • portability

Each party is responsible for responding to requests relating to its own processing.

Where a data subject request reasonably relates to processing carried out by the other party, the receiving party shall, where appropriate and lawful, forward the request to the other party or otherwise cooperate to enable a timely response.

In case of a Personal Data breach:

Each party shall:

  • notify the other party without undue delay where the breach may affect Personal Data received from the other party
  • provide relevant information
  • cooperate on mitigation

Nothing in this section shall prevent either party from complying with its own independent obligations to notify supervisory authorities or Data Subjects under applicable law.

Subprocessors & Obligations

CampsBooking may use sub-processors (e.g. hosting, analytics, payment providers).

CampsBooking shall:

  • ensure appropriate safeguards
  • remain responsible for sub-processor compliance

Where required by law, CampsBooking shall enter into written data processing terms with its sub-processors that provide at least the level of protection required by applicable data protection laws.

Providers shall:

  • comply with applicable data protection laws
  • implement security measures
  • not misuse User data
  • not contact Users for off-platform transactions (except where permitted)
  • not sell or share Personal Data unlawfully

Where a Provider engages third parties to process Personal Data obtained via the Platform, the Provider shall ensure that such parties are bound by written obligations providing at least the same level of data protection as this DPA.

Liability, Law & Acceptance

Each party is responsible for:

  • its own compliance
  • its own processing activities

Nothing in this DPA creates joint liability beyond applicable law.

This DPA remains in effect:

  • for as long as Personal Data is processed
  • and survives termination where required

This DPA shall be governed by the laws of the United Arab Emirates, without prejudice to the mandatory data protection laws applicable to the processing in question (such as the GDPR or UK GDPR).

For data protection matters:

Taisana Technologies FZE LLC
AMC-BLA-B.C-6010471, AMC - Boulevard-A Building, Ajman Media City, UAE
License / Registration No.: 53582
[email protected]

In case of conflict:

  • this DPA prevails over other agreements regarding data protection

By using the Platform or acting as a Camp Provider, you acknowledge and agree to this Data Processing Agreement.