This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.
We know that there’s a lot of information here but we want you to be fully informed about your rights and how Aqua-Marina Dive Centre (AM) uses your data.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.
The legal bases we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent.
For example, when you tick a box to sign up for one of our mailing lists
When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service (required fields).
If the law requires us to, we may need to collect and process your data.
For example, we are required by local law to record identifiers such as your passport or ID number; and certain other information such as your hotel or accommodation name/address and your arrival and departure dates in Tenerife
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we will use your purchase history to send you or make available personalised offers.
We also combine the purchasing history of many customers to identify trends and ensure we can keep up with demand, or develop new products/services.
Where do we collect your data, what data do we collect and how do we use it?
Aqua-Marina Dive Centre (AM) collect data from the public through a variety of avenues. In each case the data collected; and its intended use; may differ slightly. These are discussed in further detail below:
*NB: In the following table, within the column titled “With whom is this data shared?”, in many cases the answer is ‘This data/information is shared with nobody*’. This means that nobody outside of Aqua-Marina dive centre will have access to this data, however this data will form part of the business’ Customer Management Database and may be passed on to new owners in the event that the business is sold to a third party(ies) at some point in the future.
|Where is your data collected?||What data is collected?||In what way is this data used?||With whom is this data shared?|
|On our website – email sign-up forms||Name;|
|This data is used for targeted marketing campaigns by AM exclusively.||The data is collected through Mailchimp.com™. AM accepts no responsibility for actions or activities of Mailchimp.com™.
Once received by AM, this data is shared with nobody*
|On our website – online booking forms||Name;|
|This data is used in order to liaise with existing and potential customers; and for internal organisational and planning purposes.|
First & last names and email addresses may also be used in targeted marketing campaigns.
|This data is collected through a word-press add-on named Gravity Forms©, provided by RocketGenius, Inc™. Once received by AM this data is shared with nobody*|
|On our website – contact forms||Name;|
|This data may be used for providing services to new and existing customers as per their individual requests; and later for targeted marketing campaigns.||This data is shared with nobody*|
|On our website - cookies||User website experience; information manually inputted by users||To streamline to the website user experience||This information is shared with nobody*|
|AM Customer Record File||Name; date of birth; email address; phone number; place and dates of stay in Tenerife; previous dive history||Mostly this information is used in the planning and organisation of our daily activities. Contact information may be used in targeted marketing campaigns. Information related to the place and duration of your stay in Tenerife is gathered as per local legislation||Information related to your place and duration of your stay in Tenerife will be passed on to local government entities if they request it. In the event that this information is shared with them, AM have no control over how it is used by these entities.
All other personal information is kept confidential and will be shared with nobody*
|PADI Administrative documents||Name; date of birth; home/postal address; emergency contact details; self-assessment medical questionnaire||This information will be used by AM for future marketing campaigns|
This information is shared with PADI in order to issue diving certifications
|Some of this information is shared with PADI in order to issue diving certifications. AM accept to responsibility over the way in which PADI Use/store this information.
NOTE: AM are required by PADI standards to retain this information for 7 years. Users can opt out of receiving marketing initiatives from AM, but may not elect to have this information deleted until the 7 years have passed.
|Direct email/phone contact from potential or existing customers||Name; date of birth; home/postal address; emergency contact details; self-assessment medical questionnaire|
Name; email address; phone number
|This data may be used by AM to provide solicited activities; and later may be used for targeted marketing campaigns.||This data is shared with nobody*|
Opt’ing-out and Data Deletion
Anyone can choose to opt out of receiving communications form AM at any point by clicking on the ‘unsubscribe’ link within the footer of an email, or by responding/sending us an email with the instruction: “UNSUBSCRIBE”.
Anyone can choose to have his or her data deleted completely by emailing us with a request to do so. If you wish this to happen, please send a message with the effect of:
Please delete all of my personal data from your database, and do not contact me again in the future.
In compliance with PADI’s standards, we are required to retain on file the personal data for any participant in a sanctioned PADI programme for a duration of 7 years. This data may include some or all of the following:
- Full Names
- Date of Birth
- Email Address
- Residential/postal address
- Phone number
- Self-assessment medical questionnaire, liability release and standard safe diving practices statement of understanding
This data may be stored digitally, on paper or both. Users may opt-out of receiving communications from AM and/or from PADI at any stage, but legally this data must be stored securely by AM for a period of no less than 7 years.
What are your rights regarding your personal data
An overview of your different rights
You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
You can contact us to request to exercise these rights at any time as follows:
To ask for your information please email firstname.lastname@example.org.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.