PRIVACY POLICY

In accordance with the legal requirements of data protection law (in particular the German Federal Data Protection Act (BDSG) as amended and the European General Data Protection Regulation (GDPR)), we hereby inform you of the nature, scope and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. For the definition of terms such as ‘personal data’ or ‘processing’, please refer to Article 4 of the GDPR.

Name and contact details of the data controller(s)

Our data controller (hereinafter referred to as the “Data Controller”) within the meaning of Article 4(7) of the GDPR is:

JetSurf Club Germany
Borweg 126A
32547 Bad Oeynhausen, North Rhine-Westphalia
Managing Director: Fabian Kusche
Email address: info@jetsurfclubgermany.com

Types of data, purposes of processing and categories of data subjects

Below, we provide information on the nature, scope and purpose of the collection, processing and use of personal data.

1. Types of data we process
: usage data (access times, websites visited, etc.), personal details (name, address, etc.), contact details (telephone number, email, fax, etc.),

2. Purposes of processing pursuant to Article 13(1)(c) of the GDPR
: processing of contracts, supporting the commercial use of the website, improving the user experience, making the website user-friendly, preventing spam and misuse, customer service and customer care, handling contact enquiries,

3. Categories of data subjects pursuant to Article 13(1)(e) of the GDPR
: Website visitors/users, customers,

The individuals concerned are collectively referred to as “users”.
Legal basis for the processing of personal data

Below, we set out the legal basis for the processing of personal data:

  1. If we have obtained your consent to the processing of personal data, the legal basis is Article 6(1)(a) of the GDPR.
  2. If processing is necessary for the performance of a contract or for the implementation of pre-contractual measures taken at your request, the legal basis is Article 6(1)(b) of the GDPR.
  3. If processing is necessary to comply with a legal obligation to which we are subject (e.g. statutory retention obligations), the legal basis is Article 6(1)(c) of the GDPR.
  4. If the processing is necessary to protect the vital interests of the data subject or of another natural person, the legal basis is Article 6(1), first sentence, point (d) of the GDPR.
  5. If the processing is necessary to safeguard our or a third party’s legitimate interests and your interests or fundamental rights and freedoms do not override those interests, the legal basis is Article 6(1)(f) of the GDPR.

Disclosure of personal data to third parties and data processors

As a general rule, we do not pass on any data to third parties without your consent. Should this nevertheless be the case, the disclosure will be made on the basis of the aforementioned legal grounds, e.g. when data is passed on to online payment providers for the purpose of contract fulfilment, or pursuant to a court order, or due to a legal obligation to disclose the data for the purposes of criminal prosecution, security purposes or the enforcement of intellectual property rights.
We also use data processors (external service providers e.g. for the web hosting of our websites and databases) to process your data. If data is transferred to data processors within the framework of a data processing agreement, this is always done in accordance with Article 28 of the GDPR. We select our data processors carefully, monitor them regularly and have secured the right to issue instructions regarding the data. Furthermore, the data processors must have implemented appropriate technical and organisational measures and must comply
with data protection regulations in accordance with the BDSG (as amended) and the GDPR. Data transfers to third countries

The adoption of the European General Data Protection Regulation (GDPR) has established a uniform framework for data protection across Europe. Your data is therefore primarily processed by organisations to which the GDPR applies. Should processing, however, be carried out by third-party services outside the European Union or the European Economic Area, they must meet the specific requirements of Articles 44 et seq. of the GDPR . This means that processing takes place on the basis of specific safeguards, such as the EU Commission’s official recognition of an EU-equivalent level of data protection or compliance with officially recognised specific contractual obligations, known as the ‘Standard Contractual Clauses’. In the case of US companies, compliance with the so-called “Privacy Shield”, the data protection agreement between the EU and the US, fulfils these requirements.
Deletion of data and retention period

Unless expressly stated in this privacy policy, your personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies, unless its continued retention is necessary for evidential purposes or is precluded by statutory retention obligations. This includes, for example, commercial law retention obligations for business correspondence under Section 257 (1) of the German Commercial Code (HGB) (6 years) and tax law retention obligations under Section 147(1) of the German Fiscal Code (AO) for supporting documents (10 years). Once the prescribed retention period expires, your data will be blocked or deleted, unless storage is still required for the conclusion or performance of a contract.
Existence of automated decision-making

We do not use automated decision-making or profiling.
Provision of our website and creation of log files

  1. If you are simply using our website for information purposes (i.e. without registering or otherwise submitting any information), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data: • IP address;
    • User’s internet service provider;
    • Date and time of access;
    • Browser type;
    • Language and browser version;
    • Content of the request;
    • Time zone;
    • Access status/HTTP status code;
    • Data volume;
    • Websites from which the request originates;
    • Operating system.
    This data is not stored together with any other personal data you provide.

