Privacy Policy, Data Protection Act and GDPR Information

This privacy policy governs the way FINS Café and Surf collects, uses, maintains and discloses the personal data collected from its Users (“User” or “You”) of the finsnewquay.co.uk website and/or our physical location. This privacy policy applies to the website and all products and services offered by FINS Café and Surf, including those provided at our physical location.

Please be advised that that we may update our Privacy Policy periodically to reflect changes in our practices or legal obligations. Any updates will be communicated via the Site or other appropriate means.

1. Owner and Data Controller

FINS SURF SCHOOL LIMITED and JJDQ LIMITED

Trading as: FINS Café and Surf

1 Beacon Road, Newquay, Cornwall, TR7 1HH

Tel: +44 7951 774132

Email: Contact@finsnewquay.co.uk

Any questions regarding this privacy policy and our privacy practises should be sent to the FINS Café and Surf Email listed above.

2. Protecting Your Privacy

FINS Café & Surf, operated by JJDQ LIMITED (Café and Shop Services) and FINS SURF SCHOOL LIMITED (Surf School and Rental Services). At FINS Café and Surf, we are committed to safeguarding your privacy and ensuring compliance with applicable data protection laws, such as the Data Protection Act 2018 General Data Protection Regulation (GDPR) and other relevant regulations. By using our Site or services, you agree to the practices described in this Privacy Policy.

3. What Personal Data We Collect

“Personal data” refers to any information that identifies an individual. We collect the following types of data:

  • Identity Data: Full name and title.
  • Contact Data: Email address, postal address, phone number and emergency contact details (for surf school participants).
  • Payment Data: Payment card details and billing information.
  • Transaction Data: Details of payments made to us and the products/services you have purchased (e.g., surf lessons, café items, rentals).
  • Profile Data: Preferences, interests and feedback.

We will not collect special categories of personal data about you without first obtaining your consent. Other than health data for surf school participants, We DO NOT collect Special Categories of Personal Data such as race, religious beliefs, political opinions, or sexual orientation. Provided you consent, your special category of data may only be used and disclosed for purposes relating to the primary purpose for which the sensitive data was collected, such as to determine if you are fit to undertake a surf lesson or use surf equipment.

In addition to personal data, when using our website, we may collect tracking information such as:

  • Browser type
  • Your operating system
  • Name of your internet server
  • Pages you visited on www.finsnewquay.co.uk

This information is collected by cookies and/or other tracking technologies to enhance website functionality, improve user experience, and tailor our services to better meet your needs. This information is used only in a summarized form and does not personally identify you.

4. How We Use Your Data

Information collected from our users is used for:

  • Improving our website, services and customer experiences
  • Processing and managing online and/or on-site orders
  • Analytics
  • More efficient responses to enquires about our services
  • Communicating information regarding your online bookings• Market research
  • Informing you of any offers, promotions and services that may interest you

5. Legal bases for processing (for UK users):

If you are an individual in the UK or European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable United Kingdom or European Union laws. The legal bases depend on the services you use and how you use them. This means we collect and use your information only where:

  • it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
  • it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services and to protect our legal rights and interests;
  • you give us consent to do so for a specific purpose (for example we might ask for consent in order to provide you with our services, provide customer support and personalised features); or 
  • we need to process your data to comply with a legal obligation.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using our services.

6. Our responsibilities as a ‘controller’ under the Data Protection Act

Controllers are defined by the Data Protection Act as natural or legal persons, a public authority, agency or other body to which personal information or personal data has been disclosed, whether via a third party or not, and who determines the purposes and means of processing personal information. We are a controller under the Data Protection Act as we collect, use and store your personal data to enable us to provide you with our goods and/or services.

As a controller, we have certain obligations under the Data Protection Act when collecting, storing and using the personal data of individuals based in the UK. If you are an individual located in the UK, your personal data will:

  • be processed lawfully, fairly and in a transparent manner by us;
  • only be collected for the specific purposes we have identified in the ‘collection and use of personal data clause above and personal data will not be further processed in a manner that is incompatible with the purposes we have identified;
  • be collected in a way that is adequate, relevant and limited to what is necessary in relation to the purpose for which the personal data is processed;
  • be kept up to date, where it is possible and within our control to do so (please let us know if you would like us to correct any of your personal data);
  • be kept in a form which permits us to identify you, but only for so long as necessary for the purposes for which the personal data was collected;
  • be processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Specifically, we have the following measures in place, in accordance with the Data Protection Act:

  • Right to ask us to restrict data processing: You may ask us to limit the processing of your personal data where you believe that the personal data we hold about you is wrong (to give us enough time to verify if the information needs to be changed), or where processing data is unlawful and you request us to restrict the processing of personal data rather than it being erased.
  • Notification of data breaches: We will comply with the Data Protection Act in respect of any data breach.

