b. Region Specific Provisions. Certain provisions of the Policy apply only within, or to residents of, specific jurisdictions, and are clearly labeled as such. Otherwise, the Policy applies to all users of our Services, regardless of location.
c. Changes. We may change this Policy at any time. When we do so, we will post the updated Policy on this page and, if the changes are material, inform existing users through email or the Services. Any changes to the Policy will be effective immediately for new users and, for existing users, thirty (30) days after we post the changes on the Site or otherwise inform them of the changes.
d. Children. The Services are not directed to children. However, children who are invited to use the Services by a parent or guardian (under a family plan or equivalent) may do so. If you become aware that a child (based on the jurisdiction where the child lives, which in the United States means someone under the age of 13) has provided us with Personal Data without parental consent, contact us. We will remove the information from our systems as soon as reasonably practicable.
e. Personal and Anonymous Data. As used in this Policy, “Personal Data” has the meaning provided in the EU General Data Protection Regulation of 2018 (the “GDPR”), and includes any information which, either alone or when combined with other information we hold, identifies an individual, such as name, mailing address, email address, IP address, and telephone number. For legal residents of California, who are covered by the California Consumer Privacy Act (“CCPA”), Personal Data includes any additional elements defined as such by the CCPA. By contrast, “Anonymous Data” means any data that, alone or combined with other information available to us or a third party, does not permit identification of an individual. We collect both Personal Data and Anonymous Data as described below.
f. Why Do We Need Your Personal Data? We need certain Personal Data in order to provide the Services. You will be asked to provide this information—and must agree to this Policy and the Conditions of Use (Terms) — in order to download and use the Apps of the Website. This consent, which you may withdraw at any time, provides us with the legal basis we need to process your Personal Data. If you do not agree to this Policy, you may not use our Services. In addition, if you withdraw consent to our use of Personal Data which is necessary to the provision of the Services (such as email address), we will no longer be able to provide the Services.
- PARTICULARLY IMPORTANT INFORMATION (EU AND CALIFORNIA USERS)
a. (EU USERS).
i. Who We Are. For the purpose of the GDPR, the data controller of your Personal Data is UTD Scuba Diving, LLC, San Diego, California, USA. You may contact our data protection officer at email@example.com.
ii. Must Read Sections: Please carefully review the sections entitled “Data Security and International Transfer” and “Your Rights Regarding Personal Data.”
b. (CALIFORNIA USERS).
- HOW DOES UTD SCUBA DIVING OBTAIN DATA? We collect information in the following ways:
a. Information You Provide.
i. Registration Data. You must create an Account to use an App. To create an Account, you must provide an email address that will be used as your login. You may also choose to provide a phone number, though this is not required. The only Personal Data required to open a UTD Scuba Diving Free account is your email. We store registration data until your Account is deleted and for up to one year afterward. For paid Accounts, we collect the billing data specified below. Note that for UTD Scuba Diving Business Accounts, registration data includes the business name and mailing address, administrator contact information, and may include email addresses for the users of the Services.
ii. Billing Data. We use third party service providers (currently Stripe and PayPal but may include others) to process payments made through the Site. We store the expiration date and last four digits of your credit card for tax compliance and user support purposes. Depending on the provider, we may able to access the name, address and phone number associated with a payment method on the payment provider service, but complete credit card information is available only to our payment processors. We do not receive or store any billing data if you pay for an App through an App Store. Billing data is retained until your Account is deleted and for up to one year afterwards.
iii. Master Password. To create an Account, you must create a “Master Password,” which is the basis for the encryption key used to secure the information you store in the Apps (“Secured Data” as further defined below). Each user (including those associated with a UTD Scuba Diving Business account) must create their own Master Password. UTD Scuba Diving’s technology ensures that we do not know our users’ Master Passwords. In addition, Apps do not store Master Passwords locally unless specifically directed by the user.
iv. Secured Data. Our Apps let you manage digital identity data, including highly sensitive information like credit card numbers and site or application credentials. This, and everything else you store on the Apps, is “Secured Data,”and is encrypted and stored locally on your device(s) and on UTD Scuba Diving’s servers using a random key generated from your Master Password. Secured Data is encrypted at all times on UTD Scuba Diving servers cannot be accessed by UTD Scuba Diving because the encryption key is generated from the Master Password.
v. Support and Correspondence. You may provide Personal Data in connection with user support and inquiries from our Site. User support histories are maintained for so long as the associated account is not deleted and up to one year afterwards.
vi. Feedback. If you provide us with Feedback, we will collect your email address in order to respond to you. We may use Feedback without limitation as described in the Terms.
vii. Other Data. We may also collect other types of information in the manner disclosed by us when the information is collected.
b. Data You Provide About Others. The Services let you invite others to try the Apps. If you do this (or if you are invited this way), UTD Scuba Diving will store the invitee’s email address and the message sent to them in order to follow up (and, if applicable, credit the referrer with any referral bonus or equivalent). We will let the invitee know who referred them to UTD Scuba Diving, and let them request that their information be deleted from our systems. The referrer or invitee may contact the help center to request removal of this information.
