Privacy Policy

Privacy & Cookies Policy
Last updated: 11/07/2024

 1. Introduction

Surf & South, operated by Ryan Bell ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and share personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

We are committed to protecting your privacy in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

This website is not intended for children and we do not knowingly collect data relating to children.

This policy applies whether you are a customer, a visitor to our website, or otherwise engage with us. By using our website, services, or contacting us, you agree to the terms of this Privacy Policy.

We are not required to appoint a Data Protection Officer (DPO) under UK GDPR, but any privacy-related queries can be directed to:
Email: support@surfandsouth.co.uk
Address: Surf & South, Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA.

 

2. Who We Are

Surf & South is a UK-based clothing brand owned and operated by Ryan Bell, trading as a sole trader.

For data protection purposes, Ryan Bell (t/a Surf & South) is the Data Controller for any personal data collected through our website, ecommerce store, or direct communication.

 

3. Information We Collect

Depending on how you interact with us, we may collect the following personal data:

  • Contact Information: Name, email address, postal address, and phone number

  • Payment Information: Processed securely by Squarespace Payments (we do not store payment details)

  • Order and Delivery Information: Shipping address, order history, and delivery tracking

  • Website Usage Data: IP addresses, device/browser information, session data (via Squarespace)

  • Marketing Preferences: Email opt-ins or ad engagement

  • Social Media Engagement: Interactions via Instagram or Facebook (e.g., comments, messages, form submissions)

  • Advertising Data: Campaign engagement data via Google Ads, Meta Ads (including Instagram and Facebook)

We may also collect personal data when you contact us via email or social media. The data provided may include your contact details, message content, and any information you share during the interaction.

 

4. Special Category Data

We do not knowingly collect special category data (e.g., health, political, religious information) and ask you not to submit such data. If you choose to do so, you consent under Article 9(2)(a) of UK GDPR.

 

5. How We Collect Information

We collect data through:

  • Direct Interactions: Orders, contact forms, and customer service

  • Automated Technologies: Cookies and analytics via Squarespace

  • Third-Party Services: Instagram, Facebook, Google Ads, Royal Mail, Squarespace

 

6. How We Use Your Data

We use your data to:

  • Process and deliver orders

  • Respond to enquiries and offer support

  • Send order confirmations and updates

  • Send marketing (if you opt-in)

  • Improve our website and customer experience

  • Run ad campaigns via Google Ads, Instagram, and Facebook

  • Fulfil legal obligations and maintain records

  • Process payments

We do not sell or rent your personal data to third parties.

 

7. Legal Basis for Processing

Under UK GDPR, we rely on:

  • Consent – for email marketing or ad tracking

  • Contract – to fulfil orders and respond to enquiries

  • Legal obligation – for tax, legal, or accounting purposes

  • Legitimate interest – to improve services and ensure delivery

 

8. Squarespace Website Disclosures

Our website is hosted by Squarespace. They may collect:

  • IP address, browser/device info, page views

  • Form submissions and timestamps

Data is processed per Squarespace’s privacy policy and stored primarily in the USA under Standard Contractual Clauses (SCCs).

We use Squarespace’s built-in analytics and form tools to understand site usage and handle enquiries.

We do not currently use tracking pixels (such as Meta Pixel or Google Analytics 4) on this website. Advertising campaigns are managed without the use of behavioural tracking on our site.

 

 

9. Third Parties and Sub-Processors

We use the following trusted third parties to help us operate our business, process orders, and provide services:

 

·      Provider: Squarespace
Purpose: Website hosting and analytics
Data Involved: Contact form data, browsing activity, website usage
Jurisdiction: USA (Standard Contractual Clauses – SCCs)

 

·      Provider: Squarespace Payments
Purpose: Secure payment processing
Data Involved: Payment details, contact information
Jurisdiction: USA (SCCs)

 

·      Provider: Squarespace Email Campaigns
Purpose: Email marketing (e.g., newsletters, updates)
Data Involved: Email addresses, engagement data (opens, clicks)
Jurisdiction: USA (SCCs)

