Blue Trailz: privacy policy

1.  Introduction

This Privacy Policy applies to the processing by Blue Trailz Hostel & Surf Camp of your personal data. Blue Trailz Hostel & Surf Camp takes your privacy very seriously and treats all your personal data with great care. Blue Trailz Hostel & Surf Camp acts in accordance with the applicable data protection legislation. Given the International nature of our operations, this policy will only be published in English.


When you visit our websites (or subdomains) (the “Website”), make a reservation, contact us, purchase products or services from us or our vendors or visit our hostel and partner hotels, we collect personal data from and about you. This Privacy Policy describes which personal data is collected and for which purposes this personal data is processed by Blue Trailz Hostel & Surf Camp. It also states which rights you have under applicable data protection law.


2. Name and Address of the controller

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

Blue Trailz Hostel & Surf Camp (hereinafter referred to as Blue Trailz)

Main street next to Alamo

50309 Playa Tamarindo

Costa Rica

Phone: +506 2653 1705




3. Which personal data do we process, and for what purposes do we process personal data?

The Website collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files hosted on the platform. provides us with an online platform that allows us to sell our products and services to you. Your data may be stored through’s data storage, databases, and general applications. They store your data on secure servers behind a firewall. 


We want to get to know you because that enables us to make your stay more pleasant, so you may one day decide to return to our hotels. We collect, store and process personal data at two different stages: (i) before you decide to stay at Blue Trailz or our partner hotels and (ii) when you stay or have stayed at Blue Trailz or our partner hotels.

i. Before you decide to stay with us
When you visit our Website, we collect information about your use of the Website. This includes both information we collect directly from you and the information we collect about your behavior. This information may constitute 'personal data' under applicable law. We use this information to provide you with (personal) offers, both on our Website and via advertisements on other websites you visit. The information about your use of the Website comprises HTTP header information which your browser transmits to our web server, information collected through the use of cookies and log information which displays the pages that you visited on our Website.

ii. When you stay or have stayed at Blue Trailz or at a partner hotel
When you make a reservation, you will have to provide us with your name, your (email) address, phone number, the dates you are staying with us and a credit card token or other payment information as applicable. We use this personal data to process the reservation, for billing purposes, and to allow us to communicate with you about your reservation. When you stay in with us, we will collect personal data about your identity, preferences, use of our services, and location.

Overview of activities under stage (i) and (ii)

We may at each of the stages outlined above use your personal data. For your convenience, we have made an overview of activities that involve the processing of your personal data:

  • First of all, we store the personal data you provide to us in our systems for administrative purposes.

  • We are legally obliged to ask you to provide us with certain information when you arrive at Blue Trailz. This may include information such as birth date, nationality, passport data, place of residence, date of arrival and profession

  • We will have to verify your identity when you arrive at a Blue Trailz. We will use your passport or other identification documents. We will store a copy of your passport, to the extent permitted by law.

  • We store your personal data in our database(s), also after your transaction has been completed and after you have stayed at Blue Trailz, in order to comply with data retention obligations and to be able to contact you and welcome you again in the future.

  • Since we work with partner hotels and third-party tourism providers, it may be necessary to transfer your personal data to those recipients in a country outside of the country where it was originally collected or outside of your country of residence or nationality. For many of our business partners use cloud-based services. Therefore, for technical and organizational reasons, it may be necessary that your personal data is transferred to servers located in the US, or to servers located in countries outside of the European Economic Area ('EEA').

  • We process your booking, howsoever made directly via our website or via a third party (online) travel agent.

  • We will not use any sensitive personal data that we may collect or derive from your stay

  • We use credit card data or other payment data for invoicing purposes.

  • We collect (meta)data on your use of our Wi-Fi services for security and anti-piracy purposes (such as IP address, your device's MAC address, connections made, location, etc.). We do not process the content of the traffic.

  • We collect automatically generated information for statistical (research) purposes. This information tells us how well our services are functioning. This information may be provided to third parties, but only if permitted by law or if this information cannot be traced back to you.

  • We track information on your purchases for future use in case you return to Blue Trailz

  • We endeavor to provide a high level of security of both the information we store as well as our facilities, (IT) systems and premises, by means of encryption, physical security measures, passwords, company procedures, and policies and professional IT support. Personal data may be processed in this context by Blue Trailz and its vendors.

  • We endeavor to prevent our services and facilities (hotels) from being used for illegal purposes, of any kind. Personal data may be processed in this context by Blue Trailz and its vendors, such as through CCTV surveillance.

  • We engage in activities required for compliance with legal obligations, third-party claims or requests from public authorities, such as (i) the mandatory storage/containment of certain information because of a criminal investigation, (ii) requests from third parties for access to information (iii) any further instructions from third parties, such as supervisory authorities, that involve data processing.

  • As a responsible company, we do not use automatic decision-making or profiling.

  • Just like your privacy is important to us, so is the privacy of other guests and our staff important to us. We, therefore, communicate with you directly with regards to any issues, comments or questions you might have relating to your interaction with us, including but not limited to your reservation, changes to reservations, your stay or your payments. If you have any comments or queries, we welcome you to contact us by email to For the privacy of our other guests and staff we will not answer your queries via third parties, including but not limited to travel agents and/or booking websites or their systems and employees.