c. Data Collected by Technology.
i. Device and Browser Data. We automatically log the following information about your computer or mobile device when you access the Services: operating system name and version, device identifier, browser type, browser language, and IP address. Some of this data is collected using cookies. This data is used to secure your Account, ensure the Services are presented in the correct language and optimized for your device, facilitate customer support, and for tax and compliance purposes (e.g., using the region associated with your IP address to display local regulatory notices). This data is kept in our system for as long as your Account is not deleted and up to one year afterwards.
ii. Usage Data. We collect data about the use of the Services (for example, use of features, and interactions with the Apps and the Site) in order to provide and improve the Services (“Usage Data”). Usage Data is kept logically separated from Personal Data and is used to generate Aggregated Data.
iii. Aggregated Data. We derive information about the use of our Services by aggregating Usage Data from large numbers of users (e.g., number of users within a particular jurisdiction). This “Aggregated Data” is Anonymous Data, is owned by UTD Scuba Diving, and is primarily used to help analyze and improve the Services.
4.HOW DOES UTD SCUBA DIVING USE YOUR PERSONAL DATA?
a. General. UTD Scuba Diving uses Personal Data to provide the Services and respond to your requests, including to:
i. Establish, maintain, and secure your Account.
ii. Identify you as a user and provide the Services you request.
iii. Perform fraud detection and authentication.
iv. Improve the Services and your interactions with them.
v. Send you administrative notifications, such as payment reminders or support and maintenance advisories. You will receive these notices even if you opt out of receiving marketing communications as set forth below.
vi. Provide you with the correct interfaces and options required by the jurisdiction from which you are accessing the Services.
vii. Respond to customer support inquiries and other requests.
viii. Promote the Services or send you other UTD Scuba Diving marketing information. EU users must actively choose to receive marketing communications. Users elsewhere (and those in the EU who have previously opted in) may always elect to stop receiving such communications.
b. Automated Decision Making and Profiling. We do not use your Personal Data for automated decision-making. However, we may do so in the future to comply with applicable law, in which case we will inform you of any such processing and provide you with an opportunity to object.
- HOW DOES UTD SCUBA DIVING SHARE PERSONAL DATA?
UTD Scuba Diving will never sell your Personal Data (as “sell” is normally defined – see Sections 2 (b) and 8 to for information about “sales” as defined In California) or use it except as stated in this Policy. We share your Personal Data in the following circumstances:
i. Third Parties You Designate. We may share Secured Data (which may include Personal Data) with third parties where you have provided your consent to do so (e.g., by using the Services’ “sharing” or “emergency contact” features). While this data is transferred through our servers, we do not have access to it, as noted elsewhere in this Policy.
ii. Service Providers. We provide Personal Data to third party service providers solely as required to provide the Services, create accounts, provide technical support, process payments, or enable communication between you and UTD Scuba Diving. We review the security and data privacy practices of all these service providers to ensure that they comply with all applicable laws and this Policy. We have Data Processing Addenda in place with all service providers who access Personal Data of EU users. Secured Data stored by our data hosting provider is encrypted at all times as described above.See the Subprocessors List to see what vendors have access to Personal Data in connection with our delivery of the Services.
iii. Affiliates.This Policy applies to all entities that are owned by, or under common control with, UTD Scuba Diving, (“Affiliates”). We share Personal Data among Affiliates as required to provide the Services and respond to requests. Certain Affiliates are in the United States, where privacy and related laws are not deemed adequate by European regulators to hold and protect the Personal Data subject to the GDPR. To offer the levels of protection required by European law, we have Data Processing Addenda or equivalent documents in place among our EU and US Affiliates, in addition to the other measures indicated below.
iv. Corporate Restructuring. If UTD Scuba Diving or its business or assets are acquired by, or merged into, another company, that company will possess any Personal Data in our possession at such time, and will assume our rights and obligations under this Policy. Accordingly, we may share Personal Data in connection with any such transaction. Personal Data and other information may also be transferred as a business asset in the event of UTD Scuba Diving’s insolvency, bankruptcy, or receivership.
v. Other Disclosures. Regardless of your choices regarding Personal Data, UTD Scuba Diving may disclose your Personal Data:
(a) where required to comply with applicable laws or governmental orders;
(b) if we believe in good faith that doing so is necessary to protect our rights or the Services.
- DATA SECURITY AND INTERNATIONAL TRANSFER
a. We use robust physical, organizational, technical, and administrative measures to safeguard Personal Data, and we regularly re-assess and revise our policies and practices to improve security. While we go to great lengths to protect your Personal Data, no method of data transmission or storage is totally secure; therefore, we cannot guarantee the security of Personal Data in our control. If you believe your Personal Data may have been compromised by us or the use of the Services, please contact our help center immediately.
b. Your information, including Personal Data that we collect from you, may be transferred to, stored at and processed by us, our Affiliates, and service providers outside your home country, including in the United States, where data protection and privacy regulations may not offer the same protections as in other parts of the world. When we do so, we will take the steps described in this Policy, including Sections 5 and 10, which are designed to ensure that all Personal Data we or our vendors process (regardless of where it originates) is secured as required by the EU. By using the Services, you agree to the transfer, storing, or processing of your data in accordance with this Policy.
