Kretasurf (hereinafter the “Company”) is concerned with protecting its Customers’ personal data The Company is committed to providing a very high level of protection for such data in compliance with the General Data Protection Regulation (GDPR).
ARTICLE 1 CHARTER SCOPE AND ACCEPTANCE
The present Charter shall govern collecting and using personal information throughout the Kretasurf site (hereinafter the “Website”) as well as with regard to the Kretasurf services (hereinafter the “Services”).
Customers hereby acknowledge and accept that browsing the Site as well as using the Services implies express, prior acceptance of the terms hereof.
The Company reserves the right to modify the present Confidentiality Charter. In the regard, Customers are invited to periodically check, in particular each time the Service is used, whether changes have been made to the Confidentiality Charter.
MOST RECENT PRICAVY POLICY UPDATE: — September 2018
ARTICLE 2 USERS’ RIGHTS
Customers are hereby informed that they have the following rights:
The Company shall collect personal data during Customers’ visits to the Site and when using the Service, and in particular:
Right to access your Personal Data: to be informed and request access to the data we process about you;
Right to update your Personal Data: to request that we amend or update your personal data when inaccurate or incomplete;
Right to restrict the use of your Personal Data: to request that we temporarily or permanently stop processing all or some of your personal data;
Right to object to the use of your Personal Data: to object to us processing your personal data where we no longer have a legitimate or legal need to process it;
Right to object to Direct Marketing: to object to your personal data being processed for direct marketing purposes;
Right to port your Personal Data: to request a copy of your personal data in a machine-readable format and the right to transmit that personal data for use in another party’s service;
Right to erase your Personal Data: to request that we delete your personal data;
All such rights may be exercised by e-mail to the following address: firstname.lastname@example.org, accompanied by a copy of your identity documents
ARTICLE 3 COLLECTION OF YOUR PERSONAL DATA
The Company shall be responsible for the processing it conducts regarding the personal data it collects on the Site and through the Service.
The Company shall collect personal data when Customers are using the Service, and in particular when a Customer reserves an Activity: This include personal data such as name, email, address (partial or whole), phone number, credit card details and other personally identifying information.
ARTICLE 4 USE OF YOUR PERSONAL DATA
The Company shall use the personal data collected in this manner in accordance with applicable regulations and with regard to the following purposes:
in cases of violation of a regulation if an authority makes a substantiated request therefor with regard to applicable regulations;
for internal administration and quality control purposes.
The data provided by Users, in particular by browsing the Website or through the reservation request form present on the Website, are required for processing the request and using the Service, unless the wording “optional” is indicated on the relevant form.
The addressees of such data shall be the Company’s relevant departments, payment partners, and commercial partners..
Be sure that the Company will only use your personal data when the law allows us to do so. Most commonly, we will use your personal data in the following circumstances:
where we need to perform the contract we are about to enter into or have entered into with you;
where we need it for our legitimate interests and when your interests and fundamental rights do not override those interests ;
with your consent;
where we need to comply with a legal or regulatory obligation.
ARTICLE 5 SHARING YOUR PERSONAL DATA
The Company may share your personal data with other parties, such as service providers who work on behalf of us. We only provide our service providers with the necessary information.
ARTICLE 6 KEEPING YOUR PERSONAL DATA
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure or your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
ARTICLE 7 PERSONAL DATA SECURITY
The Company shall implement security procedures in order to help protect the personal data stored on its systems. For example, the Company shall limit access to personal data to those employees who, by reasonable standards, need it. The Company shall also employ procedures to protect Customers’ personal data from unauthorized access.
Nevertheless, Users’ attention is drawn to the fact that, although the Company has implemented suitable technical and organizational resources in order to ensure protection from unauthorized or illicit processing for personal data and against all loss, damage, or accidental destruction thereof, the Company has no way to guarantee the absolute security of such personal data.