DATA PROTECTION DECLARATION – ALOHADIVING.COM WEBSITE
The website www.alohadiving.com, including its subdomains and micro-sites, databases and webshops (“website”) are operated by Aloha Ocean Adventures Co. ltd – 87/18 Moo2 T. Rawai A. Muang – 83130 Phuket – Thailand – Email: [email protected] – Tel: + 66-97-9243483 (“Aloha Diving”, “we”, “us”).
This data protection declaration is valid for the website www.alohadiving.com, including its subdomains and micro-sites. If necessary, we must update this Data Protection Declaration in connection with the further development of the Internet and changes in the legal situation legal precedents. We therefore recommend that review this page in regular intervals to ensure you have read the most up-to-date version.
1. GENERAL PROVISIONS
1.1 Legal basis
The EU General Data Protection Regulation (“GDPR”) and the corresponding national data protection laws protect the fundamental rights and freedoms of individuals and their rights to the protection of personal data.
1.2 What is personal data?
Personal data is information about data subjects, whose identity is determined or at least can be determined. Personal data includes, for example, names, addresses, telephone numbers, e-mail addresses, user IDs, credit card numbers, social media account IDs, user names, IP addresses etc.
1.3 Which data do we collect from you, and how or for what purposes do we process your data?
We collect user data for purely informative use of the website as explained in point 2 below. When contacting us by email or via the contact form, we collect the user data that you have provided to us (e.g. name, email address, etc.), as far as permitted by law or as part of the fulfilment of the contract or to safeguard our legitimate interests or you have given your consent for. The storage period for personal data is explained in detail under point 8.
2. HANDLING PERSONAL DATA FOR WEBSITES FOR PURELY INFORMATIONAL USE
2.1 Cookies used upon accessing the website
2.2 Google Analytics and Universal Analytics
Our user analysis also uses Universal Analytics. With this, we can obtain information on the use of our offerings on different devices (“cross devices”). With cookie technology, we use a pseudonymised user ID that contains no personal data and also does not transmit such data to Google. You may object to data collection and storage at any time with effect for the future by deactivating the cross-device user analysis in your customer account. Additional information on Universal Analytics can be found here: HTTPS://SUPPORT.GOOGLE.COM/ANALYTICS/ANSWER/2838718?HL=EN&REF_TOPIC=6010376
However, in the event that IP anonymisation is activated, on this website, your IP address will be shortened in advance by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the entire IP address be passed on to a Google server in the USA and shortened there. IP anonymisation is active on this website. By order of the operator of this website, Google will use this information to analyse and evaluate your use of the website, to put together reports on website activities and to provide services through us related to website and Internet use.
If you do not want any website to record your activities via Google Analytics, you may download and install available browser plug-ins via the following link (HTTP://TOOLS.GOOGLE.COM/DLPAGE/GAOPTOUT).
Additional information on the terms and conditions of use and data protection can be found at HTTPS://WWW.GOOGLE.COM/ANALYTICS/TERMS/GB.HTML or at HTTPS://POLICIES.GOOGLE.COM/?HL=EN.
2.3 Google Network, Remarketing and DoubleClick
2.4 Facebook Pixel
Our website measures conversions using visitor action pixels from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA („Facebook“).
These allow the behaviour of site visitors to be tracked after they click on a Facebook ad to reach the provider’s website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.
You can also deactivate the custom audiences remarketing feature in the Ads Settings section at HTTPS://WWW.FACEBOOK.COM/ADS/PREFERENCES/?ENTRY_PRODUCT=AD_SETTINGS_SCREEN. You will first need to log into Facebook.
If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: HTTP://WWW.YOURONLINECHOICES.COM/UK/YOUR-AD-CHOICES.
3. HANDLING PERSONAL DATA WHEN USING SOCIAL FUNCTIONS
Our websites use social plug-ins (“plug-ins”) of various social networks provided that you have granted us your consent for this purpose:
3.1 Use of Facebook plug-ins (“Like” button)
The plug-ins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, are incorporated into our websites. You recognise the Facebook plug-ins on the Facebook logo (white “f” on the blue tile) or the terms “Like”, “I like” or the “Thumbs up” icon on our website. An overview of the Facebook plug-ins can be found here: HTTPS://DEVELOPERS.FACEBOOK.COM/DOCS/PLUGINS.
