Effective 25 May, 2018
PADI® and its affiliated companies (“the PADI Companies” and “PADI”) are committed to respecting the privacy of customers – including participants of the PADI Companies’ Experience and Training Programs (“Training Programs”), My PADI Club™ and PADI Travel, persons making inquiries, and visitors to the PADI websites padi.com, padi.travel.com and scubaearth.com .
PADI may also automatically collect information about the devices you use to interact with PADI’s websites. The information automatically collected may include IP address, device identifier, web browser and browsing information collected through cookies, web beacons, pixels, clear gifs and other similar technologies (collectively “Cookies and Other Tracking Technologies” and “Cookies”) on PADI’s sites. PADI may also automatically collect information about how you use the sites, such as what you have searched for and viewed. The information automatically collected will be associated with any personal data you have provided.
Use of Information
The personal data PADI collects may be used however your specific consent allows, or when PADI has a legitimate interest in or other legal basis for processing and using such information. In some situations, the collection of personal data may be required for the operation of the sites or to provide certain services or products. PADI uses your personal data to fulfill your requests for information, process your requests to participate in training programs and other activities, evaluate and improve PADI’s services, distribute safety alerts, newsletters, and diver training-related correspondence and materials to you, analyze the sites’ performance and functioning, prevent fraud, enforce PADI’s various terms of service, comply with all applicable laws and corporate reporting obligations, enforce PADI’s agreements and accomplish other purposes you may initiate or request. PADI may keep any of your personal data on file and use it to contact you.
As is explained following, the information obtained by PADI during various types of interactions may be treated differently.
Specific Program Use Considerations
Participants in Training Programs
What information do the PADI Companies obtain?
For participants in Training Programs, PADI may obtain participant name, mail address, telephone number, email address, gender, birth date, certification/participation date, certification level, associated PADI Member name(s) (individual professional and business members) and member number(s).
How is the information used?
PADI will use participant information in the PADI Quality Management process, in which participants may be sent program evaluation forms and related correspondence. The information will also be used to send participants the appropriate Training Program completion materials, as well as for dive safety-related alerts and for research and statistical purposes.
Additionally, participant information may be used by PADI to promote additional training programs and opportunities. Further, from time to time, participant information may be provided to PADI Members and industry partners for the purpose of promoting diving, training and dive-related products and services that PADI feels may be of interest to participants. PADI will not, however, mail to participants who are not PADI professional members for the purpose of directly selling PADI’s educational products or programs in competition with PADI Member Retailers/Resorts. Further, PADI will not sell, trade or lease student names and addresses to any third party for the purpose of selling or promoting any product in competition with PADI Member Retailers/Resorts, except with prior notice and voluntary participation by the individual PADI Member Retailers/Resorts.
Participant information may also be provided to Project AWARE Foundation, a nonprofit organization, for the purpose of its providing environmental information and opportunities.
PADI eLearning® and Touch Programs
Digitec Interactive, LLC is the company with which PADI has partnered to manage the digital processes that support PADI eLearning and Touch, including registration, secure access, the completion of knowledge reviews, the necessary emails, etc. This Learning Management System (LMS), developed by Digitec Interactive, LLC, is KnowledgeDirect WEB. Adobe Experience Manager and DPS help support the user experience.
The PADI Dive Center/Resort (hereinafter “Facility”) is the facility, and the PADI Instructor (hereinafter “Instructor”) is the instructor, one of which you will have selected to associate with while completing your PADI eLearning or Touch program.
What information do the PADI Companies obtain?
When you register with PADI eLearning or Touch, your personal information is tracked in a database and is accessible by your chosen Facility and its affiliated PADI Instructor or your chosen Instructor, PADI and Digitec Interactive, LLC. In addition, your scores, completion data and other performance standards are collected. These data are also accessible to these same entities.
The credit card transaction information (mailing address, credit card number, credit card expiration date and phone number) used in for your PADI eLearning and/or Touch programs are processed on a secured site and are neither accessible nor made available to your facility, instructor, or to Digitec Interactive, LLC. This information is only accessible by PADI.
