Privacy Policy

PRIVACY INTRODUCTION

Atlantic Scuba Adventures respects your right to privacy and comply with our obligations under the Data Protection Acts 1988 and 2002. The purpose of this Website Privacy Policy is to outline how we deal with any personal data you provide to us while visiting this website. Naturally, if you are not happy with this Website Privacy Policy you should not use this website. By visiting this website, you are accepting the terms of this Website Privacy Policy. Any external links to other websites are clearly identifiable as such, and we are not responsible for the content or the privacy policies of these other websites.

 

TYPES OF INFORMATION COLLECTED

We retain two types of information:

“Personal Data”
This is data that identifies you or can be used to identify or contact you and may include your name, address, email address, user IP addresses in circumstances where they have not been deleted, clipped or anonymised, telephone number. Such information is only collected from you if you voluntarily submit it to us.

“Non-Personal Data”
Like most websites, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website. This Non-Personal Data comprises information that cannot be used to identify or contact you, such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our website.

PURPOSES FOR WHICH WE HOLD YOUR INFORMATION

Non-Personal Data
We use the Non-Personal Data gathered from visitors to our website in an aggregate form to get a better understanding of where our visitors come from and to help us better design and organise our website.

Personal Data
We will process any Personal Data you provide to us for the following purposes of responding to your contact form submission.

DISCLOSURE OF INFORMATION TO THIRD PARTIES

We will not disclose your Personal Data to third parties unless you have consented to this disclosure or unless the third party is required to fulfil your order (in such circumstances, the third party is bound by similar data protection requirements). We will disclose your Personal Data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.

SALE OF BUSINESS

We reserve the right to transfer information (including your Personal Data) to a third party in the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets of our company provided that the third party agrees to adhere to the terms of the Website Privacy Policy and provided that the third party only uses your Personal Data for the purposes that you provided it to us. You will be notified in the event of any such transfer and you will be afforded an opportunity to opt-out.

SECURITY

Your Personal Data is held on secure servers. The nature of the Internet is such that we cannot guarantee or warrant the security of any information you transmit to us via the Internet. No data transmission over the Internet can be guaranteed to be 100% secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your Personal Data.

COOKIES

Cookies are tiny text files that are stored on your computer, tablet or mobile phone when you visit a website in order to help the website work efficiently, to help us analyse the way our website works and how we can improve it, and to ensure that the website functions to the optimum.

How to control cookies in your browser?

For more details on cookies and how to control them, visit www.aboutcookies.org

CHANGES TO THE WEBSITE PRIVACY POLICY

Any changes to this Website Privacy Policy will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use Personal Data in a manner significantly different from that stated in this Website Privacy Policy, or otherwise disclosed to you at the time it was collected, we will notify you by email, and you will have a choice as to whether or not we use your information in the new manner.

 

This Privacy Policy explains why SSI Training Centers obtain your personal data for the purposes of conducting your training, issuing
certifications, administration of your private information and any other necessary specifics regarding the performance of this agreement.

 

SSI reviews this Privacy Policy periodically for compliance with changes to the GDPR (General Data Protection Regulation) and other relevant regulations. When necessary, we will update the Policy to comply with new requirements.


SSI and SSI Training Centers jointly determine the purpose, scope and delivery of training content, processing, issuing and delivering certifications and administration of your personal data stored in the MySSI system at SSI International GmbH, Johann-Hoellfritsch-Straße 6,
90530 Wendelstein, Germany, Email: info@diveSSI.com, Tel:+49-9129-9099380.


If you have questions or you would like a copy of the Joint Controller Agreement that describes the above arrangement and the safeguards for
protecting your personal data, go to the following link: https://my.divessi.com/ssi_dc_joint_controller_agreement, or contact SSI at privacy@
diveSSI.com.

