Bestcamp
PRIVACY STATEMENT
Updated 13.01.2022
1. Controller
BestPark Oy
Business ID 3119984-1
Address: c/o Angelma & Mäkelä
Eteläkatu 14 C 3
13100 HÄMEENLINNA
2. Contact person
Name: Hanna Pitkänen
Email: hanna.pitkanen@bestpark.com
3. Name of the register
BestCamp Customer Register
BestCamp Marketing Register
4. The purpose for processing the personal data
The personal data of Customer Register is processed for the purposes of customer service, maintaining and developing the customer relations, as well as replying to contact requests.
The purpose of Marketing Register is to enable marketing. The personal data will be used for marketing only with the data subject’s explicit consent. The data subject is entitled to withdraw their consent for the usage of personal data for marketing by informing the controller to the address mentioned in paragraph 2.
The legal basis for the processing of personal data according to the General Data Protection Regulation is consent by the data subject or a contract between the controller and the data subject or legitimate interest.
5. Content of the register
BestPark Oy may collect the following data to the Customer Register:
- First and last name
- Email address
- Phone number
- Address
- Date of birth
- Nationality
- Time of accommodation
- IP-address
- Payment method information
- Information provided by the customer concerning customer relations
BestPark Oy may collect the following data to the Marketing Register:
- Name
- Email address
- Phone number
- Direct marketing permit
- Information provided by the customer concerning marketing
6. Regular sources of information
The personal data is regularly collected from the data subject during registration or other similar situations and when reserving services from the system.
7. Regular disclosures of data
The personal data in the Customer Register is used to manage customer relations. The personal data in the Marketing Register is used for marketing. The personal data shall not be consistently disclosed to other parties excluding trusted partners and the authorities to the extent as permitted and required by the existing law.
8. Transfer of data outside of the European Union or the European Economic Area
Controller may outsource the processing of the personal data to companies which may be located in countries outside EU/EAA. If the personal data is transferred outside the EU/EAA, we will ensure the appropriate data privacy as well as processing Customer Register and Marketing Register contractually by using standard contractual clauses of the EU Commission.
9. Principles of protection of register
The data system and files are protected by firewalls and other technical measures. Access rights to the register require personalized user ID and password, which are granted only to employees of the Controller or such trusted third parties who process the personal data on behalf of the Controller. Access rights are granted only to persons whose position and tasks require the processing of the personal data. Data processing with third parties has been agreed upon with a written agreement.
10. Storing of the data
The personal data is preserved for different periods of time depending on the purpose of the personal data. However, the personal data is preserved at least for the minimum retention period required by existing law. The personal data based on customer or contractual relationship is kept for the duration of the customer or contractual relationship and the time required after the termination of the customer or contractual relationship. The personal data based on consent is preserved until the data subject withdraws their consent but no longer than is necessary for the purpose of the processing.
The data regarding legitimate interests is preserved if legitimate interest can be seen valid unless the data subject forbids the processing of personal data for this purpose.
11. Rights of the data subject
The data subject has right of access to their data and right to rectification of their data. Requests for access and rectification shall be sent to the address mentioned in paragraph 2.
The data subject has right to erasure and data portability pursuant to articles 17 and 20 of the GDPR. The data subject has right to restriction of processing and right to object processing of the personal data pursuant to articles 18 and 21 of the GDPR. Furthermore, the data subject has right to withdraw their consent to the processing of the personal data concerning the data subject. The data subject has right to lodge a complaint with a supervisory authority if the data subject considers that the processing of the personal data relating to them infringes the data protection legislation.
12. Automated decision-making and profiling
The personal data is not used for automated decision-making or profiling.