Privacy Policy

1. Data Controller

The controller responsible for processing your personal data is:

Surfskate Fuerteventura Fuerteventura, Canary Islands, Spain 📧 fuerteventurasurfskate@gmail.com 📞 (+34) 643 186 082 🌐 www.surfskatefuerteventura.com

2. What Data We Collect

When you use our website or contact us, we may process the following personal data:

  • Identification data: first and last name.

  • Contact data: email address, phone number.

  • Communication data: messages sent via the contact form or WhatsApp.

  • Service data: surfskate level, height (when equipment is requested), preferred session schedule.

  • Payment data: information required to process payments (bank transfer, Bizum, Revolut, cash). We do not store complete banking details.

  • Technical data: IP address, browser type, pages visited, time spent on site (via cookies and analytics tools).

3. Purposes and Legal Basis for Processing

Purpose Legal basis Managing class bookings, packs and services Performance of a contract (Art. 6.1.b GDPR) Responding to enquiries and contact messages Legitimate interest (Art. 6.1.f GDPR) Sending service information to existing customers Legitimate interest (Art. 6.1.f GDPR) Sending commercial communications to those who have given consent Consent (Art. 6.1.a GDPR) Compliance with legal and tax obligations Legal obligation (Art. 6.1.c GDPR) Analysing website usage via analytical cookies Consent (Art. 6.1.a GDPR)

4. Data Retention

Personal data will be retained for as long as necessary for the purpose for which it was collected:

  • Customer data: for the duration of the commercial relationship and, afterwards, for the legally required limitation periods (minimum 5 years for tax and contractual obligations).

  • Enquiry data: up to 1 year from the last communication.

  • Marketing data: until the user withdraws their consent.

  • Technical data / cookies: as set out in our Cookie Policy.

5. Recipients

Your data will not be shared with third parties except in the following cases:

  • Technology service providers: Squarespace Inc. (web hosting platform, located in the USA, with adequate safeguards via Standard Contractual Clauses); Meta Platforms (Facebook/Instagram); Google (YouTube, Google Maps). These transfers are carried out under the guarantees established in Chapter V of the GDPR.

  • Legal obligation: when required by law or competent authorities.

  • Payment processors: Bizum (Redsys), Revolut Ltd.; only the data strictly necessary to process the payment.

We do not sell or rent your personal data to third parties for commercial purposes.

6. International Transfers

Some of our service providers (Squarespace, Meta, Google) are located outside the European Economic Area (EEA), primarily in the USA. In such cases, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or the EU–US Data Privacy Framework.

7. Your Rights

Under the GDPR, you have the right to:

  • Access: obtain confirmation of whether we are processing your data and access it.

  • Rectification: correct inaccurate or incomplete data.

  • Erasure ("right to be forgotten"): request deletion of your data when it is no longer necessary.

  • Restriction of processing: request that we suspend use of your data.

  • Data portability: receive your data in a structured, commonly used format.

  • Objection: object to processing based on legitimate interest or for direct marketing purposes.

  • Withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise your rights, please write to us at fuerteventurasurfskate@gmail.com, stating your name, the right you wish to exercise, and attaching a copy of your identity document.

You also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD): www.aepd.es — or with the supervisory authority of your country of residence within the EU.

8. Security

We apply appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration, including the use of encrypted connections (HTTPS) and restricted access to personal information.

9. Minors

Our services are intended for individuals aged 16 and over. We do not knowingly collect personal data from children under 16 without verifiable parental or guardian consent. If we become aware that we have collected data from a minor without adequate consent, we will delete it immediately.

10. Changes to This Policy

We reserve the right to update this Privacy Policy. Any changes will be published on this page with the updated date. We recommend reviewing it periodically.

This policy has been drafted in accordance with Regulation (EU) 2016/679 (GDPR), Spanish Organic Law 3/2018 on Personal Data Protection and Digital Rights Guarantee (LOPDGDD), and Law 34/2002 on Information Society Services (LSSI).