LegalPrivacy Policy

Privacy Policy

Reef Support B.V. Herengracht 551, Amsterdam, Netherlands

Last updated: April 2026

1. Introduction

Reef Support B.V. (“we”, “us”, “our”) is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platforms and services.

This policy applies to all Reef Support services, including:

  • MariMap — marine monitoring platform (marimap.reef.support)
  • MariField — mobile field data collection app
  • Reef Ranger — conservation travel platform (travel.reef.support)
  • Reef Support Docs — documentation site (docs.reef.support)
  • reef.support — main website and all subdomains

2. Data Controller

The data controller responsible for your personal data is:

Reef Support B.V. Herengracht 551 1017 BW Amsterdam The Netherlands

Email: [email protected]

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Organisation or affiliation (if provided)
  • Password (stored in hashed form only)
  • Profile preferences and settings

3.2 Survey and Monitoring Data

When you use MariMap or MariField for marine monitoring, we collect:

  • GPS coordinates of survey sites
  • Survey observations (species counts, benthic cover, coral health assessments)
  • Photographs uploaded as part of surveys
  • Timestamps and survey metadata
  • Device information used during field surveys

3.3 Usage and Analytics Data

We collect limited usage data to improve our services:

  • Pages visited and features used
  • Browser type and version
  • Device type and operating system
  • IP address (anonymised for analytics)
  • Session duration and interaction patterns

3.4 Communication Data

When you contact us or use support features:

  • Email correspondence
  • Support ticket content
  • Feedback and feature requests

4. How We Use Your Data

We process your personal data for the following purposes:

  • Service delivery — to provide, maintain, and improve our platforms
  • Account management — to manage your account, authentication, and permissions
  • Data processing — to store and process marine monitoring data you submit
  • Communication — to send service updates, respond to enquiries, and provide support
  • Analytics — to understand usage patterns and improve user experience
  • Legal compliance — to comply with applicable laws and regulations
  • Security — to detect and prevent fraud, abuse, and security incidents

5. Legal Basis for Processing (GDPR)

We process your data under the following legal bases as defined in the General Data Protection Regulation (GDPR):

PurposeLegal Basis
Service delivery and account managementPerformance of a contract (Art. 6(1)(b))
Marine monitoring data processingPerformance of a contract (Art. 6(1)(b))
Analytics and service improvementLegitimate interest (Art. 6(1)(f))
Email communications about your accountPerformance of a contract (Art. 6(1)(b))
Marketing communicationsConsent (Art. 6(1)(a))
Legal complianceLegal obligation (Art. 6(1)(c))
Security and fraud preventionLegitimate interest (Art. 6(1)(f))

6. Data Hosting and Storage

All data is hosted on self-managed infrastructure provided by Hetzner Online GmbH, a German hosting company. Our servers are located in Finland (EU), ensuring full compliance with EU data protection regulations.

We do not use third-party cloud platforms (such as AWS, Google Cloud, or Azure) for primary data storage. Our infrastructure is self-hosted and managed directly by Reef Support B.V.

Key facts about our hosting:

  • Hosting provider: Hetzner Online GmbH (German company, GDPR-compliant)
  • Server location: Finland (European Union)
  • Data residency: All data remains within the EU at all times
  • No third-party data processors for core data storage — we manage our own databases, servers, and backups

7. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties.

We may share data only in the following limited circumstances:

  • With your explicit consent — for example, when you choose to share survey data publicly
  • Infrastructure providers — Hetzner (hosting), solely for the purpose of providing server infrastructure. Hetzner does not access or process your data.
  • Legal requirements — when required by law, court order, or governmental request
  • Essential service providers — email delivery services for transactional emails (account verification, password resets)

All third-party service providers are bound by data processing agreements in accordance with GDPR Article 28.

8. International Data Transfers

Your data is stored and processed exclusively within the European Union (Finland). We do not transfer personal data outside the EU/EEA.

If this changes in the future, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

9. Data Retention

We retain your data for as long as necessary to fulfil the purposes outlined in this policy:

Data TypeRetention Period
Account informationDuration of account + 12 months after deletion
Survey and monitoring dataDuration of account (exportable at any time)
Usage analytics26 months (anonymised)
Support correspondence24 months after resolution
Server logs90 days

After the retention period, data is securely deleted or anonymised.

10. Cookie Policy

10.1 What Are Cookies

Cookies are small text files stored on your device when you visit our websites. We use cookies to ensure our platforms function correctly and to improve your experience.

10.2 Cookies We Use

Cookie TypePurposeDuration
Essential cookiesAuthentication, session management, securitySession / 30 days
Preference cookiesLanguage settings, UI preferences, map settings1 year
Analytics cookiesAnonymous usage statistics to improve our services26 months

10.3 Cookie Consent

We do not use third-party advertising or tracking cookies. Essential cookies are required for the platform to function. Analytics cookies are only placed with your consent, which you can manage through the cookie banner on our sites.

10.4 Managing Cookies

You can manage or delete cookies through your browser settings. Note that disabling essential cookies may prevent the platform from functioning correctly.

11. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

11.1 Right of Access (Art. 15)

You have the right to request a copy of the personal data we hold about you.

11.2 Right to Rectification (Art. 16)

You can request correction of inaccurate or incomplete personal data.

11.3 Right to Erasure (Art. 17)

You can request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.

11.4 Right to Restrict Processing (Art. 18)

You can request that we limit the processing of your personal data in certain circumstances.

11.5 Right to Data Portability (Art. 20)

You can request your data in a structured, commonly used, machine-readable format. Survey and monitoring data can be exported directly from MariMap and MariField at any time.

11.6 Right to Object (Art. 21)

You can object to the processing of your personal data based on legitimate interests, including for direct marketing purposes.

11.7 Right to Withdraw Consent (Art. 7(3))

Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

11.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The lead supervisory authority for Reef Support B.V. is:

Autoriteit Persoonsgegevens (Dutch Data Protection Authority) Website: https://autoriteitpersoonsgegevens.nl

12. How to Exercise Your Rights

To exercise any of your rights, contact us at:

  • Email: [email protected]
  • Post: Reef Support B.V., Herengracht 551, 1017 BW Amsterdam, The Netherlands

We will respond to your request within 30 days as required by the GDPR. We may ask you to verify your identity before processing your request.

13. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Regular security updates and patch management
  • Access controls and authentication mechanisms
  • Regular backups with encrypted storage
  • Network segmentation and firewall protection
  • Monitoring for unauthorised access attempts

14. Children’s Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16 without appropriate consent, we will delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting an updated version on our websites
  • Sending an email notification for material changes
  • Updating the “Last updated” date at the top of this page

We encourage you to review this policy periodically.

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Reef Support B.V. Herengracht 551 1017 BW Amsterdam The Netherlands

Email: [email protected]

Data providersTerms & Conditions