Privacy Policy

Privacy Policy for surfstyk.com

Last updated: 12 August 2025

1. Who We Are

This website is operated by:

SURFSTYK
Owner: Hendrik Bondzio
Website: https://surfstyk.com
Email: privacy@surfstyk.com

We are committed to protecting and respecting your privacy in accordance with the EU General Data Protection Regulation (GDPR).

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Contact Information: name, email address, phone number, postal address (if provided).
  • Account Information: login credentials, profile details.
  • Communication Data: messages sent via contact forms, email correspondence.
  • Technical Data: IP address, browser type, operating system, referral URLs, and other device identifiers.
  • Usage Data: pages visited, time spent on the site, clicks, and other interaction data.
  • Cookie Data: stored via cookies or similar technologies (see section 6).

3. How We Collect Your Data

We collect data in three ways:

  1. Directly from you – when you fill out forms, subscribe to newsletters, or contact us.
  2. Automatically – through cookies, analytics tools, and server logs when you use our website.
  3. From third parties – such as analytics providers (e.g., Google Analytics) or social media platforms if you interact with our content there.

4. Purpose and Legal Basis for Processing

We process your personal data for:

  • Providing our services (Art. 6(1)(b) GDPR – contract performance)
  • Communicating with you about inquiries, updates, or support requests (Art. 6(1)(b) and (f) GDPR)
  • Sending marketing emails (with your consent) (Art. 6(1)(a) GDPR)
  • Website analytics and improvement (Art. 6(1)(f) GDPR – legitimate interest)
  • Compliance with legal obligations (Art. 6(1)(c) GDPR)

5. Data Sharing and Disclosure

We do not sell your personal data.
We may share your information with:

  • Service providers – hosting providers, email delivery services, analytics platforms.
  • Legal authorities – if required by law or to protect our rights.
  • Business partners – only with your explicit consent.

All third-party processors are contractually bound to comply with GDPR requirements.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep our website functional and secure.
  • Understand usage patterns via analytics tools.
  • Store your preferences.

You can manage or disable cookies in your browser settings. For more details, see our Cookie Policy (if separate).

7. Data Retention

We keep your personal data only as long as necessary for the purposes for which it was collected, including legal or accounting requirements.
When no longer needed, data is securely deleted or anonymised.

8. Your Rights Under GDPR

You have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Request erasure (“right to be forgotten”).
  • Restrict processing.
  • Data portability.
  • Object to processing (including marketing).
  • Withdraw consent at any time.

To exercise your rights, contact us at privacy@surfstyk.com.

9. International Data Transfers

If we transfer your data outside the EU/EEA, we ensure appropriate safeguards (e.g., EU Standard Contractual Clauses) are in place.

10. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction.

11. Complaints

If you believe your rights under GDPR have been violated, you can contact your local Data Protection Authority.
In Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD)https://www.cnpd.pt.

12. Changes to This Policy

We may update this Privacy Policy from time to time.
Changes will be posted on this page with the updated “Last updated” date.

Contact
For questions regarding this Privacy Policy:
📧 privacy@surfstyk.com