- HOW CAN YOU CONTROL YOUR DATA?
a. Changing Your Information and Privacy Settings. You can access and modify Personal Data associated with your Account, and modify your privacy and data preferences, through the “Settings” or equivalent portions of the Apps. Contact our help center if you need assistance with this.
b. Email Communications. With your consent, we will periodically send you emails promoting the use of the Services, including tips on using the Apps. You can opt-out of these emails by following the unsubscribe instructions included in each email, or by changing your privacy and data settings in the Services. You may also request removal through our help center. Note that unsubscribing from marketing communications will not affect operational and transactional communications, including breach notices from within the Apps, renewal emails, etc. Our marketing emails are used only to promote and educate users about the Services. We do not accept advertisements on our Site or market other companies’ products to our users.
c. Applications. You can stop all collection of information by an App by uninstalling that App. You may use the standard uninstall process available as part of your desktop or mobile device or via the mobile application marketplace or network. Uninstalling an App does not delete your account. To do that, see the instructions here.
8.YOUR RIGHTS REGARDING PERSONAL DATA (EU AND CALIFORNIA USERS ONLY)
a. You have the following rights with respect to your Personal Data that we process. Except where indicated, these rights apply equally to EU and California users:
i. Withdraw Consent: You may withdraw your consent to our processing of your Personal Data, in whole or in part (i.e., for marketing purposes). Certain Services may be ineffective upon opt out.
ii. Access/ Request Information: You may access the Personal Data we hold about you at any time via your Account or by contacting us directly.
iii. Modification: You may modify the Personal Data we hold about you at any time via your Account or by contacting us directly.
iv. Erase and Forget. In certain situations, for example when the Personal Data we hold about you is no longer relevant or accurate, you can request that we erase your Personal Data. If you delete your account, all Personal Data will be erased within one year of the date of deletion.
v. Portability: you may request a copy of your Personal Data and may always move it to other entities as you desire.
vi. No Sale of Personal Data (California Users only): Go to the Do Not Sell My Personal Information page to stop all “sale” of your Personal Data. See Section 2(b) above for more information about how this works.
b. If you wish to exercise any of these rights, please contact us at firstname.lastname@example.org. If you need assistance, contact the help center, email email@example.com, or write us at the address below. In your request, please make clear:
i. What Personal Data is concerned; and
ii. which of the above rights you would like to enforce. For your protection, we may only fulfill requests with respect to the Personal Data associated with the email address you send your request from, and we will need to verify your identity before doing so (which is typically done by having you make the request from within the Services). We will comply with your request promptly, but in any event within thirty (30) days of your request (forty-five (45) days for requests under the CCPA). We may need to retain certain information for record keeping purposes or to complete transactions that you began prior to requesting such change or deletion.
- CONTACT INFORMATION; COMPLAINTS
If you have questions, concerns, or complaints about this Policy or our data collection or processing practices, or if you want to report any security violations, please contact our help center, email firstname.lastname@example.org, We hope to promptly resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you may always contact your local data protection supervisory authority.
a. UTD Scuba Diving complies with the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks established by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EU and the United Kingdom and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles (as defined by the Department of Commerce). If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles will take precedence. To learn more about the Privacy Shield program, the Privacy Shield Principles and to view our certification, please visit www.privacyshield.gov.
b. Our certification of compliance with the Privacy Shield Principles applies to both the Personal Data of our users and the Personal Data of our past and present employees collected in connection with their employment (“HR Data”). UTD Scuba Diving commits to cooperate with the panel established by the EU data protection authorities (“DPAs”) and comply with the advice given by the panel regarding HR Data transferred from the EU in the context of the employment relationship. A list of DPA contacts is available here.
c. As described in the Privacy Shield Principles, UTD Scuba Diving is responsible for Personal Data that it receives and subsequently transfers to third parties. If third parties that process Personal Data for us do so in a manner that does not comply with the Privacy Shield Principles, we are responsible for such failure, unless we prove that we are not responsible for the event giving rise to the damage.
d. In compliance with the Privacy Shield Principles, UTD Scuba Diving commits to resolve complaints about our collection or use of your Personal Data. EU or Swiss individuals with inquiries or complaints regarding this Policy should first contact our help center.
e. UTD Scuba Diving has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. JAMS’ services are provided at no cost to you.
f. As further explained in the Privacy Shield Principles, binding arbitration before a Privacy Shield Panel will also be made available to you in order to address residual complaints not resolved by any other means. UTD Scuba Diving is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.