Skip to main content

Personal Privacy Settings

change personal privacy settings
history of privacy settings
revoke consent

We appreciate your trust and apply the utmost care and highest security standards to protect your personal data from unauthorized access. The processing of personal data on our website complies with the provisions of the General Data Protection Regulation (GDPR).

Responsible Entity Nalusurf Surfschool/Surfcamp Fuerteventura Owner: Ralf Geerdts, N.I.E. X3739459G Address: Calle Laja Blanca N°4, 35627 La Pared Phone: +34 669 62 15 22 Email: info@nalusurf.de For questions about the collection, processing, or use of your personal data, for information, correction, blocking, or deletion of data, please contact: info@nalusurf.de

Data Processing on Our Website When you visit our website, our web server temporarily stores every access in a log file. The following data is collected and stored until automated deletion:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Amount of data transferred
  • Notification of whether the retrieval was successful
  • Identification data of the browser and operating system used.

The processing of this data is for the purpose of enabling the use of the website (establishing a connection), system security, technical administration, network infrastructure, and optimizing the internet offer. We cannot assign this data to specific individuals. A merging of this data with other data sources is not carried out; the data is also deleted after a statistical evaluation.

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f) GDPR.

Collection, Processing, and Use of Personal Data In data processing, your legitimate concerns are always taken into account in accordance with legal provisions. Personal data is only collected if you voluntarily provide it to us as part of contacting us (such as your name, email address, or address). We use the data you provide exclusively to answer your questions without your separate consent.

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. b) GDPR.

Use of Cookies for Functional Purposes To make your visit to our website comfortable and to enable the use of certain functions, we use so-called cookies. Cookies are small text files that are used as identification signs. We transmit these via your web browser to the hard drive of your computer and can read them during your current visit (so-called “session cookies”). Please note that certain cookies are already set as soon as you enter our website. Our cookies are protected against reading by third parties using the security standards of your browser. You have the option to prevent the storage of cookies on your computer by making appropriate settings in your browser. However, this may limit the functionality of our websites for you.

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f) GDPR.

To manage the cookies and similar technologies (tracking pixels, web beacons, etc.) used and the related consents, we use the consent tool “Real Cookie Banner”. Details on the functioning of “Real Cookie Banner” can be found at Real Cookie Banner Data Processing.

The legal bases for the processing of personal data in this context are Art. 6 Para. 1 lit. c GDPR and Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we cannot manage your consents.

Use of the Online Booking Form and Inquiry Form When using the online contact form, we collect personal data (such as your name, mobile number, and email address) only to the extent provided by you. We use your email address only to process your inquiry. Your data will then be deleted unless you have agreed to further processing and use or a booking does not take place.

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. b) GDPR.

Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies,” text files that are stored on your computer and enable an analysis of your use of the website (e.g., measuring reach). The information generated by the cookie about your use of this website is generally transferred to a Google server in the USA and stored there. Due to the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide us with other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. In connection with the use of Google Analytics, metadata and communication data (e.g., device information and IP addresses) as well as location data (information on the geographical position of a device or person) may be processed. Usage data (e.g., website access, clicks, access times), contact data (e.g., email, telephone numbers), content data (e.g., entries in online forms), or inventory data (e.g., names, addresses) may also be processed.

We would like to point out that on this website, Google Analytics has been extended with the code “gat._anonymizeIp();” to ensure an anonymized collection of IP addresses (so-called IP masking).

A connection to the Google Analytics servers is only established once you have consented to the use of Google Analytics. Prior to this, no Google Analytics cookies are set on your device. The information collected by the cookies can be sent to a Google server in the United States of America (USA) and stored there. There is no general adequacy decision by the European Commission certifying that the USA provides an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities may access and process it for their own purposes. To protect your personal data, we have concluded so-called Standard Contractual Clauses (“SCC”) with Google. SCCs are data protection regulations issued by the European Commission that impose legal obligations on the data importer, the implementation of which guarantees compliance with European data protection standards.

