ArcticTerns Foundation

Privacy Policy

Last updated: July 3, 2022

1. The nature and scope of this Privacy Policy

1.1 ArticTerns Foundation (“Foundation”, “we”, “us” or “our”) is a non-profit Foundation incorporated in Dongen located in the Netherlands and has Commercial Register Number 86590839. The Foundation is organised under Dutch law. We are committed to protecting and respecting your privacy. Therefore this Privacy Policy (“Policy”) explains how we use any personal data that you provide to us on or through our Website: https://arcticterns.global/. With personal data we mean any information relating to an identified or identifiable natural person, as defined in the General Data Protection Regulation of the EU 2016/679 (GDPR). Your personal data is handled responsibly and is only used and stored within the scope of the applicable Data Protection Laws, in particular the GDPR. By providing personal data to us or through our Website, you acknowledge that you have read and understand this Policy.

1.2 A cookie consent banner is set on our Website. With the help of this cookie consent banner, we note whether you have already been a visitor to the site and have accepted the cookies (in accordance with the European Union ePrivacy Regulation).

2. Protecting your Children’s privacy

2.1 If we become aware that we have collected personal data from anyone under the age of sixteen (“Children”) without verification of parental or guardian consent, we take steps to remove that information from our Website.

3. Collecting and processing your personal data 

3.1 For the purpose of this Policy, we are a Data Controller of your personal data. The legal basis for collecting and using your personal data depends on the information we collect and the specific context in which we collect it. 

3.2 The processing of your data is either based on:

• your consent;
• in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b);
• the processing is necessary for the performance of a contract to which you are a party;
• the processing of your personal data is in our legitimate interests and it’s not overridden by your rights;
• for payment processing purposes;
• to comply with the law, a judicial decision or an official requirement. 

3.3 If we process personal data on the basis of consent or on the basis of a consideration of legitimate interests, we will only do so as long as you do not object or revoke consent. 

3.4 In order to enter into a contract regarding the purchase of a Booking, you must provide us with the required personal data. If you do not provide us with all the required information, it will not be possible to deliver the service.

4. What categories of personal data do we collect

4.1. We collect the following categories of personal information that you choose to provide to us by submitting  information to us or through use of our Website:

• personal data: name, surname, title, date of birth, gender, email address, home address, phone number;
• cookie ID, Internet Protocol (IP);
• device fingerprints;
• provision of data by third parties;
• shopping basket details and payment data;
• further personal data when provided or agreed upon by you.

4.2. We may also collect personal data that you give us during communicating with us, for example in the case of a question or a complaint. In addition to the above, we may need to use your personal data for audits and compliance with our legal obligations under applicable law. For your rights regarding your personal data, please see “What are your rights as the owner of the personal information” section below. 

5. Why do we collect your personal data

5.1 We use your personal data for:

• to operate and maintain our services;
• to personalise our services, such as Bookings or Activities that best suit your needs, or to alert you via email or push notifications to content, notices and offers that might be of your interest;
• for marketing analytics, campaigns and services;
• to finance and deliver your orders, for credit assessment, or to send personalised discounts, vouchers and offers;
• to notify you about changes to our Service;
• to provide customer support;
• to gather analytical data to improve and optimise our Service;
• to monitor and evaluate the usage of our Service;
• to detect, prevent and address technical issues;
• to communicate with you;
• to prevent fraud or crime;
• to fulfil commercial, legal and tax requirements.

6. How do we collect your personal data

6.1 We collect personal data in two ways:

• when you provide this to us;
• when we collect this through third-party services.

6.2 We collect your personal data during your communication with us regarding our services, such as an Activity or Booking. That’s the personal data that you provide to us.

6.3 We also use third-party tools to facilitate, operate and manage our website. These tools use cookies and other tracking technologies. Such tools are created and managed by parties outside our control. As such, we are not responsible for what information is actually captured by such third parties or how such third parties use and protect that information.

The third-party tools we use on our website will only insert cookies and other tracking technologies if consented by you. We track your consent once you click ‘Accept’.

7. Do we disclose any information to outside parties?

7.1 We do not sell, trade or otherwise transfer to outside parties any personally identifiable information. This does not include trusted third parties or subcontractors who assist us in operating our Website, conducting our Foundation’s services, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.

7.2 We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety. Furthermore, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

8. What are your rights as the owner of personal data

8.1 In accordance with the GDPR and other Data Protection Laws, you have the right at any time to request information about your personal data.

8.2. You have the following personal data protection rights:

• to fair and lawful processing; 
• to transparency;
• to be informed;
• to access your personal data;
• to update or correct your personal data;
• to object at any time to the use of your personal data, or to erasure your personal data;
• the right to restrict the processing of your personal data;
• the right to data portability;
• the right to rectification;
• the right to object to automated individual decision-making.

8.3. You can exercise your right as the owner of your personal data by sending us an email: info@arcticterns.global. We may ask you to verify your ID before we respond to such a request. 

8.4. You have the right to complain to a competent Data Protection Supervisory Authority about our collection and use of your personal information. For more information, contact your competent data protection supervisory authority.

9. Storage of personal data

9.1 We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this Policy. If your personal information is no longer required, we will delete it or make it anonymous by removing all details that identify you. We store other personal data if it is necessary for the execution of the contract and to safeguard our rights. 

9.2 We reserve the right to apply longer statutory and operational storage requirements and reasons.

9.3 Personal data collected for marketing activities is generally deleted as soon as the purpose of the activity has been met.

10. Transparency

10.1 We will at all times keep you informed about changes to the processes to protect personal data privacy and security, including practices and policies. You may at any time request information on where and how personal data is stored, secured and used. 

11. Personal Data breach notification

11.1 In the event that your personal data is compromised, we will notify you and competent Supervisory Authority(ies) within seventy-two (72) hours by e-mail with information about the extent of the breach, affected data, any impact on the Service and our action plan for measures to secure the data and limit any possible detrimental effect on the data subjects. 

11.2 “Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the Service.

12. Manage your personal data permissions; Data Protection Officer

12.1. You can manage your personal data permissions by contacting the Data Protection Officer of our company: mrs. Broeders (representative and Director). You can also contact our Data Protection Officer for any other data protection issue. This person can be reached at the email address info@arcticterns.global.

13. Links to third-party websites

13.1 Our Website may contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party’s website. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

14. Changes to the Policy

14.1 We keep the Policy under regular review and place any update on this web page.