If you visit our websites, a direct connection between your browser and the Facebook server will be created via the plug-in. In this way, Facebook receives the information that you have visited our websites with your IP address. If you click on the Facebook “Like” button while you are logged in to your Facebook account, you can link the content of our websites to your Facebook profile. In this way, Facebook can attribute the visit to our websites to your user account. Please note that we do not obtain any knowledge of the content of the transmitted data or of its use by Facebook. Additional information about this can be found in Facebook’s Data Protection Declaration at HTTPS://WWW.FACEBOOK.COM/POLICY.PHP.
If you do not want Facebook to be able to attribute visits to our websites to your Facebook user account, please log out of your Facebook user account before visiting our website.
3.2 Use of SnapChat
Plug-ins of the social service Snapchat are used on our mobile website. The plug-ins are indicated by a “Follow” button in the form of a white ghost on a yellow background.
If you visit our mobile website, which contains such a plug-in, your device creates a direct connection with the Snapchat servers. The content of this plug-in is transmitted by Snapchat directly to your device. With this integration, Snapchat receives the information that your device has visited the corresponding page of our mobile website, even if you do not have a profile or you are not logged in to Snapchat. This information (including your log data, such as the IP address) is transmitted by your device directly to a Snapchat server and stored there. If you are logged in to Snapchat, Snapchat can attribute the visit to our mobile website directly to your account. If you interact with the plug-ins, for example, if you activate the “Snapchat” button, the corresponding information will likewise be transmitted directly to a Snapchat server and stored there. The information is also published and shown to your contacts there.
The purpose and scope of data collection and the further processing and use of data by Snapchat as well as your rights and settings options associated with this for protecting your private sphere can be found in the data protection notices at HTTPS://WWW.SNAP.COM/DE-DE/POLICIES/.
If you do not want Snapchat to attribute the data collected via our website directly to your Snapchat account, you must log out before your visit.
3.3 Use of Twitter
Plug-ins of the microblogging service Twitter, which is operated by Twitter Inc., 1355 Market St., Suite 900, San Francisco, CA 94103, USA (“Twitter”), are used on our website. The plug-ins are indicated by a Twitter logo, for example, in the form of a blue “twitter bird”. An overview of the Twitter plug-ins and their appearance can be found at: HTTPS://DEV.TWITTER.COM/WEB/TWEET-BUTTON.
If you visit one of our websites that contain such a plug-in, your browser creates a direct connection with the Twitter servers. The content of the plug-in is transmitted by Twitter directly to your browser and integrated into the site. By way of this integration, Twitter receives the information that your browser has visited the corresponding page of our website even if you do not have a Twitter profile or you are not logged in to Twitter. This information (including your IP address) is transmitted by your browser directly to a Twitter server in the USA and stored there. If you are logged in to Twitter, Twitter can attribute the visit to our website directly to your Twitter account. If you interact with the plug-ins, for example, if you activate the “Twitter” button, the corresponding information will likewise be transmitted directly to a Twitter server and stored there. The information is also published in your Twitter account and shown to your contacts there.
The purpose and scope of data collection and the further processing and use of data by Twitter as well as your rights and settings options associated with this for protecting your private sphere can be found in the data protection notices of Twitter: HTTPS://TWITTER.COM/EN/PRIVACY.
If you do not want Twitter to attribute the data collected via our website directly to your Twitter account, you must log out of Twitter before your visit to our website. You can also prevent the downloading of Twitter plug-ins with add-ons for your browser, for example, with the script blocker “NoScript” (HTTP://NOSCRIPT.NET/).
3.4 YouTube videos
We have also incorporated YouTube videos into our websites. The videos are stored at WWW.YOUTUBE.COM and can be played directly from our websites. These videos are incorporated in such a way that no personal data related to you as the user is sent to YouTube if you do not play the videos.
If you do play the videos, YouTube cookies will be stored on your computer and data will be sent to Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as the YouTube operator. When playing videos stored with YouTube, the following personal data is sent to Google, Inc.: the IP address and cookie ID, the specific address of the page visited on our websites, language setting of the browser, system date and time of access and your browser’s identifier. The data is transmitted regardless of whether you are registered with or logged in to Google. If you are logged in, this data will be attributed directly to your account.
