SURFKIN Privacy Policy
Effective Date: 6 September 2025
Last Updated: 6 September 2025
This Privacy Policy explains how SurfKin Pty Ltd (“Company”, “we”, “our”, or “us”) collects, stores, uses, and protects personal information when you use our platform located at [Insert Website URL] (the “Platform”). By accessing or using the Platform, you consent to the collection and use of your information in accordance with this Policy. This Policy applies equally to Service Providers, Participants, and all session types offered through the Platform.
For the terms governing use of the Platform, see our Terms of Service (including Data & Privacy and Child Safety provisions).
Contents
- 1. Information We Collect
- 2. How We Collect Information
- 3. Use of Information
- 4. Minors & Consent
- 5. Storage & Security
- 6. Video & Media Uploads
- 7. Payments
- 8. Third-Party Services
- 9. International Users
- 10. Your Rights
- 11. Data Retention
- 12. Changes to This Policy
- 13. Contact Us
- 14. International Users & Compliance
- 15. Cookies & Tracking Technologies
1. Information We Collect
We may collect:
- Personal details: name, email, phone number, date of birth, gender
- Guardian/parental consent info (for minors)
- Health declarations (optional/where required): safety or access needs you choose to provide
- Payment and billing data (processed via Stripe)
- Session data: bookings, history, ratings, and reviews
- Video/media uploads and performance logs
- Device/usage data: IP address, browser type, device ID
- Waiver signatures and timestamps
2. How We Collect Information
We collect information:
- When you register or create an account
- When you book, attend, or create a session
- When you complete waivers, forms, or upload media
- Automatically via cookies and analytics tools (e.g., Google Analytics)
3. Use of Information
We use your data to:
- Facilitate bookings, reminders, payments, and support
- Store waivers and session records securely
- Track athlete development and gate session eligibility
- Provide SMS/email notifications via trusted services (e.g., Twilio)
- Improve platform functionality, safety, and performance
We do not sell personal information to advertisers.
4. Minors & Consent
If a user is under 18, we require:
- Parent or guardian consent at registration
- Signed waivers and medical acknowledgment (where applicable)
- Secure handling of youth data in line with the Australian Privacy Principles (APPs)
See also our Child Safety commitments in the Terms: /p/terms-of-service#child-safety-commitment.
5. Storage & Security
- All personal data is stored securely on protected servers; we implement encryption, access control, and secure coding practices.
- Signed waivers, minor records, and sensitive uploads are stored in accordance with Australian and relevant international standards.
- These records may form part of the user’s permanent profile and may be used for legal or safety audits.
- If an eligible data breach occurs, we will assess and notify affected individuals and the OAIC in line with the Notifiable Data Breaches (NDB) scheme.
6. Video & Media Uploads
By uploading media, users and providers consent to:
- Secure storage of that media
- Internal use for training, performance tracking, or session delivery
- Streaming via embedded video services (e.g., Mux, Vimeo, Cloudflare Stream)
We do not publicly share video without user consent.
7. Payments
We use Stripe Connect to process payments. Payment credentials are encrypted and handled only by Stripe. We do not store credit card numbers on our servers.
8. Third-Party Services
We may share limited data with third parties only as required to deliver the Platform, for example:
- Stripe (payment processing)
- Twilio (SMS notifications)
- Google Maps (location search)
- Analytics tools (performance optimisation)
Each provider is subject to data handling obligations under GDPR, CCPA/CPRA, and/or the Australian Privacy Act. See also the Terms: /p/terms-of-service#third-party-tools.
9. International Users
If you are outside Australia, your data may be stored in Australia or securely in other jurisdictions with equivalent protections. We apply appropriate safeguards for international transfers.
10. Your Rights
You may:
- Access or correct your personal information
- Request account deletion or data erasure (subject to lawful retention)
- Opt out of marketing communications
To exercise these rights, contact: [Insert Privacy Contact Email].
11. Data Retention
We retain user data for as long as required to:
- Provide services
- Comply with legal, tax, and insurance obligations (e.g., medical waivers, minors’ records)
- Resolve disputes or enforce agreements
Typical retention periods are aligned with our Terms (e.g., session logs ≈ 7 years; waivers ≈ 7 years; minors: majority + 7 years). See /p/terms-of-service#data-privacy.
12. Changes to This Policy
We may update this Policy periodically. Material changes will be communicated via email or the Platform, and the Last Updated date will change. Continued use of the Platform means you accept the updated Policy.
13. Contact Us
If you have questions or requests regarding your data, contact:
- SurfKin Pty Ltd
- Address: [Insert Business Address]
- Email (privacy): [Insert Privacy Contact Email]
- Email (support): [Insert Support Email]
You may also contact the Office of the Australian Information Commissioner (OAIC) if you are not satisfied with our response.
14. International Users & Compliance
We operate under Australian law and comply with the Australian Privacy Principles (APPs). Because we welcome international users, we also seek to align with major international standards, including GDPR (EU/UK), CCPA/CPRA (California), and COPPA (US).
14.1 GDPR (EU/UK)
If you are located in the EU/UK, you have rights to:
- Request access, correction, or deletion
- Restrict or object to certain processing
- Data portability
- Withdraw consent at any time (without affecting prior lawful processing)
Lawful bases may include consent, contract, legal obligation, and legitimate interests (e.g., safety, fraud prevention, improvement). For transfers outside the EU/UK (e.g., to Australia), we implement appropriate safeguards such as Standard Contractual Clauses (SCCs).
14.2 CCPA/CPRA (California)
California residents have rights to:
- Know what categories of personal information we collect and how it’s used
- Request access, correction, or deletion
- Opt out of the “sale” or “sharing” of personal information
We do not sell or share your personal data as defined by the CCPA/CPRA. Use of third-party services (e.g., analytics, payments, communications) is governed by strict data protection terms. You will not receive discriminatory treatment for exercising your rights.
14.3 COPPA (US Children’s Privacy)
We do not knowingly collect personal information from children under 13 in the US without verified parental consent. Parents/guardians must provide consent before minors register, participate, or upload data. Parents may review or request deletion of their child’s data by contacting [Insert Privacy Contact Email].
14.4 International Data Transfers
By using the Platform, you acknowledge that your data may be transferred to and stored in Australia or other jurisdictions. We apply appropriate safeguards and security measures consistent with applicable international privacy laws.
15. Cookies & Tracking Technologies
Our Platform uses cookies, pixels, and similar technologies to improve functionality, analyse usage, and personalise your experience. Cookies may be set by us (first-party) or by providers (third-party) such as Google Analytics or Meta Pixel.
Cookies help us to:
- Recognise you when you return
- Remember preferences and settings
- Provide secure logins and session management
- Measure performance and usage trends
- Deliver relevant content/marketing (where consent is given)
Some cookies are essential; others are optional and used only with your consent. You can manage or disable cookies through your browser/device settings. EU/UK users will see a cookie banner to accept/reject/customise preferences per GDPR and the ePrivacy Directive.
For full details of the cookies we use and your choices, see our Cookie Policy.