Privacy Policy
Last updated:
1. Introduction
Sterlon Services OÜ ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit sterlinglongevity.com (the "Website") or use our services.
Data controller: Sterlon Services OÜ, a company registered in the Republic of Estonia under registry code 16332514.
Contact: care@sterlinglongevity.com
2. Data We Collect
Personal Data
Information you provide directly when you enquire, book, or contact us:
- Full name, email address, telephone number, and country of residence
- Date of birth and gender (for programme eligibility)
Health Data (Special Category Data)
When you complete a health assessment or consultation form, you may provide health-related information. Under the GDPR, health data is classified as "special category" personal data and receives additional protections.
- Medical history and current conditions
- Symptoms, medications, and prior treatments
- Assessment scores and physician notes
Booking & Payment Data
- Programme preferences, travel dates, and accommodation requirements
- Payment details are processed by Stripe and are never stored on our servers. We retain only a transaction reference and amount for accounting purposes.
Technical Data
Automatically collected when you visit the Website:
- IP address, browser type and version, operating system
- Pages visited, time spent, referring URL
- Device identifiers and screen resolution
3. Legal Basis for Processing
We process your personal data on the following legal bases under GDPR Articles 6 and 9:
| Data Type | Legal Basis | GDPR Article |
|---|---|---|
| Health assessment data | Explicit consent | Art. 6(1)(a) & Art. 9(2)(a) |
| Booking & payment data | Performance of a contract | Art. 6(1)(b) |
| Communication data | Performance of a contract / Consent | Art. 6(1)(a) & (b) |
| Technical & analytics data | Legitimate interest | Art. 6(1)(f) |
| Marketing communications | Consent | Art. 6(1)(a) |
4. How We Use Your Data
- To evaluate your candidacy for our regenerative wellness programmes
- To coordinate bookings, accommodation, transfers, and travel logistics
- To communicate with you about your programme, including pre-trip preparation and post-programme follow-up
- To process payments and manage financial records
- To improve our Website, services, and user experience
- To send you relevant research, stories, and programme updates (only with your consent)
- To comply with our legal and regulatory obligations
5. Data Sharing
We do not sell, rent, or trade your personal data. We share your data only with the following parties, and only to the extent necessary:
- Partner clinics (Thailand) — Your health data is shared with the treating medical facility to prepare and deliver your programme. This sharing is based on your explicit consent and is necessary for the performance of your booking.
- Payment processor (Stripe) — Payment card data is processed directly by Stripe, a PCI DSS Level 1 certified provider. We do not have access to your full card details.
- Hosting provider (Amazon Web Services) — Our Website and data are hosted on AWS infrastructure within the EU, with appropriate security measures.
- Analytics (with consent) — We use privacy-respecting analytics to understand how visitors use our Website. No personal data is shared with advertising networks.
6. International Data Transfers
Your personal data may be transferred to Thailand for the purpose of medical coordination and programme delivery. When we transfer data outside the European Economic Area (EEA), we implement appropriate safeguards including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data processing agreements with all receiving parties
- Technical security measures including encryption in transit and at rest
7. Data Retention
| Data Category | Retention Period | Reason |
|---|---|---|
| Booking & payment records | 7 years | Estonian accounting and tax requirements |
| Health assessment data | Until consent is withdrawn, or 3 years after last contact | Programme coordination and follow-up |
| Communication records | 3 years after last contact | Service quality and dispute resolution |
| Technical / analytics data | 12 months | Website improvement and security |
| Marketing consent records | Duration of consent + 1 year | Compliance documentation |
8. Your Rights Under the GDPR
As a data subject, you have the following rights. To exercise any of these rights, please contact us at care@sterlinglongevity.com. We will respond within 30 days.
- Right of access — Request a copy of the personal data we hold about you
- Right to rectification — Request correction of inaccurate or incomplete data
- Right to erasure — Request deletion of your data ("right to be forgotten"), subject to legal retention obligations
- Right to restrict processing — Request that we limit how we use your data
- Right to data portability — Receive your data in a structured, machine-readable format
- Right to object — Object to processing based on legitimate interest or for direct marketing
- Right to withdraw consent — Withdraw consent at any time, without affecting the lawfulness of processing performed prior to withdrawal
Right to lodge a complaint: If you believe your data protection rights have been violated, you may lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon):
- Website: www.aki.ee/en
- Email: info@aki.ee
9. Cookies
We use cookies and similar technologies to ensure the Website functions correctly and to improve your experience.
Essential Cookies
Required for core Website functionality such as session management and security. These cannot be disabled.
Analytics Cookies
Used to understand how visitors interact with our Website. These are only set with your consent and do not track you across other websites.
Advertising Cookies
We do not use advertising or third-party tracking cookies.
10. Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page. Where required by law, we will obtain your consent to any material changes that affect how your data is processed.
12. Contact
For any questions regarding this Privacy Policy or your personal data, please contact us:
- Data controller: Sterlon Services OÜ
- Registry code: 16332514
- Data protection enquiries: care@sterlinglongevity.com
Supervisory authority: Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate), Tatari 39, 10134 Tallinn, Estonia.