Privacy Policy » Yoga Surf Ocean – Surf & Yoga School In Santa Cruz, Portugal

General Data Protection Regulation (GDPR)

I process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) and other legal regulations. I ensure the security of the personal data you transmit to me. I process it transparently and fairly. No unauthorised person has access to your personal data that I have obtained from you and I do not pass it on to other entities for further processing without your consent, unless required by law or to protect our legal interests.

Valid from 25.5.2018

Personal Data Controller: Yoga Surf Ocean, Blanka Vašutová, NIF 325588791

SCOPE AND PURPOSE OF PERSONAL DATA PROCESSING

As the controller, I process your personal data in connection with the performance of contracts for mediation and provision of services, legal obligations, consent and legitimate interests. Personal data is obtained directly from you personally, by phone or e-mail communication and to the extent that:

Identification data (name, surname, date of birth, permanent address, ID and passport details, driving licence number, visa, nationality)
Contact details (address, e-mail address and telephone contact)
Other (e.g. payment details, car registration number, IP address, cookies, etc.)
Personal data captured by photographs and videos.

Your personal data that is voluntarily entrusted to the controller is processed for the following purposes:

Performance of the contractual relationship
Performance of legal obligations
Providing of services
Archival records maintained by law
Answering enquiries (via telephone call, email, online chat, etc.)
Developing business relationships and activities by sending information and news about our services
Evaluating the website
Marketing purposes – e.g. posting photos of your stay on the website and social media.

2. RECIPIENT OF PERSONAL DATA

In connection with the provision of services and the performance of the contract, your data will be provided to third parties to the extent necessary, namely service providers, in particular hotels and accommodation establishments, transport companies, foreign embassies, tour guides, insurance companies, external accounting firms or IT companies. I may also provide your personal data to public authorities.

3. METHOD AND DURATION OF PROCESSING OF PERSONAL DATA

The processing of personal data is carried out personally by the controller. The processing is carried out by means of computer technology or, in the case of personal data in paper form, manually, in compliance with all security principles for the management and processing of personal data. In order to protect your personal data, the controller uses the necessary security and technical measures to prevent misuse by unauthorised persons, damage, loss, alteration or destruction. All entities to whom personal data may be disclosed respect your right to privacy and are obliged to comply with applicable data protection laws. The processing of personal data is for an indefinite period of time or until the controller ceases to act.

Comments
When visitors leave comments on the site, we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string to help with spam detection. An anonymized string created from your email address (also known as a hash) may be provided to the Gravatar service to check if you are using it. The Gravatar service privacy policy can be found here: https://automattic.com/privacy/. After approval of your comment, your profile picture will be visible to the public in the context of your comment.

Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS). Visitors to the website can download and extract any location data from images on the website.

Cookies
If you leave a comment on our site, you may opt-in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and screen display preferences. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me,” your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie contains no personal data and simply indicates the post ID of the article you just edited. It expires after one day.

Embedded Content from Other Websites
Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

4. DATA PROTECTION RIGHTS AND CONTEXT

As clients whose personal data is processed by the controller, you have the following rights:

The right to be informed of the purpose, the category of data processed, the recipient to whom your personal data will be transferred, the duration of the data processing.
If you find your personal data out of date, you also have the right to have your personal data completed and amended
Right of access to your personal data
The right to erasure if your personal data is no longer necessary for the purpose for which it was collected, the personal data was unlawfully obtained, a legal or statutory obligation exists or you have withdrawn your consent to the processing of your data. The controller may refuse the right to erasure if it has a legal obligation to retain your personal data
The right to restrict data processing, provided that you believe that your personal data is inaccurate or that I am processing personal data unlawfully, but you do not want all of the data deleted
The right to portability of the personal data you have provided to me as controller to another controller
If you believe that your personal data is not being processed in accordance with the law, you have the right to contact the Data Protection Authority.

5. CHANGES TO THE PRIVACY POLICY

The Controller reserves the right to amend or supplement this Privacy Policy at any time. The new version of the privacy policy will be sent to the email address you have provided.

If you have any questions about the processing of your personal data, you can contact me by e-mail at info@yogasurfocean.com.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.