This website is operated by JOSS BAY SURF SCHOOL with the booking platform hosted by VIKING. The privacy of our users is extremely important to us and therefore we encourage all users to read this policy very carefully because it contains important information regarding:


  • Who we are;

  • How and why we collect, store use and share personal information;

  • Your rights in relation to your personal information; and

  • How to contact us and supervisory authorities in the event that you have a complaint.


Who we are:


JOSS BAY SURF SCHOOL (‘we’, ‘us’, ‘our’) collect, use and are responsible for storing certain personal information about you (‘you’, ‘your’, ‘yours’).


The personal information we collect and use


Personal information is information which you can be identified from (and does not include and anonymised forms of information)


  1. Types of personal information


We may process the following types of personal information in relation to you:


Email address and phone numbers.


How your personal information is collected


This section describes how the above types of personal information are collected by us. Your personal information will be collected as follows:


  1. Personal information obtained from you directly


We will sometimes obtain information from you directly, including when you:


            Create user profiles and schedule your courses.


  1. Changes to the way in which we collect your personal information


In the event that we need to obtain personal information in relation to you from any other source than those described above, we shall notify you of this.


How we use your personal information


  1. General purposes


In general, your personal information will generally be processed for the following purposes:


      To enable us to contact you for ongoing services and occasional marketing.


Lawful basis for processing of your personal information


We have described above the purposes for which we may process your personal information. These purposes will at all times be justified by UK data protection law.


  1. General lawful bases


The lawful basis upon which we are able to process your personal data are:


  1. Where we have your consent to use your data for a specific purpose.

  2. Where it is necessary to enter a legal contract with you or to perform obligations under a legal contract with you.

  3. Where it is necessary to enable us to comply with a legal obligation.

  4. Where it is necessary to ensure our own legitimate interests or the legitimate interests of a third party (provided that your own interests and rights do not override those interests). Wherever we rely upon this basis, details of the legitimate interests concerned shall be provided to you.

  5. Where we need to protect your own vital interests (or the vital interests of another person); and/or

  6. Where it is needed in the public interest (or where we are acting in our own official functions), provided the task or function has a clear basis in law.


In general, in order to meet the purposes, we have described above, we will process your personal information where we have your express consent on each occasion that the data is processed.


Sharing of your personal information


On any occasion where any of your personal information is shared with any third party, we shall only permit them to process such information for our required purposes, under our specific instruction, and not for their own purposes. We are required to enter into a formal legal agreement to enable such sharing to take place.


We do not anticipate that we will need to share your personal information with any third party. We will notify should this position change.


How long your personal information will be kept


Your personal information will only be kept for the period of time which is necessary for us to fulfil the above purposes.


We envisage that your personal information shall be retained by us as follows:


            For the scheduling of current and future courses.


After the period described above your information shall be properly deleted or anonymised.


Keeping your information secure.


We will ensure the proper safety and security of your personal information and have measures in place to do so. We will also use technological and organisation measures to keep your information secure. These measures are as follows:


Your user account is accessed by a unique username and password. All data is stored on secure servers.


The website is ISO 27001 certified. This certification assists us in ensuring the safety of your personal information.


We have proper procedures in place to deal with any data security breach, which shall be reported and dealt with in accordance with data protection laws and regulations. You shall also be notified of any suspected data breach concerning your personal information.




Our website is not intended for children (anybody under the age of 18). We do not intend to collect data from children.


Your Rights


Under the UK General Data Protection Regulation, you have a number of important rights free of charge. In summary, those include rights to;


  1. Fair processing of information and transparency over how we use personal information.

  2. Access to your personal information and to certain other supplementary information that this Privacy Statement is already designed to address.

  3. Require us to correct any mistakes in your information which we hold.

  4. Require the erasure of personal information concerning you in certain situations.

  5. Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this information to a third party in certain situations.

  6. Object at any time to processing of personal information concerning you for direct marketing.

  7. Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.

  8. Object in certain other situations to our continued processing of your personal information or ask us to suspend the processing procedure in order for you to confirm its assurance or our reasoning for processing it.

  9. Object to processing your personal information where we are doing so in reliance upon a legitimate interest of our own or of a third party and where you wish to raise an objection to this ground.

  10. Otherwise restrict our processing of your personal information in certain circumstances.

  11. Claim compensation for damages caused by our breach of any data protection laws; and/or

  12. In any circumstances where we rely upon your consent for processing personal information, you may withdraw this consent at any time.


For further information on each of those rights, including the circumstances in which they apply, see the guidance from the UK Information Commissionaire’s office (ICO) on your rights under the General Data Protection Regulations.


If you would like to exercise any of these rights, please contact DAVE MELMOTH in the following manner:


Via the contact form on the website at


Changes to the privacy policy


This privacy policy was published on 8th January 2021 and last updated on 8th January 2022. We may change this privacy policy from time to time and will notify you of any changes by:


            Email, if you have opted to receive emails or by a notice on the website.


Contacting us


The relevant person to contact regarding your personal information is: DAVE MELMOTH.


Any requests or questions regarding your personal information should be made to the above-named person using the following method:


            Via the contact form on the website at