Consumer Privacy Policy

Effective 18 September 2023

Introduction

PADI® and its affiliated companies (“the PADI Companies” and “PADI”) are committed to respecting the privacy of customers – including participants of the PADI Companies’ Experience and Training Programs (“Training Programs”), PADI Club™, PADI Travel and PADI Media persons making inquiries, and visitors to the PADI and PADI Media websites padi.com, travel.padi.com and scubaearth.com.

PADI understands that your privacy is important to you, and is committed to respecting and protecting your personal data, which is any information that is capable of identifying you as an individual person. This Privacy Policy covers personal information that may be provided to or obtained by PADI during such interactions and describes how it will handle and protect your personal data in connection with your interactions with PADI, in its capacity as data controller.  Specific to PADI’s personal data privacy policies and security procedures, as noted in various specific portions of this Privacy Policy, PADI is compliant with the privacy requirements and regulations of the EU’s General Data Protection Regulations ("GDPR"); the California Consumer Protection Act of 2018 ("CCPA"); and Canada’s Anti-Spam Law ("CASL"), as affects residents of the respective areas covered by those regulations.

Additionally, in relation to PADI’s role as a data controller, PADI Individual Professional Members and PADI Dive Retail and Resort Members may act as co-data controllers, as well as data processors on behalf of PADI, especially within the PADI Diver training and certification process. PADI itself also serves as a data processor, such as when one of the PADI Companies processes personal information on behalf of another PADI Company.

Please see also the Terms of Service associated with the various PADI sites, apps and programs for more information about PADI’s general terms and policies.

PADI may also automatically collect information about the devices you use to interact with PADI’s websites. The information automatically collected may include IP address, device identifier, web browser and browsing information collected through cookies, web beacons, pixels, clear gifs and other similar technologies (collectively “Cookies and Other Tracking Technologies” and “Cookies”) on PADI’s sites. PADI may also automatically collect information about how you use the sites, such as what you have searched for and viewed. The information automatically collected will be associated with any personal data you have provided.

The statement in this Policy called "California Residents" contains additional disclosures for California residents.  The statement supplements the rest of this Policy, but to the extent it conflicts with other parts of this Policy, the statement governs with respect to California residents. 

Summary Of Collection And Use of Information

The personal data PADI collects is used for PADI's commercial, legal and business purposes.  Depending on applicable law in your area, that use may be limited to what your specific consent allows, or when PADI has a legitimate interest or other legal basis for processing and using such information. In some situations, the collection of personal data may be required for the operation of the sites or to provide certain services or products. PADI uses your personal data to fulfill your requests for information, process your requests to participate in training programs and other activities, evaluate and improve PADI’s services, distribute safety alerts, newsletters, and diver training-related correspondence and materials to you, analyze the sites’ performance and functionality, prevent fraud, enforce PADI’s various terms of service, comply with all applicable laws and corporate reporting obligations, enforce PADI’s agreements and accomplish other purposes you may initiate or request. PADI may keep any of your personal data on file and use it to contact you.

PADI may use first and third-party Cookies and Other Tracking Technologies to manage its sites and its services, and to collect analytics about how you use them. The information provided throughout this Privacy Policy about Cookies also applies to these other tracking technologies. Please refer to the Cookie information herein for more details regarding PADI’s use of Cookies.

As is explained following, the information obtained by PADI during various types of interactions may be treated differently. PADI blocks access to account creation and purchases in Russia and Belarus and does not collect or process Personally Identifiable Information data on padi.com or PADI Apps.

对于中国居民

请点击以下链接获取适用于中国居民的 PADI 隐私协议和数据跨境传输协议.

中国居民隐私协议
中国居民数据跨境传输协议

California Residents

This statement makes additional disclosures to California residents (i.e., “consumers”), and describes rights they may have, under the California Consumer Privacy Act of 2018, as amended, effective January 1, 2020 (the “CCPA”). 
California’s Attorney General has published proposed implementing regulations for the CCPA, but the regulations have not yet taken effect and remain subject to change.  The final regulations may alter how businesses have to comply with the CCPA, and PADI may update this Policy when the regulations take effect.

You can learn more about the CCPA here: https://oag.ca.gov/privacy/ccpa

Collection Of Personal Information

The following table describes which categories of personal information PADI collected about consumers within the past 12 months.  For each category, PADI  collected one or more of the examples listed.

