Privacy policy
At Nordes Surfhouse S.C. we respect the privacy of customers, potential customers and visitors to our website (www.caminosurf.com). This policy is concerned with how we collect information, what we do with it and what controls you have over your personal information.
Your Privacy
Nordes Surfhouse S.C. in Ferrol, Spain. From making your booking to organising your airport transfer, from your surf lessons to your accommodation, we make sure you are taken care of and having a good time.
We take our duty to process your personal information very seriously. This policy explains how we collect, manage, use and protect your personal information.
We may change this document from time to time to reflect the latest view of what we do with your information. Please check back frequently; you will be able to see if changes have been made by the date it was last updated.
Refer to the sections below for more details on how and why we use your personal information:
1. Who are we?
2. Why we need your personal information
3. What personal information we collect
4. How we obtain your details
5. How we use your personal data and our legal bases for using it
6. Sharing your information
7. Personal Data about other people which you provide to us
8. Retaining your information
9. Cookies and how they benefit you your rights?
10. What are your rights
11. How to contact us
1. Who are we?
1.1 In this policy references to Nordes Surfhouse S.C., Calle Pontevedra N5 1Z Ferrol, A Courña 15403 which is a company registered in Spain. Company number: J70590633.
2. Why we need your personal information
2.1 The information is either needed to fulfil your enquiry or booking to enable us to provide you with a more personalised service. You don’t have to disclose any of this information to browse our site. However, if you choose to withhold requested information, we may not be able to provide you with certain services or accept your booking.
2.2 Nordes Surfhouse S.C. also processes your information when it is in our legitimate interests to do this and when these interests do not override your rights. Those legitimate interests include providing you with information on our products, services, newsletter requests, feedback and other activities. Please see the section 5 for more information.
3. What personal information we collect
Nordes Surfhouse S.C. is what’s known as the ‘controller’ of the personal information you provide to us. We need to collect personal information in order to deliver the services you enquire about or book with us.
3.2 The categories of personal data about you that we may collect, use, store, share and transfer are:
i) Individual Data.
This includes personal data which relates to your identity, such as your first name, last name, email address, country of residence, date of birth, and gender;
ii) Account and Booking Data
This includes personal data which relates to your account, such as enquiries, proposals and bookings made by you, your interests, preferences, feedback and survey responses.
This includes personal data which relates to the transactions you have conducted with us, such as details about payments to and from you, details of subscriptions to our services or publications and other details of products and services you have purchased from us.
ii) Marketing Data
This includes personal data which relates to your preferences, such as how you prefer to receive marketing materials from us and your communication preferences;
iii) Website Usage Data
This includes information about your usage and operation of our website, such as information about how you use our website, products and services;
iv) Payment Data
This includes personal data required for us to process your booking in line with our obligations under the Payment Card Industry Data Security Standard (PCI-DSS) and for the prevention of fraud;
v) Health Data
This includes personal data which is gathered for health and safety purposes including any accident report or claim log as well as any information you provide about allergies or other medical conditions during the booking process or in one of our locations;
The data we collect to comply with the insurance policies we hold is retained for up to seven years for this purpose;
vi) Communication Data
This includes personal data which relates to a method of communication such as your billing address, email address and contact telephone numbers;
vii) Video Recordings and Still Pictures
We may collect from you video recordings and still pictures which feature you if you are in the field of vision of our CCTV systems. This personal information may include your activities, your face, who you are with and other visual information about you which is recorded by our CCTV system.
We will normally keep your personal information for no more than 30 days after the recording was made. However if we receive an enquiry about a particular recording on our CCTV we will generally then retain that part of the recording until it is no longer required. This period will vary as it is dependent upon the circumstances of the particular case, but for criminal or civil legal proceedings this could mean that the personal information is retained until after the legal case and any appeals have been concluded, which could be years. As soon as it is no longer required we will delete the personal information.
3.3 We may also need to create other personal data about you, for example, if you contact us to make a complaint by telephone then we may make a written record of key details of the conversation so that we can take steps to address the complaint.
3.4 In addition, we may obtain certain special categories of your data (“Special Categories of Data”), and this Privacy Policy specifically sets out how we may process these types of personal data. The Special Categories of Data which we may collect are data relating to sexuality, religious beliefs and health.
