Privacy Policy

Introduction

We value transparency in handling personal data. This Privacy Policy explains what personal data we collect, why we collect it, and who we share it with. To maintain a high level of transparency, this Privacy Policy is regularly reviewed and updated.

‍

1. Services We Use

We use the following third-party services on our website:

• Google AdSense
• Google Ads
• Google Fonts API
• YouTube
• Webflow
• Google reCAPTCHA

2. Contact Information

For any questions or concerns about how we process your data, you can contact us anytime via email: hello@findsurfcampbali.com

Responsible Entity:
GEWE GmbH
Postfach 583
3000 Bern
Switzerland

Data Protection Contact:
Andri Werren
Email: hello@findsurfcampbali.com

3. General Principles

3.1 What Data Do We Collect and From Whom?

We primarily process personal data that you provide to us or that we collect while operating our website. In some cases, we may also receive data from third parties. This data may include:

• Personal information (name, address, date of birth, etc.)
• Contact details (phone number, email address, etc.)
• Financial data (e.g., payment details)
• Online identifiers (e.g., cookies, IP addresses)
• Location and traffic data
• Audio and image recordings
• Sensitive data (e.g., biometric data or health-related information)

3.2 Under What Conditions Do We Process Your Data?

We handle your data confidentially and in accordance with the purposes outlined in this Privacy Policy. Our data processing is transparent and proportionate.

In cases where we cannot fully comply with these principles, data processing may still be lawful if a legal justification exists, such as:

• Your explicit consent
• Processing required for contract fulfillment or pre-contractual measures
• Our legitimate interests, unless overridden by your rights

3.3 How Can You Withdraw Your Consent?

If you have given us explicit consent to process your personal data for specific purposes, you may withdraw your consent at any time by sending an email to hello@findsurfcampbali.com. This withdrawal does not affect data processing that has already occurred.

4. When Do We Share Your Data with Third Parties?

a. General Rule

We may use third-party service providers to process your data (so-called data processors). These include:

• Accounting, tax, and auditing firms
• Legal and consulting services
• IT service providers (hosting, support, cloud services, web design, etc.)
• Payment service providers
• Providers of tracking, conversion, and advertising services

We ensure that these third parties comply with data protection regulations and treat your personal data confidentially.

In some cases, we may also be legally required to disclose your personal data to authorities.

b. Visiting Our Social Media Channels

Our website may contain links to our social media channels. Clicking on these links directs you to our social media profiles.

When you visit our social media pages, the respective provider (e.g., Facebook, Instagram, YouTube) collects and processes your personal data according to their own policies. We do not control or assume responsibility for how these platforms handle your data.

c. International Data Transfers

Your personal data may be transferred to service providers located outside Switzerland. These companies must comply with the same data protection standards that we follow.

If the data protection level in a destination country does not match Swiss standards, we conduct a risk assessment and contractually ensure that your data receives equivalent protection (e.g., by using the EU Commission's Standard Contractual Clauses). You can review these clauses here:
Standard Contractual Clauses – EU Commission

5. Data Retention Period

We store your personal data only for as long as necessary to fulfill the purposes for which it was collected.

• Website usage data (e.g., log files) is stored for 12 months.
• Tracking and analytics data may be stored longer.
• Contract-related data (e.g., bookings, payments) is stored for up to 10 years, as required by legal and tax regulations.

Once your data is no longer required for business purposes, it will be restricted from further use and retained solely for legal compliance.

6. How Do We Protect Your Data?

We implement appropriate security measures to protect your data from loss, unauthorized access, misuse, or alterations.

• Our employees and service providers must comply with strict data protection policies.
• We use SSL encryption on our website to secure your data transmission.
• If necessary, we forward inquiries only to trusted partner companies while ensuring confidentiality.

7. Your Rights

a. Right to Access

You may request information about the personal data we store about you. To do so, please send a request with proof of identity to hello@findsurfcampbali.com.

If your data is processed automatically and meets one of the following criteria, you can also request a copy of your data in a common format:

• You have given consent for processing.
• The data is necessary for a contract.

We may limit or deny access requests if:

• They conflict with legal obligations.
• They violate legitimate interests (ours, public interests, or third parties’ interests).

b. Right to Deletion and Correction

You may request correction or deletion of your personal data at any time.

Your request may be denied if legal retention obligations apply or if data processing is legally justified. Please note that requesting data deletion may impact existing contractual agreements.

c. Legal Action

If you believe your privacy rights have been violated, you may:

• File a complaint with the Swiss data protection authority:
  Federal Data Protection and Information Commissioner (FDPIC)
• Pursue legal action in the appropriate court.

8. Changes to This Privacy Policy

We may update this Privacy Policy at any time. All changes will be published on https://www.findsurfcampbali.com and will not be separately communicated.

9. Specific Data Processing Activities

9.1 Website Logs and System Data

When you visit our website, certain data is automatically stored on our servers or third-party services for system administration, security, analytics, or backup purposes. This includes:

• Your Internet Service Provider (ISP)
• Your IP address
• Browser version and operating system
• Date & time of your visit
• Referrer URL (website you came from)
• Search terms used

These data points are used for website security and analytics and are deleted after 12 months unless needed longer for legal reasons.

9.2 Third-Party Services

a. Google AdSense & Ads
We use Google AdSense & Ads to display targeted advertisements. Google may track user behavior via cookies and web beacons. You can disable interest-based ads in your Google Ad Settings.

b. Google Fonts API & YouTube
Our website uses Google Fonts and embedded YouTube videos, which may collect data such as your IP address and browser information.

c. Webflow
We use Webflow for website design and hosting. Webflow may process your IP address and session data.

d. Google reCAPTCHA
We use Google reCAPTCHA to prevent spam and bot traffic. Google collects IP addresses and user interaction data for fraud prevention.