Aquaweb Limited, GDPR Compliance Statement
This GDPR statement is valid for the all websites hosted by Aquaweb LTD such as the diveTarget.com™.
1. Party responsible for data processing
The responsible party, according to Article 4 (7) of the EU General Data Protection Regulation (GDPR), is Aquaweb LTD 5 Lockingate Street, Ashton-Under-Lyne, Greater Manchester, United Kingdom, OL6 8YB. E-mail: info@divetarget.com
2. Data protection officer point of contact
You can reach our data protection officer at info@divetarget.com typing in title of your e-mail: “QUERY DATA PROTECTION OFFICER”
3. Purpose of this document
We treat the data that you share with us with the utmost care and respect to privacy. To support our continued growth, and help ensure Aquaweb LTD and our European customers remain compliant with GDPR (General Data Protection Regulation), we have made a number of updates to our privacy practices, policies, and agreements to be GDPR compliant as of May 25, 2018.
The General Data Protection Regulation (GDPR) became effective on 25th May 2018, many of our business partners have asked Aquaweb Limited for information regarding its processing of data including personal data. (Unless otherwise stated, any term defined in GDPR has the same meaning in this document).
With the intention of providing that information to our business partners, we have prepared this document to assemble in one place all information regarding processing which we think will be relevant and helpful in this regard.
4. Information we need from our business partners
We in turn will require similar information from our business partners in order to satisfy ourselves that in receiving personal data from or passing personal data those business partners, we are remaining compliant with GDPR.
5. About Aquaweb Limited and data protection generally
At Aquaweb LTD, we are internet and software engineers. We are working towards the creation of a world wide web search engine based on concepts of distributing workload in a similar fashion achieved by successful products such as “diveTarget.com™” web portal.
The privacy and security of the personal information we process is very important to us and we are fully committed to achieving compliance with GDPR.
The diveTarget.com™ GDPR programme is well established and we will ensure our alignment on regulatory interpretation to enable delivery of GDPR compliance protecting individuals’ personal data and their related rights and freedoms including appropriate transparency of our data processing. We have taken, and are continuing to receive, extensive and detailed legal advice to enable diveTarget.com™ to remain compliant with applicable data protection laws.
FURTHER GDPR RELATED INFORMATION
1. How Aquaweb Limited receives personal data
We do not actively seek out or target personal data in carrying out our web mapping activities. However, we do look at and use hyperlinks and web page titles and those hyperlinks and web page titles could incidentally contain personal data. In processing personal data in this way, we rely on “legitimate interests” as our lawful basis for that data processing. In this context, our legitimate interest is our commercial business interests in the provision and development of our services. We consider that our processing of personal data in this manner has a minimal privacy impact and our processing is very unlikely to cause unjustified harm to data subjects.
2. Aquaweb Limited’s processing of sensitive or special category data
We do not seek to collect or process any special categories of personal data (which includes details about an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership or information about health including genetic and biometric data). Nor do we collect any information about criminal convictions or offences.
3. Your rights
You have the following rights with respect to the personally identifiable information concerning you:
General rights
3.1 You have the right to information, correction, deletion, limitation of processing, opposition to processing, and data portability. If processing is based on your consent, you have the right to revoke it with effect for the future.
3.2 Rights in the processing of data based on legitimate interests
According to Article 21 (1) of the GDPR, you have the right to file an objection at any time for reasons arising out of your particular situation against the processing of personally identifiable information relating to you, pursuant to Article 6 (1) of the GDPR (data processing in the public interest) or Article 6 par. 1 f GDPR (data processing for the protection of a legitimate interest); this also applies to a profiling based on this provision. In the event of your objection, we will no longer process your personally identifiable information unless we can establish compelling and legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing aids the enforcing,
exercising or defending of legal claims.
3.3 Rights in direct advertising
If we process your personally identifiable information for the purpose of direct advertising, you have the right according to Article 21 par. 2 GDPR to object at any time to the processing of personally identifiable information relating to you for the purpose of such advertising; this also applies to profiling, where appropriate, insofar as it is associated with such direct advertising.
In the event of your objection to processing for the purpose of direct advertising, we will no longer process your personally identifiable information for these purposes.
3.4 Right to complain to a supervisory authority
You also have the right to complain to a relevant data protection supervisory authority about our processing of your personally identifiable information.
4.The collection of personally identifiable information when visiting our website
If you are only using the website for informational purposes, i.e., if you do not enroll or otherwise provide us with information, we will only collect the personally identifiable information that your browser transmits to our server. If you wish to view our website, we collect the following data that is technically necessary for us to display our website and ensure its stability and security. Only in the case of suspected misuse in connection with bookings would we use this link information to facilitate the identification of the person responsible. The legal basis for this is Article 6 (1) (f) GDPR:
–IP address, date and time of the inquiry, time difference to Greenwich Mean Time (GMT), content of the request (concrete page), access status/HTTP status code, amount of data transferred in each case, website that receives the request, browser, operating system and its interface, language, and browser software version.
