Euro Diving Zone take your privacy rights as a customer seriously. This policy outlines the data we collect from our visitors and how we use it
Any personal information provided to Euro Diving Zone is used solely by Euro Diving Zone, Granåsvägen 204, 468 33 Vargön, Sweden
- GDPR Data Protection Framework
- Privacy Principles
- What personal data we collect
- How we use your data
- Our Cookies Policy
- How long we keep your data?
- The Legal Basis for using your data
- How we ensure your privacy is maintained
- Your Legal Rights relating to your personal data
- Contact Details
. List of cookies we collect
At Euro Diving Zone, we are committed to ensuring that your personal information is protected and never misused.
We take full responsibility for the security of the personal information we collect about you, we aim to be transparent about how we handle it and we aim to give you complete control over the retention or deletion of your personal information.
Granåsvägen 204, 468 33 Vargön, Sweden.
DATA PROTECTION FRAMEWORK
Euro Diving Zone has completed applicable Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) for all areas of our business and activities related to our business that involve the control and processing of personal information.
Privacy Policies can be complicated. We have tried to make ours as clear as possible. To help, this is a brief summary of our privacy principles.
- Will only ask for or collect the personal information we need to provide and improve the service, products and experiences our customers expect.
- Give you control over the personal information we hold about you to ensure it is accurate and reflects your preferences.
- Make sure your personal information is always secure and protected.
- Are fair and transparent about how we use the personal information we hold.
- Only ever use your personal information for the purposes that you trusted us to use it for.
- Will never sell or give away your personal information.
- Respect your choices and will inform you if there are important changes that affect your personal information or how we use it.
- Take responsibility for the personal information that we hold about you.
- Where data is given by “Consent” we will make sure this is an active opt-in for a specific and unambiguous purpose. That is, an act of silence, pre-ticked boxes or inactivity do not qualify as an opt-in.
These principles demonstrate our commitment to protecting your privacy and handling your personal information in the right way and as you would expect it to be handled.
This Policy applies whether you purchase goods or services from us from the EuroDivingZone.com website, via telephone, email or fax, from a visit to our factory site.
WHAT PERSONAL DATA DO WE COLLECT?
Euro Diving Zone may collect the following information about you:
- When you place an order for goods or services on our website, by telephone/fax or in person at our factory sales office or at the Euro Diving Zone stand at any Dive Show: we may collect all or some of the following: your name, email address, billing address, shipping address, company name (if applicable), VAT number (if applicable) and payment card details. If you do not provide this information, you may not be able to purchase goods or services from us or enter into a contract with us.
- your communication and marketing preferences;
- your on-line browsing activities on the Euro Diving Zone website;
- your interests, preferences, feedback and survey responses;
- your correspondence and communications with Euro Diving Zone; and
- other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed, or public Facebook page).
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you set up an on-line account on our website, complete an online order form or send an email to our sales team. Other personal data is collected indirectly, for example your browsing or shopping activity. We may also collect personal data from third parties but only if they can prove your consent to pass your details to us.
See the section below “Legal Basis for Using Your Data” for more information.
PERSONAL DATA WE DO NOT COLLECT
Sensitive Personal Information
We do not knowingly or intentionally collect what is commonly referred to as ‘sensitive personal information’ such as religion, health status, ethnic origin, political views, union membership, your biometric information, sexual orientation etc. Please do not submit sensitive personal information about yourself to Euro Diving Zone.
Children’s Personal Data
The EuroDivingZone.com website or Euro Diving Zone sales office or Dive Show stands, and any goods or services available from Euro Diving Zone, are not directed to children under the age of 13. If you learn that a child under the age of 13 has provided us with their personal information without having parental consent, please contact the Company via info@EuroDivingZone.com immediately so that we can take appropriate action.