  2. This data is used to ensure that our website is user-friendly, functional and secure, and to provide you with features and content, as well as to optimise the site and carry out statistical analysis.

  3. The legal basis for this is our legitimate interest in data processing, which is also based on the purposes set out above, in accordance with Article 6(1)(f) of the GDPR.

  4. For security reasons, we store this data in server log files for a period of 70 days. Once this period has expired, the data is automatically deleted, unless we need to retain it as evidence in the event of attacks on the server infrastructure or other legal infringements.

Cookies

  1. We use cookies when you visit our website. Cookies are small text files that your internet browser stores on your computer. When you visit our website again, these cookies transmit information to automatically recognise you. The information obtained in this way is used to optimise our website technically and economically and to provide you with easier and more secure access to our website. When you visit our website, we inform you via a reference to our privacy policy about the use of cookies for the aforementioned purposes and how you can object to this or prevent their storage (‘opt-out’). Our website uses session cookies, persistent cookies and cookies from third-party providers:

    • Session cookies: We use so-called cookies to recognise repeated use of a service by the same user (e.g. if you have logged in, to determine your login status). When you visit our site again, these cookies transmit information to automatically recognise you. The information obtained in this way is used to optimise our services and to make it easier for you to access our site. When you close your browser or log out, the session cookies are deleted.

    • Persistent cookies: These are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time via your browser’s security settings.

    • Third-party cookies: You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out at this stage that you may then not be able to use all the functions of this website. Please read more about these cookies in the respective privacy policies of the third-party providers.

  2. The legal basis for this processing is Article 6(1)(b) of the GDPR, where cookies are set for the purpose of entering into a contract, e.g. when placing orders, and otherwise we have a legitimate interest in the effective functioning of the website, in which case the legal basis is Article 6(1) (1)(f) of the GDPR applies.

  3. Objection and “opt-out”: You can generally prevent cookies from being stored on your hard drive by selecting “do not accept cookies” in your browser settings. However, this may result in a restriction of the functionality of our services . You can object to the use of third-party cookies for advertising purposes via a so-called “opt-out” on this US website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).

Contract processing

  1. We process master data (e.g. company, title/academic degree, names and addresses, and contact details of users, email), contractual data (e.g. services used, names of contact persons) and payment data (e.g. bank details, payment history) for the purpose of fulfilling our contractual obligations (knowing who the contractual partner is; justification, content and execution of the contract; checking the plausibility of the data) and to provide services (e.g. contacting customer service) in accordance with Article 6(1)(b) of the GDPR. The fields marked as mandatory in online forms are required for the conclusion of the contract.

  2. This data is not disclosed to third parties as a matter of principle, unless such disclosure is necessary for the enforcement of our claims (e.g. transfer to a solicitor for debt collection) or for the performance of the contract (e.g. transfer of data to payment service providers), or unless there is a legal obligation to do so pursuant to Article 6(1)(c) GDPR.

  3. We may also process the data you have provided in order to inform you about other interesting products in our range or to send you emails containing technical information.

  4. The data will be deleted as soon as it is no longer required for the purpose for which it was collected. This applies to customer and contract data once the data is no longer required for the performance of the contract and no further claims can be asserted under the contract because they have become time-barred (warranty: two years / standard limitation period: three years). We are obliged under commercial and tax law to store your address, payment and order data for a period of ten years. However, upon termination of the contract after three years, we restrict the processing of your data, i.e. your data will only be used to comply with legal obligations. Information in the user account remains until it is deleted.

Contact us via the contact form / email / fax / post

  1. When you contact us via the contact form, by fax, post or email, your details will be processed for the purpose of handling your enquiry.

  2. The legal basis for the processing of data, where you have given your consent, is Article 6(1)(a) of the GDPR. The legal basis for the processing of data transmitted in the course of a contact enquiry or via email, letter or fax is Article 6(1)(f) of the GDPR. The controller has a legitimate interest in processing and storing the data in order to respond to user enquiries, to preserve evidence for liability reasons and, where applicable, to comply with its statutory retention obligations regarding business correspondence. If the contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR.

  3. We may store your details and contact enquiry in our Customer Relationship Management system ("CRM system") or a similar system.

  4. The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data entered via the contact form and that sent by email, this is the case once the relevant conversation with you has been concluded. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively resolved. We store enquiries from users who have an account or a contract with us until two years after the contract has ended. In the case of statutory archiving obligations, deletion takes place after these periods have expired: at the end of the retention periods under commercial law (6 years) and tax law (10 years).

