Privacy Policy

Surfpoint Privacy Policy Statement

We take your privacy very seriously

Surfpoint respects and cares about your privacy. Our Privacy Policy is intended to describe to you how and what data we collect, and how and why we use your personal data. It also describes options we provide for you to access, update or otherwise take control of your personal data that we process.

What personal information do Surfpoint collect and how is it collected?

Surfpoint collects information to provide the best possible experience when you use our services. Much of the personal data collected is collected directly from you when you:

    • Create an account or purchase any of our services (e.g. billing information, including name, address, and any relevant financial information needed for the transaction to occur);
    • Request assistance from our Customer Services team (e.g. telephone number);
    • Complete contact forms or request other information from us (e.g. email address)

Surfpoint also collects additional information when delivering our services to you to ensure necessary and optimal performance. These collection methods include:

Account related information is collected in association with your use of our services, such as account number, products you have purchased, when products renew or expire, information requests, supports requests, and notes or details on our interactions.

Cookies and similar technologies on our website allow us to track your browsing behaviour, links clicked, items purchased, and your device types. They also allow us to collect data (including analytics) about how you use and interact with our services. This allows us to provide you with more relevant product offerings, a better experience on our sites and mobile applications, and to collect, analyse, and improve the performance of our Services. We may also collect your location via Internet Protocol (IP) address, so that we can personalise our Services. For additional information, please see our Cookie Policy.

Data about Usage of Services is automatically collected when you use and interact with our Services, including metadata, log files, cookie/device IDs, and location information. This information includes specific data about your interactions with the features, content, and links (including third-parties, such as social media plugins) contained within the Services, IP address, browser type and settings (including configuration and plug-ins), the date and time the Services were used, language preferences and cookie data, and information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers, and error data. Some of this data collected might be capable of and be used to approximate your location.

How do Surfpoint use collected information?

Surfpoint believes in both reducing the amount of data we collect and limiting the use and purpose of that data to only:

  • Data for which we have been given permission
  • Data necessary to deliver the services you purchase or interact with
  • Data we might be required to keep for legal compliances or other lawful purposes

These uses include: Delivering, improving, updating, and enhancing the Services we provide to you. We collect information relating to your purchase, use, and/or interactions with our Services. We utilise this information to:

  • Improve and optimise the operation and performance of our Services (again, including our websites and mobile applications)
  • Diagnose problems with and identify any security risks, errors, or needed enhancements to the Services
  • Detect and prevent fraud and abuse of our Services and systems
  • Collecting aggregate statistics about use of the Services
  • Understand and analyse how you use our Services and what products and services are most relevant to you.

Often, much of the data we collect is aggregated or statistical data about how individuals use our Services, and is not linked to any personal data, but as it is itself personal data, or it can be linked or linkable to personal data, we treat it accordingly.

Surfpoint may share your personal data with trusted third-party service providers as necessary for them to perform services on our behalf, such as:

  • Processing payments
  • Serving advertisements
  • Conducting contests or surveys
  • Performing analysis of our services and customer demographics
  • Communicating with you, such as by email

We only share your personal data as necessary for any third party to provide the services as requested or as needed on our behalf. These third parties (and any subcontractors) are subject to strict data processing terms and conditions and are prohibited from utilising, sharing or retaining your personal data for any purpose other than as they have been specifically contracted for (or without your consent).

Communicating with you. We may contact you directly, or through a third-party service provider, regarding products or services you have signed up or purchased from us, such as necessary to deliver transactional or service related communications. We may also contact you with offers for additional services we think you'll find valuable if you give us consent, or where allowed based upon legitimate interests. You don't need to provide consent as a condition to purchase our goods or services. These contacts may include:

  • Email
  • Text (SMS) messages
  • Telephone calls
  • Automated phone calls or text messages.

You may also update your subscription preferences with respect to receiving communications from us and/or our partners by signing into your account and visiting the "Account Settings" page in the Customer Control Panel.

If we collect information from you in connection with a co-branded offer, it will be clear at the point of collection who is collecting the information and whose privacy policy applies. In addition, it will describe any options you have in regards to the use and/or sharing of your personal data with a co-branded partner, as well as how to exercise those options.