5. Contact by e-mail or contact form
When you contact us by e-mail or through a contact form, we will store the data you provide (your e-mail address, possibly your name and telephone number) so we can answer your questions. Insofar as we use our contact form to request entries that are not required for contacting you, we have always marked these as optional. This information serves to substantiate your inquiry and improve the handling of your request. Your message may be linked to various actions taken by you on the divetarget.com website. Information collected will be solely used to provide you with support relating to your booking and better understand your feedback. A statement of this information is expressly provided on a voluntary basis and with your consent, art. 6 par. 1a GDPR. As far as this concerns information about communication channels (such as your e-mail address or telephone number), you also agree that we may also, where appropriate, contact you via this communication channel to answer your request. You may of course revoke this consent for the future at any time.
We delete the data that arises in this context after saving is no longer required, or limit processing if there are statutory retention requirements.
6.Newsletter
6.1 General information
With your consent under Art. 6 par. 1 a GDPR, you can opt in to our newsletter, which will inform you about our current deals.
To sign up for our newsletter, we use the “double opt-in” method. This means that after you have signed up, we will send you an e-mail to the e-mail address specified, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your sign-up within [24 hours], your information will be locked and automatically deleted after one month.
To sign up for our newsletter, we use the “double opt-in” method. This means that after you have signed up, we will send you an e-mail to the e-mail address specified, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your sign-up within [24 hours], your information will be locked and automatically deleted after one month.
In addition, we save the IP addresses you used and the times of sign-up and confirmation. The purpose of the procedure is to verify your sign-up and, if necessary, to inform you about possible misuse of your personal data.
The only requirement for sending the newsletter is your email address. The specification of additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is art. 6 par. 1 a GDPR.
You may revoke your consent to the sending of the newsletter at any time and opt out of the newsletter. You can declare the revocation by clicking the link provided in each newsletter e-mail or by contacting the aforementioned data protection officer.
6.2 Newsletter Tracking
Please note that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent include “web beacons” or tracking pixels, which are stored on our website. For the evaluations, we link the data mentioned and the web beacons with your e-mail address and an individual ID.
With the data obtained in this way, we generate a user profile to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them and deduce your personal interests. We link this data with actions you have taken on our website.
You can object to this tracking at any time by clicking on the separate link provided in each e-mail. The information will be saved as long as you have opted in to the newsletter. After you log out, we save the data purely statistically and anonymously.
Also, such tracking is not possible if you've deactivated image viewing by default in your e-mail application. In this case, the newsletter will not be displayed in full and you won’t be able to use all the features. If you display images manually, the above tracking will take place.
7. Use of social plug-ins
This website uses the provider’s social plug-ins
- Facebook, Instagram (operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)
-YouTube (YouTube LLC 901 Cherry Avenue, San Bruno, CA 94066, USA)
-Twitter (operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
-LinkedIn (LinkedIn Corporation1000 W. Maude Avenue, Sunnyvale, CA 94085, USA)
- Pinterest (operator: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA)
These plug-ins typically collect data from you as standard, and transmit it to the respective vendor’s server. We have taken technical measures to ensure the protection of your privacy, which guarantee that your data cannot be collected by the vendors of the respective plug-ins without your consent. These will initially be deactivated when you visit a site connected to the plug-ins. The plug-ins will not be activated until you click on the respective symbol, and by doing so, you give your consent to have your data transmitted to the respective vendor. The legal basis for plug-in use is article 6, par. 1 a and f of the GDPR.
Once activated, the plug-ins also collect personally identifiable information, such as your IP address, and send it to the respective vendor’s server, where it is saved. Activated social plug-ins also set a cookie with a unique identifier when you visit the respective website. This allows the vendor to generate profiles of your user behavior as well. This occurs even if you are not a member of the respective vendor’s social network. If you are a member of the vendor’s social network and you are logged into the website during your visit, your data and information about your visit to the website can be linked with your profile on the social network. We do not have any influence over the exact extent to which your data is collected by the respective vendor. For more information about the extent, nature, and purpose of data processing and about the rights and setting options for protecting your privacy, please see the data protection notices for the respective social network vendor. These can be found at the following addresses:
-Facebook: https://www.facebook.com/policy.php
-Twitter: https://twitter.com/en/privacy
-Pinterest: https://about.pinterest.com/en/privacy-policy
8. Facebook Connect
We offer you the option of enrolling and signing in through your Facebook account. If you enroll via Facebook, Facebook will ask you for your permission to release certain data in your Facebook account to us. This may include your first name, last name, and e-mail address so your identity and gender can be verified, as well as general location, a link to your Facebook profile, your time zone, your date of birth, your profile picture, your “Like” information, and your friends list.
