Privacy Policy
1. Introduction
At the Scottish Surfing Federation (“we”, “us”, “our”), accessible at scottishsurfingfederation.com, we are committed to maintaining the trust and confidence of our website visitors, members, and stakeholders. We take your privacy seriously and are fully committed to safeguarding your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”), as applicable. This Privacy Policy explains how we collect, use, share, and protect your personal information, and outlines your rights in respect of that information.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data processed via our website scottishsurfingfederation.com. For data subjects located within the European Economic Area (EEA), Scottish Surfing Federation is the data controller responsible for the processing of your personal information as described in this policy. For California residents, the Scottish Surfing Federation is a “business” under the CCPA and is responsible for determining the purposes and means of processing personal data.
3. Categories of Data We Process
We may collect, use, store, and transfer different kinds of personal data depending on your interaction with us, including:
a. Usage Data
Includes information about how you use our website, such as IP address, browser type, device identifiers, access times, pages viewed, and referring website addresses.
b. Account Data
Includes information you provide to register or manage an account, such as your full name, postal address, email address, and phone number.
c. Profile Data
Includes information about your interests, preferences, event participation, memberships, and purchase behavior if applicable.
d. Communication Data
Includes any communication you send to us, such as inquiries through email or web forms, support tickets, and feedback. This may include the content of messages and metadata associated with them.
e. Technical Data
Includes device and system information used to access our website, operating system details, timezone settings, and browser plug-in types.
f. Transaction Data
Includes details of any payments made to or from you, including bank account details, billing address, and delivery information (where applicable to events or products).
g. Preference Data
Includes your marketing and communication preferences, including opt-in/opt-out records and expressed interests in specific services or products.
4. Legal Bases for Processing
We process your personal data under the following lawful bases as set out under GDPR and, where applicable, under equivalent CCPA principles:
– Consent: Where you have given us clear consent to process your personal data for a specific purpose (e.g., to receive newsletters).
– Contractual Necessity: Where processing is required to fulfill a contract with you or to take steps at your request prior to entering into a contract (e.g., event participation, membership processing).
– Legitimate Interests: Where processing is necessary for our legitimate interests and does not override your fundamental rights and freedoms (e.g., website analytics, fraud prevention).
– Legal Obligation: Where processing is necessary to comply with a legal obligation.
For California residents, the CCPA further recognizes the right to know, access, delete, and opt-out of the sale or sharing of personal data. We do not sell personal data.
5. Your Rights
You have the following rights under data protection legislation:
– Right of Access — the right to request copies of your personal data we hold.
– Right to Rectification — the right to request correction of inaccurate or incomplete personal data.
– Right to Erasure (Right to be Forgotten) — the right to request deletion of your personal data, subject to retention obligations.
– Right to Restrict Processing — the right to request limited processing where the accuracy, legality, or necessity of data is contested.
– Right to Data Portability — the right to request a copy of your personal data in a structured, commonly used, and machine-readable format.
– Right to Object — the right to object to processing based on legitimate interest or direct marketing.
– Right to Withdraw Consent — where our processing is based on your consent, you may withdraw that consent at any time.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement a range of organizational and technical measures to protect your personal data, including:
– Encryption of data in transit and at rest;
– Secure firewalls and access controls to limit access to authorized personnel only;
– Regular backups and disaster recovery procedures;
– Staff training on data protection and information security.
While we take all reasonable steps, no system is entirely secure. You are encouraged to ensure your own digital security when communicating and transacting online.
7. International Transfers
Where personal data is transferred outside the United Kingdom or European Economic Area, we ensure such transfers are protected through:
– The use of European Commission-approved Standard Contractual Clauses (SCCs);
– Adequacy decisions by the European Commission;
– Other legally permitted mechanisms designed to protect your data during transit and storage.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Specific retention periods include:
– Usage and technical data: up to 2 years;
– Account and profile data: for the active duration of your account plus 3 years;
– Communication data: typically retained for 3 years from date of contact;
– Transaction data: retained for 7 years for tax and audit compliance;
– Preference data: retained until you update or withdraw consent.
9. Cookie Policy
We use cookies and similar technologies on scottishsurfingfederation.com to provide functionality, personalize content, analyze traffic, and support our marketing efforts. Cookies fall into the following categories:
– Essential Cookies: Required for website functionality (e.g., login, navigation).
– Functional Cookies: Enhance the performance and functionality of the site.
– Analytical/Performance Cookies: Help us understand how users interact with the website (e.g., Google Analytics).
– Marketing Cookies: Used to deliver relevant advertisements to users.
10. Cookie Management and Compliance
By accessing our website, you may be prompted to manage your cookie preferences. You have the ability to accept or refuse non-essential cookies. Most modern browsers allow you to modify your cookie preferences at any time through the settings panel.
We comply with the GDPR’s requirement for prior consent for the use of non-essential cookies and the CCPA’s mandate for transparency in cookie categorization and opt-out rights.
11. Children’s Privacy
Our services are not directed to children under the age of 13. We do not knowingly collect personal data from children. If we discover or are notified that we have inadvertently collected personal data from a child under the age of 13 without appropriate consent, we will take immediate steps to delete such data. Parents or guardians with concerns may contact us at [email protected].
12. Policy Updates
We may update this Privacy Policy from time to time in response to evolving legal, technical, or operational developments. Where we make material changes, we will take appropriate measures to inform you in accordance with applicable law. Continued use of scottishsurfingfederation.com constitutes your acceptance of the updated policy.
13. Contact Information
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns regarding your personal data, please contact us at:
Email: [email protected]
We are committed to full compliance with data protection laws and to maintaining transparency in how your data is managed. Please reach out to us with any privacy concerns so that we may address them promptly and appropriately.