The legal basis for this processing and the transfer of your personal data to Google in the USA is your consent according to Art. 6 para. 1 sentence 1 lit. a) and Art. 49 para. 1 sentence 1 lit. a) GDPR. You have the option to revoke your consent at any time. This can be done by adjusting your privacy settings for our website via the following link: [Link]

You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case, you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plugin available under the following link (http://tools.google.com/dlpage/gaoptout?hl=en).

Furthermore, you can prevent the collection of data by Google Analytics by clicking on the following link. An opt-out cookie will then be set, which prevents the further collection of your data when visiting this website. This procedure is particularly recommended when accessing our site via mobile devices.

For more information on terms of use and data protection, please visit www.google.com/analytics/terms/en.html or www.google.com/intl/en/analytics/privacyoverview.html.

Google Fonts

We use Google Fonts provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website for the uniform display of fonts, so-called web fonts provided by Google. When you call up a page, your browser loads the required fonts into your browser cache to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google’s servers. This gives Google knowledge that our website was accessed via your IP address. The use of Google Fonts is in the interest of a uniform and attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.

If your browser does not support web fonts, a standard font from your computer will be used. Further information about Google Fonts can be found at https://developers.google.com/fonts/faq?tid=231550647513.

Google reCAPTCHA

We also use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) on this website. This function is mainly used to distinguish whether an input is made by a natural person or abusively by machine and automated processing. The service includes sending the IP address, referrer URL (the address of the page from which the visitor comes), information about the operating system, cookies, mouse movements, and keystrokes, duration of stay, user device settings (e.g., language settings, location, browser, etc.), and possibly other data required by Google for the reCAPTCHA service.

In the context of using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. in the USA. There is no general adequacy decision by the European Commission certifying that the USA provides an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities may access and process it for their own purposes. To protect your personal data, we have concluded so-called Standard Contractual Clauses (“SCC”) with Google. SCCs are data protection regulations issued by the European Commission that impose legal obligations on the data importer, the implementation of which guarantees compliance with European data protection standards.

The legal basis for this processing and the transfer of your personal data to the USA is your consent according to Art. 6 para. 1 sentence 1 lit. a) and Art. 49 para. 1 sentence 1 lit. a) GDPR. You have the option to revoke your consent at any time. You can adjust your privacy settings for our website via the following link: [Link]

For more information about Google reCAPTCHA and Google’s privacy policy, please visit: https://www.google.com/intl/en/policies/privacy/

Google Tag Manager

For our website, we use the Google Tag Manager from Google Inc. For Europe, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for the Google Tag Manager.

With the Google Tag Manager, we can centrally integrate and manage website tags via a user interface. Tags are small code snippets that, for example, record your activities on our website. Buttons can also be integrated via the tags.

The Tag Manager itself is a domain that does not set cookies or store data but serves only as a manager. In the account settings of the Tag Manager, we have agreed that Google receives anonymized data from us. However, this is only data about our use and utilization of the Tag Manager and not your data. The Google Tag Manager itself does not process any personal data from you as a visitor to our website.

More information about the Google Tag Manager can be found at: https://support.google.com/tagmanager/answer/9323295?hl=en

Google Maps

Nalusurf integrates the maps of the service “Google Maps” from the provider Google and processes user data in this context. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/maps-platform.

We use the maps from Google Maps to show you the location of our company as well as possible routes and access options.

In connection with the use of Google Maps, metadata and communication data (e.g., device information and IP addresses) as well as location data (information on the geographical position of a device or person) are processed. However, usage data (e.g., website access, clicks, access times), contact data (e.g., email, telephone numbers), content data (e.g., entries in online forms), or inventory data (e.g., names, addresses) may also be processed.

Please note that when using a mobile device, your settings regarding location data on this device can also play a role in the extent of the data collected.

