Compare Schools
Home/Privacy Policy
Legal

Privacy Policy

Last updated: 2026-05-28. We keep this short, honest, and GDPR-compliant.

1. Who we are

This site (kitesurfing.me) is operated by [VORNAME NACHNAME], [STRASSE HAUSNUMMER], [PLZ ORT], [LAND]. Contact: kitesurfingaddictions2002@gmail.com. Full details are in our Impressum.

2. What data we collect

  • Server logs (IP address, browser, referrer, timestamp) — used to operate and secure the site. Stored max. 14 days. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
  • Account data (email, name) — only if you create an account. Legal basis: Art. 6(1)(b) GDPR (contract).
  • Lead-form data (name, email, message, the school you contact) — when you send an enquiry to a school. We forward it to the school and store a copy for support. Legal basis: Art. 6(1)(b) GDPR.
  • Cookies / analytics — strictly necessary cookies only by default. Any analytics or marketing cookies are loaded only after you give explicit consent via our cookie banner. Legal basis: Art. 6(1)(a) GDPR + § 25 TTDSG.
  • Contributions — if you submit data (prices, reviews, photos), we store what you submit plus your IP for spam protection. Legal basis: Art. 6(1)(a) and (f) GDPR.

3. What we do NOT do

  • We do not sell your data.
  • We do not run third-party ad networks that profile you.
  • We do not use dark-pattern consent — say no and the site still works.

4. Processors we use

We use a small number of vetted service providers. All are bound by Art. 28 GDPR data-processing agreements:

  • Frontend hosting: Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. Edge delivery may process IP addresses for routing and DDoS protection. Transfer to the US is covered by the EU-US Data Privacy Framework and EU Standard Contractual Clauses.
  • Database: Supabase, hosted in the EU region (Frankfurt, Germany — AWS eu-central-1). All application data (accounts, listings, contributions, lead forms) is stored within the EU.
  • Workflow automation: n8n, self-hosted in Germany. Used for internal data pipelines (e.g. processing contributions and lead routing). No data leaves the EU.

Where data is transferred outside the EU/EEA (currently only via Vercel's edge network), we rely on the EU-US Data Privacy Framework and EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

5. Data on listed kite schools

kitesurfing.me lists kite schools as a comparison service. We process publicly available business information (name, address, website, prices, course offerings) of schools as legal entities. Where individual contact persons are named, the legal basis is Art. 6(1)(f) GDPR (legitimate interest in transparent market information). Schools can request removal or correction at any time — see Section 8.

6. How long we keep data

Server logs: 14 days. Account data: until you delete your account. Lead-form data: 24 months, then deleted. Contributions: kept while the listing exists, attribution removed on request.

7. Your rights (GDPR)

You have the right to access (Art. 15), rectify (Art. 16), delete (Art. 17), restrict (Art. 18), and port (Art. 20) your personal data, as well as the right to object (Art. 21) and to withdraw consent at any time. To exercise any of these, email kitesurfingaddictions2002@gmail.com. You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

8. Opt-out for listed schools

If you operate a kite school listed on this site and want your listing removed, corrected, or updated, email kitesurfingaddictions2002@gmail.com with proof of association (e.g. email from the school's official domain). We process such requests within 14 days.

9. Changes to this policy

We may update this policy as the service evolves. The current version always lives at this URL with the "Last updated" date at the top. Material changes will be communicated by banner or email.