Privacy Policy

At DigiDive, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our platform.

1. Who We Are

DigiDive is a dive center management platform that provides digital waiver processing, scheduling, customer management, and related services. We act as a data processor on behalf of dive centers (our customers), who are the data controllers of their customers' information.

Contact Information:
Email: info@digidive.co

2. Information We Collect

2.1 Personal Information (Waiver Forms)

When you complete a waiver form through a dive center using DigiDive, we collect:

• Identity Information: Full name, date of birth, nationality/country
• Contact Information: Email address, phone number, address (optional)
• Emergency Contact: Name and phone number of your emergency contact
• Accommodation: Hotel/accommodation details (optional)

2.2 Diving Information

• Certification status, agency, level, and certification number
• Date of last dive and number of logged dives
• Equipment preferences and sizing (wetsuit, fins, weight system)
• Diving insurance details (provider, policy number, contact)
• Flight information for decompression safety planning

2.3 Health and Medical Information

Special Category Data (Sensitive): We collect medical information through a standardized diving medical questionnaire. This includes questions about:

• Cardiovascular and respiratory conditions
• Ear, eye, and sinus conditions
• Neurological conditions and seizure history
• Psychological conditions and medication use
• Other health conditions that may affect diving safety

This medical information is collected solely for diving safety purposes and to comply with international scuba diving standards.

2.4 Digital Signature

Your typed full name as a digital signature, along with timestamp and consent acknowledgment.

2.5 Technical Information

When you use our platform, we may automatically collect:

• IP address and approximate location
• Browser type and device information
• Usage data and interaction logs

3. How We Use Your Information

We use your personal information for the following purposes:

• Service Delivery: Processing waivers, managing bookings, and facilitating dive center operations
• Safety Compliance: Ensuring diving activities meet safety standards based on medical and certification information
• Communication: Sending booking confirmations, safety alerts, and service-related notifications
• Legal Compliance: Meeting legal obligations and maintaining records as required by law
• Service Improvement: Analyzing usage patterns to improve our platform (using anonymized data)

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

• Consent: You provide explicit consent when signing the waiver form
• Contract: Processing is necessary to fulfill services you've requested
• Legitimate Interests: Operating and improving our services
• Vital Interests: Medical data may be used in emergency situations to protect your life
• Legal Obligation: Compliance with diving industry regulations and record-keeping requirements

5. Data Sharing and Disclosure

We may share your information with:

• Dive Centers: The dive center where you submitted your waiver has full access to your information for operational purposes
• Service Providers: Trusted third parties who help us operate (cloud hosting, email services) under strict data protection agreements
• Emergency Services: Medical and emergency personnel if required to protect your vital interests
• Legal Authorities: When required by law, court order, or to protect our legal rights

We do not sell your personal information.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States and the Philippines. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Data processing agreements with all service providers
• Technical security measures regardless of data location

7. Data Retention

We retain your information for the following periods:

• Waiver Records: 7 years from the date of your last dive activity (or longer if required by local law)
• Medical Information: Same as waiver records, as they are integral to diving safety documentation
• Account Data: Until you request deletion or the account is inactive for 3 years
• Technical Logs: 12 months

8. Your Rights

8.1 Rights Under GDPR (European Users)

If you are in the European Economic Area (EEA) or UK, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restrict Processing: Limit how we use your data
• Data Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
• Lodge a Complaint: File a complaint with your local data protection authority

8.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

• Know: Request disclosure of the categories and specific pieces of personal information we collect
• Delete: Request deletion of your personal information
• Opt-Out: Opt out of the sale of personal information (we do not sell your data)
• Non-Discrimination: Not be discriminated against for exercising your rights

Categories of Information Collected (CCPA Disclosure): Identifiers, personal information under Cal. Civ. Code 1798.80(e), protected classification characteristics, commercial information, internet/network activity, and inferences.

8.3 Exercising Your Rights

To exercise any of these rights, you can:

• Use our Data Management Portal: Visit digidive.co/data-request.html to submit requests
• Email us: Contact info@digidive.co

We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication and access controls
• Regular security assessments and monitoring
• Employee training on data protection
• Incident response procedures

While we strive to protect your information, no method of transmission over the internet is 100% secure. Please use our services responsibly.

10. Cookies and Tracking

Our platform uses essential cookies to enable core functionality (authentication, preferences). We do not use third-party advertising cookies. You can manage cookie preferences through your browser settings.

11. Children's Privacy

Our services are not intended for children under 10 years of age. Minors (under 18) may only use our services with parental/guardian consent, as required for diving activities. Parents or guardians who complete waivers on behalf of minors are responsible for the accuracy of that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our website and updating the "Last updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: info@digidive.co

For users in the European Union, you also have the right to lodge a complaint with your local supervisory authority.