4. How we obtain your details
4.1 We collect your personal information in a number of ways:
i) When you provide it to us directly;
ii) When you provide permission to other organisations to share it with us via social media such as Facebook or Instagram;
iii) When we collect it as you use our website;
iv) When you have given it to a third party and you have given them permission to pass your information on to us.
4.2 The Pre-arrival information we collect from you is stored on a secure booking system, which is provided by a trusted partner with whom we have a contract in place to ensure your personal information is held securely in accordance with data protection legislation.
4.3 We will also hold information about you so that we can respect your preferences for being contacted by us.
5. How we use your personal data and our legal bases for using it
5.1 Where we are relying on a basis other than consent
We may rely on one or more of the following legal bases when processing your personal data, which is what the law allows us to do:
5.1.1 For managing your booking we will use information provided by you to deliver our products and services. This personal data is processed as it is necessary for the performance of a contract to which you are party or to provide you with information prior to entering into a contract;
5.1.2 To suggest or recommend our products or services which might be of interest to you, to determine and measure the effectiveness of our promotional campaigns and advertising and making sure our marketing is relevant to you. Your personal data is processed as it is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data;
5.1.3 To deal with your enquiries, to send you information you have requested or to provide you with important-real time information about our products and service you have ordered from us (e.g. a change of time or location due to unforeseen circumstances). Your personal data is processed as it is necessary for the purposes of the legitimate interests pursued by us or necessary for the performance of a contract to which you are party;
5.1.4 For the development, delivery and improvement of our products and services, marketing, customer relationships and experiences in the provision of products and services to our customers. Your personal data is processed as it is necessary for the purposes of the legitimate interests pursued by us;
5.1.5 Where you have submitted a job application we may, for a reasonable period of time, keep your details on file for future reference. With your consent, should a suitable position subsequently become available, we may send you information about the job opportunity;
5.1.6 To help us keep our website updated and relevant and to develop our marketing strategy your personal data is processed as it is necessary for the purposes of the legitimate interests pursued by us;
5.1.7 To protect our rights or property (including our website), administer and improve our IT services and network security, prevent fraud and facilitate any business reorganisation or group restructuring exercise. Your personal data is processed as it is necessary for the purposes of the legitimate interests pursued by us;
5.1.8 In order to comply with our own legal obligations, e.g. health and safety legislation, or to assist in an investigation (e.g. from the Police). Your personal data is processed as it is necessary for compliance with a legal obligation to which we are subject;
5.1.9 In order to use your personal data in life or death situations where there is no time to gain your consent (e.g. in the event of an accident and we have to give personal details to medical personnel). Your personal data is processed as it is necessary in order to protect the vital interests of the data subject or of another natural person;
5.2 Special Categories of Data
5.2.1 For us to process special category data, you will need to give us explicit consent to the processing of your data for a specific purpose. You may at any time withdraw this specific consent but we will be unable to fulfil your booking in such event and we may have to cancel your booking.
5.2.2 We will always attempt to minimise the amount of sensitive personal data collected unless there is a specific lawful reason (e.g. an emergency situation).
5.2.3 In addition, we may lawfully process Special Categories of Data in certain ways. We may rely on one or more of the following legal bases when processing your Special Categories of Data, which is what the law allows us to do:
5.2.4 We may need to process your health information (for example to enable us to make arrangements for special assistance and any dietary preferences or requirements or for determining your fitness to fly). The provision of this personal data is by your specific consent and our processing is necessary for the performance of a contract to which you are party;
5.2.5 Your data may also be processed where it is necessary in order to protect the vital interests of the data subject or of another natural person;
5.2.6 We may need to disclose any Special Categories of Data we hold on you, where to do so is in the substantial public interest (for example your health information in order to prevent an epidemic, in the event of illness or injury or some other related emergency, to record any accident or injury or other incident you may suffer when visiting any of our locations or to arrange for you to receive medical assistance), provided that when we do so we provide suitable measures to protect your rights. This processing will be where it is necessary for reasons of public interest in the area of public health;
6. Sharing your information
6.1 We do not share your information with any other organisations or individuals unless we are obliged to by law, for purposes of national security, taxation and criminal investigations and in the following instances:
• If you have agreed that we may do so;
• When we use other companies to provide services on our behalf, e.g. online booking services, sending mail and emails, when using auditors/advisors or processing credit/debit card payments;
• CCTV images may be provided to people who have been injured, attacked or had property damaged or stolen and their insurance providers. The privacy of anyone not directly involved will be protected by obscuring their faces etc;
• If we merge with another organisation to form a new entity, information may be transferred to the new entity.
