This Policy explains when, why and how we collect personal information from you. Any information collected is confidential and kept on a secure sever that fully complies with Data Protection laws. We will protect the privacy of our visitors when visiting our site, speaking directly with us or communicating electronically with us.
We may change this Policy from time to time so please check this page occasionally to make sure that you are okay with any changes. By using our website, you’re agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to info@oasurfclub.co.uk Alternatively, you can telephone 01288 362900.
Who are we?
OA Surf Club Limited (“OA”) registered in England with company number 9855923 and whose registered office address is 32 The Tything, Worcester WR1 1JL.
Throughout this policy, ‘we’ and ‘us’ means OA Surf Club Limited and ‘You’ and ‘your group’ means you and your party members or anyone for whom you are making a booking.
How we collect information from you?
We obtain information about you when you use our website, for example, when you contact us about, Holidays and non-residential activities, if you directly give us any information via forms, if you make booking or purchase or if you sign up to receive email communication.
Website Contact Form
Information submitted through the contact forms on our site is sent to our company email, hosted by Microsoft. Find out more: Microsoft Privacy Policy
These submissions are only kept for customer service purposes they are never used for marketing purposes or shared with third parties.
What personal data is collected from you?
In operating this website, we may collect and process certain data and information relating to you and your use of this site. Your privacy is important to us and we confirm that we will never release your personal details to any third party for their mailing or marketing purposes. The data that we collect is detailed below:
How and why your information is used?
Special Category Data
When OA provides its service to you we often request to collect information that could reveal, details of physical or mental health, ethnic origin or religious beliefs. This information is considered “sensitive personal data” under GDPR and other data protection laws. We only collect this information where it is necessary to deliver our services to you. For example, if you inform us about specific dietary requirements, this could indicate specific religious beliefs. If you request special assistance, use of an accessible room or facilities; or provide medical information for you and/or your group, this could reveal information about health. By providing any sensitive personal data you explicitly agree that we may collect and use it in order to provide our services and in accordance with this Privacy Policy. If you do not allow us to process any sensitive personal data, this may mean we are unable to provide all or parts of the services you have requested from us.
Requesting information or a quote
Your name, contact details and query will be recorded when you fill out a contact form. We will use your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
Making an Enquiry or Booking
If you have made booking with us we may have records of your name, gender, date of birth, email and telephone number(s). For your security, we’ll also keep an encrypted record of your login password.
We hold details of your interactions with us through conversations with our sales and support teams, or online. For example, we collect notes from our conversations with you, details of any complaints or comments you make, details of bookings you made, items added to your basket (Surf Lessons and Coasteering booked on-line), voucher redemptions and how and when you contact us. We hold payment (credit or debit card) information
Under 16’s
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand. Whenever you provide us with personal information. We collect children’s names, gender and ages as part of our booking process
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
Visiting OA
After Your Visit
SUMMARY – We may use your information:
We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
Who has access to your information?
OA and third Party Service Providers working on our behalf utilises the services of third party organisations (Matchfront, Pandadoc, Paypal etc.) to process your personal data. We may pass your information to our third-party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process payments and send you email). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our supporters and customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
Data Controller
OA is the data controller and determines the purposes and means of the processing of your personal data. Where your data is processed by any third party on behalf of OA we will ensure the third party is a processor under the GDPR laws. We confirm that we take steps in order to ensure that this data is processed lawfully under the law in accordance with each agreement that we have in place with each processor.
If you wish to see all third-party processors, please email and we will send you a current list.
How Can I opt out?
You have a choice about whether or not you wish to receive information from us. We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent (opting in). We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. If you no longer want to receive direct marketing communications from us, then you can change your preferences or completely unsubscribe in one of two ways:
Your Rights
You have the right to ask us for a copy of the information OA hold about you. This can be done by emailing us at: info@oasurfclub.co.uk.
The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date please contact by the above methods. From the date that we receive ALL the required Information, we have one month to process your request. If the request is complex or numerous we may require an additional two months and will contact to explain why the extension is necessary within the first month of your request.
