Skip to main content
Efoil
Efoil

Privacy Policy

Last updated: April 30, 2025

eFoil (“eFoil”, “we” or “us”) is a business name registered by KAUZA LIMITED (Company Registration Number 555172), a company incorporated and registered in Ireland, with its registered address at 18 Mallow Street, Limerick, V94 N12Y, Ireland. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard personal data when you visit our website or purchase our surf equipment, in compliance with the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018. By using our site or services, you agree to the practices described below.

1. Information We Collect
 We may collect and process the following personal data:

      Contact and Identity Details: Name, billing and delivery address, email address, phone number, and other contact information provided when you create an account or place an order.

      Order and Payment Information: Details of the products you have ordered, payment method (e.g. transaction ID, cardholder name – note: we do not store full credit card numbers or payment credentials on our servers; payments are handled securely by our payment processor).

      Surf Lesson/Rental Data: If in future we facilitate surfboard rentals or surf lessons through third-party partners, we might collect additional information needed for those services – for example, health or medical information (e.g. relevant medical conditions) or emergency contact details to ensure your safety during surf lessons. This type of information is considered special category personal data under GDPR (sensitive data, such as health data) and will only be collected with your explicit consent and used for the specific purpose for which you provided it​.

      Technical and Usage Data: When you use our website, we automatically collect certain information via cookies and similar technologies (see our Cookie Policy below). This may include your IP address, browser type, device information, and browsing actions on our site (e.g. pages viewed, time spent)​. This data helps us administer the website and improve user experience.

      Communication Data: If you contact us (via email, contact form, or phone), we will collect the information you provide (such as your inquiries or feedback) and your contact details.

2. How We Use Your Data
 We process personal data for the following purposes:

      To fulfil Orders and Provide Services: We use your contact, identity, and payment information to process your orders, arrange product shipping, and provide customer support. This is necessary for the performance of the sales contract with you.

      Account Administration: If you register an account, we use your information to maintain your account, allow login access, and save your preferences (e.g. wish lists, order history).

      Communication: We may send service communications related to your orders (e.g. order confirmations, shipping notifications) or respond to communications you send us. We may also send important notices about changes to our terms or policies. These communications are not promotional in nature and are sent as part of our contract or legal obligations to keep you informed.

      Marketing (With Consent): With your consent, we may use your email or phone to send you newsletters or promotions about our new surf products, special offers, or events. You can opt-in to such marketing when providing your data, and you may unsubscribe at any time. We will not send you marketing emails or texts unless you have given consent (or unless you are an existing customer and such communication is permitted by law on an opt-out basis).

      Surf Lessons/Rentals (With Consent): If you choose to participate in any surfboard rental or lesson programme we offer in partnership with third parties, we will use the personal data you provide for that purpose (including any health or emergency info) only to facilitate the rental or lesson, and we will share it with the specific third-party instructor or rental provider as necessary for safety and scheduling – always based on your consent at the time of collection.

      Improvement and Analytics: We use technical and usage data (collected via cookies or analytics tools) to understand how our website is used, to troubleshoot performance issues, and to improve our website, products, and services. For example, we might analyse which surf equipment products are most viewed or how users navigate the site, so we can optimise layout and inventory. Wherever possible, we use this data in aggregated or anonymized form that does not directly identify individuals.

      Legal Compliance and Safety: We may process personal data to comply with legal obligations (e.g. accounting and tax requirements, product safety regulations) or to protect our rights or the rights of other individuals. For instance, we retain transaction records as required by law and may use personal data to prevent fraud, enforce our terms, or to ensure the safety of our users and third parties. In rare cases, we may need to process personal data to protect your vital interests or those of another person – for example, providing medical information to emergency services if needed during a surf lesson (this would only occur under extreme circumstances as allowed by law).

We will only use your personal information for the purposes above and will ensure we have a valid legal basis for each use (such as your consent, performance of a contract, compliance with a legal obligation, or our legitimate interests as a business, as permitted by GDPR).

3. Cookies and Similar Technologies
Our website uses cookies and similar tracking technologies to provide core functionality and to enhance your experience (for details, see our Cookie Policy). Some cookies are essential for the website to operate (e.g. to keep you logged in or remember items in your cart), while others (analytics and advertising cookies) are used only with your consent​. Through these technologies, we may automatically collect Technical and Usage Data as described above. Please refer to the Cookie Policy section of this document for more information on what cookies we use and how you can manage your preferences.

4. Disclosure of Your Data to Third Parties
We value your privacy and do not sell your personal data to third-party companies for their own independent marketing. However, we do share certain data with third parties under specific circumstances, as described below:

      Service Providers: We share necessary information with trusted third-party service providers who assist us in operating our business and providing our services. This includes:

      Delivery and Logistics Companies: for example, we will provide your name, address, and phone/email to postal services or couriers (e.g. An Post, DHL, etc.) to deliver your ordered products.

