We take adequate technical and organizational measures to protect your personal information from unauthorized access and misuse.
For security reasons and for the protection of the transmission of personal data and other confidential contents (for example inquiries to the person in charge), this website uses an SSL or TLS encryption. You can recognize an encrypted connection by the string “https: //” and the lock icon in your browser bar.
1. 1. PERSONS IN CHARGE
Responsible for the data processing which we operate here, is Sequoia (SEQUOIA SURFBOARDS SRL – Via Mameli, 70 -47522, Cesena (FC) – Italy, P.IVA: 04355130404). If you have concerns about privacy, you can contact us by the following contact address: SEQUOIA SURFBOARDS SRL – Via Mameli, 70 -47522, Cesena (FC) – Italy, firstname.lastname@example.org (this is also the address of our data protection officer according to Art. 37 GDPR).
Our representative in the EEA under Art. 27 GDPR is:
2. PURPOSE OF THE DATA PROCESSING
We primarily use the personal information we collect to enter into and execute our contracts with our customers and affiliates. Of course, if you work for a client or affiliate, you and your personal data may also be affected in regard to this function.
Insofar as you have consented to the processing of your personal data for specific purposes, we process your personal data within the framework of and based on this consent, unless we have a different legal basis and we need one. A given consent can be withdrawn at any time, but this has no effect on already processed data.
3. DATA COLLECTION WHEN VISITING OUR WEBSITE
In the case of merely informative use of our website, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect, among others, the following information which are technically necessary for us to display the website: IP address (possibly in anonymized form), MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content accessed, features used, referring website, location information.
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to retrospectively check the server logfiles if concrete evidence points to unlawful use.
When contacting us (for example by contact form or e-mail), personal data is collected. Which data are collected in case of using a contact form can be seen from the respective contact form. These data are stored and used solely for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, then the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request, this is the case if it can be inferred from the circumstances that the matter in question is finally clarified and provided that no statutory storage requirements are in conflict.
5. USE OF YOUR DATA FOR DIRECT ADVERTISING
5. 1. Registration for our e-mail newsletter
If you subscribe to our e-mail newsletter, we will send you information about our offers regularly. Mandatory information for sending the newsletter is solely your e-mail address. The specification of further data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you an e-mail newsletter if you have explicitly confirmed to us that you agree to the sending of the newsletter. We will send you a confirmation e-mail asking you to confirm by clicking on a link that you wish to receive newsletters in the future.
By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When subscribing to the newsletter, we will store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace a possible misuse of your e-mail address at a later date. The data collected by us when subscribing for the newsletter will be used exclusively for promotional purposes by means of the newsletter. You can unsubscribe from the newsletter at any time via the provided link in the newsletter or by sending a message to the person named above. After you unsubscribed, your e-mail address will be deleted immediately from our newsletter mailing list, as far as you have not expressly consented to a further use of your data or we reserve the right to further data usage by law about which we inform you in this statement.
5. 2. Newsletter dispatch by Sendinblue
Sendinblue uses this information for sending and statistical evaluation of the newsletter on our behalf. For the evaluation, the emails sent include so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This way we can determine if a newsletter message has been opened and which links have been clicked. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). The data are solely collected pseudonymized and are not linked to your other personal data, a direct personal reference is excluded. This data is used for statistical analysis of newsletter campaigns only. The results of these analyses can be used to tailor future newsletters to the interests of the recipient.
If you want to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
Furthermore, Sendinblue may use this data in accordance with Art. 6 para. 1 lit. f GDPR itself for its own legitimate interest in the needs-based design and optimization of the service as well as for market research purposes, for example to determine from which countries the recipients come. However, Sendiinblue does not use the data of our newsletter recipients to address them directly or to pass them on to third parties.
This website uses the following tools of third parties, which partially transfer data to third parties:
6. 1. Cookies
In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted at the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our affiliate (third-party cookies) to recognize your browser at your next visit (persistent cookies). If cookies are set, they collect and process individual user information such as browser and location data as well as IP address information. Persistent cookies are deleted automatically after a specified period, which may differ depending on the cookie.
Please note that you can adapt your browser settings in such a way that it informs you about the setting of cookies and you can individually decide on their acceptance or you can exclude the acceptance of cookies for specific cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the Help menu of each browser, which explains how to change your cookie settings. These can be found for the respective browser under the following links:
Please note that if you do not accept cookies, the functionality of our website may be limited.