HOW WE USE YOUR DATA
Euro Diving Zone uses your personal data:
- to provide goods and services to you;
- to make a tailored website available to you;
- to manage any registered account(s) that you hold with us;
- to verify your identity;
- for crime and fraud prevention, detection and related purposes;
- for product warranty purposes where applicable;
- to inform you of any safety notices and/or product recalls;
- to contact you electronically with important product updates, such as firmware and software upgrades;
- with your agreement: to contact you electronically about promotional offers and products and services which we think may interest you;
- for market research purposes - to better understand your needs;
- to enable Euro Diving Zone to manage customer service interactions with you; and
- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
Euro Diving Zone aims to inform existing customers about products & services, which are of interest and relevance to you as an individual. We will also send such emails to individuals who may not yet be Euro Diving Zone customers but who have opted to receive our newsletters by requesting this on the EuroDivingZone.com website/Facebook page or in person for example, requesting to join this mailing list at a Dive Show.
You have the right to opt out of receiving promotional communications at any time, by:
- changing your marketing preferences in the “Account Information” section of your Euro Diving Zone account;
- making use of the simple “unsubscribe” link in emails and/or
- contacting our team at info@EuroDivingZone.com
Web Banner Advertising
If you visit our website, you may receive personalized banner advertisements whilst browsing other websites. Any banner advertisements you see will relate to products you have viewed whilst browsing our websites on your computer or other devices.
Sharing Data With Third Parties
Our service providers and suppliers:
In order to make certain services available to you, we may need to share your personal data with some of our service partners. These include IT, delivery and marketing service providers.
Euro Diving Zone only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to Euro Diving Zone and to you, and for no other purposes.
Other Third Parties:
Aside from our service providers, Euro Diving Zone will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer data to other organizations for marketing purposes.
We may share your data with:
- credit reference agencies where necessary for card payments;
- governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so: -
- to comply with our legal obligations;
- to exercise our legal rights (for example in court cases);
- for the prevention, detection, investigation of crime or prosecution of offenders; and
- for the protection of our employees and customers.
To deliver products and services to you, it is sometimes necessary for Euro Diving Zone to share your data outside of the European Economic Area. This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under GDPR data protection laws.
If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice is to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers. Those clauses can be accessed at: https://ec.europa.eu/info/law/law-topic/data-protection_en.
Where third party service providers are located in the United States of America we ensure that your data is protected under the EU-US Privacy Shield framework. https://www.privacyshield.gov/welcome
What are cookies?
How are cookies managed?
The cookies stored on your computer or other device when you access our websites are designed by:
- Euro Diving Zone, or on behalf of Euro Shopping Zone AB, and are necessary to enable you to a make purchases on our website;
- third parties who participate with us in marketing programs; and
- third parties who broadcast web banner advertisements on behalf of Euro Diving Zone
What are cookies used for?
The main purposes for which cookies are used are:
- For technical purposes essential to effective operation of our websites, particularly in relation to online transactions and site navigation.
- For Euro Diving Zone to market to you, particularly web banner advertisements and targeted updates.
- To enable Euro Diving Zone to collect information about your browsing and shopping patterns, including to monitor the success of campaigns, competitions etc.
- To enable Euro Diving Zone to meet its contractual obligations to make payments to third parties when a product is purchased by someone who has visited our website from a site operated by those parties.
How do I disable cookies?
If you want to disable cookies you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use.
What happens if I disable cookies?
This depends on which cookies you disable, but in general the website may not operate properly if cookies are switched off. If you only disable third party cookies, you will not be prevented from making purchases on our site. If you disable all cookies, you will be unable to complete a purchase on our site.
HOW LONG DO WE KEEP YOUR DATA?
We will retain your data for no longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data.
Oxygen sensor Register:
In the case of the oxygen sensor Register, we will retain this personal information for as long as that person continues to own a sensor (regardless of whether they dive with it) unless they request we remove them from the register in the event that they dispose of them.
Personal data collected for the purpose of completing a contract in the sale of Euro Diving Zone and services will be retained for at least 6 years.