When you submit personal information via PADI eLearning or Touch, you understand and agree that this information may be transferred across national boundaries and may be stored and processed in any of the countries in which the Facility, the Instructor, PADI, Digitec Interactive, LLC, Adobe, DPS and their affiliates and subsidiaries maintain offices, including without limitation, the United States. You also acknowledge that in certain countries or with respect to certain activities, the collection, transferring, storage and processing of your information may be undertaken by trusted third-party vendors.
How is the information used?
In addition, PADI eLearning/KnowledgeDirectWEB allows the facility or instructor to upload content to the site for viewing by PADI eLearning/KnowledgeDirectWEB users. PADI cannot be held accountable for files uploaded by third parties that result in software problems or the transmission of viruses.
Special Considerations Regarding Children Younger Than Thirteen Years of Age/Sixteen Years of Age in the EU
PADI collects participant information regarding children younger than 13 years of age/16 years of age in the EU who participate in Training Programs, with such participation requiring parental approval. Except for the purposes of providing program completion materials and administering the PADI Quality Management process, information from such children is kept private, is not used by PADI and is not provided for use by any third party at any time.
While PADI cannot prevent children younger than 13 years of age/16 years of age in the EU from viewing the PADI websites or My PADI Club, such children may not use or register for the services offered on the sites, or on My PADI Club. PADI strongly encourages parents and guardians to supervise the activity of all children younger than 18 years of age in their use of the internet. PADI is compliant with the Children’s Online Privacy Protection Act of 1998 (COPPA). For more information on COPPA, visit: http://www.coppa.org.
Persons Making Inquiries to the PADI Companies
What information do the PADI Companies obtain?
From persons making inquiries to PADI, only the information provided by the inquirer is obtained.
How is the information used?
Information obtained from persons making inquiries is used to respond to such inquiries but is not used in any other manner. Such information is stored according to PADI’s normal document retention guidelines and is not provided to third parties.
Visitors to PADI.com and Users of PADI Apps
What information does PADI obtain?
When someone registers on padi.com or uses PADI Apps, the following information may be obtained: email address, name, mail address, phone number, personal demographic information, etc. In some instances, registrants may decide what information they choose to provide. Sometimes, however, complete information is needed for PADI to respond to requests and/or include registrants in contest eligibility, etc.
What does PADI do with the information?
PADI treats the information from visitors to padi.com or the PADI Apps differently than the information gathered from participants who register for Training Programs (as described above). For site/App visitors, PADI may gather information for the sole purposes of identifying visitors and their interests, aggregating demographic data, providing personalized notices and promotions, and improving the site/Apps. PADI will not provide, market, trade or sell the information it obtains from such site/App visitors to third parties, except in the aggregate as part of statistical reports prepared by PADI for industry analysis; such aggregate information does not include identifying information. An exception to this would involve sign-ups for certain promotions, sweepstakes offers, etc. that may include the sharing of certain data with PADI’s industry partners, for the purpose of providing diving-related information and opportunities (such intended uses would be disclosed within the specific program information provided on padi.com/PADI App).
What does PADI use to track information from users?
PADI uses various standard web-measuring tools to trace padi.com's visitor movements through the site, such as Silverpop and Google Analytics (a web analytics service provided by Google, Inc.).
Visitors to Scubaearth.Com
What information does PADI obtain?
When someone registers on ScubaEarth, the following information may be obtained: email address, name, mailing address, phone number, personal demographic information, etc. Additionally, in certain portions of the site, such as the Dive Log, Gear Locker and Show My PADI Certifications Online, visitors may voluntarily decide to provide additional information such as dive, dive training and equipment preferences, dive details, etc. or to post questions and make other inquiries, as relevant to each such function or opportunity within the site. Certain portions of the site will allow visitors to upload photographic and video images.
What does PADI do with the information?
ScubaEarth receives data about visitors whenever they interact with the site, such as when they look at the various sections or features of the site; review a dive destination or equipment description.
ScubaEarth receives data from computers, mobile phones or other devices visitors use to access the site. This may include such information as IP address, location, the type of browser used, time of the visit and the pages visited. Some functions, such as Dive Shop Locator, may also obtain GPS location to determine the nearest PADI Dive Center.
When a visitor posts photos or videos on the site, ScubaEarth may receive additional related data (or metadata), such as the time, date, and place the photo or video was taken.
