At Aldonera OÜ (“We”, “Us”, “Our”), we prioritize the privacy of our Users and/or Clients (“You” or “Your”). This Privacy Policy outlines our practices regarding information gathered through our website, surfstation.ee (“Site”) and/or App (the “App”), as well as any subdomains under our ownership that are connected to the Services and/or Goods we provide.
This document (“Privacy Policy”) aims to elucidate what data we collect, our reasons for collecting it, and how we manage the information we receive from you.
Our Privacy Policy has been crafted to align with data protection laws and their associated regulations, adhering to the highest standards for collecting, processing, storing, and erasing personally identifiable information.
In this Privacy Policy, we implement and explain the following fundamental principles of data protection:
Our data collection is limited to what’s essential for our stated objectives.
We conduct regular reviews of our data holdings and remove any unnecessary information.
This Policy may be subject to updates. When changes occur, we’ll post them along with the latest revision date. We recommend checking this Privacy Policy regularly to stay informed about any modifications.
Personal Information
Personal Information refers to any data that can be used to identify a specific individual. This includes information that can directly or indirectly lead to identification, such as an ID number or various personal characteristics like physical, psychological, economic, cultural, or social factors.
Data Handling
Data Handling encompasses any operation performed on data, whether automated or manual. This includes activities such as gathering, assembling, retaining, structuring, or distributing data.
Data Controller
A “Data Controller” is any individual, company, government body, or organization that, either alone or with others, decides the purposes and methods for processing personal data.
Data Processor
A “Data Processor” is any individual, company, government body, or organization that handles personal data as instructed by the controller.
Pseudonymization
“Pseudonymization” involves substituting identifiable information with a pseudonym or code, effectively preventing direct identification of an individual.
Consent
“Consent” refers to a clear, voluntary, and informed agreement from an individual, expressed through a statement or obvious affirmative action, allowing the processing of their personal data.
Personal Data Breach
A “Personal Data Breach” is a security incident resulting in the unintended or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data that has been processed or transmitted.
Third Party
A “Third Party” is an individual or entity, other than the controller or processor, who has permission to process personal data.
Profiling
“Profiling” refers to any automated processing of personal data used to analyze or predict aspects of an individual’s behavior, preferences, or characteristics.
Upon registration, we gather the following details:
We might also accumulate supplementary data related to your interaction with the “Site” and/or “App”.
Regarding “Fee” payments, your Payment Card details are submitted directly to our Payment Processor, “Stripe”, which manages transactions on our behalf.
“Stripe” utilizes this payment data as outlined in its Privacy Policy. Furthermore, “Stripe” shares certain limited information about you with us, which we may employ to address operational matters.
We strongly advise you to exercise caution when deciding what information to share.
We kindly request that you refrain from disclosing sensitive details (such as national identification numbers, religious affiliations, health information, etc.). If you must share such information, please do so with utmost discretion.
We employ identifiable personal data (referred to as “Personal Information”) to ensure our Users are provided with high-quality services.
The collection of Personal Information through our “Site” and/or “App” is limited to what Users willingly provide when they register, subscribe, or utilize our “Services” and/or “Goods”.
Your Information may be utilized for the following purposes:
We may also use your Personal Information in other ways that are logically connected to the context in which you provided it.
Account verification is required, and we may ask for additional information. This data is collected and used based on our legitimate interest in confirming you are at least 18 years old and maintaining current account information.
We will process your personal information only when we have valid legal grounds to do so, such as your prior consent.
Data processing may occur based on your consent/permission (for example, when you agree to receive marketing communications). You can withdraw this consent at any time by contacting us at: [email protected]
We are committed to enhancing the “Site” and/or “App” and introducing features that we believe will improve safety and utility. New functionalities may involve similar data usage as described above.
Our data processing practices are regularly reviewed, and we will inform you of any changes we decide to implement.
We may occasionally share content that we believe could be beneficial to you, such as newsletters or educational materials pertaining to our offerings.
Should you prefer not to receive these communications, you have the option to unsubscribe. For this, please reach out to us at [email protected]
Our servers may automatically capture certain details when you access our “Site” and/or “App”. This information, known as “Log Data”, could encompass details like your device’s “IP” address, the type of browser you’re using, when you accessed our platforms, and various other metrics. We utilize this data to enhance our “Site” and/or “App”, making them more efficient and tailored to user preferences.
While we may process and examine this “Log Data” in aggregate form, we do not classify it as Personal Information or link it directly to individual users.
We also gather data on your interaction with our “Site” and/or “App” each time you use them. This includes information such as when you access our platforms, what you search for, which features you use, the pages you visit, any system errors you encounter, how long you stay on our platforms, and which elements you interact with. Our goal in collecting this information is to continually improve your experience with our “Site” and/or “App”.