Direct Selling or Newsletter Sign-up Data:
We will not hold on to data for any longer than is necessary in accordance with this policy statement.
When customers purchase our products, we will keep data relating to their warranty status.
LEGAL BASIS FOR USING YOUR DATA
We are required to set out the legal basis for our ‘processing’ of personal data.
Euro Diving Zone collects and uses customers’ personal data because is it necessary for:
- the pursuit of our “Legitimate Interests” (as set out below);
- the purposes of complying with our duties and exercising our rights under a “Contract” for the sale of goods or services to a customer (as set out below); or
- complying with our “Legal Obligations”.
- “Consent” for direct marketing communications to prospective customers - but only when we have a clear record of the nature of this consent, when this consent was given and if it falls within the time frame of how long we state we will retain such data in this Policy.
- “Vital interests”. That is, “life or death” situations to protect the vital interests of the data subject, or another natural person.
- “Public interest”. That is, if it relates to tasks executed in the public interest, by official authority of the data controller.
- “Member state specific purposes”, including national law and public interest requirements.
In general, we only rely on “Consent” as a legal basis for processing in relation to sending direct marketing communications to prospective customers via email or text message.
Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
Our Contractual Interests
The normal legal basis for processing customer data, is that it is necessary for the contractual interests of Euro Diving Zone Ltd, including:
- Contracting to sell and supply goods and services to our customers;
Legal basis for processing: “Contractual necessity” – the data is necessary to perform a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: we need the mandatory information collected by our checkout form online or for our sales team/ERP systems, to establish who the contract is with and to contact you to fulfil our obligations under the contract, including sending you order confirmations, goods and receipts.
Legal obligation: we have a legal obligation to issue you with an invoice for the goods and services you purchase from us where you are VAT registered and we require the mandatory information collected by our checkout form or our sales team/ERP systems, for this purpose. We also have a legal obligation to keep accounting records, including records of transactions.
Our Legitimate Interests
The normal legal basis for processing customer data, is that it is necessary for the “Legitimate Interests” of Euro Diving Zone, including:
- Protecting customers, employees and other individuals and maintaining their safety, health and welfare;
- Promoting, marketing and advertising our products and services to existing customers;
- Sending promotional communications which are relevant and tailored to individual existing customers;
- Understanding our customers’ behavior, activities, preferences, and needs;
- Improving existing products and services and developing new products and services;
- Complying with our legal and regulatory obligations;
- Preventing, investigating and detecting crime, fraud or anti-social behavior and prosecuting offenders, including working with law enforcement agencies;
- Handling customer contacts, queries, complaints or disputes;
- Managing insurance claims by customers;
- Protecting Euro Diving Zone, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Euro Diving Zone;
- Effectively handling any legal claims or regulatory enforcement actions taken against Euro Diving Zone; and
- Fulfilling our duties to our customers, colleagues and other stakeholders.
HOW WE PROTECT YOUR DATA
Our Controls - How we secure your information
Euro Diving Zone is committed to keeping your personal data safe and secure.
Our security measures include:
- encryption of data;
- regular cyber security assessments of all service providers who may handle your personal data;
- regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents;
- regular penetration testing of systems;
- security controls which protect the entire Euro Diving Zone IT infrastructure from external attack and unauthorized access; and
- internal policies setting out our data security approach and training for employees.
SSL Encryption of Payment Card Details
When purchasing goods online from Euro Diving Zone your card details are SSL encrypted and go directly to PayPal (https://www.PayPal.com) who our third-party card payment processing companies. The card details are not visible to (or obtainable by) any employee of Euro Diving Zone.
Our site uses the strongest commercially available level 256-bit Secure Socket Layer (SSL) encryption, which is verified and certified annually.
Our current SSL provider is Shopify https://www.Shopify.com
Euro Diving Zone also uses 3D Secure as an additional layer of fraud prevention security in conjunction with PayPal, our third party card payment processing company.
