.svg){kind=small}
.svg){kind=small}
Kitesurf Schools
.svg){kind=small}
Outdoor Centers
.svg){kind=small}
Privacy Policy
1. Controller
Open Coast SL (trading as Bloowatch), with Tax Identification Number B95754586, registered office at Calle Ogoño, 1 – Planta 3, Módulo 8, 48930 Getxo, Bizkaia, Spain, registered in the Registro Mercantil de Bizkaia (Tomo 5463, Folio 207, Hoja BI-64469), is the data controller for the processing activities described in this Privacy Policy.
For any data protection enquiry: info@bloowatch.com
2. Scope — Bloowatch's Two Roles
Bloowatch occupies two distinct data protection roles:
(a) Controller — for personal data collected through this website (www.bloowatch.com), including visitor analytics, contact and demo request forms, newsletter subscriptions, and for the management of the commercial relationship with its clients (the activity providers who subscribe to the Bloowatch software).
(b) Processor — for personal data that activity providers enter, store, or process through the Bloowatch software platform on behalf of their own end customers (persons who book activities, sign waivers, make payments, or otherwise interact with the activity provider's services). In this capacity, Bloowatch processes data solely on the documented instructions of the activity provider, who is and remains the data controller. The activity provider is solely responsible for ensuring the lawfulness of its own data processing, including obtaining any consents required from its end customers, providing appropriate privacy notices, determining retention periods for its data, and responding to data subject requests.
This Privacy Policy addresses the processing activities where Bloowatch acts as controller (role (a) above). The processing of platform data under role (b) is governed by the Terms of Service agreed between Bloowatch and the activity provider. If you are an end customer of an activity provider that uses Bloowatch, please contact that activity provider directly for information about how your personal data is handled.
3. What Data We Collect and Why
3.1. Website visitors
| Data | Purpose | Lawful basis |
|---|---|---|
| IP address, browser type, device information, pages visited, session behaviour | Website analytics and performance improvement | Consent (Art. 6.1.a GDPR), obtained via the cookie consent banner, for non-essential cookies. Legitimate interest (Art. 6.1.f) for data that is strictly necessary for technical delivery of the website. |
| Name, email, company name, phone number, country (demo/contact forms) | Responding to enquiries, arranging product demonstrations, pre-sales contact | Legitimate interest (Art. 6.1.f) — providing information requested by the visitor. |
| Email address (newsletter signup) | Sending periodic newsletters and product news | Consent (Art. 6.1.a), which may be withdrawn at any time. |
3.2. Clients (activity providers who subscribe to the software)
| Data | Purpose | Lawful basis |
|---|---|---|
| Contact name, email, company name, address, tax identification number, payment details | Account creation, subscription management, invoicing, contract performance | Performance of a contract (Art. 6.1.b) |
| Support communications (chat, email) | Technical assistance, issue resolution | Performance of a contract (Art. 6.1.b) |
| Usage data (feature usage patterns, login events) | Maintaining, securing, and improving the service | Legitimate interest (Art. 6.1.f) |
3.3. Platform data (Bloowatch as processor)
When activity providers use the Bloowatch platform, they may enter personal data relating to their own customers, staff, and partners — including names, contact details, booking information, payment references, participation records, waiver signatures, identity documents, medical information, and photographs.
Bloowatch does not determine the purposes or means of processing this platform data. Bloowatch processes it exclusively on behalf of, and under the instructions of, the activity provider. Bloowatch does not access, use, sell, or share platform data for its own purposes except to the minimum extent necessary to provide and secure the service.
If the activity provider chooses to process special categories of personal data through the platform (such as health data in medical certificates or biometric-adjacent data in identity photographs), the activity provider does so under its sole responsibility as controller. Bloowatch does not require, recommend, or encourage the collection of such data, and bears no liability for the activity provider's decisions in this regard.
4. Who We Share Data With
We share personal data only to the extent necessary for the purposes described in Section 3, with the following categories of service providers:
- Cloud hosting providers (platform and website infrastructure, located in the European Union)
- Payment processing providers (subscription billing and payment collection)
- Email and communication service providers (operational and marketing communications)
- Customer relationship management and support tools (managing client relationships and support requests)
- Website analytics providers (website usage analysis)
We do not sell personal data. We do not share personal data with third parties for their own independent marketing purposes.