Aldonera OÜ, registered under code 11120664 and located at Turu 34B, 51004, with email address [email protected], serves as the Controller for all personal information gathered and utilized for the purposes of providing the “Site” and/or “App”, as well as for any other objectives outlined in this Privacy Policy. This means we’re responsible for determining how and why your data is used, and for ensuring its legal and secure handling.
We are committed to protecting your privacy. The Personal Information collected through our “Site” and/or “App” will not be shared, sold, distributed, or disclosed in any way, except as described in this Privacy Policy or with your explicit consent.
We may collaborate with third-party entities and individuals to perform services on our behalf. These services may include, but are not limited to, facilitating our “Site” and/or “App”, providing “Site”-related services (such as maintenance, database management, analytics, and feature improvement), or assisting us in analyzing how our “Site” and/or “App” is used. While these third parties may have access to your Personal Information, we do not authorize them to use this information for any purpose other than providing the aforementioned services.
In certain circumstances, we may need to disclose information about you that we’ve collected. This could be to government officials, law enforcement agencies, or private parties, as we deem necessary or appropriate in our sole discretion. Such circumstances may include responding to claims and legal processes (including but not limited to subpoenas), protecting the property and rights of “Surf Station” or third parties, ensuring public safety, or preventing or stopping activities we consider potentially illegal or unethical.
In cases where there’s an investigation into alleged criminal behavior, or to protect a person’s vital interests, we will cooperate with law enforcement inquiries. This may involve preserving or disclosing any of your information if we believe in good faith that it’s necessary to comply with laws, regulations, judicial proceedings, court orders, or other legal requests.
We reserve the right to transfer information we’ve collected about you via the “Site” and/or “App” in the event of a sale or transfer of all or part of our business or assets. Should such a transaction occur, we’ll make reasonable efforts to ensure that the transferee uses your Personal Information in a manner consistent with this Privacy Policy.
If “Surf Station” undergoes a business transition or change in ownership, such as a merger, acquisition by another company, or insolvency, we may need to disclose your personal data. Any modifications to this Privacy Policy during this process will be communicated to you via email.
Occasionally, we may collaborate with external entities to share information, aiming to enhance the “Site” and/or “App” functionality and improve your overall experience.
Our “Site” and/or “App” may contain links to external websites. We bear no responsibility for the content, privacy practices, or products offered on these external platforms. It’s important to understand that our privacy policy is limited to the information we collect through our “Site” and/or “App”. We cannot oversee or guarantee the privacy practices of these external sites. Before engaging with any third-party site accessed via our “Site” and/or “App”, we strongly recommend reviewing their respective privacy policies. Nevertheless, we strive to partner with reputable third parties and processors.
We make efforts to minimize and anonymize (by removing identifying information) the data we transmit to these external parties, to the best of our abilities.
Our services are not intended for individuals under 18 years of age, and we do not intentionally gather Personal Information from this age group. Should a parent or guardian discover that their child has shared such information with us without their approval, they should reach out to us at [email protected]. Upon receipt of such notification, we will promptly remove the data and deactivate the child’s account.
We urge those under 18 to refrain from inputting any information on our “Site” and/or “App”. We also encourage parents and legal guardians to supervise their children’s online activities and assist in enforcing our Privacy Policy by instructing their children to never disclose personal information on our “Site” without parental consent.
Our marketing efforts do not specifically target children under the age of 13.
We implement a variety of security measures to safeguard the Personal Information collected through our “Site” and/or “App”. These measures are designed to prevent unauthorized access, misuse, alteration, or destruction of your data. Despite our best efforts, we cannot guarantee absolute security of any information transmitted or stored electronically. We exercise due diligence when choosing third-party providers for data processing and handling.
“Surf Station” gathers, processes, and stores information on servers within the European Economic Area, regardless of your geographical location.
We prioritize the protection of user-related information and employ SSL Security mechanisms to ensure secure storage.
It’s important to note that data transmission over the internet and mobile networks can never be 100% secure. While we strive to protect your information, we cannot guarantee the complete security of data you submit via the “Site” and/or “App” during transmission. Such submissions are made at your own risk. To enhance your security, we recommend the following practices:
When we provide you with our products or services, we generate records containing your information, including customer account details, payment history, and activity logs. We manage these records to ensure efficient service delivery and compliance with legal and regulatory requirements.
