Whatsapp
Surf Lessons
Whatsapp

Privacy Policy

Privacy Policy and Personal Data Protection

 

ABOUT US

 

TICKET2SURF is a guesthouse/local accommodation and surf school located in Praia da Tocha.

 

SCOPE

 

TICKET2SURF’s privacy and personal data protection policy aims to inform users of the TICKET2SURF website of the general rules regarding privacy and the processing of personal data, which are collected and processed in strict compliance with the provisions of current personal data protection legislation, specifically the European Union’s General Data Protection Regulation (GDPR) (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016.

TICKET2SURF adheres to best practices in the field of security and personal data protection, having taken the necessary technical and organizational measures to comply with the GDPR and ensure that the processing of personal data is lawful, fair, transparent, and limited to authorized purposes. TICKET2SURF is committed to the protection and confidentiality of personal data and has adopted the measures it deems appropriate to ensure the accuracy, integrity, and confidentiality of personal data, as well as all other rights to which the respective data subjects are entitled.

 

WHAT DOES THIS POLICY COVER?

 

This policy applies exclusively to the collection and processing of personal data for which TICKET2SURF is the entity responsible for collection and processing, within the scope of the services and products made available to its users and whenever personal data is processed.

 

WHAT IS PERSONAL DATA?

 

Personal data refers to any information, of any nature and regardless of its medium, including sound and images, relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to a name, identification number, location data, online identifiers, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

 

WHAT DOES THE PROCESSING OF PERSONAL DATA ENTAIL?

 

The processing of personal data consists of an operation or set of operations performed on personal data or sets of personal data, whether by automated means or not, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, comparison, interconnection, restriction, erasure, or destruction.

 

DATA CONTROLLER 

 

The entity responsible for processing personal data is TICKET2SURF, which determines the purposes and means of such processing. To this end, if the data subject needs to contact the data controller, they may do so via the email address ticket2surf@gmail.com.

As the data controller, TICKET2SURF: i) ensures that the processing of your personal data is carried out within the scope of the purpose(s) for which it was collected or for purposes compatible with the initial purpose(s); ii) is committed to implementing a culture of data minimization in which only the necessary personal data is collected, used, and retained

necessary; iii) does not disclose or share your personal data for commercial or advertising purposes.

 

TYPE OF PERSONAL DATA USED

 

In the course of its activities, TICKET2SURF collects and processes personal data in accordance with applicable privacy laws, as well as the required express consent, to ensure the protection of users’ vital interests.

The personal data collected and processed may include: name, phone number, and email address, as provided by the respective data subjects. This data may also be processed for marketing purposes, to promote offers of goods or services, or to request quotes from TICKET2SURF, provided the respective data subject has given their consent.

 

WHEN AND HOW DO WE COLLECT PERSONAL DATA?

 

TICKET2SURF collects your personal data through its website and in writing, always ensuring the prior consent of the data subject. The personal data collected may be processed electronically, either automatically or manually, ensuring strict compliance with personal data protection laws in all cases. It is stored in specific databases created for this purpose, and under no circumstances will the collected data be used for any purpose other than that for which it was collected or for which the data subject has given consent.

Certain personal data is essential for the performance of the contract; without it, TICKET2SURF will be unable to provide the product and/or service in question. If the data subject is not a customer/user of TICKET2SURF, their personal data will only be processed when provided, in which case the rules of this policy will apply.

 

RECIPIENTS OF PERSONAL DATA

 

Without prejudice to the recipients indicated throughout this policy, TICKET2SURF may disclose the customer’s/user’s personal data to law enforcement, judicial, tax, and regulatory authorities for the purpose of complying with legal obligations.

 

PURPOSES OF PERSONAL DATA PROCESSING AND RESPECTIVE LEGAL BASIS

 

In general, the personal data collected is based on and intended for the management of the contractual and commercial relationship, the provision of contracted services, the adaptation of services to the needs and interests of the customer/user—specifically for the purpose of accessing specific service features—and for informational and marketing activities. Additionally, personal data may also be processed for the purpose of complying with legal obligations.

 

RETENTION AND RETENTION PERIOD OF PERSONAL DATA

 

The period of time during which personal data is stored and retained varies according to the purpose for which the information is processed. In fact, there are legal requirements that mandate the retention of data for a minimum period of time. Thus, and whenever there is no specific legal requirement, data will be stored and retained only for the minimum period necessary to achieve the purposes that motivated its collection or subsequent processing, as defined by law.