  5. You may withdraw your consent to the processing of your personal data at any time, in accordance with Article 6 (1)(a) of the GDPR. If you contact us by email, you may object to the storage of your personal data at any time.

Contact us by telephone

  1. When you contact us by telephone, your telephone number will be processed for the purpose of handling your enquiry and its follow-up and will be temporarily stored or displayed in the RAM / cache of the telephone device / display. This storage is carried out for liability and security reasons, to provide proof of the call, as well as for business reasons, to enable us to call you back. In the event of unwanted marketing calls, we will block the numbers.

  2. The legal basis for processing the telephone number is Article 6(1)(f) of the GDPR. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Article 6(1)(b) of the GDPR.

  3. The device cache stores calls for 30 days and gradually overwrites or deletes old data; when the device is disposed of, all data is deleted and the memory may be destroyed. Blocked telephone numbers are reviewed annually to determine whether the block is still necessary.

  4. You can prevent your phone number from being displayed by calling with your number withheld.

Facebook Custom Audiences

  1. We use the ‘Custom Audiences’ remarketing feature on our website, provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook has submitted to the Privacy Shield Agreement (https://www.privacyshield.gov/EU-US-Framework).

  2. If you visit the social network Facebook or other websites that use this remarketing feature, you may be shown interest-based advertisements (‘Facebook Ads’). We use the remarketing feature to optimise and run our website efficiently and to show you, where possible, advertisements that are of interest to you, thereby making our website more user-friendly.

  3. When you visit our website, your browser establishes a connection to Facebook’s servers. We do not know exactly what data is transmitted to Facebook in the process. However, Facebook receives the information that you have viewed or clicked on a particular advertisement. If you are logged in to Facebook at the time, Facebook may link this information to your account.

  4. The legal basis for this is our legitimate interest in data processing, which is also based on the purposes set out above, in accordance with Article 6(1)(f) of the GDPR.

  5. For information regarding data processing by Facebook, please refer to Facebook’s Privacy Policy at https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s Help Centre:
    https://www.facebook.com/business/help/651294705016616.

  6. Users who are not logged in can opt out of the “Facebook Custom Audiences” feature here [__Enter your website’s Facebook Pixel opt-out link here__], whilst logged-in users can do so via this link: https://www.facebook.com/settings/?tab=ads#.

  7. Further information on data processing by Facebook is available at https://www.facebook.com/about/privacy.

YouTube videos

  1. We have embedded YouTube videos from youtube.com on our website using the embed function, so that they can be viewed directly on our website. YouTube is owned by Google Ireland Limited, registration no.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland. We have embedded the videos in what is known as ‘enhanced privacy mode’, without cookies being used to track usage behaviour in order to personalise video playback. Instead, video recommendations are based on the video currently being played. Videos played in enhanced privacy mode in an embedded player do not affect which videos are recommended to you on YouTube. When you start a video (by clicking on it), YouTube receives the information that you have visited the relevant subpage of our website. The data collected is transferred to the USA and stored there. This occurs even without a Google user account. If you are logged into your Google account, Google may associate the above data with your account. If you do not wish this to happen, you must log out of your Google account. Google creates user profiles from such data and uses this data for the purposes of advertising, market research or optimising its websites.

  2. The legal basis for this is our legitimate interest in data processing, which is also based on the purposes set out above, in accordance with Article 6(1)(f) of the GDPR.

  3. You have the right to object to Google creating user profiles. To do so, please contact Google directly via the privacy policy link below. You can opt out of advertising cookies here in your Google Account:
    https://adssettings.google.com/authenticated.

  4. You can find further information on the use of Google cookies and their advertising technologies, retention periods, anonymisation, location data, how they work and your rights in YouTube’s Terms of Service at https://www.youtube.com/t/terms and in Google’s Advertising Privacy Policy at https://policies.google.com/technologies/ads . Google’s General Privacy Policy: https://policies.google.com/privacy.

  5. Google is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and is therefore required to comply with European data protection law.

Google Maps

  1. We have integrated maps from “Google Maps” (Google Ireland Limited, registration no.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) into our website. This allows us to display the location of addresses and directions directly on our website using interactive maps, and enables you to use this tool.

  2. When you visit our website, which incorporates Google Maps, a connection is established with Google’s servers in the USA. In doing so, your IP address and location may be transmitted to Google. Google also receives information that you have visited the relevant page. This occurs even if you do not have a Google account. If you are logged into your Google account, Google may associate the above data with your account. If you do not wish this to happen, you must log out of your Google account. Google creates user profiles from such data and uses this data for the purposes of advertising, market research or optimising its websites.

