1. The information we collect about you
The SMB Diving pages on the St Andrews Lakes website have contact forms where users can provide names and contact details. SMB Diving may also collect names and contact details through telephone, email or postal communication. Your details, including your name, address, email and telephone number form what is known as your Personal Data.
When you visit the SMB Diving web pages, and even if you do not enter your details into a form, we may collect technical information about you such as your IP (Internet Protocol) address, the type of device you use to access the web pages, browser type and version, the country and telephone area code for where your device is located, the pages you visit, response rates for web pages, and your length of visit to certain pages. This information is collected via cookies. A cookie is a small file which is placed on your computer.
Where data is collected by SMB Diving, SMB Diving becomes the Data Controller.
If you have any comments or queries regarding the use of your data, or you wish to express your individual rights as listed in section 4 below, please email us: firstname.lastname@example.org
2. Why we collect your data
We are required by law, known as General Data Protection Regulation, or GDPR, to identify the legal basis for collecting your data. We have identified the legal basis against each of the following points:
- In order to communicate with you in response to a comment, question or enquiry you make to us via our web pages, email, telephone or in person. (GDPR legal basis – legitimate interest)
- Where we use webforms or collect data for marketing purposes, course bookings, etc. we will make the following details clear at the point of data collection:
- Legal Basis – whether by consent or legitimate interest
- Processing purpose
- Data retention – how long we will store the data
- The technical information (via cookies) that is collected when you visit our web pages is used to improve our web performance and effectiveness for you and your device. It helps us analyse web traffic and lets us know when you visit a particular page. This helps us improve our website for our users. The data provided by cookies is used for statistical analysis and then removed from the system. (GDPR legal basis – legitimate interest)
3. Who we share your data with
SMB Diving provides RAID courses, which require all participants to register on diveraid.com. All paper forms collected as part of our courses, including liability release forms, are scanned and uploaded to the RAID website.
We will only exchange your data with another organisation where:
- we have your express permission (consent) to do so;
- or, it is necessary in order to honour a contract between you and SMB Diving;
- or, we have a legal obligation to share the information;
- or, it is necessary to protect the vital interests of you or another person;
- or, it is in the public interest;
- or, it is necessary for the establishment, exercise or defense of legal claims;
We will never sell your personal data to another organisation.
4. Your rights regarding the personal data we hold
You have the following rights as defined by GDPR –
- The right to be informed
This is your right to be informed about the collection and use of your personal data that we hold. This document provides the details of this.
- The right of access
This is your right to see your personal data and supplementary information that we hold.
- The right to rectification
This is your right to have inaccurate personal data we hold corrected, or completed if it is incomplete.
- The right to erasure
This is your right to have your personal data erased, also known as ‘the right to be forgotten’. A request for erasure can be made verbally or in writing, and SMB Diving has one month to respond to any such request. The right is not absolute, and only applies in certain circumstances.
- The right to restrict processing
This is your right to request that SMB Diving restricts the use of your personal data. This is not an absolute right and only applies in certain circumstances. If you exercise your right to restrict processing, SMB Diving is still permitted to store the personal data, but not to use it. You can make a request for restriction verbally or in writing, and SMB Diving has one month to respond.
- The right to data portability
Your right to data portability allows you to obtain and reuse your personal data for your own purposes, across different services.
- The right to object
You have the right to object to:
- processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- direct marketing (including profiling); and
- processing for purposes of scientific/historical research and statistics
- Rights in relation to automated decision-making and profiling
You have the right to remove your consent for any automated decision-making (making a decision solely by automated means without any human involvement).
To exercise any of the above rights, please contact us using the details provided above.
5. Duration for storing personal data
Unless you ask us to do so, we will never keep your data for longer than is necessary for us to complete the activity for which your data was collected. However, sometimes there is a legitimate and/or legal reason for us to need to retain your data for longer.
- Marketing data will be kept for two years beyond the last contact.