Privacy Policy
At Surf World Ireland (accessible via surfworldireland.com), we recognize the importance of privacy and are committed to safeguarding the personal data of our users. This Privacy Policy outlines how we collect, process, and protect your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Our practices reflect our commitment to transparency, accountability, and a privacy-first approach to managing your data.
1. Introduction: Our Commitment to Privacy and Data Protection
We are dedicated to maintaining the confidentiality, integrity, and availability of your personal information and to ensuring that your privacy rights are respected and upheld. This Privacy Policy is intended to inform you about how your personal data is collected, used, disclosed, and stored when you interact with Surf World Ireland through our website or other related services.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through surfworldireland.com or any services provided by Surf World Ireland. For purposes of the GDPR, Surf World Ireland is the Data Controller for personal data processed through this website. This means we determine the purposes and means of processing your personal data.
3. Categories of Personal Data Processed
We may collect and process the following categories of personal information:
a. Usage Data: Information about how you use our website, including your IP address, browser type and version, time zone setting, operating system, referral source, length of visit, pages viewed, and any site navigation paths.
b. Account Data: When you register or make a purchase, we collect your name, email address, postal address, phone number, and other identifiers that relate to your account.
c. Profile Data: Information derived from your interactions with our website, including your preferences, interests, purchases, product views, and behavioral patterns that inform your profile.
d. Communication Data: Records of your feedback, inquiries, service requests, chat history, and other communications with Surf World Ireland.
e. Technical Data: Device identifiers, system configurations, and other metadata linked to your access of our services.
f. Transaction Data: Information relating to purchase history, billing details, payment method, order fulfillment, and delivery information.
g. Preference Data: Your preferences for receiving marketing from us, your communication preferences, and any interests you’ve explicitly shared or we’ve inferred from your interactions.
4. Legal Bases for Processing Personal Data
We process your personal data only when we have a lawful basis to do so. These bases include:
– Consent: When you have provided clear permission for us to process your personal data for specific purposes (e.g., signing up for marketing or newsletters).
– Contractual Necessity: When processing is necessary to perform a contract with you or to take steps at your request before entering into one.
– Legitimate Interests: When processing is necessary for our legitimate interests and those interests are not overridden by your rights and freedoms (e.g., to improve user experience or ensure site security).
– Legal Obligations: When processing is required to comply with applicable legal or regulatory requirements.
5. Your Rights Under Data Protection Laws
You have the following rights under GDPR (and, where applicable, under CCPA for California residents):
– Right of Access: To request confirmation of whether we process your personal data and to request a copy of the data.
– Right to Rectification: To ask us to correct inaccurate or incomplete data.
– Right to Erasure: To request that your personal data be deleted or removed where there is no compelling reason for its continued processing.
– Right to Restriction: To request a halt to processing your data under certain conditions.
– Right to Data Portability: To receive your personal data in a structured, machine-readable format and, where possible, to have it transmitted to another controller.
– Right to Object: To object to processing based on legitimate interests, direct marketing, or profiling.
To exercise any of the above rights, please contact us via [email protected].
6. Security Measures
We implement appropriate technical and organizational safeguards to ensure a level of security appropriate to the risk, including:
– Data encryption during transmission and storage
– Access control mechanisms limiting access to authorized personnel only
– Regular system monitoring, vulnerability assessments, and patch management
– Employee training in data protection principles and security awareness
– Regular automated and off-site backups to ensure data recovery
7. International Transfers
In some cases, your data may be transferred to countries outside the European Economic Area (EEA) or outside California. Where such transfers occur, Surf World Ireland ensures appropriate safeguards are in place, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA and compliance frameworks for CCPA. We take steps to ensure that your data receives adequate protection regardless of where it is processed.
8. Data Retention
We retain your personal data only for as long as is necessary for the purposes outlined in this policy or as required by law. Specifically:
– Usage and Technical Data: Retained for up to 12 months for analytics and security purposes.
– Account and Profile Data: Retained for the duration of your customer relationship with us, and for up to 6 years thereafter for legal and tax obligations.
– Communication Data: Retained for up to 3 years to address support issues or potential disputes.
– Transaction Data: Retained for up to 7 years for accounting and compliance reasons.
– Marketing Preferences: Retained until you withdraw your consent or unsubscribe.
9. Cookie Policy
We use cookies and similar tracking technologies to optimize user experience and website functionality. Categories include:
a. Essential Cookies: Required for site functionality, including page navigation and secure checkout.
b. Functional Cookies: Enable the website to remember user choices, such as region or language preferences.
c. Analytics Cookies: Collect information about interactions with our website for statistical purposes, helping us improve performance.
d. Performance Cookies: Measure how our website is performing and identify issues or areas for enhancement.
10. Cookie Management and Compliance with GDPR & CCPA
You can control and manage cookies through your browser settings or our website’s cookie consent tool. Upon visiting surfworldireland.com, you will be presented with a clear opt-in mechanism to manage your cookie preferences. You may withdraw consent at any time.
Under GDPR and CCPA, users have the right to opt out of certain types of data collection and profiling. California residents may also request to “Do Not Sell My Personal Information” by contacting [email protected].
11. Special Protections for Children Under 13
We do not knowingly collect or solicit personal information from children under the age of 13. If we become aware that a child under 13 has provided us with personal information, we will delete such information immediately. If you believe that a child has submitted data to us, please contact us at [email protected].
12. Policy Updates and User Notifications
We may revise this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or technology. When material changes are made, we will, where possible, notify users either through the website or via email.
13. Contact Information
If you have any questions about this Privacy Policy or wish to exercise your rights under applicable privacy laws, please contact:
Surf World Ireland
Email: [email protected]
Website: https://surfworldireland.com
We are committed to ensuring full compliance with all relevant data protection legislation and welcome any inquiries or concerns related to how your personal information is handled.