3D Secure stands for 3 Domain Server. There are 3 parties that are involved in the 3D Secure process:
- The company the purchase is being made from;
- The Acquiring Bank (the bank of the company);
- VISA and MasterCard (the card issuers themselves).
3D Secure allows shoppers to create and assign a password to their card that is then verified whenever a transaction is processed through a site that supports the use of the scheme. The addition of password protection allows extra security on transactions that are processed online.
The scheme is a collective of Verified by VISA (VBV) https://www.visa.co.uk/products/protection-benefits/verified-by-visa/ and MasterCard Secure Code (MSC) https://www.mastercard.co.uk/en-gb/consumers/features-benefits/securecode.html. It is the most recent fraud prevention initiative that is available currently. More information can be found here: https://www.sagepay.co.uk/support/12/36/3d-secure-explained
Payment Card Details
When you make a purchase or place an order with us via telephone, in person at Euro Diving Zone or at a Dive Show your payment card details are collected but only for the period of the transaction. No payment card records are retained unless specifically requested by the customer. Such records are secured electronically and encrypted. No physical copy is retained and any that are made temporarily during the transaction are destroyed by shredding or securely redacted.
We are committed to an ongoing employee-training program and to fostering a culture of privacy & data security among all Euro Diving Zone staff involved in the processing and protection of personal data. We are committed to the GDPR principles of ‘Privacy by Design & Default’ in that we take appropriate technical and organizational measures to secure your information and to protect it against unauthorized or unlawful use and accidental loss or destruction, including:
- only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymized basis wherever possible;
- using secure servers to store your information;
- verifying the identity of any individual who requests access to information prior to granting them access to information;
- using Secure Sockets Layer (SSL) software to encrypt any information you submit to us via any forms on our website and any payment transactions you make on or via our website;
- only transferring your information via closed system or encrypted data transfers.
Transmission of information to us by email
Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet by email, you do so entirely at your own risk.
We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.
Euro Diving Zone uses a third party email security provider to store and filter emails you send us. Our third party email provider is Microsoft Outlook Exchange.
Where we store your personal information
All of your customer data uploaded to Euro Diving Zone is stored on ISO27001 accredited hosting services inside the European Economic Area ("EEA"), specifically Sweden. Euro Diving Zone uses an Enterprise grade third party hosting service.
Customer order data is stored electronically within a secure ERP system on a secure and protected server. Paper copies of goods and services transactions are kept in secure storage.
Customer registration data and consensual email marketing data are stored in locked files held on the secured company server. Any personal data is secured and encrypted if and when it is transported away from the Euro Diving Zone servers for example when necessary for use at Dive Shows on company laptop computers or mobile phones.
By registering on the website or sending us your personal information by other means, you are indicating your consent for your personal information to be stored on our servers within the EEA.
Should your personal data be processed by any of our GDPR-compliant sub-processors that are based outside of the EEA (in order to fulfil our services to you) we will have practiced due diligence in vetting these third parties and ensured that your data is protected under the EU-US Privacy Shield framework (USA) or a ‘standard data protection clause’ approved by the European Commission for Third Parties operating in other non-EEA countries.
WHAT YOU CAN DO TO HELP PROTECT YOUR DATA
Euro Diving Zone Ltd will never ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from Euro Diving Zone asking you to do so, please ignore it and do not respond.
If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.
In addition, we recommend that you take the following security measures to enhance your online safety both in relation to Euro Diving Zone and more generally:
- keep your account passwords private.
- when creating a password, use at least 8 characters with a combination of letters and numbers. Do not use dictionary words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your password. You can do this by logging into your account > click ‘Account Information’ > and check the ‘Change Password’ tick box.
- avoid using the same password for multiple online accounts.
Under GDPR you have the following rights:
- the right to ask what personal data we hold about you at any time and for the reply to be completed in a timely manner within 30 days maximum;
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge; and
- (as set out above) the right to opt out of any marketing communications that we may send you.
- you have the right to lodge a complaint with the Information Commissioner’s Office.