Legal · MyDivePod
How MyDivePod collects, uses, discloses, protects, and retains your personal data when you use our Platform.
MyDivePod (Ithela FZ LLC) is the data controller responsible for the personal data we collect and process. This Privacy Policy applies to personal data collected when you create an account, complete a booking, use the Platform's features and services, communicate with us or other users, or provide feedback, reviews, or complaints.
We collect: (a) Data you provide — identity (name, age, date of birth, nationality), contact information (email, phone, address), payment details processed via Stripe, diving qualifications and certifications, medical history relevant to diving (voluntary), profile photo, and emergency contact details. (b) Data collected automatically — pages visited, features used, session duration, general location via IP address, and cookies. (c) Data from third parties — transaction details from payment processors, information shared by Pod Organisers, and publicly available sources for verification.
We use your data to: create and maintain your account; process bookings and manage payments; communicate about bookings, Pods, and account activity; provide customer support; verify identity and age; assess health information relevant to diving; prevent fraud and unauthorized access; comply with applicable laws and regulations; send marketing communications (with your prior consent); and analyze user behavior to improve the Platform.
We process your personal data on the basis of: (a) Consent — for marketing communications and collection of health data. (b) Contractual necessity — to create an account and process a booking. (c) Legal obligation — KYC/AML checks and regulatory requirements. (d) Legitimate interests — fraud prevention, Platform security, and analytics. (e) Vital interests — in medical emergencies.
We share your data with: Pod Organisers (name, age, contact, diving qualifications, health information, and emergency contacts necessary to fulfil your booking); PCI DSS-compliant payment processors for payment handling; service providers bound by confidentiality obligations (cloud storage, analytics, IT security); affiliates for account management and support; and legal or regulatory authorities when required by law, court order, or to protect rights and safety.
We retain your personal data as follows: account data — for the duration of your account plus 12 months post-closure; payment and booking data — 7 years in accordance with financial record-keeping requirements; health and medical data — 12 months post-account closure; communications and feedback — 3 years; marketing data — until you opt out; usage and analytics data — up to 3 years in aggregated and anonymized form. After applicable periods, data is securely deleted or anonymized.
Depending on your jurisdiction you have the right to: access the personal data we hold about you; request correction of inaccurate or incomplete data; request erasure ("right to be forgotten") where data is no longer necessary or consent is withdrawn; restrict processing in certain circumstances; object to processing based on legitimate interests; request data portability in a structured, machine-readable format; and lodge a complaint with the relevant data protection authority. Contact us at legal@mydivepod.com to exercise any of these rights — we will respond within 30 days.
We implement industry-standard measures including TLS/SSL encryption for data in transit, access controls restricted to authorised personnel, secure multi-factor authentication, regular security audits and vulnerability assessments, staff training on data protection, and incident response procedures. No method of internet transmission is completely secure — you acknowledge and accept this risk when using the Platform.
We use essential cookies (required for authentication and session management), performance cookies (to understand Platform usage), functional cookies (to remember preferences), and marketing cookies (to track activity for advertising). You can manage cookie preferences through your browser settings, though disabling cookies may affect Platform functionality. Our Platform currently does not respond to Do Not Track signals.
The Platform is not intended for use by children under 18. We do not knowingly collect personal data from minors. If a child has created an account, contact us immediately at legal@mydivepod.com. Your personal data may be transferred to and processed in countries other than your country of residence. When transferring internationally, we implement appropriate safeguards including standard contractual clauses or adequacy decisions.
We may update this Privacy Policy at any time. Material changes will be posted on the Platform with an updated Effective Date. Continued use of the Platform constitutes acceptance of changes. For questions, concerns, or requests regarding your personal data, contact us at legal@mydivepod.com — Twin Towers, Fujairah Creative City (FCC), UAE. Licence No. 20483/2026.
Privacy questions or requests
Twin Towers, Fujairah Creative City (FCC), UAE · We'll respond within 30 days.
