Privacy Policy

1. Introduction and Who We Are

Tramore Surf School (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you interact with us — whether through our website at www.tramoresurfschool.com, our online shop at www.tramoresurfshop.com, when you book a lesson or course, visit our premises, or contact us by any other means.

We are a data controller under the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Data Protection Acts 1988–2018 (Ireland). If you have any questions about this policy or how we handle your data, please contact us using the details in Section 12.

2. Personal Data We Collect

2.1 Information You Provide to Us

When you book a lesson, purchase equipment, complete a form, or otherwise contact us, we may collect:

  • Full name and date of birth
  • Contact details: email address, phone number, and postal address
  • Emergency contact information
  • Medical information relevant to your participation in water sports activities (where voluntarily provided)
  • Payment information (processed securely via FareHarbor or Shopify — we do not store full card details)
  • Communications you send to us, including enquiry and feedback forms

2.2 Information Collected Automatically

When you use our websites, we and our third-party partners may automatically collect:

  • IP address and approximate location
  • Browser type, device type, and operating system
  • Pages visited, time spent, and links clicked
  • Cookie identifiers and similar tracking data (see Section 8 on Cookies)

2.3 Images and Video

We operate CCTV cameras on our premises for security purposes. CCTV does not cover changing rooms or toilet facilities. We also operate a live webcam overlooking Tramore Beach — this is a public-facing feed intended to show surf conditions and is not used to identify individuals.

During surf lessons and events, our staff may take photographs and/or video footage. These may be shared on our website and social media channels (including but not limited to Instagram and Facebook) for promotional purposes. You have the right to opt out of being photographed or having your image published — please see Section 5 for details.

3. Lawful Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

  • Contract: To fulfil your booking, process payment, and provide the services you have requested.
  • Legal obligation: To comply with our obligations under Irish and EU law, including health and safety requirements.
  • Legitimate interests: To manage and improve our business, maintain security on our premises (CCTV), operate our beach webcam (public surf conditions), and promote our services through photography — where these interests are not overridden by your rights.
  • Consent: For the use of non-essential cookies and for direct marketing communications where required. You may withdraw consent at any time.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Processing and managing your bookings and purchases
  • Sending booking confirmations, reminders, and relevant communications
  • Administering safety waivers and emergency contact information
  • Providing customer support and responding to enquiries
  • Sending marketing communications where you have opted in or we have a legitimate interest to do so
  • Analysing website usage to improve the performance and content of our websites
  • Complying with legal and regulatory obligations
  • Protecting the security of our staff, customers, and premises via CCTV monitoring
  • Promoting our lessons and services through photography shared on our website and social media

5. Photography and Social Media — Your Right to Opt Out

We love to capture the energy of our lessons and share it with our community online. However, we fully respect your right not to be photographed or to have images of you (or your children) published on our website or social media channels.

If you do not wish to be photographed during a lesson or event, or if you would like us to remove an image of you that has already been published, please submit a written request to us using the contact details in Section 12. We will acknowledge your request promptly and take appropriate action without delay.

Please note that we will never knowingly publish identifiable images of minors without the explicit consent of a parent or guardian.

6. Who We Share Your Data With

We do not sell your personal data. We may share your information with the following trusted third parties, only to the extent necessary:

6.1 FareHarbor

We use FareHarbor (operated by FareHarbor B.V., with servers in the United States) as our booking and reservation management platform. When you book a lesson or activity, your booking details — including name, contact information, and payment data — are processed by FareHarbor. FareHarbor acts as a data processor on our behalf. Transfers outside the EEA are safeguarded under the EU-U.S. Data Privacy Framework and Standard Contractual Clauses. For more information, see FareHarbor’s Privacy Policy at fareharbor.com.

6.2 Shopify

Our online surf shop at www.tramoresurfshop.com is powered by Shopify Inc. (Canada). When you make a purchase, your name, contact details, and payment information are processed by Shopify. Shopify is certified under the EU-U.S. Data Privacy Framework. For more information, see Shopify’s Privacy Policy at shopify.com/legal/privacy.

