This Policy explains when, why and how we collect personal information from you. Any information collected is confidential and kept on a secure sever that fully complies with Data Protection laws. We will protect the privacy of our visitors when visiting our site, speaking directly with us or communicating electronically with us.
We may change this Policy from time to time so please check this page occasionally to make sure that you are okay with any changes. By using our website, you’re agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to firstname.lastname@example.org Alternatively, you can telephone 01288 362900.
Who are we?
OA Surf Club Limited (“OA”) registered in England with company number 9855923 and whose registered office address is 32 The Tything, Worcester WR1 1JL.
Throughout this policy, ‘we’ and ‘us’ means OA Surf Club Limited and ‘You’ and ‘your group’ means you and your party members or anyone for whom you are making a booking.
How we collect information from you?
We obtain information about you when you use our website, for example, when you contact us about, Holidays and non-residential activities, if you directly give us any information via forms, if you make booking or purchase or if you sign up to receive email communication.
Website Contact Form
These submissions are only kept for customer service purposes they are never used for marketing purposes or shared with third parties.
What personal data is collected from you?
In operating this website, we may collect and process certain data and information relating to you and your use of this site. Your privacy is important to us and we confirm that we will never release your personal details to any third party for their mailing or marketing purposes. The data that we collect is detailed below:
- Details of visits to our website and the pages and resources that are accessed, including but not limited to, traffic data, location data and other communication data that may assist us in understanding how visitors use our website. This may also include the resources that you access, and information about where you are on the internet including the domain type, IP address and URL that you came from. This information is collected and used for our internal research purposes and to improve our customer service.
- Information you provide to us by sending us a message through our website and information provided to us when you communicate with us electronically for any reason. If you contact us, we may keep a record of your email and other correspondence.
- Information that you provide us as a result of filling in forms on our website, such as registering for information or making a purchase.
- If you make a purchase from us, your card information is not held by us, it is collected by our third-party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.
How and why your information is used?
Special Category Data
Requesting information or a quote
Your name, contact details and query will be recorded when you fill out a contact form. We will use your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
Making an Enquiry or Booking
If you have made booking with us we may have records of your name, gender, date of birth, email and telephone number(s). For your security, we’ll also keep an encrypted record of your login password.
We hold details of your interactions with us through conversations with our sales and support teams, or online. For example, we collect notes from our conversations with you, details of any complaints or comments you make, details of bookings you made, items added to your basket (Surf Lessons and Coasteering booked on-line), voucher redemptions and how and when you contact us. We hold payment (credit or debit card) information
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand. Whenever you provide us with personal information. We collect children’s names, gender and ages as part of our booking process
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
- Web Cam. Your image and/or those of your group could be recorded on our webcam which records and displays views from Atlantic Court onto our website. These will be distant views. The webcam is situated in our office window facing the sea above the dining room patio. Your car number plate may be recorded on the webcam.
- In the event of any accidents or incidents on centre – your data may be recorded and shared with third parties as part of our duty of care.
After Your Visit
- We retain your comments and feedback
- We hold your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
SUMMARY – We may use your information:
- to make sure we can deliver you the best possible course.
- to assist us looking after the physical and emotional well being of our customers.
- to ensure that the content on our website is presented in the most efficient way for you and the computer that you are using and to enable you to participate in interactive features of the site.
- to provide you with information relating to our website, product or our services that you request from us.
- to provide you with information on other products that we feel may be of interest to you in line with those you have previously expressed an interest in via our website.
- to process a booking you have made.
- to meet our obligations arising from any contracts entered into by you and us.
- to seek your views or comments on the services we provide.
- to notify you about any changes to our website, including improvements, and service or product changes.
- to send you communications about products or services that you have requested and that may be of interest to you.
- for our internal purposes including statistical or survey purposes, quality control, site performance and evaluation in order to improve our website.
We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
Who has access to your information?
OA and third Party Service Providers working on our behalf utilises the services of third party organisations (Matchfront, Pandadoc, Paypal etc.) to process your personal data. We may pass your information to our third-party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process payments and send you email). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
OA is the data controller and determines the purposes and means of the processing of your personal data. Where your data is processed by any third party on behalf of OA we will ensure the third party is a processor under the GDPR laws. We confirm that we take steps in order to ensure that this data is processed lawfully under the law in accordance with each agreement that we have in place with each processor.