  • In case of misconduct on your part, including but not limited to failing to pay for your purchased services, cancelation or modification fee(s) or damages, engaging in illegal activities including but not limited to using drugs, stealing or threatening staff or guests or (attempting to) blackmailing us or disrupting the peace, non-compliance with our house rules, we reserve the right to share your name, ID, contact details and information about what has happened with authorities, the travel agent or booking website you used to reserve your stay and with partner hotels and other tourism providers with whom we have teamed up to increase security and safety of guests worldwide.

4. Your rights

Right to revoke consent
If we process personal data on the basis of your consent, you have the legal right to revoke such consent at any time. We will then cease the relevant processing activity going forward. You can do so by sending an email to

Right of access to your information 
If you want to know what personal data we have collected or process about you, you may request us to provide a copy of your personal data by sending an email to  We will ask you to identify yourself. We will not provide you with a copy of your personal data to the extent that the rights and freedoms of others are or may be adversely affected.

Right to rectification and erasure of data, and restriction of processing
If you believe that our processing of your personal is incorrect, inaccurate, unlawful, excessive, incomplete, no longer relevant, or if you think that your data is stored longer than necessary, you may ask us to change or remove such personal data or restrict such processing activity, by sending an email to

Right to data portability
You shall have the right granted by the European legislator, to receive your personal data, which was provided to a controller, in a structured, commonly used and machine-readable format. You shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.


Furthermore, your right to data portability pursuant to Article 20(1) of the GDPR, you shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

In order to assert the right to data portability, you can contact us via

Right to object 
You have the legal right to object, on grounds relating to your particular personal situation, at any time to processing of your personal data which is based on the legal basis of either point (e) or (f) of section 6(1) of the General Data Protection Regulation (i.e. the performance of a task carried out in the public interest; the purposes of our, or a third party's, legitimate interests) including profiling based on those provisions [see the Schedule under clause 4 of this Privacy Policy]. We will only cease the processing if so required under section 21(1) of the General Data Protection Regulation. Furthermore, you have the right to object at any time to our processing of your personal data for direct marketing purposes by either (i) opting out by using the option we provide in the relevant direct marketing message (e.g. an email newsletter), or (ii) by sending an email to For the sake of clarity: without prejudice to the foregoing we are at all times entitled to send you messages that do not constitute direct marketing.

General information relevant for all requests and queries
You must exercise your rights, as explained in this clause, in accordance with applicable law, in particular, section 15, 16, 17, 18, 20 and 21 of the General Data Protection Regulation, if and when it applies. We will solely review your request or query in light of our obligations under applicable mandatory data protection law. Nothing in this Privacy Policy is intended to provide you with rights beyond or in addition to your rights as a data subject under applicable mandatory data protection law. 

We will use reasonable endeavors to respond to your request or query within one month. We are entitled to extend this term by another two months if the complexity of the situation so requires. If your request is manifestly unfounded or excessive we may either (i) charge you a fee, or (ii) refuse to process your request. With respect to access requests, we may also charge you for extra copies. If we decide not to honor your request or answer your query, we will explain our reasons for doing so in our reply.

5. Protection and storage of your data

We have used and will continue to use reasonable endeavors to protect your personal data against loss, alteration or any form of unlawful use. Where possible, your personal data will be encrypted and stored on a virtual private server that is secured by means of state of the art protection measures. A strictly limited amount of people have access to your personal data. We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Policy, generally 2 years, unless a longer retention period is required or permitted by law (which is typically the case in the context of our obligations under tax law).

6. Cookies

The Website uses various cookies. Cookies are text files that are stored in a computer system via an Internet browser. Information generated by the use of cookies may constitute personal data. We can use the personal data collected in this manner for the purposes as stipulated in this Privacy Policy.


Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.


Through the use of cookies, we can provide the users of this Website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimized with the user in mind. Cookies allow us, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. The website user that uses cookies e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user's computer system.

You may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable. 

7. Supervisory authority and applicable law

The processing of your personal data by Blue Trailz shall be subject to the laws of Costa Rica, including the General Data Protection Regulation, when it applies from 25 May 2018 onwards. The applicability of the laws of Costa Rica and the General Data Protection Regulation shall be without prejudice to any provisions that may apply to a particular processing activity under local mandatory data protection law.

8. Personal data as a statutory or contractual requirement

We want to clarify that the provision of personal data is either required by law or can also result from contractual provisions (e.g. you booking a stay with us or buying a product or a service). Sometimes it may be necessary to conclude a contract that you provide us with personal data, which must subsequently be processed by us. The non-provision of the personal data would have the consequence that the contract with you could not be concluded and therefore you cannot stay with us or acquire products or services by us.

9. General

In case you have any questions in relation to this Privacy Policy, you may send an email to

We have done our best to make sure that this Privacy Policy explains the way in which we process your personal data, and rights you have in relation thereto. We reserve the right change this Privacy Policy at any time to make sure it is still up to date. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this Privacy Policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. 

Last update: 22 May 2018