6. 2. Google services
This website uses the following functions of the provider Google: Google Analytics, Google reCAPTCHA, Google Maps, Youtube. In all cases, data will also be transmitted to Google.
Google LLC is based in the US and is certified under the US Privacy Shield, which ensures compliance with the level of data protection in the EU.
6. 2. 1 Google Analytics
This website uses functions of the web analytics service Google Analytics. Provider is the Google Inc. 1600 Amphitheater Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or other parties of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be sent to a Google server in the US and be shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by your browser in the context of Google Analytics will not be merged with other Google data.
You can prevent the collection of the data generated by the cookie and the data related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en
As an alternative to the browser plug-in or for browsers on smartphones, click the link below to disable Google Analytics (this opt-out cookie only works in the browser and for this https://www.sequoiasurfboards.com/):
On this website, we also use the reCAPTCHA feature of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). This function is primarily used to distinguish whether an input is made by a natural person or abusive by automated and automatically processing. The service includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in determining the individual willfulness of actions on the Internet and the prevention of abuse and spam.
On our website, we use Google Maps (API) feature of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive maps to visually display geographic information.
Google stores your data (even of non-logged-in users) in the form of usage profiles and evaluates them. According to Art. 6 (1) (f) of the GDPR, such an evaluation is based on the legitimate interests of Google in the display of personalized advertising, market research and/or tailor-made design of its website. You have a right to object to the creation of those user profiles and you must address to YouTube to make use of it.
This site uses the YouTube embedding feature to display and play videos from “YouTube”, which is owned by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).
On this website, we use the Cloudflare CDN (Content Distribution Network) service from Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare offers better global performance through the internal CDN (Content Distribution Network) and additional security against DDoS attacks.
Cloudflare, Inc. is based in the US and is certified to the US Privacy Shield, which ensures compliance with the level of data protection in the EU.
We pass personal data to third parties as part of our business activities and purposes, insofar as permitted and assessed as appropriate by us, either because they process them for us or because they wish to use them for their own purposes. These are in particular the following parties:
• Service providers of ours, including processors (such as DomainFactory, Sendiinblue, Google, Cloudflare);
These receivers are based partly domestic, but can be anywhere on earth. If we transfer data to a country without adequate legal data protection level, we will provide the appropriate level of protection by means of appropriate contracts (in particular on the basis of the so-called standard contractual clauses of the European Commission, so-called Binding Corporate Rules) or base ourselves on statutory exceptions such as the consent, the execution of contracts, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or the protection of the integrity of the data subject. You may request a copy of the above-mentioned contracts at any time from the contact person referred to in point 1 unless otherwise specified above. But we reserve the right to blacken copies or to deliver them only in part for reasons of data protection or confidentiality.
8. RETENTION PERIOD OF PERSONAL DATA
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise for the purposes pursued by the processing, so for example for the duration of the entire business relationship (from the initiation, execution to the termination of a contract) as well as in accordance with the statutory retention and documentation obligations. It may be that personal information is stored for the period in which legal claims can be asserted against our Company and to the extent otherwise required by law or legitimate business interests (for example, for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will generally be deleted or anonymized as far as possible.
9. RIGHTS OF THE DATA SUBJECT
Under the applicable data protection law and insofar as provided therein (as in the case of the GDPR) you have the right of access, rectification, deletion, the right to restrict the processing of data and to object to our data processing and the right of disclosure of certain personal data for the purpose of transmission (so-called data portability). Please note, however, that we reserve the right to enforce the statutory restrictions on our part, for example if we are obliged to retain or process certain data, if we have a predominant interest (as far as we are entitled to rely on it) or if we need them in order to assert legal claims. If you incur costs, we will inform you in advance. We have already informed you about the possibility of revoking your consent in paragraph 3. Please note that the exercise of these rights may conflict with contractual arrangements and may have consequences such as premature termination of the contract or costs. We will inform you in advance if this is not already contractually regulated.
The exercise of such rights usually requires that you clearly prove your identity (for example, by providing a copy of your ID if your identity is otherwise unclear or can´t be verified). To assert your rights, you can contact us at the address given in paragraph 1.