Privacy Policy

This Privacy Policy explains how Mad Coast Dance Camp ("we", "us") collects and uses personal data when you use www.madcoast.si or register for our dance camp.

1) What personal data we collect

A) Data you provide to us (registrations / inquiries)

When you register for the camp or contact us, we may collect:

• First name
• Last name
• Date of birth
• Country
• Email address
• Phone number
• Shirt size
• Accommodation sharing details: the first name and last name of the person(s) you will share booked accommodation with (if applicable)

Important (third‑party data): If you provide another person's first name/last name for accommodation sharing, you confirm you have their permission to share this information with us for this purpose.

B) Technical data (website use)

When you visit our site, our hosting provider may process limited technical data such as:

• IP address
• Device/browser information
• Server logs (date/time, pages requested, errors)

We do not use advertising trackers or tracking pixels.

C) Payments

If you choose to pay online, payments are processed by Stripe. We do not receive or store your full payment card details. Stripe may process payment information such as card details, billing details, and transaction data.

We may receive limited payment-related information from Stripe, such as:

• payment status (successful/failed)
• transaction/session identifiers
• amount, currency, and timestamp
• information needed to reconcile payments and handle customer support (e.g., last 4 digits of the card, where provided by Stripe)

2) Why we use your data (purposes)

We use personal data to:

• Process and manage camp registrations and related communication
• Process payments and confirm payment status
• Organize attendance and logistics (including accommodation sharing arrangements)
• Provide customer support and respond to inquiries
• Maintain security and prevent abuse of the website and our systems
• Prevent fraud and handle payment disputes/chargebacks where applicable
• Meet legal obligations (e.g., accounting/tax obligations where applicable)

3) Legal bases (GDPR)

We process personal data under the following legal bases:

• Contract (GDPR Art. 6(1)(b)): to handle your registration and provide camp services
• Legitimate interests (GDPR Art. 6(1)(f)): to keep our website secure, prevent fraud/abuse, and manage basic operations
• Legal obligation (GDPR Art. 6(1)(c)): to comply with applicable laws (e.g., accounting requirements)

If we ever rely on consent (GDPR Art. 6(1)(a)) (e.g., optional cookies or marketing emails), we will ask for it and you can withdraw it at any time.

4) Who we share data with (processors)

We may share personal data with trusted service providers who process data on our behalf:

• Netlify (website hosting and related logs)
• Supabase (database / data storage for registrations)
• Resend (transactional emails and registration communications)
• Stripe (payment processing)
• GitHub (source code hosting; not intended for storing personal registration data)

These providers act as our data processors where applicable and are only permitted to process personal data to provide services to us.

5) International transfers

Our registration database is hosted with Supabase on AWS in Germany (Frankfurt, AWS region eu-central-1).
Our transactional email provider Resend processes email delivery data in Ireland (AWS region eu-west-1).

Some providers (including payment providers such as Stripe) may process data outside Slovenia and/or the EEA/UK depending on their infrastructure and subprocessors. Where personal data is transferred internationally, we use appropriate safeguards (such as Standard Contractual Clauses (SCCs)) as required by GDPR.

6) How long we keep your data (retention)

We keep personal data only as long as necessary for the purposes described above:

• Registration and event operations: typically until the camp is completed and follow‑up administration is done (e.g., up to 12 months after the event)
• Accounting/contract and payment records (if applicable): retained for the period required by applicable law
• Support emails: for as long as needed to resolve the request and maintain an audit trail (typically up to 24 months)

We may retain limited data longer if required for legal claims, dispute resolution, or legal obligations.

7) Your rights (GDPR)

If you are in the EU/EEA (and similarly in the UK), you have rights including:

• Access to your personal data
• Rectification (correction)
• Erasure (deletion), in certain cases
• Restriction of processing, in certain cases
• Data portability, in certain cases
• Objection to processing based on legitimate interests
• Withdrawal of consent (if we process based on consent)

To exercise your rights, contact info@madcoast.si. We may ask for information to verify your identity.

8) Complaints

If you believe we have not handled your personal data properly, you may lodge a complaint with your local supervisory authority.
In Slovenia, this is typically the Information Commissioner (IP-RS).

9) Security

We use reasonable technical and organizational measures to protect personal data, including access controls and reputable service providers. No system is 100% secure, but we work to protect your data from unauthorized access, loss, or misuse.

10) Children

Our services are intended for participants registering for the camp. If you believe a child has provided us personal data without appropriate authorization, please contact us at info@madcoast.si.

11) Cookies

We do not use advertising cookies or tracking pixels. Our site may use essential cookies necessary for basic functionality.

Third-party cookies: When you proceed to payment via Stripe, you are redirected to Stripe's checkout page, which may set cookies governed by Stripe's own privacy policy and cookie practices. We do not control these cookies.

If we add optional analytics or marketing cookies in the future, we will update this policy and (where required) request your consent.

12) Changes to this policy

We may update this Privacy Policy from time to time. The updated version will be published on www.madcoast.si with a new effective date.