 

RIGHTS AS A DATA SUBJECT

 

As data subjects, customers/users are guaranteed, at any time, the right to access, rectify, update, restrict, and erase their personal data (except for data that is essential for TICKET2SURF to provide its services or to comply with legal obligations to which the data controller is subject), the right to object to the use of such data for commercial purposes by TICKET2SURF and to withdraw consent, without this affecting the lawfulness of the processing carried out under this consent, as well as the right to data portability.

 

ACCESS, MANAGE AND CONTROL YOUR PERSONAL DATA

 

Without prejudice to the provisions of the GDPR, the data subject may rectify, update, restrict, erase, object to, or withdraw consent for the processing of personal data, and may do so directly or by submitting a written request addressed to the respective data controller, using the contact information provided for this purpose in this document, as well as through other contact channels made available by TICKET2SURF. To exercise their legally recognized rights, the data subject must contact the Data Protection Officer at ticket2surf@gmail.com.

 

UNSUBSCRIBE FROM MARKETING COMMUNICATIONS

 

TICKET2SURF may promote new products or services to its customers/users, including via telephone, email, SMS, or any other electronic communication service, provided that the data subject has given their consent. If the data subject does not wish to continue receiving these communications, they may, at any time, withdraw their consent to the use of their data for marketing purposes.

 

COMPLAINTS

 

Without prejudice to the ability to submit complaints directly to TICKET2SURF through the contact information provided for this purpose, the customer/user may submit a complaint directly to the Supervisory Authority, which is the National Data Protection Commission (CNPD), using the contact information provided by this entity for this purpose.

 

MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA

 

TICKET2SURF is committed to ensuring the security of the personal data provided to it and has approved and implemented strict rules in this regard. Compliance with these rules is mandatory for all those who legally access such data.

Given TICKET2SURF’s concern and commitment to the protection of personal data, various technical and organizational security measures have been adopted to protect the personal data provided to it are protected against disclosure, loss, misuse, alteration, unauthorized processing or access, as well as against any other form of unlawful processing.

Additionally, third parties that, in the course of providing services, process the personal data of the customer/user on behalf of and for the account of TICKET2SURF are required, in writing, to implement appropriate technical and security measures that, at all times, meet the requirements set forth in applicable law and ensure the protection of the data subject’s rights (namely, the protection of privacy and personal data).

 

SHARING DATA WITH OTHER ENTITIES (THIRD PARTIES AND SUBCONTACTORS)

 

TICKET2SURF, in the course of its business, may engage third parties to provide certain services. At times, the provision of these services requires these entities to access the personal data of customers/users. In such cases, TICKET2SURF takes appropriate measures to ensure that the entities with access to the data are reputable and offer the highest level of security, which is duly established and safeguarded in the contract between TICKET2SURF and the third-party entity or entities. Thus, any entity subcontracted by TICKET2SURF will process the personal data of our customers/users on behalf of and for the account of TICKET2SURF, adopting the necessary technical and organizational measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, dissemination, or unauthorized access, and against any other form of unlawful processing.

In this case, TICKET2SURF uses EGOI as an email marketing platform. By agreeing to our policies, you acknowledge that your information will be transferred to EGOI. Learn more about EGOI’s privacy policies here https://bo.egoiapp.com/legal/anti-spam-policy?lang=br. You can unsubscribe at any time by clicking the link in the footer of our emails.

In the reservation management process, TICKET2SURF uses BookingLayer, a reservation and payment management platform. By agreeing to our policies, you acknowledge that your information may be processed and stored through BookingLayer for the purpose of managing your reservations and associated services. Learn more about BookingLayer’s privacy policies here: https://bookinglayer.com/privacy-policy

In any case, TICKET2SURF remains responsible for the personal data provided to it.

 

UNDER WHAT CIRCUMSTANCES DO WE TRANSFER PERSONAL DATA? 

 

The provision of certain services by TICKET2SURF may involve the transfer of your data outside of Portugal, including outside the European Union or to international organizations. In such cases, TICKET2SURF will strictly comply with applicable legal provisions, particularly regarding the determination of the adequacy of the destination country(ies) with respect to the protection of personal data and the requirements applicable to such transfers, including, where applicable, the execution of appropriate contractual instruments that guarantee and comply with the legal requirements in force.

This site uses its own cookies and third-party cookies to ensure proper functioning and for analytical purposes. By clicking the Accept button, you agree to the use of these technologies and the processing of your data for these purposes.

Accept