 

This privacy statement applies only to the SSI Training Center. Sections 1 to 8 and 10 to 11 of this privacy statement including its Appendix (“General Provisions”) explain in general how we collect and use your personal data when you use our services or the services from an SSI Training Center. The addendum contained in Section 9 (“Californian Provisions”) contains additional provisions in compliance with the California Consumer Privacy Act (“CCPA”) that only apply to Californian residents. The Californian Provisions supplement the General Provisions but in the event of any conflict between the General Provisions and the Californian Provisions, the Californian Provisions shall prevail but only with regard to Californian residents. A separate data protection statement applies for the use of the MySSI section at my.diveSSI.com.

 

SSI International GmbH, SSI Training Centers, your SSI Instructor and other SSI Professionals may all be involved in your training, processing,
and delivery of your certification, therefore we need to collect and process the following personal data:
• First and Last Name
• Address, Post Box
• Postcode, City
• State and Country
• Email Address
• Telephone Numbers (optional)
• Date of Birth
• Gender
• Photo
• Language
• SSI Master ID
• Course Type, Course Progress
• Certification Data (Number, Date, Instructor,
Instructor Number, Number of Certification
Dives, Certification Year)
• Training Center Affiliation
• MySSI App Geo Locations
• Medical Information
• Insurance Data (when applicable)
• SSI Professional Number (only for
SSI Professionals)
• QMS Data (for Professionals)


Note: The personal data we collect is for the sole purpose of delivering training content, processing, issuing and delivering certifications, and
administration of your personal data stored in the MySSI system.


With your registration in the MySSI system, you will be able to access everything SSI – Digital Training Materials, MySSI Logbook, Certification
Cards and more at the SSI website www.divessi.com or on the MySSI mobile app. Additionally, SSI International GmbH (SSI), your SSI Training
Center, SSI Instructors and SSI Professionals will have access to your personal data for training and certification purposes.


For more information you may go to the SSI Privacy Policy at https://my.divessi.com/myssi_privacy. Here you will learn more about data processing, MySSI, the associated services provided by SSI and how your certification card is automatically processed upon your completion of training.

 

When you initially register at MySSI you will receive an email from SSI with your Username and Password. Additionally, you will be provided a link to the SSI Privacy Policy describing how your personal data will be used.

Activation of your MySSI account is mandatory to access your
personal profile, training progress, certifications, education level and much more.


Upon completion of all academic, pool and open water training, SSI will process your digital certification card information – Your Name, Photo,
Customer Number (Master ID), SSI Training Center, Certifying Instructor, Year You Started Diving, Level of Experience, Number of Dives, and
Issue Date. All this information is accessible through our MySSI account.


The described processing is necessary for the performance of a contract (Article 6 (1) (b) General Data Protection Regulation).


By registering in MySSI, you are consenting to share your personal data: Name (First and Last), Address (Postbox), Postcode (Zip), City, State,
Country, Email Address, Telephone Numbers (optional), Date of Birth, Photo, Language, Gender, SSI Master ID, Course Type, Course Progress
and Certification Information (Name, SSI Training Center, Certifying Instructor, Year You Started Diving, Level of Experience, Number of Dives
and Issue Date), plus your Training Center Affiliation.

Additionally, all personal information voluntarily provided by you and stored in MySSI,
e.g. – Specific diving insurance policies (when applicable) or Medical Participant Questionnaires for processing student and professional
certifications through other SSI Service Centers. You may choose to affiliate or do business with any SSI Service Center or SSI Training Center around the world. For a complete list of all Service Centers and Training Centers log on to https://my.divessi.com/ssi or https://my.divessi.com/
divecenter.


By giving your consent, SSI Training Centers may subsequently access your personal  data described above in order to identify you, verify
or confirm the status of your training and certifications and to offer you continued training and services based on your diving experience.


For more information on the relevant data processing and data sharing accessed in the MySSI system, go to MySSI Privacy Policy https://
my.divessi.com/myssi_privacy.


Legal basis for the described processing is consent (Article 6 (1) (a) General Data Protection Regulation).

 

Special rules for youth under the age of 16


Youth under the age of 16 cannot participate in any SSI training without the explicit consent of their parent or legally appointed guardian.


