How Wreck and Cave Ltd collects and uses your information
- The type of information we collect about you
- How we collect and use it
- Who we might share it with
- The steps we take to make sure it stays private and secure
- Your rights to this information
Who we are
When we say “we” or “us”, we mean the company Wreck and Cave Ltd, and all of it’s employees, representatives and agents.
The data controller of Wreck and Cave Ltd is responsible for deciding how your data is used and ensuring it is private and secure.
The information we collect and why
We collect data from you from different places. We’ll only collect your information in line with relevant regulations and law and this may relate to any of our products or services you apply for, currently use, or have used in the past.
You are responsible for making sure you give accurate and up-to-date information. If you provide information on behalf of another person, you need to tell them how to find this privacy notice and make sure they agree to us using their information for the purposes set out in it.
Directly from you
As a part of the business we do together, we will often ask you questions about you, your diving and other interests. We use this information to make sure we are giving you the best service possible.
From a third party acting on your behalf
Should you instruct someone to act on your behalf, then we may also collect information from them as well. This is not a normal means of processing your information, and one we try to avoid. Again, we use this information to make sure we are giving you the best service possible.
From Global Underwater Explorers if you enroll for GUE training
If you sign up for GUE training with us, then you will need to fill in some personal details on the GUE website, to which we have access.
From the comments system on this website
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
From the contact forms on this website
If you send us a message via one of the contact forms on the website, this will send an email to one of us. The information you include in that message is considered to be information that you have directly given to us, and we will process it as outlined above.
From publicly available sources
We will sometimes try to find information about you via publically available sources. An example of this would be to look up your telephone number in order to contact you regarding something we considered very urgent.
From Shopify and Paypal should you make purchases via the web shop
When you make purchases via the online store for either courses or equipment, then shopping cart software (Shopify) will collect the details that you provide. If you elect to pay using Paypal, then they will also collect details from you.
How we’ll use your information
We will use your data to provide our services and products that you’ve requested. We’ll also use it for other purposes, for example:
- To check you’re medically fit to undertake a scuba diving course or event
- To check that you have the correct equipment for a diving course or event
- To make sure all of your logistics are in place for a course or event
- To liaise with emergency services and your nominated emergency contact in the event of any accident or illness when you are in pursuit of our activities
- To improve our products and services
- To offer other services we believe may benefit you unless you ask us not to
We’ll only use your information where we’re allowed to by law e.g. carrying out an agreement we have with you, fulfilling a legal obligation , because we have a legitimate business interest or where you agree to it.
Who we can share your information with
Global Underwater Explorers
We will share information with Global Underwater Explorers regarding your performance on any classes you take with us.
If you buy some types of equipment from us, for example a drysuit, then your details will normally be given to the manufacturer.
Specific and relevant partners
If you attend a course, dive trip or other event that we organize then your information may be shared with parties such as dive centre owners.
Any website visitor comments you make may be checked through an automated spam detection service.
We will not share or sell your data with any other parties unless you agree to it.
How long we’ll keep your information
We’ll keep your information for as long as you have a relationship with us. After the relationship ends, we will keep it where we may need it for our legitimate purposes e.g. to help us respond to queries, complaints, legal matters or enquiries from regulatory bodies such as the Health and Safety Executive. This period will not be longer than seven years.
Your purchase information will be stored on our accounting systems for a period of seven years.
Transferring your information overseas
Your information may be transferred and stored overseas in countries outside the European Economic Area including some that may not have laws that provide the same level protection for personal information. When we do this, we’ll ensure it has an appropriate level of protection.
How we protect your data
Your data is stored in a number of ways.
Computers and hard drives
The majority of your data will be stored on computers, both laptop and desktop. All of these machines are password protected, and have encrypted drives to ensure that in the event of the machines being lost or stolen, the data is significantly more difficult to access. Portable hard drives that we use are password protected and encrypted.
Cloud based systems
Some of your data will be stored on cloud services such as Dropbox and iCloud. We are satisfied that the security of these systems meets suitable levels.
We keep records of diving courses on paper records. These include you’re the exams you take, the personal records you submit to GUE, and the details of the dives that you do on the class. These are kept in locked filing cabinets.
What data breach procedures we have in place
In the event of a data breach, we will write to you to inform you of the breach. The information will include the following:
- A summary of your breached data
- The time at which it was breached
- Our best understanding of how it was breached
We will also take steps to mitigate the effects of the breach. Should a computer be lost or stolen, for example, we are able to remotely delete the hard drives as soon as they appear on a computer network. Should criminal activity be the reason for the breach, then we will work with law enforcement bodies as appropriate. Should the breach occur through an online or cloud service (e.g. Dropbox, Shopify) then we will work with the relevant parties to reduce the effects as much as possible.
Your rights over your information
You have a number of rights relating to your information e.g. to see what we hold, to ask us to share it with another party, ask us to update incorrect or incomplete details, to object to or restrict processing of it, to make a complaint etc. You may also request that we delete any personal data that we may hold about you, but this does not include any data that we are obliged to keep for administrative, legal or security purposes.