Privacy Policy for Blue Thunder Diving & Survival Centre LTD 

1. Introduction

Blue Thunder Diving & Survival Centre LTD (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you interact with our services, including booking diving courses, excursions, or any other services we offer at our center.

In compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, we are transparent about how we process your personal data. By using our services, you consent to the practices described in this policy.

2. Data Controller

Blue Thunder Diving & Survival Centre LTD is the data controller of your personal data. If you have any questions or concerns about how we handle your personal data, please contact us:

  • Email: bluethunder@cytanet.com.cy
  • Phone: +357 25587277
  • Address: Georgiou Griva Digeni 110, Swepco 4, Shop 4, 3101, Limassol, Cyprus

3. Information We Collect

We collect personal data that you provide to us when you engage with our services. This may include:

  • Personal Identification Information: Name, email address, phone number, postal address, date of birth, nationality.
  • Payment Information: Credit card details, bank account information, or other payment method details (Note: We do not store full credit card details).
  • Health Information: Any health-related information necessary for participation in diving activities, including medical conditions or physical restrictions, which you voluntarily provide.
  • Booking & Certification Information: Details about your bookings, reservations, and participation in activities, as well as any required information to process your diving certifications with NAUI.
  • Website Usage Data: We collect information about how you use our website, including IP addresses, browser types, and pages visited, through cookies and similar technologies.

4. Legal Basis for Processing Your Data

We process your personal data under the following legal bases:

  • Performance of a contract: We need your personal data to fulfill our contract with you, such as processing your bookings, providing diving courses, and issuing diving certifications.
  • Consent: Where necessary, we ask for your consent to process your personal data, such as when sending marketing communications or processing sensitive health data for safety reasons.
  • Legal obligations: We may need to process your personal data to comply with legal requirements, including health and safety regulations.
  • Legitimate interests: We process your data to protect our legitimate business interests, such as improving our services, customer support, and website functionality.

5. How We Use Your Information

We use your personal data for the following purposes:

  • To process and manage bookings, reservations, and payments.
  • To communicate with you regarding your bookings, confirmations, reminders, and inquiries.
  • To send you information about our services, offers, and promotions (you can opt-out of marketing emails at any time).
  • To assess your fitness for diving activities and ensure your safety during courses or excursions.
  • To proceed with your diving certifications with the relevant certification body (NAUI).
  • To improve our services, website functionality, and customer experience.
  • To comply with legal and regulatory obligations.

6. How We Protect Your Data

We implement appropriate technical and organizational measures to protect your personal data. This includes encryption, access controls, and secure storage of your data. While we take these measures, please note that no method of data transmission over the internet or data storage is 100% secure, and we cannot guarantee absolute security.

7. Data Sharing and Disclosure

We do not sell or rent your personal data to third parties. However, we may share your data in the following circumstances:

  • Service Providers: We may share your personal data with third-party vendors who assist us with services like payment processing, booking management, or email communication. These service providers are required to protect your data and only use it for the purpose of delivering services to us.
  • Certification Organization: We may share your personal data with NAUI (National Association of Underwater Instructors) in order to process your diving certification.
  • Legal Requirements: We may disclose your data to comply with legal obligations, such as responding to lawful requests by public authorities, including for national security or law enforcement purposes.
  • Emergency Situations: In case of emergency, we may share your information with emergency responders to ensure your safety during diving activities.

8. Cookies and Tracking Technologies

Our website do not use cookies or any similar tracking technologies on our website.

We do not collect or store information about your browsing behavior, and no cookies are used to track or analyze your interactions with our website.

If we begin using cookies in the future, we will update this section of our Privacy Policy accordingly and obtain your consent where necessary.

9. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to request that we correct it.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data, subject to certain conditions (e.g., legal obligations).
  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.
  • Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal data based on legitimate interests, including profiling.
  • Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time.

If you wish to exercise any of these rights, please contact us using the details provided above.

10. Data Retention

We will retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including for legal, regulatory, and contractual obligations. Once your data is no longer needed, we will securely delete or anonymize it.

11. International Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA) if necessary for processing (e.g., through service providers). In such cases, we ensure that appropriate safeguards are in place to protect your data in accordance with GDPR, such as Standard Contractual Clauses.

12. Children’s Privacy

We provide diving services for children aged 10 and above. To ensure their safety and compliance with GDPR, the following applies:

  • A parent or legal guardian must provide consent for any child under 18 to use our services.
  • A waiver and release form must be signed by the parent or legal guardian before any diving activities.
  • We do not knowingly collect personal data from children without parental consent.

If we become aware that we have collected data from a child under 18 without proper consent, we will take steps to delete such information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our official website.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

Blue Thunder Diving & Survival Centre LTD

  • Email: bluethunder@cytanet.com.cy
  • Phone: +357 25587277
  • Address: Georgiou Griva Digeni 110, Swepco 4, Shop 4, 3101, Limassol, Cyprus