6.2 We will never sell or rent your personal information to other organisations.
7. Personal Data about other people which you provide to us
7.1 If you provide personal data to us about someone else you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Policy.
7.2 You must ensure the individual concerned is aware of the processing of their personal data, as detailed in this Privacy Policy, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual’s right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided
8. Retaining your information
8.1 We hold your information only as long as necessary for each reason that we use it. After this period, we will securely erase your personal data. Please contact us if you would like more information.
8.2 If you request that we have no further contact with you, we will keep some basic information in order to avoid sending you unwanted materials in the future and to ensure that we don’t accidentally duplicate information.
8.3 If you make a purchase from us, we will keep the purchase information for a period of seven years for accounting purposes.
9. Cookies and how they benefit you
9.1 Our website uses cookies, as almost all websites do, to help provide you with the best experience we can. Cookies are small text files that are placed on your computer or mobile phone when you browse websites.
9.2 Cookies help us:
• Make our website work as you’d expect.
• Improve the speed/security of the site.
• Allow you to share pages with social networks like Facebook.
• Continuously improve our website for you.
• Make our marketing more efficient (ultimately helping us to offer the service we do at the price we do).
9.3 If the settings on your browser that you are using to view this website our adjusted to accept cookies we take this, and your continued use of our website, to mean that you are fine with this. Should you wish to remove or not use cookies from our site you can learn how to do this below, however doing so will likely mean that our site will not work as you would expect.
9.4 When a web server sends a cookie, it asks your browser to keep that particular cookie until a certain date and time. These dates can be:
• Some date in the future – which might be a few minutes or a few hours from now (to track something like your shopping cart in an online store). The cookie might expire many years in the future, to keep track of your browser for a long time.
• When you close your browser – this is called a session cookie, the next time you start your browser these will have vanished.
• Some date in the past – this is how the server asks a browser to remove a previously-stored cookie.
9.5 You can usually switch cookies off by adjusting your browser settings to stop it from accepting cookies. Doing so, however, will likely limit the functionality of ours and a large proportion of the world’s websites as cookies are a standard part of most modern websites.
10. What are your rights?
10.1 You have a number of rights about how the personal information you provide can be used.
10.2 These are:
• Transparency over how we use your personal information (right to be informed).
• The ability to request a copy of the information we hold about you, which will be provided to you within one month (right of access).
• Update or amend the information we hold about you if it is wrong (right of rectification).
• Ask us to stop using your information (right to restrict processing).
• Ask us to remove your personal information from our records (right to be ‘forgotten’).
• Object to the processing of your information for marketing purposes (right to object).
• Obtain and reuse your personal information for your own purposes (right to data portability).
• Not be subject to a decision when it is based on automated processing (automated decision making and profiling).
10.3 If you would like to know more about your rights under the data protection law, you can find out more from your relevant supervisory authority.
10.4 Remember, you can change the way you hear from us or withdraw your permission for us to processing your personal information at any time by contacting us.
11. How to contact us
11.1 If you wish to talk through anything in our privacy policy, find out more about your rights or obtain a copy of the information we hold about you, please contact us (details in the “CONTACT” section of this webpage), we will be happy to help.
2. If you wish to correct your personal data held by us or to opt out at any time from receiving marketing correspondence from us please email us at info@nordessurfhouse.com
11.3 If you wish to raise a complaint on how we have handled your personal information, you can contact your relevant supervisory authority who will investigate the matter. If you are not satisfied with our response or believe we are not processing your personal information in accordance with the law you can complain to your relevant supervisory authority.
Version: June 2022