Any data held by Dive S80 will be kept in compliance with the General Data Protection Regulation’s (GDPR), and in accordance to its seven principles.
Individual’s data will be processed lawfully, fairly and in a transparent manner.
Dive S80 shall ensure that personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Any data we collect from you will be adequate and relevant for the purpose of being able to operate our business; therefore, at times this will mean passing personal data to a third party for the purpose of training and trips. We will not transfer your data outside of the EU, unless you are carrying out training in another country with us, this data will be shared as required.
Dive S80 shall take reasonable steps to ensure personal data is accurate and up to date. At any point should you believe the data we process on you is incorrect, you can request this information and have it corrected, deleted or withdraw consent for it to be used.
To ensure personal data is stored securely Dive S80 uses modern software which is kept up-to-date. Access to personal data is limited to personnel who need access and appropriate security will be in place to prevent unauthorised sharing of information.
Data will be held for as long as we have a relationship with you, except for training records which must be held for seven years as a PADI requirement. After this period data will be safely destroyed/deleted from our records to ensure it is irrecoverable.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, Dive S80 shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).
For any queries or complaints relating to our data processing you can contact us by email.