Privacy and Cookie Policy

Privacy Statement

The protection of your personal data is of utmost important to Surfer Rosa Limited. In this Privacy Statement, we give clear and transparent information about how we handle your personal data. In parts of this privacy statements, you will be referred to (in reference to the European GDPR terminology and meaning) as Data Subject.


We will always safeguard your privacy and handle your personal data with care. At any time, Surfer Rosa Limited Ltd will comply with all applicable laws and regulations, including the European General Data Protection Regulation. This ensures that we will at least:


  • Process your personal data in accordance with the purpose for which you submitted them, or it was submitted to us by a third party authorised by you. These purposes and types of personal data are described in this Privacy Statement further below;
  • Limit the processing of your personal data to such data that are strictly necessary for the purposes for which they are processed;
  • Ask your explicit permission, if we need such permission, to process your personal data.
  • Take appropriate technical and organizational measures to safeguard the protection of your personal
  • Refrain from passing personal data on to third parties, unless this is necessary for the performance of the purposes for which they were submitted, or required by applicable laws or regulations;
  • Be aware of your rights regarding and to your personal data, inform you about them, and respect


Surfer Rosa Limited Ltd is responsible for processing your personal data. In case you have any questions about our Privacy Statement after reading it, or you wish to contact us about it, please do not hesitate to do so using the contact details at the bottom of this document.


Processing Purposes

Surfer Rosa Limited processes personal data of customers for the following purposes:


  • To engage in commercial terms with you
  • Administrative purposes;
  • Verification purposes for the prevention of fraud, money laundering, and terrorist financing;
  • To send newsletters to interested persons;
  • To gather website statistics via Google Analytics;
  • To offer customer support if requested by you or a requirement by Surfer Rosa Limited to contact



The personal data are processed based on the following authorisations:


  • Data Processing is necessary to comply with a legal obligation, e.g. money laundering and terrorist financing prevention act;
  • By the data subject’s authorisation and consent through signing up for our Surfer Rosa Limited newsletter


  • The data subject has given their consent for placing Google Analytics’ (tracking) cookies referred to in the cookie


Categories of personal data

Surfer Rosa Limited may process the following personal data for the aforementioned purposes:


  • Data Subject’s first and last name;
  • Data Subject’s phone number;
  • Data Subject’s email address;
  • IP


Additionally, but only after obtaining your permission (by accepting the cookie settings on our website, with such acceptance being not required to use our services), we may use Google Analytics to collect information about interests, web pages visited or to be visited, peripheral equipment used, software settings, and referrer URL.


Data Retention periods

Surfer Rosa Limited will retain your personal data for the aforementioned processing for the following periods:


  • For 5 years after any commercial engagement for the Data Subject;
  • For as long as legally required by applicable laws and regulations;
  • For as long as Data Subject remains signed up for the newsletter;
  • For 5 months if it concerns information obtained through (tracking) cookies from Google


Data-sharing with third parties

The data you provided to us may be disclosed to third parties if this is necessary for the purposes described below:


Surfer Rosa Limited uses third parties for:


  • Providing telephone support directly to customers, via an outsourced call-center service. The call-center Surfer Rosa Limited uses is based in the EEA and therefore also bound by the European General Data Protection Regulation (GDPR).
  • Customer identification and verification. We use a third-party provider during our account registration process. This third-party provider is named “Shufti Pro” and customers requested to enter into this process will actively accept Shufti’s terms and conditions and privacy policy and separately confirm to Surfer Rosa Limited to consent to share certain personal data such as first name, last name, DOB, residential address, mobile phone number, email
  • Payment Providers – Surfer Rosa uses third-party payment providers to process the payment made for your orders on We use a variety of providers that we share certain personal and financial data with, for the single purpose of authentication of the payer and submitting those personal data elements that are required by the individual payment provider to process the payment transaction
  • If accepted by data subject we collect data with the help of Google Analytics’ (tracking) cookies and share them with third parties. More information about this is provided at


In any instance, we will only disclose personal information to third parties with whom we have signed a processing agreement and which are based and operating out of the European Economic Area (EEA). Of course, the processing agreement contains the necessary arrangements to safeguard the security of your personal data. Other than this, we will not disclose the personal data you provided us with to third parties, unless this is legally required and permitted.



We have taken appropriate technical and organisational measures to protect your personal data against unlawful processing and unauthorised access. These measures include (but are not limited to) the following:


  • All persons who have access to your personal data on behalf of Surfer Rosa Limited are bound to data protection and privacy requirements;
  • Our systems are protected by a user name and a complex password policy;
  • The transfer of personal data is managed via secure (SSL256) transfer methods and VPNs.
  • Only a small number of employees are authorised to access the parts of the Surfer Rosa Limited system that contain personal data;
  • Only a small number of employees are authorised (and only under a 4-eyes principle) to physically access the servers or any of the main data storage hardware systems, holding personal
  • We make backups to be able to recover data in case of physical or technical incidents, with such backups being held for a period of 31 days and then renewed (and therefore previous ones overwritten).
  • We regularly test and evaluate our systems and measures;
  • Our employees are informed and trained about the importance of the protection of personal


Rights regarding your data

You have the right to inspect the personal data we received from you and to have them rectified or, subject to Surfer Rosa Limited’s legal and regulatory data retention requirements, erased. You may also object against the processing of your personal data (or part thereof) by us or by one of our employees. You also have the right to ‘be forgotten’ and to have the data you provided transferred to you or directly to a third party of your choice. You have the right of limitation and the right to object. For further explanation, please contact us or refer to the European or your local Data Protection Authority for information. We may ask you to identify yourself before handling your data request.


If we are processing your personal data based on your permission, you have the right to withdraw that permission at all times.



Should you have any complaint about the processing of your personal data, please contact us directly. If we are unable to reach a mutual agreement, that is, of course, most regrettable. You always have the right to file a complaint with the Data Protection Authority. This is your local supervisory authority in the field of privacy protection.



Cookie Policy Surfer Rosa Limited (

September 2021


Cookies are small text files that let you navigate between web pages efficiently, remember your preferences and generally improve your browsing experience.


Cookies can also help ensure that the information you see online is more relevant to you. Cookies can normally be disabled or deleted from the cookie folder of your browser.

Please check your browser settings to view and, if required, disable or delete cookies.


Please note that by disabling cookies you may be unable to:

  • Use the certain abbreviated customer paths
  • use the site or app in your preferred language


Disabling cookies could also generally affect the website’s functionality.


What types of cookies do we use?


The types of cookies that we use generally fall into one of four usage categories:


  • Strictly Necessary: Strictly Necessary Cookies. These cookies are essential, as they enable you to move around the website and use its features, such as accessing secure Without these cookies, services you’ve asked for can’t be provided.
  • Performance: Performance Cookies. These cookies collect information about how you use a website, including which pages you go to most often and if you get error messages from certain
  • Functionality: Functionality Cookies. These cookies allow a website to remember choices you make (such as your user-name, language or the region you’re in) and tailor the website to provide enhanced features and content for you.
  • Targeting: Targeting Cookies. These cookies are used to tailor marketing to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising