Privacy Policy

This Privacy Notice sets out the details of how Steve Gwenin t/a Surfers Life Club (“we”, “us”, “our”) as data controller, collects and processes your personal data obtained directly from you, or through our website located at www.surferslifeclub.com, or our other online platforms and social media channels which, for the purposes of this privacy notice, shall be collectively referred to as ("the Website").

For the purposes of this Privacy Notice, personal data shall mean any information that can be used to identify an individual whether directly or indirectly (“Personal Data”).

Please read through the content of this Privacy Notice carefully and ensure that you understand it. If you do not understand the content of this Privacy Notice or do not accept or agree with it then you must stop using the Website and/ or accessing our other online platforms, social media groups and any other associated groups or pages immediately. If you have already provided us with any Personal Data, then you must contact us immediately.

By accessing the Website and providing us with your Personal Data you are warranting that you are over 18 years of age. This Website is directed to individuals who are at least 18 years of age. The Website is not intended to be used by anyone under the age of 18 and we do not collect any Personal Data or information from anyone under 18 years of age in compliance.

If you have any questions about this Privacy Notice or require more information concerning our privacy and data protection practices, please contact us at steve@surferslifeclub.com .

What personal data do we process, why do we process it, and how do we collect it

​

We may process Personal Data that you provide to us by subscribing to a newsletter or email list, requesting information through a contact form, or by any other communication via email, text or through our Website, www.surferslifeclub.com 

We may also process your Personal Data through the use of cookies or other tracking software on our Website. Please refer to our separate cookie policy for further information. 

We may also process Personal Data received from third parties such as  Facebook, Google. Pinterest, Instagram, Youtube, Whatsapp, Paypal, Stripe, Calendy, LinkedIn, Companies House, or other information, analytic or advertising providers or other search or payment processing services.  

When we process your Personal Data we will comply with relevant data protection laws and principles such as the General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”), which means that your data will be used lawfully, fairly and in a transparent way, kept securely and only for as long as necessary for the purposes we have told you about. 

We shall only collect and process your Personal Data for purposes that are clearly outlined prior to you providing us with your data, or for a legitimate reason. 

Whenever we process your Personal Data we do so on the basis of a lawful condition this will either be because you have given your consent for us to process your Personal Data, where we are under a contractual or legal obligation, or where it is in our legitimate interests to do so.

We do not carry out automated decision making or any type of automated profiling.

The types of Personal Data which we process will vary depending on your own specific circumstances but typically can include:

• Personal Information: which may include your name, date of birth, email address, phone number, business contact details, correspondence address, IP address. We shall process this data for the purposes of communicating with you and keeping our records on the lawful grounds of legitimate interest;

• Customer or Client Information: should you purchase goods and/or services from us then we may process information in connection with your purchase, and the supply of that purchase, as well as keeping appropriate records. Such information may include your Personal Information, billing     address, delivery address, credit card or other payment details and we shall process it on contractual grounds;

• User Information: this may include comments or statements that you may make or post via our Website, online platforms or social media channels, images, documents or videos that you share on or through our Website or through any of our pages or other online platforms, and information concerning your use of our Website or other online platforms such as your browser information, pixel ID, page views, pages visited, number of visits and where appropriate log-in details. We shall process this information to analyse and monitor usage and content of our Website and other platforms and channels to ensure the content is relevant to you, to support our administration and record keeping requirements, and to maintain security of our systems on legitimate interest grounds;

• Promotional Information: this may include information you provide in connection with any promotions, marketing, or advertising from us or our third parties. We shall use this information to provide relevant offers and advertisements, competitions and promotions and other free resources and to monitor our promotional activity, keep records and compile analytics on legitimate interest grounds.

We may also process your Personal Data to deliver or send relevant advertisements to you through our Website and to analyse the success and effectiveness of such adverts for our legitimate interest purposes of promoting and growing our business. 

In accordance with the Privacy and Electronic Communications Regulations (PECR) we may also send you relevant advertisements or marketing information if you:

1. have ever purchased or enquired about our products or services; and

2. at the time of your purchase or enquiry you agreed to receive advertising or marketing information from us, and you have not opted out from receiving that information.

Where we contact you through email, we shall ensure that our emails clearly display the location of the sender and include clear options for you to opt-out from receiving contact from us in accordance with the CAN-SPAM Act.

​

Special Category Data

We do not collect any special category data about you. This is data relating to your health, race or ethnicity, political opinion, religious or philosophical beliefs, trade union membership, genetics, biometrics, sex life or sexual orientation. We do not process any data relating to criminal offences and convictions.

Disclosure of Personal Data

​

We may use any of the following external service providers to support our business and may share your Personal Data with those third parties:

1. Infusionsoft;

2. Facebook;

3. Google;

4. LinkedIn:

5. Calendy:

6. Paypal;

7. Stripe;

8. Active Campaign;

9. Zoom;

10. Whatsapp.

We understand that all of these third parties have appropriate technical and security processes in place to protect your data.

