Welcome to Aurora River Camp and our website at www.aurorarivercamp.com. At Polar Light AB we are committed to protecting and respecting your privacy when you use our Website and Services (“website”).
What is Personal Data?
Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.
Responsible for data processing
Responsible for data processing is:
Polar Light AB
981 92 Kiruna, Sweden
Tel: +46 (0) 706866709
General information on data processing
All personal data that we obtain from you via the website will be processed for the purposes described in more detail below. This is done within the framework of the DPA and GDPR or with your consent. And of course, only when data processing is permitted and if:
We process and store your personal data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period (in particular commercial and tax law) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.
Data processing when you submit it to our website and when you use our services
When you contact us through our website or use our services, some data is collected and processed by us or on our behalf by our selected third-party providers.
a) Contacting us
If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided it, and your message. The legal basis for the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our overriding legitimate interest in processing your request.
b) Data management
For optimal customer support, we use first name, last name, e-mail address, and the data related to your booking and contract with us. Your data may be stored on our website and or our Property Management System (“PRM system”) provided by Sirvoy Ltd. This data processing is based on our legitimate interest in providing our customer service.
c) Online Booking
If you wish to book with us online, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your booking. To enable you to conveniently book your stay with us online, we use the booking form of Sirvoy. We process the data you provide to process your booking.
For this purpose, you may also pass on your payment data to our payment processor Stripe. In addition, Stripe may also process your IP address as technical necessity and for legal protection. Payment related data will solely be processed through the payment system of Stripe, and we do not receive any Credit Card or Direct Debit details. The legal basis for the provision of a payment system is the establishment and implementation of the user contract for the use of the service
Due to commercial and tax law requirements, we are obliged to store your address, payment confirmation and booking data for a period of ten years. However, we will restrict processing after two years, i.e., your data will only be used to comply with legal obligations.
d) Extended data collection in the course of your stay
In the course of your stay, we may collect the following personal data:
Some of the data you choose to provide to us may be considered “special” or “sensitive” in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. By choosing to provide this data, you consent to our processing of that data.
Where any Personal Data relates to a third party, you represent and warrant that the Personal Data is up-to-date, complete, and accurate and that you have obtained the third party’s prior consent for our collection, use and disclosure of their Personal Data for the Purposes. You agree that you shall promptly provide us with written evidence of such consent upon demand by us.
Unless otherwise specified the purposes of processing are contractual performance and service, contact requests and communication, office and organizational procedures, administration, and response to requests. The legal basis for the data processing is the fulfilment of our contractual obligations and, in individual cases, the fulfilment of our legal obligations as well as your Consent.
You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all of the Purposes by submitting your request to us using firstname.lastname@example.org or call us on +46 (0) 706866709.
Processing of Automatically Collected Data
a) Collection of access data and log files
We also collect data on every access to our website. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an appealing website.
Integration of third-party services and content
We use content or service offers of third-party providers on the basis of our legitimate interests in order to integrate their content and services (hereinafter uniformly referred to as “content”).
This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content.
Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of our website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our website, as well as being linked to such information from other sources.
The following provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and so-called opt-out measures, if any:
Transfer of personal data
In the course of our business and website operations, we may disclose your personal data by transmission to third parties and, where applicable, to so-called third countries outside Sweden and the EEA. Where we transfer data to third parties, we ensure a system of adequate protection mechanism and so-called “processing agreement” is signed with them. We will not disclose or otherwise distribute your personal data to third parties unless this:
However, we are entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors within the framework of the DPA and GDPR. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.
The service providers commissioned by us however will process your data exclusively in accordance with our instructions and we remain in accordance with the DPA and GDPR responsible for the protection of your data. Doing so we always make sure that service providers commissioned by us are carefully selected, follow strict contractual regulations, technical and organizational measures, and additional controls by us.
We may also disclose Personal Data to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil our legitimate interests.
Duration of data storage
We store personal data on our secure server and only for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 6 years, irrespective of the processing purposes.
Direct marketing in the context of a customer relationship
Insofar as you have also given us your separate consent to process your data for consulting, marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
Advertising and Marketing
Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out.
Your data subject rights
These rights are standardized in the DPA and GDPR. These include:
Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.
We encourage you to contact us if you have any information requests, requests for information or objections about data processing or concerns. However, you also have the right to file a complaint with your local supervisory authority. However, we would appreciate it if you would contact us with your concern before turning to a supervisory authority.
State-of-the-art internet technologies are used to ensure the security of your data. During the online enquiry process, your details are secured with SSL encryption. For secure storage of your data, the systems are protected by firewalls that prevent unauthorized access from outside. In addition, technical and organizational security measures are used to protect the personal data you have provided against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.
Withdraw your consent
You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all of the Purposes by submitting your request to us using email@example.com or call us on +46 (0) 706866709. Should you withdraw your consent to the collection, use or disclosure of your Personal Data, it may impact our ability to proceed with your transactions, agreements, or interactions with us. Prior to you exercising your choice to withdraw your consent, we will inform you of the consequences of the withdrawal of your consent. Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.
Third Party Policies
Our website may, from time to time, contain links to and from the websites of our partner networks, business partners and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Data to these websites.
Personal information and children
Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.
Does this policy change?
Do you have any questions?
Please contact us if you have any comments or questions about this policy and/or our use of your Personal Data.