If you do not want this attribution to your profile, you must log out before activating the button. YouTube or Google, Inc., stores this data as use profiles and uses this data for the purposes of advertising, market research and/or designing its websites based on demand. Such use is meant in particular (not only for logged-in users) to provide advertising based on demand and to inform other users of your activities on our website. You have a right to oppose the creation of these user profiles, and to exercise this right, you must address yourself to Google Inc. as the operator of YouTube. Additional information on the purpose and scope of data collection and processing by Google, Inc., can be found at HTTPS://POLICIES.GOOGLE.COM/PRIVACY?HL=EN&GL=AT. We do not process the personal data collected when the YouTube video is accessed.
3.5 Use of Instagram
On our websites, we place plug-ins of the social network Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA. The plug-ins are indicated by an Instagram logo, for example, in the form of an Instagram camera. An overview of the Instagram plug-ins and their appearance can be found here: HTTP://BLOG.INSTAGRAM.COM/POST/36222022872/INTRODUCING-INSTAGRAM-BADGES.
If you visit our website, your browser creates a direct connection with the Instagram servers. The content of the plug-in is transmitted by Instagram directly to your browser and integrated into the website. By way of this integration, Instagram receives the information that your browser has visited the corresponding page of our website even if you do not have an Instagram profile or you are not logged in. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there.
If you are logged in to Instagram, Instagram can attribute the visit to our website directly to your Instagram account. If you interact with the plug-in, for example, if you activate the “Instagram” button, this information will also be transmitted directly to an Instagram server and stored there. The information is also published in your Instagram account and shown to your contacts there.
The purpose and scope of data collection and the further processing and use of data by Instagram as well as your rights and settings options associated with this for protecting your private sphere can be found in the data protection notices of Instagram: HTTPS://HELP.INSTAGRAM.COM/155833707900388.
On our websites, we place plug-ins of the social network Pinterest.com, a service of Pinterest, Inc., 808 Brannan Street, San Francisco, CA 94103, USA. The plug-ins are indicated with a Pinterest logo, for example, as a “P” in the form of an ampersand and alternatively with the “Save” add-on in white lettering on a red emblem or rectangle. An overview of the Pinterest plug-ins can be found here: HTTPS://DEVELOPERS.PINTEREST.COM/DOCS/WIDGETS/SAVE/?.
With the integration of the plug-in on our page, the following personal data is sent to Pinterest: IP address and session ID, operating system used and statistical information as well as your browser’s identifier. The data is transmitted regardless of whether you have a user account with Pinterest, to which you are logged in.
If you are logged in, this data will be attributed directly to your account. If you do not want this attribution to your profile, you must log out before activating the button. Cookies for the collection and control of usage-based online advertising can be deactivated at WWW.YOURONLINECHOICES.COM.
Additional information on the purpose and scope of data collection and the processing of personal data by Pinterest can be found at HTTPS://POLICY.PINTEREST.COM/EN/PRIVACY-POLICY. We will not process your personal data.
4. HANDLING PERSONAL DATA DURING PROACTIVE USE BY THE USER
4.1 Making contact
When the user actively makes contact with us (for example, via e-mail or via our contact form as part of a promotion), the data and information of the user will be stored for the purpose of processing the inquiry and in the event that follow-up questions arise, and forwarded to the responsible person (for example, the IT department, the legal department, logistics etc.).
4.2 Purchase via online store
If you make a purchase via this website, we collect, store and process personal data (your name, billing and delivery address, e-mail address, telephone number and the serial number assigned to the ordered items and information on the goods that you purchased) for the purposes of contract performance and the fulfilment of any post-contractual obligations (such as a warranty). For this purpose, we forward your name and your delivery address to transport or courier services for the delivery of the goods that you purchased, and we also forward the payment and transaction data to credit or financial institutions for the handling of payment.
If you set up an account on our website, we collect the personal data described above together with your user name and password for the purpose of managing your online account.
If you register through an existing account (such as ZEPP, Facebook, Google or WeChat), you agree that we will access the data that you store in this account (such as your name, e-mail address, address) and that they will be processed for the purposes described in Section 4.2. For this purpose, during registration, you must once again explicitly consent to data transmission from the respective existing account.
4.4 Comments and input
Users have the option to leave comments and ratings on selected products and blog posts on our blog and online store by providing a nickname, a comment, the summary of the review and the product rating. In this case, we will store your nickname (which can be personal data under certain circumstances), your input and your IP address. In addition, you hereby grant us the non-exclusive, unremunerated, temporally unrestricted right, which may be revoked at any time, to use your nickname and to publish your comment and rating on our product pages or blog worldwide, but only as long as you delete the content or request that your rating be deleted. Content may be deleted at any time by notifying us at the contact information specified below.
