privacy and cookie policy

This privacy and cookie policy explains:

  • What personal data we collect and why
  • What we do with your personal data
  • How we secure your personal data
  • How you can change or delete your personal data
  • What cookies we use and why

 

Some definitions:

‘Site’ – means the publicly available website www.sssnewquay.co.uk

‘Service’ – means the Surf School service we provide to our customers.

‘User’ – means a person who uses our Site or has registered to use our Service.

‘Personal Data’ – means any information that can personally identify an individual.

 

Please read this policy carefully to understand our views and practices regarding your personal data.

Who we are

SSS Surf School

Stuart Maitland

Email: surf@sssnewquay.co.uk

Our website address is: https://www.sssnewquay.co.uk

Our website allows individuals to book surf lessons/trips/events, and to place orders for wetsuits.

What personal data we collect and why 

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We collect a variety of information about our customers and visitors to the SSS Surf School website. This personal data falls into these categories:

  • Identity Data includes title, first name, last name, username or similar identifier and an encrypted version of your login/password. If you interact with us through social media, this may include your social media user name.
  • Contact Data includes postal address, email address, emergency contact details and telephone numbers.
  • Financial Data includes payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Profile Data includes your username and password, purchases or orders made by you, preferences, feedback and survey responses, as well as any profile data which we have added (for example, using analytics and profiling).
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Usage Data includes information about how you use our website, products and services.
  • Tracking Data includes information we or others collect about you from cookies and similar tracking technologies, such as web beacons, pixels, and mobile identifiers.
  • Marketing and Communications Data includes your preferences in receiving direct marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.

For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.

However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your genetic and biometric data).

We do sometimes collect information about yours and other participants’ medical conditions and dietary requirements for operational reasons, to help ensure that wellbeing and health and safety requirements are met during your surf lesson or event.

Remember, if you choose not to share personal data with us, or refuse certain contact permissions, we might not be able to provide the services you’ve asked for.

How is your personal data collected?

We use different methods to collect data from and about you, including through direct interactions. You may give us your Identity, Contact and Financial Data by filling in online forms or by corresponding with us by phone, email or through social media.

This includes personal data you provide when you:

  • sign up to receive the SSS Surf School newsletter(s);
  • make enquiries or request information be sent to you;
  • create an account on our booking system (Bookeo), which is integrated with our website;
  • order our products (e.g. wetsuits) or services (e.g. surf lessons);
  • ask for marketing to be sent to you;
  • engage with us on social media;
  • enter a competition, promotion or survey;
  • leave comments or reviews about our services;
  • Automated technologies or interactions. As you interact with us, including via the SSS Surf School website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We may also collect Tracking Data when you use our website, or when you click on one of our adverts (including those shown on third party websites).
  • Third parties or publicly available sources.

 

We may receive personal data about you from various types of third parties, including:

  • Technical Data and/or Tracking Data from analytics providers, advertising networks and search information providers;
  • Contact, Financial and Transaction Data from providers of payment and fraud prevention services;
  • Identity and Contact Data from data partners; and
  • Data from any third parties who are permitted by law or have your permission to share your personal data with us, such as via social media or review sites.

How we use your personal data

  • To carry out our obligations arising from any contracts entered between you and us
  • To carry out any business essential administrative processes
  • To notify you of any changes to our Services
  • To provide any information you have requested or that we feel may be of genuine interest to you. These include updates about the services we offer, promotions and general business information. You have the right to opt-out of receiving any promotional information as detailed below under ‘Your Rights’ of this policy.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Cookies

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Site and to deliver a better and more personalised Service. By using our Site or Service, you agree to the use of cookies. You can find more information about the cookies we use and the purposes for which we use them below:

We use the following cookies:

  • Analytical / Performance cookies – They allow us to recognise and count the number of visitors and to see how visitors move around our Site when they are using it. This also helps us to improve the way our Site works, for example, by ensuring that Users are finding what they are looking for easily.
  • Targeting cookies – These cookies record your visit to our Site, the pages you have visited and the links you have followed. We may use this information to make our Site and the advertising displayed on it more relevant to your interests.
  • Persistent cookies for login – When you log in, we will also setup cookies to save your login information. Login cookies last for two days, and if you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

 

When you use our website, your device or browser may be sent cookies from third parties, for example when using embedded content and social network links. It’s important for you to know that we have no access to or control over cookies used by these companies or third-party websites. We suggest you check the third-party websites for more information about their cookies and how to manage them.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Third party links

This website may include links to third-party websites, plug-ins and applications (for example, the ability to sign in with Facebook). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Analytics

We use Google Analytics to measure traffic to our Site and understand how Users move around and use our Service. We use this information to enhance the Site and Service we provide to ensure that Users get the best experience possible. All of the information we collect from Google Analytics is aggregate and will not be disclosed with any other third parties.

By agreeing to this Privacy Policy, you agree to the use of Google Analytics. Google may use the data collected to assess activity on our site. As Google is a separate entity to us, it has its own privacy policy which we recommend you review. 

Who we share your data with

We may share your personal data with the parties set out below, for the purposes set out in this privacy policy.

  • Mailchimp: we share your data with Mailchimp to send our direct marketing campaigns to prospective and current customers.
  • Bookeo: we store data with Bookeo to manage our surf lesson bookings.
  • Paypal: we store data with Paypal for payment processing purposes.

 

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Payment information

SSS Surf School uses the third party payment processor Paypal to process payments made for lesson bookings via the Website. All online payments will be conducted in accordance with Payment Card Industry (PCI) data security standards and your billing information (which is only used by the payment processors for the purpose of performing fraud protection) is encrypted before being communicated to them. Your credit card details are communicated directly from your browser to these payment processors – SSS Surf School never sees your full Permanent Account Number (PAN). This means that the payment form is either off-site or displayed in a frame on the payment page.

For security reasons Bookeo (our online booking system), does not store credit card numbers itself, not even in an encrypted format. Credit card numbers are stored by the payment gateway.

How we keep your data secure

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business / legitimate need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

How long we retain your data

We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers for tax purposes.

In some circumstances you can ask us to delete your data; see Your legal rights below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Children’s Privacy

Protecting the privacy of children is particularly important in data protection. Anyone under the age of 18 is not eligible to use our Service. We do not knowingly collect any Personal Data of anyone younger than 18 unless parental consent has been obtained prior to using our Service. If you are under the age of 18 and we have not been provided clear parental consent, then please do not use or access our Service at any time.

If we become aware of any personal data that has been gathered on a child who is under the age of 18 without parental consent, we will take the appropriate action to ensure it is removed from our system. 

If you, as a parent or guardian, discover that your child (under the age of 18) is using our Service without your consent, please notify us and will we take the relevant action to ensure the Personal Data of the child is erased.

What rights you have over your data

If you have an account on this site, have subscribed to our services, or have have left comments/enquires, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Contact Us

You can contact us at any time if you have any questions, comments or requests regarding this Privacy Policy using the following information:

surf@sssnewquay.co.uk

 

Changes To This Policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email.

Last edited: 18/07/2019

Let's stay in touch

Subscribe to our newsletter to get all the latest updates.