A connection to the Google Maps servers is only established once you have consented to the use of Google Maps on the integrated button of the service. Prior to this, no Google Maps cookies are set on your device. The information collected by the cookies is usually sent to a Google server in the United States of America (USA) and stored there. There is no general adequacy decision by the European Commission certifying that the USA provides an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities may access and process it for their own purposes. To protect your personal data, we have concluded so-called Standard Contractual Clauses (“SCC”) with Google. SCCs are data protection regulations issued by the European Commission that impose legal obligations on the data importer, the implementation of which guarantees compliance with European data protection standards.

The legal basis for this processing and the transfer of your personal data to Google Maps in the USA is your consent according to Art. 6 para. 1 sentence 1 lit. a) and Art. 49 para. 1 sentence 1 lit. a) GDPR. You have the option to revoke your consent at any time. This can be done by adjusting your privacy settings for our website via the following link: [Link]

Detailed information on data processing on Google Maps and the possibility of enforcing data subject rights against Google Maps can be found at: https://policies.google.com/privacy. Information on the possibility of objection (Opt-Out) can be found at: https://tools.google.com/dlpage/gaoptout?hl=en. Information on the settings for the display of advertising can be found at: https://adssettings.google.com/authenticated.

YouTube

Nalusurf integrates video content from the service “YouTube” from the provider Google and processes user data in this context. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

We use YouTube to be able to display video content to you.

In connection with the use of YouTube video content, metadata and communication data (e.g., device information and IP addresses) are processed. However, usage data (e.g., website access, clicks, access times), contact data (e.g., email, telephone numbers), content data (e.g., entries in online forms), or inventory data (e.g., names, addresses) may also be processed.

We use YouTube in enhanced privacy mode. According to YouTube, this mode means that YouTube does not store any information about the users of our website before they have consented to processing or watch the video. However, the enhanced privacy mode does not necessarily exclude the transfer of data by YouTube. Thus, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

A connection to the YouTube servers is only established once you have consented to the use of YouTube on the integrated preview image of the service. Prior to this, no YouTube cookies are set on your device. Please note that linking the data with further data (partially also on other devices) is possible. This risk exists especially if you have a YouTube account and are logged in to YouTube. To avoid further data linking, we recommend that you log out of YouTube before visiting our company page.

The information collected by the cookies is usually sent to a Google server in the United States of America (USA) and stored there. There is no general adequacy decision by the European Commission certifying that the USA provides an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities may access and process it for their own purposes.

The legal basis for data processing in the context of embedding and displaying the preview images is Art. 6 para. 1 sentence 1 lit. f) GDPR.

The legal basis for processing by YouTube and the transfer of your personal data to YouTube in the USA is your consent according to Art. 6 para. 1 sentence 1 lit. a) and Art. 49 para. 1 sentence 1 lit. a) GDPR. You have the option to revoke your consent at any time. This can be done by adjusting your privacy settings for our website via the following link: [Link]

Detailed information on data processing can be found in the privacy policy at: https://policies.google.com/privacy. Information on the possibility of objection (Opt-Out) can be found at: https://tools.google.com/dlpage/gaoptout?hl=en. Information on the settings for the display of advertising can be found at: https://adssettings.google.com/authenticated.

Facebook

Nalusurf maintains an online presence on the social network “Facebook” and processes user data in this context. The service provider is Facebook Inc, 1601 Willow Road, Menlo Park, California 94025; Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.

[We/Company Name] use Facebook to provide information about the company and to communicate with active users on the network. Furthermore, data can be processed for market research and advertising purposes through the use of Facebook. This is done, for example, based on tracking, which may include interest- or behavior-based profiling or the use of cookies. Remarketing and reach measurement are also used, for which access statistics – recognizing returning visitors – are created.

In connection with the use of our online presence on Facebook, the following types of data can be processed: inventory data and contact data (e.g., names, addresses, emails, phone numbers), content data (e.g., entries in online forms, use of the messaging function), usage data (e.g., website access, clicks, access times), metadata and communication data (e.g., device information, IP addresses).