We may also share your Personal Data as follows:

1. where it is necessary for external service providers who have been engaged by us to assist in the provision of services to our clients and customers;

2. where it is required by our professional support teams;

3. where we are required by a government body or legal obligation or to protect our rights;

4. where it is required in connection with the sale or purchase of any business or assets;

V. with any other member or company of our group.  

Where we have outsourced a function or activity to an external service provider, we will only disclose Personal Data that the service provider needs to undertake that function or activity, and we require         external service providers to agree to keep your Personal Data secure in accordance with the relevant law.

We agree not to share your Personal Data with any third party for that third party’s marketing purposes unless we have obtained your consent to do so. 

​

Transfer of Personal Data

​

Our Website is located within the United Kingdom and your data will be processed in the United Kingdom. We comply with the Internet laws applicable to that country. 

We may also transfer your Personal Data to a third-party service provider which requires your Data to be transferred outside of the EEA. Where your Data is transferred outside of the EEA by our third-party service providers, we understand that they comply with the following standards relating to the security of your Personal Data:

I. Infusionsoft use the EU Model Contract which governs the lawful transfer of data from the EEA to countries outside of the EEA. In respect of any payment or financial information Infusionsoft also complies with the Payment Card Industry Data Security Standards;

II. Facebook complies with the General Data Protection Regulation and is certified under the Privacy shield for data transfers;

III. Google complies with the General Data Protection Regulation and is certified under the privacy shield for data transfers. Google also complies with the Payment Card Industry Data Security Standards;

IV. Paypal relies on Binding Corporate Rules approved by competent Supervisory authorities; 

V. Stripe is certified under the EU-US Privacy Shield as well as EU Standard Contractual Clauses and Binding Corporate Rules.

VI. Active Campaign is certified under the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy shield for data transfers;

VII. Zoom is certified under the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield; 

VIII. Dropbox is certified under the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield;

IX. Whatsapp is certified under the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield

X. LinkedIn complies with the General Data Protection Regulation and is certified under the Privacy shield for data transfers;

XI. Calendy complies with the General Data Protection Regulation and is certified under the Privacy shield for data transfers;

​

Where we transfer Personal Data to parties not listed above that are outside of the EEA then we will ensure that at least one of the following conditions is met: 

​

1. You have given your express consent;

2. The country has an approved adequate level of protection for personal data;

3. It is legally required;

4. It is authorised by the relevant data protection authority. 

​

Data Security

​

We take the protection of your Personal Data seriously and have taken suitable and reasonable steps to protect the Personal Data we hold from misuse, loss, unauthorised access, and any modification or disclosure. 

We limit access to your Personal Data to those employees, agents, contractor or third parties who have a business need to know.  They will only process your Data on our instructions and must keep it confidential.

If you are submitting Personal Data over the internet that you wish to remain private, please note that while attempts are made to secure information transmitted to this site, there are inherent risks in transmitting information across the internet. If you prefer, we can arrange for you to submit your Personal Data through alternative means. Please contact us to discuss alternative methods. 

​

Data Retention

​

We will not keep your Personal Data for longer than is required with regard to the purpose for which it was collected by us or provided by you including any legal or record keeping requirements and will take reasonable steps to destroy or permanently de-identify your Personal Data when it is no longer required.

​

Your Rights in Relation to the Data We Hold 

​

You have rights in relation to your Personal Data, these include the right to access and receive a copy of your Personal Data, to ask us to correct any errors, to erase your Personal Data, to restrict or object to how your information is processed. You can find out more about your rights by visiting https://ico.org.uk/your-data-matters/ 

To ensure the information we hold about you remains accurate please contact us using the email address above if at any time your personal details change.

Where you have provided your consent for us to process your Personal Data you can withdraw that consent at any time. Should you wish to do so please contact us at the above email address.

If you are not happy with how we process your Personal Data you have the right to lodge a complaint with The Information Commissioners Office (ICO), the UK supervisory authority for data protection issues.

If you have any questions relating to this notice, please contact our Data Protection Officer and EU Representative using the following details:

Name: Steve Gwenin

Email Address: steve@surferslifeclub.com 

​

Links to Other Sites

​

The Website may contain links to other sites. We are not responsible for the privacy practices of those websites and have no knowledge of whether cookies or other tracking devices are used on any such linked sites. If you have any concerns regarding the privacy of your information you should ensure you are aware of the privacy policies of those sites before disclosing any personal information.

​

Changes to this Privacy Notice

​

We reserve the right to alter or amend this Privacy Notice without any prior notice to you. Should our Privacy Notice be altered, the new Privacy Notice will be posted on the Website.

Your first use of our Website after the date of any amendments or alterations will constitute your acceptance of such changes therefore, we recommend you review this Privacy Notice regularly to keep informed of any changes.