4.5 Processing of personal data based on our legitimate interests
We also process the personal data provided in connection with registration and ordering (your name, billing and delivery address, e-mail address, telephone number, the serial number assigned to the ordered item as well as additional information on the goods that you purchased) to improve our products and services. In addition, we process the specified data categories for internal statistical and operational purposes, for example, to measure and understand trends related to demographics, users, user interests, purchases and other trends among our users, as well as for recall actions and for the quick processing of complaints based on our legitimate interests. The specified data categories are also processed for research, precautionary, defence and other measures with regard to non-compliance with this Data Protection Declaration, illegal actions or suspected fraud, or to take measures in situations in which the potential risk of violation of our legal rights or the rights of other persons exists.
Based on your granted consent to receive the newsletter and after confirmation of the double opt-in e-mail by clicking on the button contained therein, your first and last name, your e-mail address and your IP address and optionally your date of birth, your gender, the desired country and the desired language will be processed by Aloha Diving, for the purposes of sending (i) marketing and product information related to goods and services from Aloha Diving product range, (ii) personalised promotional information and news matching your interest categories and based on your website use (for example, frequent viewing of products within your selected interest categories and geolocalisation), (iii) satisfaction surveys regarding services and advice of Aloha Diving and demand analyses, (iv) contests, coupons, discount campaigns and prize games, (v) electronic greeting cards via e-mail.
Personalised promotional material and news is sent based on your IP address and your usage behaviour on the website. Based on your IP address and with the aid of our “Browser Region Managers”, we can locate the region where you are located when you are using the website and send you regional offers to the extent to which you have consented. We do not determine your exact location while doing this. In the process, we also analyse the frequency of clicks solely for your selected areas of interest “scuba diving, technical diving, freediving and swimming” and, for example, in the case of frequent use of the “scuba diving” section, send you information from this area of interest via e-mail based on the declaration of consent described above. For this reason, we use the cookie with the designation “VIEWED_PRODUCT_IDS”. The analysis is carried out based on the following assessment methods and sequence of preferences: The data regarding your usage behaviour on the website is compared anonymously with the empirical values for similar data sets in our database. Based on this, we calculate the probabilities of potential future contacts and purchases with us. We can therefore also make corresponding offers and send information that, based on our experience, was of interest to customers with similar behaviour. In the process, we can also create anonymised and pseudonymised user profiles.
We also store your IP address and the date of registration upon subscribing to the newsletter. This is only saved to serve as proof in the event that a third party misuses an e-mail address and subscribes to receive the newsletter without the knowledge of the rightful owner. Personal data collected when subscribing to the newsletter is not forwarded to third parties for marketing purposes.
You may revoke your consent to receive newsletters at any time with effect for the future without specifying the reasons (for example, via a link at the end of every newsletter or via e-mail at [email protected]).
If you forward our newsletter to third parties, you must comply with legal provisions and obtain the consent of the recipient in advance. If a third party lodges claims against us due to the forwarding of a newsletter by you, you shall indemnify and hold us harmless against all claims associated therewith, including penalties and costs of legal defence.
4.7 Facebook Lead Ads
We use Facebook lead ads on our Facebook websites, including for example: Aloha Diving (@alohaoceanadventures) to enable subscription to our newsletter via Facebook. Subscription via the form is only valid if you activate the subscription by “clicking” on the confirmation link in the confirmation e-mail that you receive. At the time of subscription, only your personal data recorded with Facebook or entered voluntarily by you, such as your e-mail address and name in all cases, are required in the form, and your city, address, age etc. are optional. We use the personal data provided exclusively to send to you via e-mail our newsletter specifically described in the lead, provided that you have explicitly provided consent. You may revoke your consent to receive the newsletter at any time with effect for the future without specifying the reasons.
4.8 Prize games and contests
In connection with the prize games, contests or promotional activities that we offer, we will use your personal data solely for holding the prize game, contest or promotional activity (for example, to contact winners, to send the prize), unless you have granted us your explicit consent for use in other ways.