This data will be collected by Facebook and transmitted to us in compliance with the policies in the Facebook privacy policy. You can control the information that we receive from Facebook through the privacy settings in your Facebook account.
This data will be used to establish, provide, and personalize your account. The legal basis is article 6, par. 1 a, b, and f of the GDPR.
If you enroll with us through Facebook, your account will automatically be connected to your Facebook account and information about your activities on our website, if applicable, will be shared on Facebook and published on your timeline and news feed.
9. Advertising
We use cookies for marketing purposes to approach our users with advertising that is more tailored to their interests. We also use cookies to reduce the likelihood of ads playing and to measure the effectiveness of our advertising measures. This information may also be shared with third parties, such as ad networks. The legal basis for this is article 6, par. 1 a and f of the GDPR. The goals intended in data processing serve the legitimate interest of direct marketing. You are entitled to file an objection to the processing of your data for the purposes of such advertising at any time. We provide the following opt-out options for the respective services for this purpose. Alternatively, you can prevent cookies from being set in your browser and App settings.
We use Google AdSense, a service for integrating ads. Google AdSense uses cookies and web beacons (invisible graphics). These web beacons allow the analysis of information such as visitor traffic on the pages of this website. The information generated by cookies and web beacons via the use of this website (including user IP addresses) and the distribution of ad formats is transferred to a Google server in the USA and stored there. Google can pass this information on to their affiliates. However, Google will not conflate your IP address with your other stored data. Users can prevent cookies from being installed through the relevant setting in their browser software and App settings; however, please note that if this is done, not all functions of the website may be able to be used to their full extent. By using this website, the user agrees to the processing of their data collected by Google in the manner and for the purpose described above.
10. Conversion Tracking and Google AdWords
To draw attention to our services, we place Google AdWords display ads and, within this context, use Google conversion tracking for the purposes of personalized online ads based on interests and location. The option to anonymize IP addresses is controlled through Google Tag Manager, via an internal setting that is not visible in the source of this page. This internal setting is set so that the anonymization required by privacy laws covers IP addresses.
Ads are displayed based on search requests on websites in the Google ad network. We have the ability to combine our ads with certain search terms. With the use of cookies, we are able to place ads based on previous user visits to our website.
When a user clicks on an ad, Google places a cookie on the user’s device. For more information on the cookie technology used, please see Google’s statements on website statistics and their data privacy policy.
With the use of this technology, Google, and we as their customer, receive the information that a user has clicked on an ad and was redirected to our websites. The information acquired this way is solely used for statistical analysis related to ad optimization. We do not receive any information that would allow us to personally identify a visitor. The statistics provided to us by Google include the total number of users who have clicked on one of our ads and, where applicable, whether they were redirected to a page on our website that has a conversation tag. These statistics allow us to track which search terms most often lead to our ads receiving clicks, and which ads lead to the user contacting us via the contact form.
If you do not want this, you can prevent the storage of the cookies required for this technology by, for example, using the settings in your browser or your App. Should you do so, your visit will not be incorporated into user statistics.
If you do not want this, you can prevent the storage of the cookies required for this technology by, for example, using the settings in your browser or your App. Should you do so, your visit will not be incorporated into user statistics.
You also have the option to choose the types of Google ads or deactivate interest-based ads on Google through ad settings. Alternatively, you can deactivate third-party use of cookies by using the Network Advertising Initiative’s opt-out tool.
However, we and Google will still receive statistical information about how many users visit this site and when. If you do not want to be included in these statistics either, you can prevent this by using additional programs for your browser (such as the Ghostery add-on).
11. Google DoubleClick
We use DoubleClick, a service of Google Inc. DoubleClick uses cookies to place user-based web ads. The cookies detect which ads have already appeared in your browser and whether you visited a website via an ad placed. In doing so, the cookies do not collect any personally identifiable information, nor are they able to link to any.
If you do not want to receive any user-based advertising, you can disable the placement of ads by using Google’s ad settings.
For more information about how Google cookies are used, please refer to Google’s privacy statement.
13.3 Google Dynamic Remarketing
We use the dynamic remarketing function of Google AdWords on our website. This technology allows us to place automatically generated ads oriented towards target groups after you visit our website. Ads are oriented towards products and services that you clicked on during your last visit to our website.
Google uses cookies to generate interest-based ads. Cookies are small text files that are stored in your browser when you visit our website. In this process, Google typically stores information such as your web request, IP address, browser type, browser language, and the date and time of your request. This information only serves the purpose of mapping the web browser to a specific device. It cannot be used to identify an individual.
If you do not want to receive user-based advertising from Google, you can disable the placement of ads by using Google’s ad settings.
