Data controller
Mediseo AS (Norway) is the data controller. Reach us at info@nextlevelcamp.es.
What we collect
- When you book an official NLC camp: player name, birthdate, skill level, medical notes you provide, parent name, email, phone, payment confirmation from Stripe (not card details — Stripe holds those).
- When you contact us: name, email, message.
- When you submit a camp: your name, email, plus the camp details you provide.
- Everyone: anonymous page analytics (no cookies) via Plausible/Umami. No cross-site tracking.
Why we collect it
- To operate the camp you booked (legal basis: contract).
- To reply to your contact form (legal basis: legitimate interest).
- To review camp submissions (legal basis: legitimate interest).
- To understand site usage in aggregate (legal basis: legitimate interest; no personal data).
Who sees it
- NLC staff — only the people working on your booking or inquiry.
- Processors we use: Supabase (EU database), Stripe (payments, EU + US), Resend (transactional email, EU).
- External camps: if you book directly with them via their site, they collect their own data — that's between you and them, not us.
How long we keep it
- Booking records: 5 years (EU accounting requirements).
- Contact messages: up to 2 years, then deleted.
- Rejected camp submissions: 90 days.
Your rights
Under GDPR you can request: a copy of your data, correction of wrong data, deletion, restriction, or portability. Email us — we reply within 30 days as required by law.
Cookies
See our cookie policy. TL;DR: we use strictly-necessary cookies only. No tracking, no third-party ad cookies, no consent banner theatrics unless you enable optional analytics.
Complaints
You can complain to your national EU data protection authority. Find yours at edpb.europa.eu. Spanish users: AEPD (aepd.es). Swedish users: IMY (imy.se).