If you wish to see all third-party processors, please email and we will send you a current list.
How Can I opt out?
You have a choice about whether or not you wish to receive information from us. We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent (opting in). We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. If you no longer want to receive direct marketing communications from us, then you can change your preferences or completely unsubscribe in one of two ways:
- Click the‘unsubscribe’at the bottom of marketing emails sent to you
- Email email@example.com telephone 01288 362900and we will process your request within 7 days
You have the right to ask us for a copy of the information OA hold about you. This can be done by emailing us at: firstname.lastname@example.org.
The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date please contact by the above methods. From the date that we receive ALL the required Information, we have one month to process your request. If the request is complex or numerous we may require an additional two months and will contact to explain why the extension is necessary within the first month of your request.
Security precautions in place to protect the loss, misuse or alteration of your information. When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with 128 Bit encryption on SSL across the entire website. When you are on a secure page, a lock icon will appear in the address bar of modern web browsers such as Microsoft Edge and Google Chrome.
Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. This automated processing is intended to evaluate certain personal aspects of an individual. We may also use your personal information to detect and reduce fraud and credit risk
Use of ‘cookies’
We may also use the cookies to gather information about your general internet use to further assist is in developing our website. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive and then stored there and transferred to us where appropriate to help us to improve our website and the service that we provide to you.It is possible to switch off cookies by adjusting your browser preferences or using a dedicated browser extension.
We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personal identifiable information is not captured/hijacked by third parties without authorization.
In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.
Links to other websites
In addition, if you were referred to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third party site.
Pages on this site may include embedded content, like Vimeo videos, for example. Embedded content from other websites behaves in the exact same way as if you visited the other website.
The Legal bases we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters. When collecting your personal data, we can always make clear to you which data is necessary in connection with a particular service.
In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you book a course or stay with us, we will collect your address details in order to send you booking information.
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement. We may also have to pass data to regulatory or governing bodies.
Requesting access to your personal data
We respect your right to control your data. Your rights include:
Right of access – you have the right to access and obtain a copy of the personal data that we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.
Right to rectification – you have the right to request that we correct any inaccuracies in the personal data stored about you.
Right to erasure – in certain circumstances, you have the right to request that we erase your personal data. For example, you may exercise this right in the following circumstances:
- your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by us
- where you withdraw consent and no other legal ground permits the processing
- where you object to the processing and there are no overriding legitimate grounds for the processing
- your personal data have been unlawfully processed
- your personal data must be erased for compliance with a legal obligation
Where we store your personal data for statistical purposes, we may not be able to comply with such a request where it would likely impair such statistical purposes or where we require your personal data for compliance with a legal obligation or in connection with legal proceedings.
Right to restriction – you have the right to restrict our processing of your personal data where any of the following circumstances apply:
- where you feel that the personal data which we hold about you are not accurate. This restriction will be in place for a period to enable us to verify the accuracy of your personal data
- where the processing is unlawful and you do not want your personal data to be erased and request the restriction of its use instead
- where we no longer need to process your personal data (e.g. any of the purposes outlined above have been completed or expire), but we require it in connection with legal proceedings
- where you have objected to our processing of your personal data pending the verification of whether or not our legitimate business interests override your interests, rights and freedoms.
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as necessary for the purpose which it was collected. At the end of that period your data will either be deleted or anonymised, for example by aggregation with other data – so it can be used in a non-identifiable way for statistical analysis or business planning.
Type of data Examples – Period retained
Analytics data. Anonymised web traffic data in Google analytics and Hotjar systems: 50 months
Query data. Name, email address: 3 years
Lead booker data. Name, contact details: 3 years
Adults data. Party members Name, D.O.B, gender, dietary requirements, medical information: 12 months after visit.
Children’s data. Party members Name, D.O.B, address, gender, dietary requirements, medical information: 12 months after visit
Email correspondence. Name, contact details, other info as provided by group leader: 3 years
Feedback post trip. Feedback forms: 3 years
Payment information. Credit/Debit card information: Not retained
Complaints and issues raised: 3 years
Incident data. Accident reports, witness statements: Adults 5 years, Children 18 years
Insurance claims. Notification of claim, details of hearings: Until claim is resolved or expires
Booking info. Dietary/medical requirement: 3 years
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113. Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites). If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.