6.3 Google (Analytics and Tag Manager)

We use Google Analytics 4 and Google Tag Manager to understand how visitors use our websites. These tools may collect anonymised or pseudonymised usage data. Google may process data on servers outside the EEA. You can opt out using the Google Analytics Opt-out Browser Add-on or by adjusting your cookie preferences.

6.4 Other Service Providers

We may also share data with other trusted service providers including email delivery platforms, hosting providers, and our website platform (WordPress). All third parties are required to handle your data securely and in accordance with GDPR.

6.5 Legal Disclosure

We may disclose personal data to An Garda Síochána, regulatory authorities, or other third parties where required or permitted by law, including in response to a court order or to protect the safety of any person.

7. CCTV and Webcam

7.1 CCTV

CCTV cameras are operated on our premises for the safety and security of our customers, staff, and property. Cameras are clearly signposted. CCTV footage is retained for a maximum of 30 days and is then automatically overwritten, unless required for an ongoing investigation. Access to footage is strictly limited to authorised personnel and, where required, law enforcement.

CCTV does not cover changing rooms, shower areas, or toilet facilities.

7.2 Live Beach Webcam

We operate a publicly accessible live webcam overlooking Tramore Beach to show current surf conditions. The webcam provides a general view of the beach and sea and is not used for surveillance purposes. We do not store or record webcam footage, and the feed is not capable of identifying individuals.

8. Cookies and Tracking Technologies

Our websites use cookies and similar technologies. Cookie consent is managed through Cookiebot CMP. When you first visit our site, you will be asked to provide your consent for non-essential cookies. You can update your preferences at any time via the cookie settings link in the website footer.

Cookies we may use include:

  • Essential cookies — required for the website to function correctly (no consent needed)
  • Analytics cookies — Google Analytics, to understand site usage (consent required)
  • Marketing/tracking cookies — used for advertising and remarketing purposes (consent required)
  • Functional cookies — to remember preferences and personalise your experience

You can also manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our websites.

Cookie Declaration

9. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected, in accordance with our legal obligations. Typical retention periods are:

  • Booking records: 7 years (in line with Irish Revenue requirements)
  • CCTV footage: up to 30 days
  • Marketing data: until you unsubscribe or withdraw consent
  • Website analytics data: as configured per platform defaults (typically 26 months for GA4)
  • Enquiry and contact form data: up to 2 years from last contact

After the applicable retention period, your data will be securely deleted or anonymised.

10. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to have inaccurate or incomplete data corrected
  • Right to erasure (‘right to be forgotten’) — to request deletion of your data in certain circumstances
  • Right to restriction — to limit how we process your data in certain circumstances
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making — we do not make decisions based solely on automated processing

To exercise any of these rights, please contact us using the details in Section 12. We will respond within one month. There is no charge for exercising your rights. We may need to verify your identity before processing your request.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with Ireland’s supervisory authority:

Data Protection Commission (DPC)
Website: www.dataprotection.ie
Phone: +353 (0)761 104 800

11. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or misuse. Our websites use HTTPS encryption. Access to personal data is restricted to staff who need it to perform their duties.

While we do our best to protect your information, no method of transmission over the internet or electronic storage is completely secure. If you believe your data has been compromised, please contact us immediately.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or want to opt out of photography or marketing, please contact us:

Tramore Surf School
Unit 6, The Pavilion, The Beach, Tramore, Co. Waterford, Ireland
Phone: 051 391011
Email: info@tramoresurfshop.com
Website: www.tramoresurfschool.com

For photography opt-out requests, please submit your request in writing to the above contact. Written requests may be submitted by email or post. We will acknowledge receipt and act on your request without undue delay.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The most current version will always be available on our website. Where changes are significant, we will take reasonable steps to notify you. We encourage you to review this policy periodically.

This policy was last reviewed on 8 April 2026.