For more information about how Google cookies are used, please refer to Google’s privacy statement.
14. Specific information for our customers
We limit our collection of personal data from our customers and we only collect the personal data that is absolutely necessary.
We may collect, use, store and transfer different kinds of personal data about our customers which we have grouped together follows:
Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender, photocopy of diving certificate.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes bank account and payment card details, Revolut account.
Transaction Data includes details about payments to and from customers and other details of products and services they have purchased from us.
Transaction data, including personal data, can be transferred to PayLane Sp. z o.o. located in Gdańsk at Norwida 4, zip code: 80-280, company number: 0000227278, in order to process payments.
Transaction data, including personal data, can be transferred to PayLane Sp. z o.o. located in Gdańsk at Norwida 4, zip code: 80-280, company number: 0000227278, in order to process payments.
Technical Data includes internet protocol (IP) address, customers’ login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices they use to access our website.
Profile Data includes customers’ username and password, purchases or orders, customers’ interests, preferences, feedback and survey responses.
Usage Data includes information about how customers use our website, products and services.
Marketing and Communications Data includes customers’ preferences in receiving marketing from us and our third parties and communication preferences.
We collect this personal data from our customers via our direct interactions with them.
We have set out below, in a table format, a description of the ways we plan to use personal data belonging to our customers, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Purpose/Activity
|
Type of data
|
Lawful basis for processing including basis of legitimate interest
|
To register new customers
|
(a) Identity
(b) Contact |
Performance of a contract with the customer
|
To process and deliver customers’ orders including:
(a) Manage payments, fees and charges (b) Collect and recover money owed to us |
(a) Identity
(b) Contact (c) Financial (d) Transaction (e) Marketing and Communications |
(a) Performance of a contract with the customer
(b) Necessary for our legitimate interests (to recover debts due to us) |
To manage our relationship with customers which will include:
(a) Notifying customers about changes to our terms or privacy policy (b) Asking customers to leave a review |
(a) Identity
(b) Contact (c) Profile (d) Marketing and Communications |
(a) Performance of a contract with the customer
(b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
|
(a) Identity
(b) Contact (c) Technical |
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation |
To deliver relevant website content and advertisements to customers and measure or understand the effectiveness of the advertising we serve to customers
|
(a) Identity
(b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical |
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
|
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
|
(a) Technical
(b) Usage |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
|
To make suggestions and recommendations to customers about goods or services that may be of interest to customers
|
(a) Identity
(b) Contact (c) Technical (d) Usage (e) Profile |
Necessary for our legitimate interests (to develop our products/services and grow our business)
|
13. Data security
We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. The measures we have put in place include (but are not limited to) the following:
Firewalls are deployed to protect technical assets,
HTTPS is implemented for all website connections,
As far as practicable, all software development and maintenance which interacts with our customer database is performed in-house, limiting our requirement for external third party IT assistance and therefore reducing the number of people with access to personal data;
We regularly review our security protocols around passwords and application security; and
We aim to minimise the amount of data we collect, collecting only such data which is absolutely necessary to achieve our legitimate interests in processing that data.
In addition, we limit access to customers’ personal data to those who have a business need to know. They will only process customers’ personal data on our instructions and they are subject to a duty of confidentiality. We have also put in place procedures to deal with any suspected personal data breach and will notify data subjects and any applicable regulator of a breach where we are legally required to do so.
14. Data Protection Officer
Due to the nature of our activity and the data we process, we are not required to have, and therefore, have not appointed a data protection officer. The person with responsibility for data protection is Dariusz Szymaczek a data protection (officer).
15. Disclosures of personal data
We may have to share personal data with third parties in certain circumstances. Please see our privacy policy for further information about this.
16. Transfers of personal data
Sometimes we will transfer personal data outside the European Economic Area but we will only do so where such transfer is compliant with data protection laws and the means of transfer provides adequate safeguards, for example:
By way of data transfer agreement, incorporating the current standard contractual clauses approved by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws;
By ensuring that any US-based organisations we transfer data to have signed up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from the EEA to the United States of America (or ensuring that any equivalent framework agreement is in place respect of other jurisdictions);
By transferring personal data to a country whose data protection laws have been found to be adequate by the European Commission; or
Where data subjects have expressly consented to the data transfer (having been informed of any relevant risks involved).
Please see our privacy policy for further information about this.
17. Legal rights of data subjects
Under certain circumstances, data subjects have rights under data protection laws in relation to their personal data. Those rights include the right to:
Request access to their personal data;
Request correction of their personal data;
Request erasure of their personal data;
Object to processing of their personal data;
Request restriction of their personal data;
Request transfer of their personal date; and
Withdraw consent.
If a data subject wishes to exercise any of the rights set out above, they should contact us by email at info@divetarget.com, clearly marking the correspondence as GDPR.