GDPR Compliance
Last updated: January 7, 2025
SurfMate is committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and outlines your rights as a data subject.
Data Controller
SurfMate acts as the data controller for all personal data collected through our website and mobile application. This means we determine the purposes and means of processing your personal data and are responsible for ensuring compliance with data protection laws.
Legal Basis for Processing
We process your personal data based on the following legal grounds:
- •Consent: When you explicitly agree to data processing (e.g., marketing communications)
- •Contract: To fulfill our service agreement with you (e.g., providing surf forecasts)
- •Legitimate Interests: For business operations that don't override your rights
- •Legal Obligation: When required by applicable laws
Your Data Subject Rights
Under GDPR, you have the following rights regarding your personal data:
Right of Access
Request a copy of your personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing
Request limitation of how we use your data in certain circumstances.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent.
Data We Collect
We collect and process the following categories of personal data:
- •Identity Data: Name, username, email address
- •Location Data: GPS coordinates to show nearby surf spots
- •Usage Data: App usage patterns, session logs, favorite spots
- •Technical Data: Device information, IP address, browser type
International Data Transfers
If we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or transfers to countries with an adequacy decision. You may request a copy of these safeguards by contacting us.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When you delete your account, we will delete or anonymize your personal data within 30 days, unless we are legally required to retain certain information.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption of data in transit and at rest, regular security assessments, and access controls for our systems.
How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us at privacy@surfmate.app. We will respond to your request within 30 days. You may be asked to verify your identity before we process your request.
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.
Cookies
We use essential cookies to ensure our website functions properly. Analytics cookies are only used with your consent. You can manage your cookie preferences through your browser settings or our cookie consent tool. For more information, see our Privacy Policy.
Updates to This Policy
We may update this GDPR compliance information from time to time. Any significant changes will be communicated to you via email or through a notice in our app. We encourage you to review this page periodically.
For any questions about GDPR compliance or to exercise your data rights, please contact our data protection team.
📧privacy@surfmate.app© 2026 SurfMate. All rights reserved. 🇪🇺