Category Examples
Identifiers Real name, signature, address, telephone number, email address, Internet Protocol address, device identifier, browser cookies, web beacon, pixel tag, mobile ad identifier, other unique personal identifier, online identifier, account name.
Financial Information Credit card number, debit card number or other similar financial information
Protected Classification Information Age (including ages 40 years and older, and for minors, with parental/guardian consent); national origin (under certain legally-required circumstances); dive-related medical history (including pregnancy) and , gender.
Commercial Information Records of products or services purchased, obtained, or considered.
Internet Activity Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
Geolocation Data Physical location or movements

Sale Or Disclosure Of Personal Information

PADI does not sell consumers’ personal information. 

PADI discloses personal information to some of its vendors for business purposes.  Where necessary and appropriate, PADI takes steps to ensure that its agreements with those vendors prohibit them from selling that personal information and from retaining, using or disclosing it for any purpose other than the purposes for which PADI engages them. PADI may otherwise disclose personal information at the consumer’s direction or as might be required by legal due-process.

Within the past 12 months, PADI disclosed for a business purpose the following categories of personal information:

  • Identifiers (customer number held in a cookie, Internet Protocol (IP) address, unique device identifier, browser cookies, web beacon, pixel tag) 
  • Internet activity (User agent, referrer)

Your Rights

Consumers have the right to make the following requests to covered businesses.  The requests may be made by a consumer, by a consumer on behalf of the consumer’s minor child, or by a person authorized by the consumer to act on the consumer’s behalf:

Right To Know About Collection, Disclosure or Sale of Personal Information        

You have the right to request that a business disclose to you: (i) the categories and specific pieces of personal information the business has collected about you within the past 12 months, (ii) the categories of sources from which the personal information is collected, (iii) the business or commercial purposes for collecting or selling personal information, and (iv) the categories of third parties with whom the business shares personal information.  

If a business sells personal information, or discloses it for a business purpose, you also have the right to request that the business disclose the following with respect to the 12-month period preceding your request: (i) the categories of personal information that the business sold about you and the categories of third parties to whom the personal information was sold, and (ii) the categories of personal information that the business disclosed about you for a business purpose. 
 
This type of request may be referred to as a “Request to Know.”  Before PADI can honor a Request to Know, PADI needs to verify that the person making it is the consumer whose personal information PADI has.  PADI’s method for verifying any particular request weighs information PADI receives as part of the request, the sensitivity of the consumer information at issue, and the risk of harm to the consumer from unauthorized disclosure.  

Right to Request Deletion of Personal Information

You have the right to request that a business delete any personal information that the business has collected from you.  This type of request may be referred to as a “Request to Delete.”  

Before PADI can honor a Request to Delete, PADI needs to verify that the person making the request is the consumer whose personal information PADI has.  PADI’s method for verifying any particular request weighs information PADI receives as part of the request, the sensitivity of the consumer information at issue and the risk of harm to the consumer from unauthorized deletion.

PADI is not required to delete personal information if PADI still needs it in order to complete the transaction for which the information was collected, provide a good or service requested by you (or that PADI reasonably anticipates based on the relationship with you), perform a contract with you, comply with legal obligations, or accomplish any other objective recognized as an exception to the right to deletion under applicable law.

Right to Opt-Out of the Sale of Personal Information

You have the right to direct a business that sells personal information to third parties not to sell your personal information.  This type of request may be referred to as a “Request to Opt-Out.”  

PADI does not sell consumers’ personal information.  So, PADI does not provide a mechanism to opt-out of sales of personal information.

Right to Non-Discrimination

You have the right not to receive discriminatory treatment by a business for the exercise of your privacy rights under the CCPA.

How to Submit a Request To “Delete”

You can submit a Request to Delete by sending an email to PADI at [email protected]. Emailed requests must state “CCPA Request to Delete” in the subject line and include:

  • your first and last name, 
  • the California county in which you reside,
  • a clear statement that you want PADI to delete your personal information 
  • the reason(s) you believe PADI has collected personal information from you, specifically (for example, you participated in a PADI program or received a marketing communication from PADI).

If you are emailing a request on behalf of another consumer as his or her authorized representative, you must include the foregoing information about the consumer, and attach to the email a copy of a power of attorney appointing you as a duly authorized representative under California Probate Code sections 4000 to 4465 or written permission from the consumer to make the request.

If you prefer, you can call this toll-free number to submit your request: 800-729-7234.

After confirming receipt of your request, PADI will contact you if PADI needs more information in order to verify it.  If PADI can’t verify a request, PADI may deny it.

Notice

PADI is currently in the process of reviewing and revising, as may be necessary, its processes and third-party contracts to ensure that there are no data uses outside this Privacy Policy.

