Privacy Policy

How we protect and use your personal information

Introduction

SurfMe.Guru ("we", "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information in compliance with GDPR, CCPA, and other global privacy regulations.

1. Personal Data We Collect

We collect the following categories of personal data:

Data Category Examples Purpose
Identification Data Name, email, phone, passport Booking processing, identification
Payment Data Card details (encrypted), billing address Payment processing, fraud prevention
Health & Safety Medical conditions, allergies Safety during surf activities
Surf Experience Skill level, preferences Personalized instruction
Usage Data IP address, browser, pages visited Website improvement, analytics

2. How We Use Your Data

  • Service Delivery: Process bookings, provide surf instruction
  • Safety: Ensure safe participation based on health info
  • Communication: Send booking confirmations, updates
  • Marketing: With consent, send offers and newsletters
  • Improvements: Analyze usage to enhance our services
  • Legal Compliance: Meet regulatory requirements

3. Data Sharing & Third Parties

We may share data with:

  • Instructors & Staff: Necessary for service delivery
  • Accommodation Partners: Only essential booking details
  • Payment Processors: PCI-DSS compliant providers
  • Legal Authorities: When required by law
  • Medical Providers: In case of emergency

We never sell your personal data to third parties.

4. Your Rights (GDPR & CCPA)

Depending on your location, you may have:

  • Right to Access: Request copies of your data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion under certain conditions
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in machine-readable format
  • Right to Object: Object to certain processing
  • CCPA Rights: Know, delete, and opt-out of sale of personal information

To exercise these rights, contact privacy@surfme.guru.

5. Cookies & Tracking Technologies

We use cookies for:

  • Essential Functionality: Session management, security
  • Performance: Analytics to improve our site
  • Marketing: With consent, for personalized ads

Manage preferences via our Cookie Consent Tool or browser settings.

6. Data Security Measures

We implement robust security including:

  • PCI-DSS compliant payment processing
  • 256-bit SSL encryption for all data transfers
  • Regular security audits and penetration testing
  • Limited access to personal data on need-to-know basis
  • Secure data centers with 24/7 monitoring

7. Data Retention

We retain personal data only as long as necessary:

  • Booking Data: 7 years for tax/legal purposes
  • Health/Safety Data: Duration of program + 3 years
  • Marketing Data: Until consent withdrawn
  • Website Analytics: 26 months

8. Children's Privacy

  • We do not knowingly collect data from children under 16 without parental consent
  • Participants under 18 require parental/guardian consent forms
  • Parents may review or request deletion of child's data

9. International Data Transfers

As a global business, data may be transferred outside your home country. We ensure:

  • EU-US transfers under Privacy Shield framework
  • Standard Contractual Clauses where required
  • Adequate protection for all transfers

Contact Our Privacy Team

For privacy requests or questions about this policy:

privacy@surfme.guru