      Payment Processors: your payment details are handled by secure payment processing companies (e.g. credit card providers or PayPal). These third parties process payments on our behalf. We provide them the information required to verify and complete the payment transaction.

      IT and Hosting Providers: companies that host our website, data storage, or provide IT support may have access to personal data in the course of providing services (e.g. our website platform or cloud storage provider). We ensure they implement appropriate security measures and only process data as instructed by us.

      Analytics and Advertising Partners: if we use third-party analytics (like Google Analytics) or advertising services (like Google Ads or social media platforms), those providers may set cookies on our site and collect usage data (via pseudonymous identifiers) to provide us aggregated analytics or to serve targeted advertisements (only if you have consented to such cookies). Any such partners are described in our Cookie Policy, and we ensure any data sharing is done in compliance with privacy laws (e.g. by anonymizing IP addresses for analytics).

      Surf Lesson/Rental Partners: If you explicitly sign up for a surf lesson or equipment rental facilitated through our site, we will share the necessary personal data with the third-party surf school or instructor providing that service (for example, your name and contact details, and any relevant medical/emergency information you provided) so that they can provide the lesson or rental service. We will only do this with your knowledge and consent at the time of booking the service. These third parties will be independent controllers of the data for the purpose of the lesson/rental and will have their own privacy practices; however, we will seek to ensure they also handle your data securely and lawfully.

      Legal Requirements and Business Transfers: We may disclose your information if required by law or pursuant to a legal process (for example, in response to a court order, subpoena, or request from law enforcement or regulatory authorities). We may also disclose data to establish or exercise our legal rights or defend against legal claims. Additionally, in the unlikely event that eFoil undergoes a business transition such as a merger, acquisition, or sale of assets, personal data might be transferred to the successor entity as part of that transaction, under the condition that it remains protected by similar privacy standards.

All third parties with whom we share personal data are expected to protect that data in accordance with GDPR and applicable laws. Where these third parties are processors acting on our behalf, we have contracts in place (Data Processing Agreements) to ensure your data is handled safely and only for the purposes we specify.

5. International Data Transfers
As an Ireland-based company, we primarily process and store data within the European Economic Area (EEA). However, some of our service providers or partners may be located outside of Ireland or the EEA. For example, if we use an email newsletter service or cloud provider based in the United States, or if our analytics provider stores data on servers outside the EU, your personal data might be transferred to a jurisdiction that does not have the same data protection laws as the EU. In such cases, we will ensure that appropriate safeguards are in place as required by GDPR for cross-border data transfers ​blue-tomato.com​. These safeguards may include:

      Relying on an adequacy decision by the European Commission (if the country is deemed to provide adequate data protection); or

      Implementing Standard Contractual Clauses (SCCs) or equivalent legal mechanisms in our contracts with the service provider, obligating them to protect your data to EU standards ​blue-tomato.com; or

      Obtaining your explicit consent for the transfer, where appropriate.

For example, if we use a US-based cloud service, we will ensure that EU-approved standard data protection clauses are in place to lawfully transfer and protect your data. You can contact us (see Contact section below) for more information about international data transfers related to your personal data.

6. Data Retention
We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For instance:

      Order and Transaction Data: We generally keep records of purchases and communications for at least 6 years to comply with Irish tax law and accounting practices, and to be able to address any issues or legal claims (this retention period aligns with common statutory record-keeping obligations).

      Account Information: If you have an online account with us, we retain your account data while your account remains active. If you choose to delete your account, or if your account is inactive for an extended period, we will remove or anonymize the associated personal data, except where needed for legal or internal record-keeping (e.g. we may keep a record of past orders but dissociate it from your deleted account profile).

      Marketing Data: If you have consented to receive marketing communications, we will retain the necessary contact details until you unsubscribe or withdraw your consent. If you opt-out or our campaigns bounce repeatedly, we will remove you from the mailing list, but may keep a record of your unsubscribe request to ensure we respect your preference in the future.

      Surf Lesson/Rental Data: Any sensitive personal data collected for a surf lesson or rental (e.g. health information) will be kept only for as long as needed to facilitate that service and for a short period thereafter to address any follow-up issues or as required by the partner service provider. We will securely delete or anonymize such sensitive data once it is no longer needed for the purpose you provided it, unless we must retain it longer under a legal obligation or with your consent (for example, if you regularly take lessons and want us to keep information on file, we would only do so with explicit permission).

      Web Analytics Data: Data collected via cookies and similar trackers may be stored as long as the cookies are valid (depending on cookie type, e.g. analytics cookies might persist 30 days to 2 years unless cleared). We periodically review and purge raw web logs and analytics data, or aggregate/anonymize it for long-term use.

After the applicable retention periods, or upon your valid request for erasure, we will either delete your personal data or anonymize it so it can no longer be associated with you. Please note we may need to retain limited information if required to comply with legal obligations, resolve disputes, or enforce our agreements.