5. TRANSMISSION OF YOUR PERSONAL DATA TO THIRD PARTIES
- to IT service providers and/or providers of data hosting or data processing or similar services;
- to other service providers, providers of tools and software solutions who also support us in providing our services and work on our behalf (incl. providers of marketing tools, marketing agencies, communication service providers and call centres);
- to any third parties who are involved in fulfilling our obligations to you (for example, parcel service providers for the shipment of your online store order to you, payment service providers for payment processing in the online store, banks for payment processing);
- to other external third parties to the necessary extent (for example, auditors, insurance companies if an insured event occurs, legal representatives should the situation arise etc.);
- to officials and other public offices to the extent required by law (for example, tax authorities etc.);
- to industry partners the user data may be shared with partners with the user’s consent within the dive industry for the purpose of personalised advertising of diver training, products and services. This includes, for example, advertising for diving insurance, membership for divers, promotion of local training programmes and events conducted by dive centres, etc.
6. TRANSMISSION OF YOUR PERSONAL DATA TO THIRD PARTIES OUTSIDE OF THE EU/EEA
We will transmit your personal data to SSI partners outside of the EU/EEA for the verification of your SSI training status and certifications, for the provision of our services, the operation of the website, the handling of your order, the maintenance of our IT systems and software etc. However, such transmission does not change anything in our obligation to protect your personal data in accordance with this Data Protection Declaration. If your personal data is forwarded outside of the EU/EEA, we guarantee an adequate measure of security by forwarding them to countries that have an appropriate level of protection based on confirmation by the European Commission, or by concluding an appropriately formulated contract between us and the legal person outside of the EU/EEA who receives the data.
7. DATA SECURITY
The website WWW.ALOHADIVING.COM, including its subdomains and micro-sites is provided in the protected https-format. Additionally, we take appropriate technical and organisational security measures to protect your personal data from unintentional or unauthorised deletion or modification, and from loss, theft and unauthorised viewing, forwarding, reproduction, use, alteration or access. We and our employees are also bound to data secrecy and confidentiality. Likewise, performance agents and authorised agents of Aloha Diving who must have access to your personal data to fulfil their professional duties will receive access and will be subject to the same obligations to observe data secrecy and confidentiality.
8. STORAGE PERIOD
Personal data will be stored until the expiration of the responsible party´s warranty, statute of limitations and legal retention periods (usually 10 years, maximum 30 years) or beyond in case of any disputes in which the data is required as evidence. If processing depends upon your consent, we will store this data as long as you do not withdraw your consent.
9. YOUR RIGHTS
You have the right to receive information in a clear, transparent and intelligible manner regarding how we process personal data and regarding your rights as a data subject (Art. 13 et seqq. GDPR):
- You therefore have the right to information and to receive a copy of the personal data about you that is processed;
- If the personal data is incorrect or no longer current, you have the right to rectification;
- You also have the right to erasure of your data (“right to be forgotten”);
- You also have the right to unsubscribe from marketing campaigns and to opt out in this regard at any time;
- You may also revoke your consent to the processing of personal data at any time with effect for the future if processing is based on your consent;
- You also have the right to data portability in a commonly used and machine-readable format. This applies exclusively to data that you have provided, with which processing is based on a contract or consent and with which processing takes place automatically;
- Finally, you have the right to request that the processing of data by us be restricted, so that we may only continue to store them and no longer use or process them. However, this applies only in the following situations
(i) The accuracy of the personal data is contested by you for a period enabling us to verify the accuracy of the personal data;
(ii) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead
(iii) We no longer need the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims
(iv) You have objected to processing based on our legitimate interests and the verification of whether legitimate grounds on our side override those on your side is not yet certain.
- You also have the right to lodge a complaint with the competent data protection authorities if you are of the opinion that the processing of the personal data about you violates the applicable data protection laws.
Before you lodge a complaint with the data protection authorities, or if you have questions, you may also contact us:
Aloha Ocean Adventures Co., Ltd
87/18 Moo2 T. Rawai A. Muang
Your right to object
As the data subject, you may object to the use of your data at any time if the processing serves the purposes of direct marketing. If we process your data for legitimate purposes, you also have the right to object at any time if grounds for this arise from your specific situation.
So that we can process your inquiry regarding your rights specified above and ensure that personal data is not given to unauthorised third parties, please address the inquiry with clear identification of your person and with a short description regarding the scope of the exercise of your data subject rights listed above.