7. How We Use Cookies

We use cookies and other tracking technologies to improve your experience and gather data on how

users interact with our website. Cookies are small text files that are stored on your device when you visit a website. They help websites recognize users, remember preferences, and collect information to improve functionality and performance. Cookies do not store identifiable personal data information but may be linked to other data we collect about you. Types of cookies include:

  • Essential Cookies: Required for the website to function (e.g., processing bookings)
  • Performance and Analytics Cookies: Help us track user activity and improve website performance
  • Marketing Cookies: Used for personalized advertising (if applicable) 
  • You can manage your cookie preferences via your browser settings. Please note that disabling cookies may affect the functionality of some website features.

For more details, see our Cookie Policy.

8. How We Share Your Data

We DO NOT sell or rent your personal data. However, we may share it with trusted third parties in the following cases:

  • Payment Processors: We use SUMUP for secure payment processing.
  • Booking Systems: We use Vikingbookings.com to manage surf lesson reservations.
  • Analytics Providers: We use Google Analytics to understand how users interact with our website.

We require all third-party providers to comply with data protection regulations and to process your data only for the purposes specified.

9. Data Security

We take appropriate security measures to protect your personal data from unauthorised access, alteration, or disclosure. Our systems are secured with encryption, and access to your personal data is limited to authorized personnel only.

While we strive to protect your personal data, please note that no method of data transmission or storage is 100% secure.

10. Data Retention

We retain your personal data only for as long as necessary:

  • Transaction records are kept for six years (legal compliance).
  • Other personal data is retained based on service needs or until you request deletion.

You can request deletion of your data unless we are legally required to retain it.

11. Your rights and controlling your personal information

11.1 Choice and consent: Please read this Privacy Policy carefully. By providing personal data to us, you consent to us collecting, holding, using and disclosing your personal data in accordance with this Privacy Policy. If you are under 13 years of age, you must have; and warrant to the extent permitted by law to us that you have, your parent or legal guardian’s permission to access and use the Site and they (your parents or guardian) have consented to you providing us with your personal data. You do not have to provide personal data to us, however, if you do not, it may affect your use of this Site or the products and/or services offered on or through it.

11.2 Information from third parties: If we receive personal data about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal data about somebody else, you represent and warrant that you have such person’s consent to provide the personal data to us.

11.3 Restrict: You may choose to restrict the collection or use of your personal data. If you have previously agreed to us using your personal data for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict how we process your personal data, we will let you know how the restriction affects your use of our Site or products and services.

11.4 Access and data portability: You may request details of the personal data that we hold about you. You may request a copy of the personal data we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may request that we erase the personal data we hold about you at any time. You may also request that we transfer this personal data to another third party (data portability).

11.5 Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.

11.6 Complaints: If you believe that we have breached an article of the Data Protection Act and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact the Information Commissioner’s Office if you wish to make a complaint.

11.7 Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

12. Children’s Privacy

We do not knowingly collect personal data from children under the age of 18 without parental consent, particularly in relation to surf lessons. If we discover that we have inadvertently collected personal data from a child under 18, we will take appropriate steps to delete the information.

13. Third Party Links

Our website may contain links to third-party sites (e.g., social media, booking platforms). These websites have their own privacy policies, and we are not responsible for their content.

14. Changes to This Privacy Policy

We may update this privacy policy from time to time. Any changes will be posted on our Site, and the updated date will be reflected at the top of the document. We encourage you to check this policy regularly to stay informed about how we protect your data.

Contact Us

If you have any questions or concerns regarding this privacy policy or your personal data, please contact us at:

FINS Cafe & Surf

1 Beacon Road, Newquay, Cornwall, TR7 1HH

Email: contact@finsnewquay.co.uk

Phone: +44 07951774132