The duration for which we retain records varies based on the record type, the nature of the activity or service, and applicable legal and regulatory obligations. Our retention periods may change in response to business needs or legal and regulatory requirements. For our Site and/or App Users, we typically retain most data for as long as you’re actively using our services, plus an additional six years to meet legal obligations or address potential legal challenges. In some instances, we may need to keep data for longer periods due to our legitimate interests or legal requirements.
Unless mandated by law, we will only keep your Personal Information in our systems for the time necessary to fulfill the purposes outlined in this Policy, or until you request its deletion in accordance with your right of erasure.
Even after deleting your Personal Information, we may maintain a copy for legal, tax, or regulatory purposes, but only for as long as necessary to fulfill these obligations. For more details, please contact us at [email protected].
Information you submit via the Site and/or App is transmitted to and stored on secure servers within the European Economic Area (EEA). We may transfer your submitted information to third parties, potentially located outside the EEA (such as the United Kingdom or United States), for Site maintenance purposes.
We retain your personal information as long as necessary for legitimate purposes and as permitted by applicable law. Upon deletion of your account (following a safety retention window), we delete or pseudonymize (remove identifying information) your data, except when:
The legal foundation for processing Personally Identifiable Information is User Consent.
As a user of our “Site” and/or “App”, you are entitled to the following rights:
Right to be informed: You have the right to know what personal data we are processing and why. This Privacy Policy serves to provide you with this information.
Right of access: You are legally entitled to request and receive a copy of the personal information we have collected about you. To exercise this right, please contact us at [email protected].
Right to erasure: We retain your personal information only as long as necessary to provide our services and products. You may request the deletion of your Personal Information if you believe we no longer need it for the purposes it was provided. Please note that we may keep a record of your request to ensure compliance with legal obligations. To request account deletion, please reach out to us at [email protected].
Right to rectification: If you find that the data we hold is inaccurate, you have the right to have it corrected. For such requests, please contact us at [email protected].
Right to opt-out of marketing: You can choose to stop receiving direct marketing communications from us at any time. If you no longer wish to receive marketing messages, please inform us by writing to [email protected].
Right to object to processing: You have the right to object to our processing of your personal data where we rely on legitimate interests as the legal basis for processing. If you exercise this right, we will cease processing your personal data unless we can demonstrate legitimate grounds to continue. To make such a request, please contact us at [email protected].
Right to data portability: You may request a copy of your data in a machine-readable format that can be transferred to another service provider. To exercise this right, please contact us at [email protected].
Rights related to automated decision-making and profiling: When processing is carried out solely through automated means and results in decisions that have legal or significant effects on you, you have several rights. These include the right to ensure human intervention in the decision-making process. For such requests, please contact us at [email protected].
To modify your Personally Identifiable Information, please reach out to us via email at [email protected]
You have the option to request permanent deletion of your account at any time. Once we receive such a request, we will proceed to deactivate your account and make reasonable efforts to ensure it’s no longer visible on the “Site” and/or “App”. Please note that for a period of 30 days following deactivation, account restoration is possible in cases of accidental or wrongful deactivation. After this 30-day window, we initiate the process of removing your account from our systems.
For any inquiries regarding this Privacy Policy, please send your questions or comments to [email protected]
We are committed to handling your information with utmost care and responsibility. If you have any concerns about our practices, please don’t hesitate to contact us at [email protected]
In the event of any changes to this policy, we will inform you either through the email associated with your account or by posting a notification on the “Site” and/or “App”. Your continued use of the “Site” and/or “App” following these changes constitutes your acceptance of the updated Privacy Policy.
Our platform employs “Cookies,” which are tiny data files containing unique identifiers. These files are transmitted from web servers to your browser and can be sent back each time you request a new page. This mechanism allows our “Site” and/or “App” to recognize you and recall your preferences and online behavior.
We utilize “Cookies” to enhance user experience by providing personalized services that would be challenging to implement without them. This technology aids in identifying users of our “Site” and/or “App”.
“Cookies” come in two main types: “Persistent” and “Session”. “Persistent Cookies” stay on your device even when you’re offline, while “Session Cookies” are removed once you close your browser.
When you visit our “Site”, you might also receive third-party “Cookies” on your device. These are placed by external websites, services, or entities, not by us. On our “Site”, third-party “Cookies” are utilized for analytics and marketing purposes.
Prior to placing “Cookies” on your device, you’ll see a notification asking for your permission to accept or decline these “Cookies”.
In compliance with regulations, we offer you the option to refuse certain “Cookies” used for purposes like advertising, analytics, and research. You can manage these preferences in your cookie settings without impacting the legality of processing based on your prior consent.
For any inquiries, concerns, or feedback regarding this Privacy Policy, or to make requests about your personal information, please reach out to us via email at [email protected]