Privacy Policy

At VACAY, we are committed to protecting your privacy and ensuring the security of your personal information. This privacy policy explains how we collect, use, and protect your data when you use our website or services. Last updated: April 20, 2024

1. Information We Collect

1.1 Personal Information

  • Name, email address, phone number, and postal address
  • Date of birth and nationality
  • Emergency contact details
  • Passport or government-issued ID information
  • Profile pictures (optional)

1.2 Diving-Related Information

  • Diving certification level and certification number
  • Diving experience and log book details
  • Medical certificates and health declarations
  • Equipment preferences and sizes
  • Previous diving history and qualifications

1.3 Technical Information

  • IP address and device information
  • Browser type and version
  • Operating system
  • Time zone and location data
  • Login information and activity logs

2. How We Use Your Information

2.1 Essential Services

  • Processing and managing diving tour bookings
  • Coordinating with diving operators and instructors
  • Arranging transportation and accommodation
  • Ensuring diving safety and compliance
  • Processing payments and refunds

2.2 Communication

  • Sending booking confirmations and updates
  • Providing customer support
  • Sending safety briefings and instructions
  • Marketing communications (with consent)
  • Service updates and newsletters

2.3 Service Improvement

  • Analyzing website usage and performance
  • Conducting customer satisfaction surveys
  • Improving user experience
  • Developing new features and services
  • Training our staff and systems

3. Data Protection Measures

3.1 Technical Measures

  • SSL/TLS encryption for data transmission
  • Secure cloud storage with regular backups
  • Firewalls and intrusion detection systems
  • Regular security audits and penetration testing
  • Multi-factor authentication for sensitive operations

3.2 Organizational Measures

  • Regular staff training on data protection
  • Access control and authorization protocols
  • Data breach response procedures
  • Regular policy reviews and updates
  • Vendor security assessments

4. Your GDPR Rights

Under the General Data Protection Regulation (GDPR), you have:

  • Right to access your personal data (Article 15 GDPR)
  • Right to rectification of inaccurate data (Article 16 GDPR)
  • Right to erasure (“right to be forgotten”) (Article 17 GDPR)
  • Right to restrict processing (Article 18 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object to processing (Article 21 GDPR)
  • Right to withdraw consent (Article 7(3) GDPR)

To exercise these rights, please contact our Data Protection Officer.

5. Data Sharing and Third Parties

5.1 Service Providers

  • Diving operators and certified instructors
  • Transportation and accommodation providers
  • Payment processors and financial institutions
  • Insurance providers
  • Cloud storage and hosting providers

5.2 Legal Requirements

  • Government authorities when required by law
  • Law enforcement agencies with valid requests
  • Regulatory bodies for compliance purposes

6. Cookies and Tracking

6.1 Types of Cookies

  • Essential cookies for website functionality
  • Analytics cookies for performance monitoring
  • Preference cookies for user settings
  • Marketing cookies (optional with consent)
  • Third-party cookies for enhanced features

6.2 Cookie Management

You can manage cookie preferences through:

  • Our cookie consent banner
  • Browser settings
  • Third-party opt-out tools

7. International Data Transfers

We may transfer your data to countries outside the EEA. When we do, we ensure appropriate safeguards:

  • EU Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Privacy Shield certification (where applicable)
  • Data processing agreements

8. Contact Information

For privacy-related inquiries or to exercise your rights, contact our Data Protection Officer:

Email: privacy@vacay.com

Address: 8502 Preston Rd. Inglewood, Maine 98380

Phone: +880 123 456 789

Data Protection Officer: John Smith

9. Updates to This Policy

We regularly review and update this privacy policy to ensure it accurately reflects our data handling practices and regulatory requirements. When we make significant changes, we will:

  • Notify you via email or website notice
  • Update the “Last Updated” date at the top of this policy
  • Obtain renewed consent where required by law