  3. The legal basis for this is our legitimate interest in data processing, which is also based on the purposes set out above, in accordance with Article 6(1)(f) of the GDPR.

  4. You have the right to object to Google creating user profiles. To do so, please contact Google directly via the privacy policy link below. You can opt out of advertising cookies here in your Google Account:
    https://adssettings.google.com/authenticated.

  5. In the Google Maps Terms of Service at https://www.google.com/intl/de_de/help/terms_maps.html and in Google’s Advertising Privacy Policy at https://policies.google.com/technologies/ads you will find further information on the use of Google cookies and their advertising technologies, retention periods, anonymisation, location data, how they work and your rights. Google’s general privacy policy: https://policies.google.com/privacy.

  6. Google is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and is therefore required to comply with European data protection law.

Social media presence

  1. We maintain profiles and fan pages on social media in order to communicate with users who are connected to and registered on those platforms, and to provide information about our products, offers and services. The US providers are certified under the so-called Privacy Shield and are therefore obliged to comply with European data protection regulations. When you use and access our profile on the respective network, the relevant privacy policy and terms of use of that network apply.

  2. We process the data you send us via these networks in order to communicate with you and to reply to your messages there.

  3. The legal basis for the processing of personal data is our legitimate interest in communicating with users and promoting our brand for advertising purposes in accordance with Article 6(1)(f) of the GDPR. Insofar as you have given your consent to the controller of the social network for the processing of your personal data, the legal basis is Article 6(1)(a) and Article 7 of the GDPR.

  4. You can find the privacy policies, information requests and opt-out options for the respective networks here:

    Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) Privacy Policy: https://www.facebook.com/about/privacy/, Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

    Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/Opt-out: http://instagram.com/about/legal/privacy/.

Social media plug-ins

  1. We use social media plug-ins from social networks on our website. We use the so-called ‘two-click solution’ by c’t and heise.de. This means that no personal data is transmitted to the plug-in providers when you visit our website. Next to the logo or brand of the social network, you will find a toggle switch that allows you to with a single click. Once activated, the provider of the social network receives the information that you have visited our website and your personal data is transmitted to the provider of the plug-in and stored there. These are so-called third-party cookies. With some providers, such as Facebook and XING, your IP address is, according to their information, immediately anonymised after collection.

  2. The data collected about the user is stored by the plug-in provider in the form of user profiles. These are used for the purposes of advertising, market research and/or tailoring the design of its website to users’ needs. Such analysis is carried out in particular (including for users who are not logged in) to display targeted advertising and to inform other users of the social network about the user’s activities on our website. The user has a right to object to the creation of these user profiles, although to exercise this right, they must contact the respective plug-in provider .

  3. The legal basis for the use of the plug-ins is our legitimate interest in improving and optimising our website by raising our profile through social networks, as well as enabling interaction between us and you, and between users themselves, via social networks, in accordance with Article 6(1)(f) of the GDPR.

  4. We have no control over the data collected or the data processing operations. Nor do we have any knowledge of the scope of the data collection, the purpose of the processing or the retention periods. We also have no information regarding the deletion of the collected data by the plug-in provider.

  5. For information regarding the purpose and scope of data collection and processing, please refer to the respective privacy policies of the social networks. You will also find information there regarding your rights and the settings available to protect your personal data.

Facebook

  1. We have integrated plug-ins from the social network Facebook.com (EU headquarters: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on our website as part of the so-called “two-click solution” by Shariff. You can recognise these by the Facebook logo “f” or the words “Like”, “Gefällt mir” or “Share”.

  2. As soon as you actively enable the Facebook plug-in, a connection is established between your browser and Facebook’s servers. In doing so, Facebook receives information – including your IP address – that you have visited our website and transmits this information to Facebook’s servers in the USA, where it is stored. If you are logged into your Facebook account, Facebook can associate this information with your account. When you use the plug-in’s functions, e.g. by clicking the ‘Like’ button, this information is also transmitted from your browser to Facebook’s servers in the USA, where it is stored and displayed on your Facebook profile and, where applicable, to your friends.

  3. The purpose and scope of data collection, as well as the further processing and use of the data by Facebook, and your rights in this regard and the settings available to protect your privacy, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/. Data collection via the “Like” button: https://www.facebook.com/help/186325668085084. You can manage and object to your settings regarding the use of your profile data for advertising purposes on Facebook here: https://www.facebook.com/ads/preferences/.

  4. If you log out of Facebook and clear your cookies before visiting our website, no data relating to your visit to our website will be linked to your Facebook profile when the plug-in is activated.