7. Your Rights Under GDPR
As an EU data subject, you have specific rights regarding your personal data. eFoil is committed to respecting these rights, which include​:

      Right of Access: You have the right to request a copy of the personal data we hold about you, and to obtain information about how we process it​. This enables you to know what data we have collected and to verify that we are processing it lawfully.

      Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to ask us to correct or update it without undue delay​. For instance, if you change your address or find an error in your contact details, you can request correction.

      Right to Erasure: Also known as the “right to be forgotten,” you have the right to request that we delete your personal data under certain conditions​. You can exercise this right, for example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and we have no other legal ground for processing, or if you object to processing and there are no overriding legitimate grounds. Please note we might not be able to delete data that we are required to keep by law (e.g. records of transactions for tax purposes), but we will inform you if that is the case.

      Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain conditions​. This means we would store your data but temporarily pause any other processing. You can request restriction, for example, if you contest the accuracy of your data (while we verify or correct it) or if you have objected to processing (while we consider your objection).

      Right to Object to Processing: You have the right to object to certain types of processing of your personal data, especially processing based on our legitimate interests or for direct marketing purposes​. For example, you can object to receiving marketing emails or to our analysis of your purchase history for marketing insights. If you object, we will cease the processing in question unless we have compelling legitimate grounds to continue (or if needed for legal claims). Any direct marketing efforts will be stopped promptly upon objection.

      Right to Data Portability: For data you provided to us and which we process by automated means on the basis of your consent or to perform a contract, you have the right to request that we provide it to you in a structured, commonly used, machine-readable format, or transfer it to another data controller where technically feasible​. In practice, this could mean you ask us to export your account or order data to a CSV file that you can then import into another service.

      Right Not to be Subject to Automated Decision-Making: We do not currently make any decisions about you that are based solely on automated processes without human involvement and which produce legal or similarly significant effects. If that ever changes, you would have the right to not be subject to such decision-making without your consent or other allowable basis, and to request human review of any important automated decision.

To exercise any of your data protection rights, please contact us using the contact details in Section 9 below. We may need to verify your identity before fulfiling certain requests (to ensure that we don’t disclose data to the wrong person). We will respond to your request as soon as possible, and in any event within one month as required by GDPR. There is no fee for exercising your rights unless a request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline to comply (and we will explain why).

8. Data Security
We take the security of your personal data seriously. implements a variety of technical and organisational security measures to protect your information from unauthorised access, alteration, disclosure, or destruction. These measures include encryption of sensitive information (such as using SSL/TLS for our website to encrypt data in transit), access controls to our databases and offices, regular security assessments, and staff training on data protection. We also pseudonymize or anonymize data if appropriate, especially for analytics or when using testing environments.

However, please note that no method of transmission over the Internet, or method of electronic storage, is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. You share and transmit information at your own risk. In the event of a data breach that poses a high risk to your rights and freedoms, we will notify you and the relevant authorities as required by law.

To help keep your data secure, we also encourage you to choose a strong password for your online account and to keep your login credentials confidential. If you believe your interaction with us or your personal data is no longer secure (for example, if you suspect that the security of your account has been compromised), please contact us immediately.

9. Third-Party Websites
Our website may contain links to third-party websites or services (for example, links to surf schools, social media pages, or payment gateways). Please be aware that this Privacy Policy applies only to KAUZA’s website and services. If you click a link to an external site, you will be directed to a site that is not operated by us and may have its own privacy and cookie policies over which we have no control. We are not responsible for the content or privacy practices of any third-party websites. We recommend that you review the privacy policies of any third-party sites or services that you visit or utilize.

10. Updates to This Policy
We may update or revise this Privacy Policy from time to time, for example to reflect changes in our practices or to stay compliant with legal requirements. When we make changes, we will update the “Last updated” date at the top of this Policy. For significant changes, we may also provide a notice on our website (such as a banner or pop-up notification) or notify you via email if appropriate. We encourage you to review this Privacy Policy periodically to remain informed about how we are protecting your information. Your continued use of our website or services after any changes to this Policy constitutes acceptance of those changes.

11. Contact Us
If you have any questions about this Privacy Policy, about how we handle your personal data, or if you wish to exercise your data protection rights, please contact us:

      Email: surf@efoil.ie

   Postal Address: Data Protection Officer (or Privacy Team), KAUZA LIMITED, 18 Mallow Street, Limerick, V94 N12Y, Ireland

      Phone:  +353863942021

We will be happy to assist with any inquiries or concerns. Additionally, if you believe we have not addressed your data protection concerns satisfactorily, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC) or your local supervisory authority in the EU. The DPC’s website is www.dataprotection.ie for further information on how to report a concern.

By using our website and services, you acknowledge that you have read and understood this Privacy Policy. We appreciate your trust in eFoil to handle your personal data responsibly.