Personal data for youth under the age of 16 is only used for conducting training and issuing certifications as described above.


Youth under the age of 16 who visit www.diveSSI.com cannot register or use the MySSI system without consent from their parent or legal guardian. SSI strongly recommends that the parent or legal guardian closely monitor their youth’s internet activities until they are of legal age.

 


Transferring your personal data to third parties


In the event of a diving incident or a complaint against an SSI Professional, your SSI Training Center may transfer your personal data to SSI (SSI
International GmbH, Johann-Hoellfritsch-Straße 6, 90530 Wendelstein, Germany) by email to info@diveSSI.com. As required by law, it may also be necessary to forward this same information to other SSI Service Centers or third parties involved in a case or in the performance of this agreement, e.g. – insurance companies, public authorities or other companies affiliated with SSI. This is only as necessary for fulfilling the training requirement, complying with legal obligations and ensuring our legitimate interests.


Your SSI Training Center will also transfer your personal data to SSI while storing and processing your personal data. If necessary, this
includes the student or professional candidate Medical Participant Questionnaire for the administration and processing of your training and certifications managed by SSI in the MySSI System – my.diveSSI.com.


The purpose of processing and storing your personal data is necessary for the legitimate interests pursued by SSI (Article 6 (1) (f) General Data
Protection Regulation).


We may also transfer your personal data to the following service providers in order to complete your training:


• IT service providers and/or providers of data hosting services;
• Service providers of software solutions who also support SSI in providing services including marketing tools, marketing agencies, communication service providers and call centers;
• Third parties that provide service to you, e.g.
– parcel services for the shipment of your credentials, payment service providers and
banks for processing payment;
• Other necessary third parties, e.g. – auditors, insurance companies, legal representatives,
etc.;
• Officials and other public entities as required by law, e.g. – tax authorities, etc.; and,
• Industry partners within the dive industry for the purpose of personalized advertising
of diver training, products and services with the user’s consent. This includes, for example,
advertising for diving insurance, membership for divers, promotion of local training programs and events conducted by Training Centers, etc.


The processing is necessary for the purposes of the legitimate interests pursued by us (Article 6 (1) (f) General Data Protection Regulation).


SSI will transfer your personal data to external service providers only when third parties are processing the data on our behalf. We will enter into a data processing agreement to ensure that both the security of your data and our information is only used in accordance with our
Privacy Policy.

Changes to this privacy notice
From time to time, we may update this privacy notice. When we do, we will post it on our Website and include the effective date of the
update. If there are material changes to this privacy notice, we will post a prominent notice on our Website and provide other notice as
required by law.

Your Rights


Your rights regarding SSI processing and storage of your personal data:
• You have the right to access and receive a copy of your personal data at SSI, Art. 15 General
Data Protection Regulation (GDPR).
• If your personal data is incorrect or no longer current, you have the right to modify the information, Art. 16 GDPR.
• You have the right to obtain verification your personal data has been deleted from MySSI,
(“right to be forgotten”), Art. 17 GDPR.
• You have the right to receive a copy of your personal data in a commonly used and legible format.
• You also have the right to know that we may transmit your data to another controller Art.

 GDPR.
• You have the right to obtain a copy of any restriction of processing where the
prerequisites have been met, Art. 
• You have the right to not be the subject of a decision based solely on an automated process, including profiling, which may result in legal consequences or any similar affect concerning you,

 Your right to object
Where your personal data is concerned for the use of direct marketing, you have the right to object to that use.

Additionally, if we process your data even for legitimate reasons, you also have the right to object at any time if grounds develop out of your specific situation.


So that SSI may process your inquiry regarding the rights listed above and ensure your personal data is not given to any unauthorized third parties, please email SSI a short description and clear direction regarding your request to object and or modify your personal data stored at
SSI. You also have the right to file a complaint with the data protection authority.


In particular, the data protection authority in the country or state of your residence or place of work, if you believe that processing your personal data violated applicable data protection laws.