  5. You can also prevent the Facebook plug-in from loading by using so-called “Facebook blockers”, which you can install as add-ons for your browser: Facebook blockers for Firefox, Chrome and Opera, or 1blocker for Safari, iPad and iPhone.

  6. Facebook has signed up to the Privacy Shield, thereby ensuring compliance with European data protection law: https://www.privacyshield.gov/EU-US-Framework.

Instagram

  1. We have integrated plug-ins from the social network Instagram (Instagram LLC., 1601 Willow Road, Menlo Park, CA, 94025, USA) on our website as part of Shariff’s so-called “two-click solution”. You can recognise these by the Instagram logo, which is shaped like a square camera.

  2. If you choose to activate the plug-in, a connection is established between your browser and the servers of Instagram. In doing so, Instagram receives information, including your IP address, indicating that you have visited our site and transmits this information to Instagram’s servers in the USA, where it is stored. If you are logged into your Instagram account, Instagram may associate this information with your account, and you can click the Instagram button to share and save the content of our pages on your Instagram account, as well as display it to your friends there, where applicable. We have no knowledge of the exact content of the data transmitted, its use, or the duration of storage by Instagram.

  3. If you log out of Instagram before visiting our website and clear your cookies, no data relating to your visit to our website will be linked to your Instagram profile when the plug-in is activated.

  4. You can find further information in Instagram’s privacy policy at https://help.instagram.com/519522125107875 and regarding privacy settings here: https://help.instagram.com/196883487377501.

Rights of the data subject

  1. Objection or withdrawal of consent to the processing of your data

    Where the processing is based on your consent in accordance with Article 6(1)(a) and Article 7 of the GDPR, you have the right to withdraw your consent at any time. The lawfulness of the processing carried out on the basis of your consent up to the point of withdrawal remains unaffected.

    Where we base the processing of your personal data on a balancing of interests pursuant to Article 6(1)(f) of the GDPR, you may object to the processing. This is the case where, in particular, the processing is not necessary for the performance of a contract with you, as we will explain in each instance in the following description of the functions. If you exercise such a right to object, we ask you to state the reasons why we should not process your personal data in the manner we have been doing . In the event of a justified objection, we will review the situation and either cease or adjust the data processing, or explain to you our compelling legitimate grounds on the basis of which we continue the processing.

    You may object to the processing of your personal data for the purposes of advertising and data analysis at any time. You may exercise your right to object free of charge. You may inform us of your objection to marketing using the following contact details:

    JetSurf Club Germany UG
    Borweg 126A
    32547 Bad Oeynhausen, NRW
    Managing Director Fabian Kusche
    Email address: info@jetsurfclubgermany.com
  2. Right of access
    You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to access your personal data stored by us in accordance with Article 15 of the GDPR. This includes, in particular, information regarding the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the intended retention period, and the source of your data, provided it was not collected directly from you.

  3. Right to rectification
    You have the right to have inaccurate data rectified or to have complete data supplemented in accordance with Article 16 of the GDPR.

  4. Right to erasure
    You have the right to have your data stored by us erased in accordance with Article 17 of the GDPR, unless this is prevented by statutory or contractual retention periods or other legal obligations or rights requiring further storage.

  5. Right to restriction of processing
    You have the right to request a restriction on the processing of your personal data if any of the conditions set out in Article 18(1)(a) to (d) of the GDPR are met:
    • If you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

    • the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;

    • the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims, or•

    if you have objected to the processing pursuant to Article 21(1) of the GDPR and it has not yet been determined whether the legitimate reasons of the controller override your reasons.

  6. Right to data portability
    You have a right to data portability under Article 20 of the GDPR, which means that you can receive the personal data we hold about you in a structured, commonly used and machine-readable format, or request that it be transferred to another controller.

  7. Right to lodge a complaint
    You have the right to lodge a complaint with a supervisory authority. As a general rule, you may contact the supervisory authority, in particular in the Member State where you reside, where you work, or where the alleged infringement took place.

Data security

To protect all personal data transmitted to us and to ensure that data protection regulations are complied with not only by us but also by our external service providers, we have implemented appropriate technical and organisational security measures. For this reason, all data is transmitted between your browser and our server via a secure SSL connection and is encrypted.

Date: 12 December 2019

Source: GDPR privacy policy template from Juraforum.de

Shopping Basket
×
MotoSurf Certified

MotoSurf Certified

This board has been professionally inspected and prepared.

  • Full technical inspection
  • Engine checked
  • Software verified
  • Wear parts inspected
  • Ready to ride
Learn more
Scroll to Top