 

·      Provider: Royal Mail
Purpose: Parcel delivery
Data Involved: Names, delivery addresses, tracking references
Jurisdiction: UK

 

·      Provider: Google Ads
Purpose: Online advertising
Data Involved: Targeting data, ad performance metrics, engagement data
Jurisdiction: EU/USA (SCCs + UK Addendum)

 

·      Provider: Meta Ads (Facebook & Instagram)
Purpose: Social media advertising
Data Involved: Lead form data, ad engagement data
Jurisdiction: EU/USA (SCCs + UK Addendum)

 

·      Provider: Instagram & Facebook
Purpose: Social media interaction
Data Involved: Messages, profile information, public engagement (likes, comments, etc.)
Jurisdiction: EU/USA (SCCs + UK Addendum)

 

·      Provider: Xero
Purpose: Cloud accounting and bookkeeping
Data Involved: Order details, contact information
Jurisdiction: UK/New Zealand (Adequacy Decision)

 

·      Provider: Google Workspace
Purpose: Internal email and document management
Data Involved: Emails, stored documents, internal files
Jurisdiction: EU/USA (SCCs)

 

We ensure all third parties meet required data protection standards, and where applicable, we have Data Processing Agreements (DPAs) in place.

 

10. International Data Transfers

Where personal data is transferred outside the United Kingdom or European Economic Area (EEA), we ensure appropriate safeguards are in place, and we rely on Standard Contractual Clauses together with the UK Addendum (or International Data Transfer Agreement) to ensure appropriate safeguards are in place.

11. Data Retention

We retain personal data only as long as needed. Order data is typically stored for up to 6 years for tax and legal purposes. Marketing preferences are retained until you unsubscribe. You can request deletion at any time (subject to legal exceptions).

 

12. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data.

  • Right to Rectification: Correct inaccurate or incomplete data.

  • Right to Erasure: Request deletion of personal data under certain conditions.

  • Right to Restrict Processing: Limit processing in certain situations.

  • Right to Data Portability: Request data in a structured format.

  • Right to Object: Object to processing for direct marketing.

  • Right to Lodge a Complaint: File a complaint with the UK Information Commissioner’s Office (ICO) if you believe your data rights have been violated.

To exercise your rights, contact: support@surfandsouth.co.uk

 

13. Cookies Policy

What Are Cookies?
Cookies are small text files placed on your device to help us understand site usage and functionality.

Some cookies collect IP, session, browser, and referrer data. We treat this as personal data under GDPR.

We use cookies to:

  • Analyse site usage

  • Improve performance

  • Remember user preferences

You may accept or reject non-essential cookies using our cookie banner. You can also manage cookies via your browser.

 

14. Data Security

We implement appropriate technical and organizational security measures, including encryption, access controls, and secure storage, to protect personal data. However, no method of transmission is 100% secure.

15. Business Transition

If Surf & South transitions to a limited company, we will update this Privacy Policy and notify you in advance. Your rights will remain unchanged.

 

16. Age Limitations

Our website and services are intended for users age 18 and above. We do not knowingly collect data from individuals under 18. If we become aware that we have collected data from a minor, we will take immediate steps to delete such data.

 

17. Advertising Transparency

We use Google Ads, Facebook, and Instagram for promotional campaigns. Where personal data is collected via ads (e.g., lead forms), it is used only for the stated purposes. We also use email campaigns (via Squarespace Email Campaigns) to send newsletters and updates to subscribers who have opted in.

We do not currently use behavioural tracking tools (e.g., Meta Pixel or GA4). If that changes, we’ll update this policy and seek renewed consent.

 

18. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page and dated accordingly.

 

19. Contact

For questions, data access, or privacy concerns, contact:
Email: support@surfandsouth.co.uk
Address: Surf & South, Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA
Data Controller: Ryan Bell (t/a Surf & South)