Transfer of personal data abroad. If you utilise our Services from a country other than the country where our servers are located, your communications with us may result in transferring your personal data across international borders. Also, when you call us or initiate a chat, we may provide you with support from one of our global locations outside your country of origin. Your personal data will be transferred and processed outside of the EEA. In these cases, your personal data is handled according to this Privacy Policy.

Compliance with legal, regulatory and law enforcement requests. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (such as subpoena requests), to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.

Website analytics. We use web analytics tools provided by Google Analytics to collect information about how you interact with our website, including what pages you visit, what site you visited prior to visiting our website, how much time you spend on each page, what operating system and web browser you use, and network and IP information. We use the information provided by these tools to improve our Services. These tools place persistent cookies in your browser to identify you as a unique user the next time you visit our website. Each cookie cannot be used by anyone other than the service provider (eg: Facebook and Google for Google Analytics). The information collected from the cookie may be transmitted to and stored by these service partners on servers in a country other than the country in which you reside. Though information collected does not include personal data such as name, address, billing information, etc., the information collected is used and shared by these service providers in accordance with their individual privacy policies.

Third-party websites. Our website contains links to third-party websites. We are not responsible for the privacy practices or the content of third-party sites. Please read the privacy policy of any website you visit.

Age Restrictions. Our Services are available for purchase only for those over the age of 16. Our Services are not targeted to, intended to be consumed by or designed to entice individuals under the age of 16. If you know of or have reason to believe anyone under the age of 16 has provided us with any personal data, please contact us.

How does Surfpoint secure collected information?

We follow generally accepted standards to store and protect the personal data we collect, both during transmission and once received and stored, including utilisation of encryption where appropriate.

We retain personal data only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:

  • Mandated by law, contract, or similar obligations applicable to our business operations;
  • For preserving, resolving, defending, or enforcing our legal/contractual rights; or
  • Needed to maintain adequate and accurate business and financial records.

If you have any questions about the security or retention of your personal data, you can contact us at

Do third parties have access to data?

Surfpoint utilises services provided by third parties in various situations, such as:

  • Analysis and tracking
  • Payment processing
  • Communications
  • Hosting

Third parties that Surfpoint interact with:

Google Analytics
Heart Internet Limited

How you can control information collected by Surfpoint

You have the right to request access to or change the information that Surfpoint has on you. You can do this by signing into your Account and visiting “Account Settings”, alternatively you can contact us at

We will make sure to provide you with a copy of the data we process about you. In order to comply with your request, we may ask you to verify your identity.

We will fulfil your request by sending your copy electronically, unless the request expressly specifies a different method.

If you believe that the information we have about you is incorrect, you are welcome to contact us so we can update it and keep your data accurate. If you make a request to delete your personal data and that data is necessary for the products or services you have purchased, the request will be honoured only to the extent it is no longer necessary for any Services purchased or required for our legitimate business purposes or legal or contractual record keeping requirements.

If you are unable for any reason to access your Account Settings, you may also contact us at

Who is the data controller?

Surfpoint processes Personal Data as a Processor and as a Controller, as defined in the General Data Protection Regulation (GDPR).

The Surfpoint entity which you as a user entered an agreement with when using Surfpoint’s platform, will be the Controller for user data.

Surfpoint adheres to the General Data Protection Regulation (GDPR). Surfpoint processes all data provided by its users with accounts in its European Data Region, in the European Economic Area (EEA) only.

Contact us at

Is providing data mandatory?

Providing data to Surfpoint is not mandatory but failing to provide certain information, such as an email, may mean certain aspects of our services will not be able to be accessed.

What is the legal basis for processing data?

Surfpoint collects and processes data so as far as it is necessary in providing services.

Further, users provide Surfpoint with information such as name, email, address, telephone, relevant financial information, and other relevant data. This information is used by Surfpoint to identify the user and provide them with support, services, mailings, sales and marketing actions, billing and to meet other obligations.

Changes in our Privacy Policy.

We reserve the right to modify this Privacy Policy at any time. If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy and any other places we deem appropriate, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make material changes to this Privacy Policy, we will notify you here, by email, or by means of a notice on our home page, at least thirty (30) days prior to the implementation of the changes.

Privacy Policy Europe GDPR