Privacy Policy

1. Introduction

Welcome to Sturnus Ratings (the Site). This Privacy Policy explains how we collect, use, retain, disclose, and safeguard your personal data when you visit our Site or use our services. We are committed to protecting your privacy in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) and other applicable data protection laws. Please read this Privacy Policy carefully. If you do not agree with our policies and practices, your choice is not to use our Site.

2. Information We Collect

2.1. Account and Registration Data

When you register on our Site, we collect your first and last name, email address, username, and a securely hashed password. We do not store your password in plain text.

2.2. Billing and Payment Data

When you purchase a subscription, billing is processed by our payment provider, Stripe, Inc. We receive confirmation of payment and subscription status. We do not store your full card number, CVV, or bank account details on our servers. Stripe's own privacy policy governs how your payment data is handled by Stripe.

2.3. Technical and Usage Data

When you interact with our Site, we may automatically collect technical information including your IP address, browser type and version, device type, operating system, pages visited, and access timestamps. This data is used for security monitoring, fraud prevention, and service improvement.

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data only where we have a lawful basis to do so under GDPR Article 6:

  • Contract performance (Art. 6(1)(b)): Processing is necessary to provide the subscription service you have purchased, to manage your account, and to deliver the content you have paid for.
  • Legal obligation (Art. 6(1)(c)): We retain certain records (e.g., billing and tax records) to comply with applicable financial and legal obligations.
  • Legitimate interests (Art. 6(1)(f)): We process technical and usage data to secure our systems, prevent fraud, improve our services, and communicate with you about your account.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide the Service: to create and manage your account, process payments, and deliver subscription content.
  • To communicate with you: to send account-related notifications, subscription confirmations, and responses to your support requests.
  • To improve our Site: to analyse usage patterns, diagnose technical issues, and develop new features.
  • To ensure security: to detect and prevent fraud, abuse, and unauthorised access to our systems.
  • To comply with legal obligations: to retain records as required by applicable law.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

  • Account data (name, email, preferences): retained for the duration of your account and for a reasonable period thereafter to handle any post-closure queries.
  • Billing and payment records: retained for a minimum of 7 years to comply with applicable financial and tax record-keeping requirements.
  • Technical logs (IP addresses, access logs): retained for up to 12 months for security and fraud prevention purposes, then deleted or anonymised.

6. How We Protect Your Information

We adopt appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted communications (HTTPS/TLS), hashed password storage, and access controls limiting who within our organisation can access personal data.

7. Third-Party Processors

We share your personal data with trusted third-party processors only to the extent necessary to operate the Service. We do not sell, trade, or rent your personal data to third parties for marketing purposes.

  • Stripe, Inc. — payment processing. Stripe receives your billing information to process subscription payments. Stripe is a PCI DSS Level 1 certified service provider. See stripe.com/privacy.
  • Cloudflare, Inc. — content delivery network and security services (DDoS protection, DNS, TLS termination). Cloudflare may process your IP address and request metadata as part of its network security operations. See cloudflare.com/privacypolicy.

Users may also find content or links on our Site that lead to third-party websites. We do not control those sites and are not responsible for their privacy practices. Browsing any other website is subject to that website's own policies.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our Site:

  • Essential cookies: session cookies required to authenticate you and maintain your login session. These are strictly necessary for the Service to function and cannot be disabled without preventing use of the Site.
  • Preference cookies: used to remember your settings, such as your display theme preference.
  • Third-party advertising cookies: advertising partners may set their own cookies when you view ads on our Site. These cookies compile non-personal information to deliver targeted advertisements. We are not responsible for those cookies; please refer to the respective providers' privacy policies. You may opt out of Google's DART cookie at google.com/privacy_ads.html.

You can control or disable non-essential cookies through your browser settings. Disabling essential cookies will prevent the Site from functioning correctly.

9. Your Rights Under GDPR

If you are located in the European Union, you have the following rights under the GDPR with respect to your personal data:

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data we hold about you.
  • Right to erasure (Art. 17): You may request deletion of your personal data where there is no compelling reason for its continued processing, subject to our legal retention obligations.
  • Right to data portability (Art. 20): You may request to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21): You may object to processing of your personal data where it is based on our legitimate interests.
  • Right to lodge a complaint: You have the right to lodge a complaint with your national data protection supervisory authority if you believe your rights under the GDPR have been infringed.

To exercise any of these rights, please contact us. We will respond within 30 days of receiving your request.

10. Data Controller

The data controller responsible for your personal data processed through this Site is Sturnus Ratings. For any questions about this Privacy Policy or to exercise your data protection rights, please use our contact form.

11. CAN-SPAM Compliance

If you are located in the United States, the following applies to email communications we send. We do not send unsolicited commercial email. Any commercial emails we send will clearly identify us as the sender, include a valid electronic contact address, and provide a clear and conspicuous mechanism to opt out of future marketing communications. We will honour all opt-out requests promptly. Transactional and account-related emails (such as subscription confirmations, invoices, and password resets) are exempt from opt-out requirements as they are necessary for the operation of the Service. To stop receiving marketing emails, please contact us or use the unsubscribe link included in each marketing email.

12. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights with respect to your personal information:

  • Right to know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the business purpose for which it was collected, and the categories of third parties with whom we share it.
  • Right to delete: You have the right to request deletion of personal information we have collected about you, subject to certain exceptions permitted by law.
  • Right to opt out of sale: We do not sell your personal information. You therefore have no need to opt out of such a sale.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your rights under the CCPA.

To exercise your California privacy rights, please contact us.

13. Changes to This Privacy Policy

Sturnus Ratings has the discretion to update this Privacy Policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage you to review this page periodically to stay informed about how we protect your personal data.

14. Your Acceptance of These Terms

By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

15. Contacting Us

If you have any questions about this Privacy Policy, the practices of this Site, or your dealings with this Site, please use our contact form.

About

Our specialization focuses on the BDC, REIT, and mREIT subsectors of the financial sector within the stock market.

Important links:

Copyright © 2026 Sturnus Ratings

Version 1.0