ScubaEarth compiles data and creates collections of aggregate data from the information gathered from and about visitors to assist PADI and ScubaEarth and their advertising and promotional partners in tailoring content and communications to individual interests. For example, compilations of the equipment planning and preferences indicated by postings to the Gear Locker may be provided to manufacturers offering the types of equipment listed in individual Gear Lockers (individual preferences will not be revealed, unless the information has been marked “Everyone” as described below). Similarly, individual interests shown in Dive Destinations’ content can help ScubaEarth provide visitors with opportunities tailored to their personal dive travel preferences.
Personal Decisions Concerning Privacy
Registered ScubaEarth users will have the ability to designate much of their information as “Everyone,” “Buddies” or “Only Me.” When an individual’s information is designated as “Only Me,” it will be used only within compilations of aggregate information for the purposes of establishing trends, usage patterns and frequency, regional activity, etc. and will not include any individually identifiable data.
ScubaEarth does not share individual visitor information with advertisers. After an ad runs, ScubaEarth may provide advertisers with reports on how their ads performed; for example, reports telling advertisers how many users saw or clicked on their ads. Some advertisers may place Cookies on a visitor’s computer.
Closing Personal Accounts
Registered users may close their accounts at any time. Once the account is closed, the personal information within it is no longer accessible. However, the data will continue to be included within compilations of anonymous information, in which no individual information is identifiable.
Visitors to Travel.PADI.com
What information does PADI Travel obtain?
What does PADI Travel do with the information?
People who register on travel.padi.com to access travel and travel package information may receive various communications about PADI Travel and its travel offerings from time to time, but may choose to “unsubscribe” from receiving any further information at any time.
Does PADI Travel Share the personal information it obtains with third parties?
PADI Travel does not share its registrants’ personal information with third parties, except as necessary when a travel package is purchased. In such cases, the necessary information is provided to the chosen travel package provider(s) for the purpose of providing the services included in the package.
Participants in My PADI Club
You must be at least 13 years of age/16 years of age in the EU to register on My PADI Club. In consideration for your use of Club, you agree to provide true and accurate information in your Club registration form and to update your registration information as necessary to keep it accurate and current. If you provide information that is false, inaccurate, not current or incomplete, or if PADI, in its sole discretion, determines that such information may be false, inaccurate, not current or incomplete, PADI has the right to suspend or terminate your account and refuse your present or future use of Club.
Special My Padi Club Considerations Regarding Children Younger Than Thirteen Years of Age/Sixteen Years of Age in the EU
While My PADI Club cannot prevent children younger than 13 years of age/16 years of age in the EU from visiting and viewing the public portions of the Club website, in a commitment to safe-guard their online privacy, clear notice is given that children younger than 13 years of age/16 years of age in the EU are not permitted to register on Club. The required birth date field will not allow the registration to continue when a birth date indicating younger than 13 years of age/16 years of age in the EU is entered. Only registered visitors are allowed entry to the interactive portions of the site, which prevents personal information from being collected on children known to be younger than 13 years/16 years in the EU. Club does not knowingly collect personal information from children younger than 13 years of age. If Club becomes aware that a child younger than 13 years of age/16 years of age in the EU has provided personal information, reasonable steps will be taken to remove such information and terminate the child's account. My PADI Club strongly encourages parents and guardians to supervise the activity of all children younger than 18 years of age in the use of the internet.
My PADI Club is compliant with the Children’s Online Privacy Protection Act of 1998 (COPPA). For more information on COPPA, visit: http://www.coppa.org.
Other Important Information
Can I Decide What Information to Receive From or Through PADI (ie Opt-Out)?
Yes. Except for the information that is used to send participants of Training Programs the appropriate completion materials, and materials used in the Quality Management process, in which participants may be sent program evaluation forms and related correspondence, anyone can elect not to receive any information, or to receive only certain types of information. To change your preferences, please contact your local PADI Office.
Limits on PADI’s Abilities to Protct Personal Information
Most browsers are initially set to accept Cookies. You can set your browser to notify you when you receive a Cookie, giving you the chance to decide whether or not to accept it. (For some web pages that require an authorization, Cookies are not optional. Users choosing not to accept Cookies will probably not be able to access those pages, and may be precluded from ordering or from maintaining an account on the site.) If you use padi.com or other PADI sites without changing your browser settings, PADI will assume that you’re happy to receive all Cookies on the website.
What types of Cookies does PADI use?
