Company: Dolphin Dive Center, Inc.
GDPR: The General Data Protection Regulation
Responsible Person: Chris Templeman – Information Technology Consultant
Who We Are
Dolphin Dive Center, Inc. is a Scuba Schools International Diamond Dive Center headquartered at 2440 W. Broad St., Athens, GA 30606 in Athens, Georgia. Our website address is http://www.dolphindivecenter.com.
Data Protection Principles
Dolphin Dive Center, Inc. is committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
- This policy applies to all personal data processed by Dolphin Dive Center, Inc. or its agents.
- The Responsible Person shall take responsibility for the Company’s ongoing compliance with this policy.
- This policy shall be reviewed at least annually.
Lawful, Fair and Transparent Processing
- Individuals have the right to access their personal data and any such requests made to Dolphin Dive Center, Inc. shall be dealt with in a timely manner.
- All data processed by Dolphin Dive Center, Inc. must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests (see ICO guidance for more information).
- Dolphin Dive Center, Inc. shall note the appropriate lawful basis in the Register of Systems.
- Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
- Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Company’s systems.
Dolphin Dive Center, Inc. shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Dolphin Dive Center, Inc. shall take reasonable steps to ensure personal data is accurate.
- Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
Archiving & Removal
- To ensure that personal data is kept for no longer than necessary, Dolphin Dive Center, Inc. shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
- The archiving policy shall consider what data should/must be retained, for how long, and why.
- Dolphin Dive Center, Inc. shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
- Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorized sharing of information.
- When personal data is deleted this should be done safely such that the data is irrecoverable.
- Appropriate back-up and disaster recovery solutions shall be in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, Dolphin Dive Center, Inc. shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).
What information do We collect?
We collect information from you when you register on our site, place an order or subscribe to our newsletter. When ordering or registering on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address, phone number, credit card information and date of birth. You may, however, visit our site anonymously.
What do we use your information for?
Any of the information we collect from you may be used in one of the following ways:
- To personalize your experience (your information helps us to better respond to your individual needs)
- To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you)
- To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs)
- To process transactions
- To register you for a SSI scuba training course
Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested, or the following:
- To administer a contest, promotion, survey or other site feature.
- To send periodic emails.
- To assist you in creating an account with SSI for online scuba training.
The email address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, related product or service information, etc. Note: If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email. However, we caution that unsubscribing from our emails could mean that you will not receive vital information relating to a course you are registering for. When a customer unsubscribes from our emails, they are assuming full responsibility for any costs or inconveniences that may result.
After approval of your comment, your profile picture is visible to the public in the context of your comment.
In order to allow customers to contact us with questions or request they be added to our Newsletters, we collect customer names, email address and phone numbers.
This information is used to build a customer record that is necessary to respond to these inquiries and requests.
Dolphin Dive Center does not sell this information to any outside parties for any purposes.
However, this information may be provided to third party credit card processing companies as validation during credit card purchases. This is to protect our customers from credit card fraud.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you place an order. We offer the use of a secure server.
All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway provider’s database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential.
After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers.
You can prevent the setting of cookies on this site by adjusting the settings in your browser. Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. For this reason, we recommended that you do not disable cookies.
The Cookies We Set
Account related cookies
Login related cookies
Orders processing related cookies
This site offers e-commerce or payment facilities and some cookies are essential to ensure that your order is remembered between pages so that we can process it properly.
Forms related cookies
When you submit data through a form such as those found on contact pages or comment forms, cookies may be set to remember your user details for future correspondence.
Third Party Cookies
Google Analytics is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see Analytics section further down.
Social media buttons
Social media buttons allow you to connect with your social network in various ways. For these to work the Facebook, LinkedIn, Instagram, Twitter and YouTube may set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold as outlined in their respective privacy policies.
Embedded content from Other Websites
In order to provide you with the best possible experience, this website uses Google Analytics to link a referral to a purchase. This enables us to determine the success of our advertising. This data, however, is anonymous and is not personally identifiable.
Do we disclose any information to Outside Parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Your Data Rights
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Children’s Online Privacy Protection Act Compliance (COPPA)
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act). We do not collect any information from anyone under 13 years of age except in the case of class registration information required by SSI (Scuba School International). Our website, products and services are all directed to people who are at least 13 years old or older unless they are under the direct supervision of a parent or guardian.
Portions of this site are used for commercial purposes. When you are purchasing classes or products from Dolphin Dive Center, we collect name, address, phone number, birth date and email address information during the checkout process. This information, along with payment information, is collected by our credit card processing companies. We use Square or Stripe to process all transactions online. This website itself does not collect or store credit card numbers, expiration dates or security codes.
What we Collect and Store
While you visit our site, we track:
- Products you’ve viewed. We use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type. We use this for purposes like estimating taxes and shipping
- Shipping address. We ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order.
When you purchase from us, we ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
- If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 7 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses. We will also store comments or reviews, if you choose to leave them.
How We Protect Your Information
In order to protect your information on this website, we use SSL to provide firewall and security protection.
Who on Our Team has access to Commercial Transaction information?
Only website administrators and shop managers have access to commercial transaction information. This is to enable them to process your purchase.
Dolphin Dive Center, Inc.
2440 W. Broad St.
Athens, GA 30606