PRIVACY POLICY
Stichting Nationale Parken Bonaire (STINAPA).
This privacy policy is adopted by Stichting Nationale Parken Bonaire (STINAPA) (“we”, “us”, “our”) and explains how we collect, use and secure your personal data, i.e. information about an identified or an identifiable natural person (“Personal Data”), on the website stinapa.bonairenaturefee.org (the “Website”).
Please read our privacy policy carefully.
This website is operated on behalf of Stichting Nationale Parken Bonaire by Reef Support B.V. Payments on this website are processed by CXpay B.V. and PPRO as e-merchants of Maduro and Curiel’s Bank Bonaire.
STINAPA is the organization that manages the nature parks Bonaire National Marine Park and Washington Slagbaai National Park (the “Parks”) on behalf of the Government of the Public Entity Bonaire. As part of managing the parks STINAPA is responsible for collection of park entry fees (the “Fee” or “Fees”) for individuals that want to visit the parks. The Website primarily serves as a platform that enables us to collect the Fees. Payment of the Fee prior to visiting the parks is not optional but mandatory by law.
The Website enables individual purchases by one client (the “Main Client”) or group purchases, which means that the Main Client can enter Personal Data, make purchases and complete payments of the Fees for several individuals (the “Group Members”) within one transaction. The Main client receives two e-mail messages upon payment through the Website.
The first message is sent from the e-mail address sales@stinapa.org titled: “STINAPA Bonaire Transaction Receipt”.
The second message is sent from the e-mail address noreply@bonairenaturefee.org titled: “Tags Receipt”, which contains at least one .pdf file with a unique QR code for each individual for whom the Fee has been paid (the “Tag”).
When do we collect Personal Data?
We collect Personal Data from Main Clients and Group Members. Collection of Personal Data from Main Clients starts at the moment they visit the Website. Collection of Personal Data from Group Members starts as a Main Client enters the Personal Data from a Group Member into the data fields on the Website. We also collect Personal Data when an individual requests additional information and requests for a refund or files a complaint.
What Personal Data do we collect?
Main Clients are asked to enter the name, email address and date of birth of themselves and their Group Members. Main Clients are also asked to enter credit card information, or other banking details to complete payment through i-deal.
How and why do we use your Personal Data?
The main reason for collection of your personal data is to be able to identify you as individual paying for the Fee or for whom the Fee has been paid.
Your Personal Data can and will only be collected and used in a proportionate manner in accordance with the (Personal Data Protection Act BES) (Wet Bescherming Persoonsgevens BES) and particularly on the legal grounds stipulated in Article 8 thereof.
We may use the information we collect from you for the following purposes:
- To process and confirm payment of the Fee.
- To verify Personal Data throughout the period of validity of the Tag(s).
- To process and adequately respond to inquiry or complaints.
- To improve our Website in order to better serve you.
- For internal controlling and auditing purposes.
- To comply with statutory obligations.
- To compile statistical analysis.
How is your Personal Data secured?
We have taken adequate technical and organizational measures to secure your Personal Data against unauthorized use, against loss, destruction, damage, modification, or publication.
The Website is scanned on a regular basis for security holes and known vulnerabilities to make your visit to our Website as safe as possible. We do not use malware scanning. Your Personal Data are contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
In case of questions, doubts or notifications regarding the security of Personal Data or breach thereof, please contact us via policy@stinapa.org
How long do we retain your Personal Data?
For internal controlling and auditing purposes: Personal Data that must be kept based on the Tax Act BES (Belastingwet BES) for 7 years calculated from the end of the year in which the concerned data have lost their current value for the tax-related business operations.
Do we disclose your Personal Data to third parties?
We do not provide your Personal Data to third parties, unless this is necessary for the purposes mentioned above, including but not limited to the following parties:
- Reef Support B.V. (Reef Support), a Bonaire based company specifically created to help Marine Protected Areas (MPAs) around the world to achieve financial sustainability for better management of coral reef environments. The Website is operated by Reef Support on behalf of STINAPA. Reef Support provides the payment platform on the Website enabling STINAPA to collect the user fees by selling the Tags.
- CX Pay B.V. (CX Pay), a Curaçao based company providing electronic commerce and e-Payment software services. CX Pay is the payment gateway provider for the Website. CX Pay is PCI compliant.
- Maduro & Curiel’s Bank N.V. (MCB), a Curaçao based commercial bank with branches in Bonaire. The credit card payments through the Website are handled by CX Pay.
- PPRO Financial Ltd (PPRO), a company incorporated in England and Wales, regulated by the UK Financial Conduct Authority (FCA) and authorized to provide payments and electronic money services. PPRO particularly provides payment technology known as ‘girogate’, which is used by STINAPA for the processing of payments through the Website.
We may also disclose Personal Data when required to do so by law or if you have given your consent.
The third parties to whom we provide your Personal Data must handle your information confidential. If they qualify as a ‘data processor’ as defined in the EU General Data Protection Regulation (GDPR), we will enter into a data processing agreement with them. In as far as third parties qualify as independent data controller they are responsible for the processing of the Personal Data in accordance with the applicable laws.
Finally, non-personally identifiable visitor information may be provided to other parties for scientific purpose, general statistics, marketing, advertising, or other use.
Do we use 'cookies'?
Upon opening the Website you will receive a notification and opt-in menu regarding our use of cookies on the Website.
We will use cookies only for the purposes indicated by you in the opt-in menu and not for tracking purposes.
We do not allow third-party behavioral tracking on our Website.
Through your browser setting you can choose to have your computer or mobile device warn you each time a cookie is being sent, or you can choose to turn off all cookies. Look at your browser's help menu to learn the correct way to modify your cookies.
If you turn cookies off, some of the features that make your site experience more efficient may not function properly.
What are your rights?
You have the right to view, correct or delete your Personal Data. In addition, you have the right to withdraw your consent to the data processing or to object to the processing of your personal data by us and you have the right to data portability. This means that you can submit a request to us to send the Personal Data we have about you in a computer file to you or an organization mentioned by you.
You can send a request for access, correction, deletion, data transfer of your Personal Data or a request for withdrawal of your consent or an objection to the processing of your Personal Data to policy@stinapa.org.
Foreign privacy protection laws
This Privacy Policy is compiled in accordance with the Personal Data Protection Act BES. To the best of our endeavor we also comply with foreign privacy and data protection laws applicable to the collection, use and protection of your Personal Data by us, which may include the following laws and regulations:
EU General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (GDPR) may apply when you live in the EU. Given our potential customers from the EU, we aim to handle Personal Data in accordance with the strict criteria of the GDPR.
Children Online Privacy Protection Act (COPPA)
When it comes to the collection of personal information from children under the age of 13 years old, the US Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online. We do not specifically market to children under the age of 13 years old.
We do not let third parties, including but not limited to ad networks or plug-ins, collect Personal Data from children under 13.
Fair Information Practices
In line with the Fair Information Practices Principles vested in US privacy law we will notify you via email within 7 business days should a data breach occur.
CAN SPAM Act
The CAN-SPAM Act is a US law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, among others by allowing recipients to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us at:
- info@stinapa.org
- Follow the instructions at the bottom of each email and we will promptly remove you from all correspondence.
Contacting Us
If you have any question or complaint regarding our use of your Personal Data or regarding this Privacy Policy you may contact us via our contact details below.
STINAPA Bonaire
Barcadera 10
Kralendijk, Bonaire
Postbox 366
Phone: (+599) 717 8444
E-mail: info@stinapa.org
Last Edited on June { } 2022