Book now

Privacy Policy

Privacy Policy

SurfAndStays.com

Last updated: [22/4/26]

This Privacy Policy explains how SurfAndStays.com (“we”, “our”, “us”) collects, uses, and protects personal data of users, including individuals located in the European Economic Area (EEA), in accordance with the General Data Protection Regulation (GDPR).

By using our website and services, you agree to the practices described in this policy.

1. Data Controller

The data controller responsible for your personal data is:

Surf & Stay
[Weligama. Srilanka]
Email: [info@serendibodyssey.com]
Phone: [+94777850950]

2. Personal Data We Collect

We may collect and process the following categories of personal data:

a. Identity & Contact Data

  • Full name
  • Email address
  • Phone/WhatsApp number
  • Country of residence

b. Booking & Transaction Data

  • Services booked (surf lessons, guiding, experiences)
  • Booking dates and preferences
  • Payment status (processed via third-party providers)

c. Technical Data

  • IP address
  • Browser type and device information
  • Website usage data (via cookies and analytics)

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contractual Necessity – to process and manage your bookings
  • Legitimate Interests – to improve our services and prevent fraud
  • Consent – for marketing communications and non-essential cookies
  • Legal Obligation – to comply with applicable laws and regulations

4. How We Use Your Data

We use your data to:

  • Confirm and manage bookings
  • Communicate regarding your reservations
  • Provide customer support
  • Improve website performance and user experience
  • Send important service updates
  • Send marketing communications (only with your consent)

5. Data Sharing

We may share your personal data with:

  • Payment processors (secure transactions)
  • IT and booking system providers
  • Legal or regulatory authorities when required

All third parties are required to process your data securely and in compliance with GDPR.

6. International Data Transfers

As we are based in Sri Lanka, your data may be transferred and processed outside the EEA.

When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs)
  • Secure data handling practices

7. Data Retention

We retain personal data only as long as necessary to:

  • Fulfill booking and service obligations
  • Meet legal, tax, and regulatory requirements

8. Your GDPR Rights

If you are located in the EEA, you have the following rights:

  • Right of Access – request a copy of your data
  • Right to Rectification – correct inaccurate data
  • Right to Erasure (“Right to be Forgotten”)
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object to processing based on legitimate interests
  • Right to Withdraw Consent at any time

To exercise any of these rights, contact us using the details below.

9. Cookies & Consent

We use cookies and similar technologies to:

  • Ensure website functionality
  • Analyze traffic and performance
  • Improve user experience

For users in the EEA:

  • Non-essential cookies are only used with your explicit consent
  • You can manage or withdraw consent at any time via your browser or cookie banner

10. Data Security

We implement appropriate technical and organizational measures to protect your data against:

  • Unauthorized access
  • Loss or misuse
  • Alteration or disclosure

Despite our efforts, no online system is 100% secure.

11. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a relevant EU data protection authority.

12. Third-Party Links

Our website may include links to third-party websites. We are not responsible for their privacy practices.

13. Children’s Data

Our services are not intended for children under 18 without parental or guardian consent. We do not knowingly collect data from children without permission.

14. Updates to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised date.

15. Contact Us

For any questions or requests regarding this Privacy Policy or your personal data:

Surf & Stay
Email: [info@serendibodyssey.com]
Phone: [+94777850950]