PADI uses two types of Cookies – persistent and session. A persistent Cookie is set once you’ve logged in to your PADI account. The next time you visit a PADI website using the same device, the persistent Cookie recognizes you as an existing user, so you may not need to log in before using the services of your PADI account.
A session Cookie is used to identify a particular visit to the website. Session Cookies expire after a short time, or when you close your web browser.
When does PADI put Cookies on your device?
Cookies may be set by PADI when you visit a PADI website, or they may be set by other websites or services who run content on the page you’re viewing (known as third-party Cookies).
How are Cookies used on PADI websites?
Cookies can be used to do lots of different things, like recognizing you when you navigate, storing your preferences and improving your experience. Cookies also make your interactions with PADI more secure and faster, and help ensure that your experience is personalized to you and in line with your settings. Additionally, Cookies allow PADI to bring you advertising both on and off padi.com and other sites, and bring customized features to you through PADI plugins such as PADI’s share button.
Most browsers allow you to control Cookies through their settings preferences. Limiting the ability of websites to set Cookies, however, may worsen your overall user experience.
Does PADI track IP addresses?
As part of the statistical tracking of PADI sites, information about visitors’ devices and browsers are collected, such as browser version and type, IP address, website referred from and country of visitor.
When the PADI obtains information concerning an individual’s location through GPS data, such as when certain custom PADI Dive Shop Locator functions that show the nearest PADI Dive Center or Resort are accessed, the information specific to the user is utilized by PADI solely for that purpose and is kept by PADI only long enough to provide the specific service used. Aggregate information, which does not include any individually identifiable data, is compiled, however, for the purpose of establishing trends, search frequency, regional activity, etc.
Use of Information Collected Via Mobile Devices
In connection with its mobile applications, PADI may use third-party service providers to analyze non-personally identifiable user activity to fix errors, monitor usage and improve the performance of the mobile applications. For example, PADI receives reports on some of its mobile applications’ aggregate usage and browsing patterns, including information about the type of device used, articles accessed and other events occurring within PADI apps. PADI also receives reports on certain errors occurring within mobile applications. None of these third party service providers gathers information in a manner intended to identify any particular user personally.
Data Recipients and International Data Transfers
Personal data collected on the PADI sites may be transferred from time to time to PADI subsidiaries and affiliates and their personnel across the global organization, as well as to PADI’s third-party service providers located throughout the world, including in countries where the local law may grant you fewer rights than you have in your own country. Additionally, user data may be viewed and hosted by PADI and its third-party service providers anywhere in the world. Where required by law, PADI has put in place legal mechanisms designed to ensure adequate data protection of your personal data that is processed by PADI subsidiaries, affiliates and third- party service providers, including the transfer of your personal data to countries other than the one in which you reside. If you would like more information about these legal mechanisms, which may include the EU’s Standard Contractual Clauses, please contact your regional PADI office at the addresses below. By using any of the PADI programs, services and sites and providing information to any of them, you voluntarily consent to such trans-border transfer and hosting of such information.
PADI will not intentionally disclose or transfer (and will take reasonable steps to prevent the unauthorized or accidental disclosure of) your personal data to third parties without your consent, whether for such third parties’ own marketing purposes or otherwise, except as follows: PADI may provide access to your personal data to third-party service providers engaged by PADI to provide services related to programs, services and sites, provided that such third- party service providers will first agree to maintain the strict confidentiality of such information and provide the same level of data security as provided by PADI.
PADI may also may share your personal data with third-party service providers who perform services and functions on PADI’s behalf to support interactions with you, including, for example, processing Training Program documents, administering surveys and contests or communicating with you. These third-party service providers are not permitted to use or disclose your personal data except as necessary to perform services on PADI’s behalf or to comply with legal requirements.
In addition, PADI may disclose information about you:
If required to do so by law or legal process;
- * To law enforcement authorities or other government officials;
- * When PADI believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
- * If disclosure is necessary to protect the vital interests of a person;
- * To protect PADI’s property, services and legal rights;
- * To prevent fraud against the PADI Companies and/or business partners;
- * To support auditing, compliance and corporate governance functions; or
- * To comply with any and all applicable laws.
In addition, PADI may disclose or transfer your personal data in the event of a re-organization, merger, sale, joint venture, assignment or other transfer or disposition of all or any portion of PADI’s business.
