Privacy Policy
Last updated: March 2026
1. Introduction
Welcome to Solid Surf House. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information about you when you use our booking platform and related services (the “Service”).
By accessing or using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our Service.
2. Data Controller
The data controller responsible for your personal data is:
Solid Surf Co. Limited
65-67 Bonham Strand, Sheung Wan, Hong Kong
999077 Hong Kong
Cina
VAT: 3180732
Email: holiday@solidsurfhouse.com
Website: solidsurfhouse.com
65-67 Bonham Strand, Sheung Wan, Hong Kong
999077 Hong Kong
Cina
VAT: 3180732
Email: holiday@solidsurfhouse.com
Website: solidsurfhouse.com
If you have any questions about how we handle your personal data, you can contact us at the address above.
3. What Data We Collect
We collect different types of information depending on how you interact with our Service:
a) Information you provide directly:
- Full name, email address, phone number, and date of birth
- Passport or ID details (required for accommodation check-in)
- Surf experience level and physical health information relevant to surf instruction
- Payment details (processed securely through our payment providers; we do not store card numbers)
- Booking preferences, room selections, and dietary or accessibility requirements
- Communications you send us via email, contact forms, or chat
b) Information collected automatically:
- IP address, browser type, device type, and operating system
- Pages visited, time spent on pages, and navigation patterns
- Cookies and similar tracking technologies (see our Cookie Policy)
- Referral URLs and search terms that led you to our site
c) Information from third parties:
- Information from social media platforms if you connect your account
- Analytics data from services such as Google Analytics
- Booking or payment confirmation from partner agencies
4. How We Use Your Data
We use your personal data for the following purposes:
- Booking management: To process reservations, assign rooms, manage surf lessons, and coordinate airport transfers.
- Communication: To send booking confirmations, payment receipts, pre-arrival information, and updates about your stay.
- Customer support: To respond to your enquiries, resolve complaints, and provide assistance before, during, and after your visit.
- Account management: To create and manage your user account, including authentication and password recovery.
- Legal compliance: To meet our obligations under applicable laws, including accommodation registration requirements with local authorities.
- Service improvement: To analyse usage patterns, identify issues, and improve the quality and functionality of our platform.
- Marketing: Where you have given consent, to send newsletters, promotions, and updates about upcoming surf camps and offers.
5. Legal Basis for Processing (GDPR)
For users in the European Union, we rely on the following legal bases under the General Data Protection Regulation (GDPR):
- Contract performance (Art. 6(1)(b)): Processing necessary to fulfil your booking and deliver the services you have requested.
- Legal obligation (Art. 6(1)(c)): Processing required to comply with Portuguese and EU law, including tax and accommodation registration obligations.
- Legitimate interests (Art. 6(1)(f)): Processing for fraud prevention, platform security, and internal analytics, where these do not override your rights.
- Consent (Art. 6(1)(a)): Where you have explicitly agreed to receive marketing communications or to the placement of non-essential cookies.
6. Cookies
We use cookies and similar technologies to operate our platform, remember your preferences, and measure traffic. For detailed information about the cookies we use, how long they last, and how to manage your preferences, please refer to our Cookie Policy.
7. Data Sharing & Third Parties
We do not sell your personal data. We may share your data with trusted third parties only where necessary to deliver our services or comply with legal obligations:
- Payment processors: Stripe or similar providers to securely handle transactions.
- Email service providers: SendGrid, used to send transactional and communication emails on our behalf.
- Cloud infrastructure: DigitalOcean and similar providers for hosting and data storage. Data may be stored within the EU/EEA.
- Analytics providers: Google Analytics (with IP anonymisation enabled) to understand how users navigate our platform.
- Legal authorities: When required by law, court order, or to protect the rights and safety of our guests and staff.
- Partner agencies: Limited booking details may be shared with travel agencies that referred your reservation.
All third-party processors are contractually bound to handle your data securely and in accordance with applicable data protection law.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
- Booking and transaction records: 7 years (tax and legal obligation)
- Account data: for the duration of your account, plus 2 years after last activity
- Marketing consent records: until consent is withdrawn
- Analytics data: in aggregated, anonymised form indefinitely
Upon expiry of the applicable retention period, your data will be securely deleted or anonymised.
9. Your Rights
Under the GDPR and applicable data protection legislation, you have the following rights:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Ask us to correct inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data, subject to legal obligations.
- Right to restriction: Ask us to limit how we use your data in certain circumstances.
- Right to data portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at holiday@solidsurfhouse.com. We will respond within 30 days. You also have the right to lodge a complaint with the Portuguese data protection authority (CNPD) at cnpd.pt.
10. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include:
- HTTPS encryption for all data in transit
- Encrypted storage for sensitive credentials
- Role-based access controls limiting who can view guest data
- Regular security reviews and dependency updates
- Session tokens with limited expiry periods
No method of transmission over the internet is 100% secure. If you believe your data has been compromised, please contact us immediately.
11. Contact Us
For any questions, requests, or concerns regarding this Privacy Policy or our data practices, please reach out to us:
Email: holiday@solidsurfhouse.com
Address: 65-67 Bonham Strand, Sheung Wan, Hong Kong 999077 Hong Kong China
Address: 65-67 Bonham Strand, Sheung Wan, Hong Kong 999077 Hong Kong China
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will notify you via email or a prominent notice on our platform prior to the change becoming effective.
We encourage you to review this page periodically. The date at the top of this page indicates when this policy was last revised.