PRIVACY STATEMENT
Overview
This is the privacy statement of Surf Alarm, located in Amsterdam (“Surf Alarm”). This privacy statement provides information about the processing of personal data of users of the Surf Alarm app.
The Surf Alarm mobile app allows you to create surf alarms. Surf Alarm requires users to at least provide a surf spot location, and preferred conditions for swell, wind and tide. It is optional for users to add an alarm name to describe the use case.
As Data Controller, Surf Alarm respects your privacy rights and is committed to transparency in how we collect, use and share your personal information. If you have any questions or concerns about your personal information or this privacy statement, email us at aloha@surfalarm.app.
Your continued use of our platform will be regarded as acceptance of our practices concerning privacy and personal information. You can withdraw your consent at any time; see the section “How can you control the way Surf Alarm processes your data”.
This privacy statement is subject to change. We advise you to regularly consult this privacy and statement. The last change was made on May 15st 2021.
Information we collect
This privacy statement is applicable to all (personal) data that is processed through the Surf Alarm app. Most data is collected only after creating an account. We process the following data:
- We ask for permission to use your current location to make it easier / faster for you to navigate to your surf spot on our world map;
- On iOS, we ask for permission to send you push notifications. These push notifications are used to alert the user when alarm conditions are matched. Also, they may be used to inform the user about news/promotions concerning the app.
- (Aggregated / anonymous) Information / Analytics about your use of our Service (e.g. what features do you use and how);
- We collect information from your browser, computer, or mobile device, which provide us with technical information when you access or use the Services. This technical information includes device and network information, cookies, log files, analytics and other information / statistics. At the moment, Surf Alarm does not process personal information. This might change with future updates, as account functionality might be added.
For what purpose do we process your personal data?
The EU General Data Protection Regulation outlines six data protection principles that organisations need to follow when collecting, processing and storing personal data. Hereunder we set out how Surf Alarm aims to adhere to these principles.
- Lawfulness, fairness and transparency. In short, Surf Alarm will only process personal data, as described above, to provide you with the Services you requested from us, to improve the app / user experience (based on aggregated statistics). This data is transparently communicated under header ‘Information we collect’.
- Purpose limitation. The GDPR states 6 legal bases for processing personal data, which we have outlined below. We have highlighted and detailed the two bases that best reflect our practices and intentions.
- Compliance with legal obligation;
- Contractual performance;
- Vital interests;
- Public interest or acting under official public authority; o Legitimate interests. We only collect personal data that we believe is essential for delivering an awesome user experience for surfers around the world. A surf reporting tool is incomplete without pictures, comments and (historical) location data. We do our best to safeguard this information and to make sure that we do not infringe upon the rights and freedoms of the data subjects;
- Data subjects’ consent. After finishing the onboarding and before actively using the app, users are asked for consent through opt – in. Consent can be revoked by sending an e-mail to aloha@surfalarm.app or deleting your account and the app.
- Data minimisation. Surf Alarm will only process personal data, as described under “Information we collect”, to provide you with the Services you requested from us, to improve the app / user experience (based on aggregated statistics).
- Accuracy. In Surf Alarm, users give in / create their own personal data. In case of inaccurate or incomplete data, users can change everything in – app or send an e-mail to aloha@surfalarm.app and we will rectify or erase the data within 30 days.
- Storage limitation. See section “How long do we store your data?”
- Integrity and confidentiality. Surf Alarm makes use of Google Firebase. Firebase services encrypt data in transit using HTTPS and logically isolate customer data. In addition, several Firebase services also encrypt their data at rest.
For how long do we store your data?
Your alarms can be deleted in the app. Also, you can delete the app at any given time. Anonymous, non personally identifiable information data (e.g. activity data) collected through the Service will be retained. In case you would like to delete specific data please send a deletion request to aloha@surfalarm.app.
Who has access to your data?
Surf Alarm handles your data confidentially and with care and will not share your data with third parties, unless explicitly stated in this privacy statement. We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
Surf Alarm is built with the help of Google Firebase. We make use of Firebase storage, database and cloud functions. All personal data that is saved in the Surf Alarm app is processed through, and stored in, Google Firebase. Detailed information about the Firebase terms and conditions concerning data protection, processing and security can be found through this link. For analytics purposes we make use of Google Analytics and Firebase Analytics. Both are customer data platforms that allow us to collect relevant data about the way users interact with Surf Alarm. Detailed information concerning data protection, processing and security of Firebase can be found through this link.
Google Analytics provides reporting and dashboard features that help us understand how users are using our app. Data that is shared with Google Analytics cannot be traced back to a user. Firebase user IDs are used to identify unique users: these IDs are not shared in Google Analytics. For detailed information concerning data protection, processing and security read Google Analytics’ privacy statement and terms of service.
For crashlytics purposes we share app and device metadata with Sentry. Data that is shared with Sentry cannot be traced back to a user. For detailed information concerning data protection, processing and security read their privacy policy.
We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process.
How do we secure your data?
All data that is saved in the Surf Alarm app is processed through, and stored, in Google Firebase. Firebase services encrypt data in transit using HTTPS and logically isolate customer data. In addition, several Firebase services also encrypt their data at rest. The majority of Firebase services run on global Google infrastructure. Data can be processed at any of the Google Cloud Platform locations or Google data center locations. Detailed information about the Firebase terms and conditions concerning data protection, processing and security can be found through this link. For information concerning Google Cloud in relation to the GDPR, follow this link.
As detailed above, we use Google Analytics to learn about the way users interact with Surf Alarm. Data that is shared with Google Analytics cannot be traced back to a user. Firebase user IDs are used to identify unique users: these IDs are not shared in Google Analytics. For detailed information concerning data protection, processing and security read Google Analytics’ privacy statement and terms of service.
Once again, our app allows you to share your surf report to third parties that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies and practices.
How can you control the way Surf Alarm processes your data?
The GDPR describes eight 8 individual privacy rights for data subjects. Hereunder we describe how we comply with these principles. At any given moment you can request access to your personal data that is processed through the Surf Alarm app or request rectification or deletion of this data, with the understanding that we may be unable to provide you with some of the desired services. You can also request Surf Alarm to restrict data processing or to transfer your personal data to another data processor in a structured, commonly used and machine readable format. It is also possible to object the processing of personal data by Surf Alarm. We do not make use of automated decision making. If you would like to contact us regarding any of these data subject rights this can be done by sending a written notice to aloha@surfalarm.app. You may also have the right to make a GDPR complaint to the relevant Supervisory Authority.
Children
Our Service does not address children under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child / children has / have provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.If you are at least 13 but under 16 years of age, do not contact us or provide us with any personal data until after your parent or guardian has sent us an e-mail consenting to your contact and provision of such information. Questions Questions about using the Surf Alarm app or settlement of a data related issue can be asked via email: aloha@surfalarm.app.