When Bloowatch acts as processor, the activity provider's platform data may also be processed by subprocessors engaged by Bloowatch to deliver the platform services (for example, email delivery and SMS delivery services). A summary of current subprocessor categories is available upon request at info@bloowatch.com.
5. International Transfers
Some of our service providers are established in the United States or in other countries outside the European Economic Area (EEA). When personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place, including:
- The European Commission's adequacy decision for the EU–US Data Privacy Framework, for US-based providers that are certified under the framework; or
- Standard Contractual Clauses (SCCs) approved by the European Commission.
We do not transfer personal data to countries outside the EEA unless an adequate level of protection or appropriate safeguards are in place in accordance with Chapter V of the GDPR.
6. How Long We Keep Data
| Data category | Retention period |
|---|---|
| Website analytics data (cookies) | Per the duration of each cookie (see Section 7) |
| Demo or contact request data | 12 months after last contact, unless a commercial relationship is established |
| Newsletter subscriber data | Until consent is withdrawn |
| Client account and contract data | Duration of the subscription plus 60 days (to allow data export, per the Terms of Service) |
| Invoicing and billing records | 6 years from the end of the relevant fiscal year (as required by Spanish commercial and tax law) |
| Platform data (as processor) | Duration of the client's subscription. Deleted within 12 months after the end of the subscription, unless earlier deletion is requested by the client or a longer retention period is required by law. |
When personal data is no longer needed for the purposes for which it was collected, or when the applicable retention period expires, it is deleted or, where required by law, anonymised.
7. Cookies and Tracking Technologies
7.1. What are cookies
Cookies are small text files stored on your device when you visit a website. They serve various purposes including enabling the website to function, analysing usage, and supporting marketing activities.
7.2. Types of cookies we use
Strictly necessary cookies
These cookies are essential for the website to function and cannot be disabled. They include session management cookies and security cookies. No consent is required for these cookies.
Analytics cookies (consent required)
We use HubSpot analytics tools and Google Analytics (GA4) to understand how visitors interact with our website. These cookies collect information such as pages visited, time spent on pages, and traffic sources. This data is used in aggregate to improve the website. These cookies are only activated after you give your consent through the cookie banner.
7.3. How to manage your cookie preferences
When you first visit our website, a cookie consent banner will ask for your preference. You can accept or reject non-essential cookies. You can change your preferences at any time through the cookie settings link available on the website or by clearing your browser cookies.
You can also configure your browser to block or delete cookies. Please note that blocking strictly necessary cookies may affect the functionality of the website.
For more information on how cookies work, you may visit www.allaboutcookies.org.
8. Your Rights
Under the General Data Protection Regulation (GDPR) and the Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD), you have the following rights with respect to your personal data:
- Right of access — to obtain confirmation of whether your data is being processed and to receive a copy.
- Right to rectification — to have inaccurate or incomplete data corrected.
- Right to erasure — to request the deletion of your data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent.
- Right to restriction of processing — to request that processing be limited in certain circumstances.
- Right to data portability — to receive your data in a structured, commonly used, and machine-readable format.
- Right to object — to object to processing based on legitimate interest or for direct marketing purposes.
- Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out prior to the withdrawal.
To exercise any of these rights, please contact us at info@bloowatch.com, identifying yourself and specifying the right you wish to exercise. We will respond within one month, as required by law. This period may be extended by a further two months in cases of particular complexity, in which case we will inform you of the extension within the first month.
If you are an end customer of an activity provider that uses the Bloowatch platform: your data is controlled by the activity provider, not by Bloowatch. Please direct any request concerning your personal data to the activity provider. Bloowatch will assist the activity provider in fulfilling such requests in accordance with its contractual obligations as processor.
You also have the right to lodge a complaint with the competent supervisory authority:
Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6 — 28001 Madrid
www.aepd.es
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our processing activities, our service providers, or applicable law. The updated version will be published on this page with a new effective date. We encourage you to review this page periodically. Where changes are significant, we will make reasonable efforts to inform affected individuals.
10. Contact
Open Coast SL (trading as Bloowatch)
Calle Ogoño, 1 – Planta 3, Módulo 8
48930 Getxo, Bizkaia, Spain
CIF: B95754586
Email: info@bloowatch.com
Phone: +34 681 211 532
Website: www.bloowatch.com