Regarding data processing on our Facebook fan page, [we/Company Name] and Facebook Ireland are joint controllers according to Art. 26 GDPR. The legal basis for the processing of personal data is Art. 6 para. 1 lit. f) GDPR. You can assert your data subject rights directly with Facebook as well as with [us/Company Name]. The primary responsibility according to the GDPR for the processing of Insights data lies with Facebook, and Facebook fulfills all obligations from the GDPR with regard to the processing of Insights data. Further information can be retrieved from the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

[We/Company Name] as the operator do not make decisions regarding the processing of Insights data and all other information arising from Art. 13 GDPR, including the legal basis, the identity of the controller, and the storage duration of cookies on user devices.

For the transfer of data to Facebook, the standard contractual clauses of the European Commission apply, supplemented by the Facebook EU data transfer addendum, available at https://www.facebook.com/legal/EU_data_transfer_addendum. Although according to the Facebook EU data transfer addendum, Facebook Ireland is responsible for data processing, we would like to point out that it cannot be excluded that the information collected by the cookies may be sent to a Facebook server in the United States of America (USA) and stored there. There is no general adequacy decision by the European Commission certifying that the USA provides an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities may access and process it for their own purposes.

Please note that linking the data with further data (partially also on other devices) is possible. This risk exists especially if you have a Facebook account and are logged in to Facebook. To avoid further data linking, we recommend that you log out of Facebook before visiting our company page.

Further information can be found in the privacy policies of Facebook Ireland, available at: https://www.facebook.com/about/privacy

Instagram

Nalusurf maintains an online presence on the social network “Instagram” and processes user data in this context. The service provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com.

Nalusurf uses Instagram to provide information about the company and to communicate with active users on the network. Furthermore, data can be processed for market research and advertising purposes through the use of Instagram. This is done, for example, based on tracking, which may include interest- or behavior-based profiling or the use of cookies. Remarketing and reach measurement are also used, for which access statistics – recognizing returning visitors – are created.

In connection with the use of our online presence on Instagram, the following types of data can be processed: inventory data and contact data (e.g., names, addresses, emails, phone numbers), content data (e.g., entries in online forms, use of the messaging function), usage data (e.g., website access, clicks, access times), metadata and communication data (e.g., device information, IP addresses).

Instagram is a product of Facebook. Regarding data processing on our Instagram fan page, we and Facebook are joint controllers according to Art. 26 GDPR. The legal basis for the processing of personal data is Art. 6 para. 1 lit. f) GDPR. You can assert your data subject rights directly with Facebook as well as with us. The primary responsibility according to the GDPR for the processing of Insights data lies with Facebook, and Facebook fulfills all obligations from the GDPR with regard to the processing of Insights data. Further information can be retrieved from the following link: https://www.facebook.com/legal/terms/page_controller_addendum

We as the operator do not make decisions regarding the processing of Insights data and all other information arising from Art. 13 GDPR, including the legal basis, the identity of the controller, and the storage duration of cookies on user devices.

For the transfer of data to Instagram, the standard contractual clauses of the European Commission apply, supplemented by the Facebook EU data transfer addendum, available at https://www.facebook.com/legal/EU_data_transfer_addendum. Although according to the Facebook EU data transfer addendum, Facebook Ireland is responsible for data processing, we would like to point out that it cannot be excluded that the information collected by the cookies may be sent to a Facebook server in the United States of America (USA) and stored there. There is no general adequacy decision by the European Commission certifying that the USA provides an adequate level of data protection. By transmitting your personal data, there is a risk that US authorities may access and process it for their own purposes.

Please note that linking the data with further data (partially also on other devices) is possible. This risk exists especially if you have an Instagram account and are logged in to Instagram. To avoid further data linking, we recommend that you log out of Instagram before visiting our company page.

Further information can be found in the privacy policies of Facebook Ireland, available at: https://www.facebook.com/about/privacy

Close Menu
Cookie Consent with Real Cookie Banner