You should be aware that whenever you publicly disclose information online, that information could be collected and used by others. PADI is not responsible for any action or policies of any third parties who collect information that users publicly disclose in any such forums on the Sites.
Links to Third-Party Sites
If you would like to disconnect a social media account from PADI, refer to the settings of that social network account and its provider.
PADI has implemented generally accepted standards of technology and operational security to protect personal data from loss, misuse, alteration or destruction. Only authorized PADI personnel and third- party service providers are provided access to personal data, and these employees and service providers are required to treat this information as confidential. Despite these precautions however, PADI cannot guarantee that unauthorized persons will not obtain access to your personal data.
When you begin a checkout or redemption process within PADI’s sites, PADI requires that a secure connection between your computer and PADI’s server(s) be established. To do this, PADI’s sites utilize a technology called Secure Socket Layers (SSL). SSL encrypts your personal and credit card information before it travels over the Internet. SSL technology is the industry standard for secure online transactions. Because PADI uses SSL, registering on PADI eLearning/KnowledgeDirectWEB, for example, is just as safe as providing your credit card number over a telephone. SSL is an industry standard with advanced encryption technology that works with current versions of Internet Explorer, Chrome, Firefox, Safari and numerous other web browsers. A secure connection is maintained until the checkout process is either completed or canceled by the user.
Although PADI uses such industry-standard efforts to safeguard the confidentiality of your personally identifiable information, 'perfect security' does not exist on the Internet.
PADI’s Data Retention Policy
Where granted by local law, you may have the right to request access to the personal data that PADI has collected about you for the purposes of reviewing, modifying or requesting deletion of the data. You may also have the right to request a copy of the personal data that we have collected about you and to have any inaccuracies in that data corrected. In certain circumstances, you may also request that we cease processing your personal data.
If you would like to make a request to access, review or correct the personal data we have collected about you, or to discuss how we process your personal data, please contact PADI at email@example.com . To help protect your privacy and security, PADI will take reasonable steps to verify your identity, such as requiring a password and user ID, before granting access to your personal data. PADI will make reasonable attempts to promptly investigate, comply with, or otherwise respond to your requests as may be required by applicable law. Different laws may prevent PADI from providing access to your personal data or otherwise fully complying with your request, depending upon the circumstances and the request, such as for example, where producing your information may reveal the identity of someone else. PADI reserves the right to charge an appropriate fee for complying with your request where allowed by applicable law, and/or deny your requests when they may be manifestly unfounded, and/or excessive, or otherwise objectionable or unwarranted under applicable law.
In addition, and where granted by local law, you have the legal right to lodge a complaint with a competent data protection authority.
PADI’s International Offices
Besides the office in the United States, PADI has regional offices and distribution centers in Australia, Brazil, Canada, China, Japan, Russia and the United Kingdom, each serving a defined territory, plus PADI Travel offices in Australia, Switzerland, the United Kingdom and the United States (collectively “PADI Offices”). The laws and regulations concerning data privacy and related rights and responsibilities differ by country. Each of the PADI Offices has the appropriate policies in place to provide compliance with the laws and regulations of the countries it serves, and each is legally bound to uphold PADI’s global policies and procedures. For more information about any regional office’s specific privacy policies, please contact the office using the contact information provided below.
For questions or comments, the contacts are:
- PADI Americas, Canada and Latin America: firstname.lastname@example.org
- PADI Asia Pacific: email@example.com
- Japan Office: firstname.lastname@example.org
- PADI Europe, Middle East and Africa: email@example.com
- ScubaEarth: firstname.lastname@example.org
- My PADI Club: email@example.com
Emergency First Response Corp
Non-Agency Disclosure and Acknowledgment
As a user of PADI’s programs, services and websites, you are informed, understand and agree that PADI Members are licensed to use various PADI Trademarks and to conduct PADI training, but are not agents, employees or franchisees of PADI. You are further informed, understand and agree that the business activities of PADI Members are independent, and are neither owned nor operated by PADI. While PADI establishes the standards for PADI diver training programs, it is not responsible for, nor does it have the right to control, the operation of the PADI Members’ business activities or the day-to-day conduct of PADI Members or the supervision of divers by PADI Members or their associated staff.