Security precautions in place to protect the loss, misuse or alteration of your information. When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with 128 Bit encryption on SSL across the entire website. When you are on a secure page, a lock icon will appear in the address bar of modern web browsers such as Microsoft Edge and Google Chrome.
Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Profiling
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. This automated processing is intended to evaluate certain personal aspects of an individual. We may also use your personal information to detect and reduce fraud and credit risk
Use of ‘cookies’
Like many other websites, OA website uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. Cookies are sometimes used to improve the website experience of a visitor to a website. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to pre-fill some information on forms and to enable us to see what people view on the website and for how long. The use of cookies enables us to improve our website, deliver effective marketing and offer a more personalised service.
We may also use the cookies to gather information about your general internet use to further assist is in developing our website. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive and then stored there and transferred to us where appropriate to help us to improve our website and the service that we provide to you.It is possible to switch off cookies by adjusting your browser preferences or using a dedicated browser extension.
For more information about what cookies our website uses, check out or Cookie Policy
Securtiy Measures
We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personal identifiable information is not captured/hijacked by third parties without authorization.
In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.
Links to other websites
Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access those using links from our website.
In addition, if you were referred to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third party site.
Embedded Content
Pages on this site may include embedded content, like Vimeo videos, for example. Embedded content from other websites behaves in the exact same way as if you visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged-in to that website.
The Instagram page plugin is used to display our instagram photos on our site. Instagram has its own cookie and privacy policies over which we have no control. There is no installation of cookies from Instagram and your IP is not sent to a Instagram server until you consent to it. See their privacy policy here: Instagram Privacy Policy
Google Analytics
We use Google Analytics on our site for anonymous reporting of site usage. So, no personalized data is stored. If you would like to opt-out of Google Analytics monitoring your behavior on our website please visit Cookie Policy where you can manage your cookie preferences.
The Legal bases we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
Consent
In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters. When collecting your personal data, we can always make clear to you which data is necessary in connection with a particular service.
Contractual obligations
In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you book a course or stay with us, we will collect your address details in order to send you booking information.
Legal compliance
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement. We may also have to pass data to regulatory or governing bodies.
We may use your data to send you communications required by law such as updates to our Privacy Policy or to comply with any legal obligation to provide data to police.
Requesting access to your personal data
We respect your right to control your data. Your rights include:
Right of access – you have the right to access and obtain a copy of the personal data that we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.
Right to rectification – you have the right to request that we correct any inaccuracies in the personal data stored about you.
Right to erasure – in certain circumstances, you have the right to request that we erase your personal data. For example, you may exercise this right in the following circumstances:
Where we store your personal data for statistical purposes, we may not be able to comply with such a request where it would likely impair such statistical purposes or where we require your personal data for compliance with a legal obligation or in connection with legal proceedings.
Right to restriction – you have the right to restrict our processing of your personal data where any of the following circumstances apply:
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as necessary for the purpose which it was collected. At the end of that period your data will either be deleted or anonymised, for example by aggregation with other data – so it can be used in a non-identifiable way for statistical analysis or business planning.
Type of data Examples – Period retained
Analytics data. Anonymised web traffic data in Google analytics and Hotjar systems: 50 months
Query data. Name, email address: 3 years
Lead booker data. Name, contact details: 3 years
Adults data. Party members Name, D.O.B, gender, dietary requirements, medical information: 12 months after visit.
Children’s data. Party members Name, D.O.B, address, gender, dietary requirements, medical information: 12 months after visit
Email correspondence. Name, contact details, other info as provided by group leader: 3 years
Feedback post trip. Feedback forms: 3 years
Payment information. Credit/Debit card information: Not retained
Complaints and issues raised: 3 years
Incident data. Accident reports, witness statements: Adults 5 years, Children 18 years
Insurance claims. Notification of claim, details of hearings: Until claim is resolved or expires
Booking info. Dietary/medical requirement: 3 years
Cookies IP address: See cookie policy
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113. Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites). If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
Amendments
We may amend this Privacy Policy from time to time. When we amend this Privacy Policy, we will update this page accordingly and require you to accept the amendments in order to be permitted to continue using our services.