Collection And Use Of Personal Information For Specific Purposes (Global)

Participants in Training Programs

What information do the PADI Companies obtain?
For participants in Training Programs, PADI may obtain participant name, mail address, telephone number, email address, gender, birth date, certification/participation date, certification level, associated PADI Member name(s) (individual professional and business members) and member number(s).

How is the information used?
PADI will use participant information in the PADI Quality Management process, in which participants may be sent program evaluation forms and related correspondence. The information will also be used to send participants the appropriate Training Program completion materials, as well as for dive safety-related alerts and for research and statistical purposes.

Additionally, participant information may be used by PADI to promote additional training programs and opportunities. Further, from time to time, participant information may be provided to PADI Members and industry partners for the purpose of promoting diving, training and dive-related products and services that PADI feels may be of interest to participants. PADI will not, however, mail to participants who are not PADI professional members for the purpose of directly selling PADI’s educational products or programs in competition with PADI Member Retailers/Resorts. Further, PADI will not sell, trade or lease student names and addresses to any third party for the purpose of selling or promoting any product in competition with PADI Member Retailers/Resorts, except with prior notice and voluntary participation by the individual PADI Member Retailers/Resorts.

Participant information may also be provided to Project AWARE Foundation, a nonprofit organization, for the purpose of its providing environmental information and opportunities.

PADI eLearning® Programs

PADI, your chosen PADI Dive Center/Resort and/or PADI Instructor, and Digitec Interactive, LLC, Adobe and DPS believe that your privacy is critical, which is why PADI has developed this portion of the privacy policy to explain PADI’s practices regarding the use and disclosure of information PADI may obtain from PADI eLearning users.

Digitec Interactive, LLC is the company with which PADI has partnered to manage the digital processes that support PADI eLearning, including registration, secure access, the completion of knowledge reviews, the necessary emails, etc. This Learning Management System (LMS), developed by Digitec Interactive, LLC, is KnowledgeDirect WEB. Domiknow, Adobe Experience Manager and DPS help support the user experience.

The PADI Dive Center/Resort (hereinafter “Facility”) is the facility, and the PADI Instructor (hereinafter “Instructor”) is the instructor, one of which you will have selected to associate with while completing your PADI eLearning program.

Your personal information is your business, and PADI promises not to knowingly disclose this information to anyone without your consent. PADI pledges to maintain your privacy both during and following your use of PADI eLearning. PADI will treat your personal data with the highest standards of safety, security and confidentiality. By accessing or using PADI eLearning, you agree to the applicable terms of the PADI Privacy Policy. PADI reserves the right to change such privacy policies from time to time at PADI’s sole discretion. Your use of PADI eLearning products will be subject to the most current version of the privacy policies at the time of such use.

What information do the PADI Companies obtain?
When you register with PADI eLearning, your personal information is tracked in a database and is accessible by your chosen Facility and its affiliated PADI Instructor or your chosen Instructor, PADI and Digitec Interactive, LLC. In addition, your scores, completion data and other performance standards are collected. These data are also accessible to these same entities.

The credit card transaction information (mailing address, credit card number, credit card expiration date and phone number) used in for your PADI eLearning is processed on a secured site and is neither accessible nor made available to your facility, instructor, or to Digitec Interactive, LLC. This information is only accessible by PADI.

When you submit personal information via PADI eLearning, you understand and agree that this information may be transferred across national boundaries and may be stored and processed in any of the countries in which the Facility, the Instructor, PADI, Digitec Interactive, LLC, Adobe, DPS and their affiliates and subsidiaries maintain offices, including without limitation, the United States. You also acknowledge that in certain countries or with respect to certain activities, the collection, transferring, storage and processing of your information may be undertaken by trusted third-party vendors.

How is the information used?
Email addresses are collected from those who communicate with PADI through PADI eLearning, the facility and KnowledgeDirectWEB, such as from site registration. Notwithstanding the information provided in other parts of this Privacy Policy, PADI will not share any information with third parties unless they have agreed to maintain the confidentiality, security, and integrity of the personal information they obtain from PADI. PADI may also share aggregate or summary information regarding its users with partners or third parties. These activities will be undertaken in accordance with governing laws and regulations and will not disclose individual information.

In addition, PADI eLearning/KnowledgeDirectWEB allows the facility or instructor to upload content to the site for viewing by PADI eLearning/KnowledgeDirectWEB users. PADI cannot be held accountable for files uploaded by third parties that result in software problems or the transmission of viruses.

By using PADI eLearning, and when required, providing verifiable parental consent, you agree to the collection and use of the information you (and your child, with your permission) provide to PADI, your chosen PADI Dive Center/ Resort, Digitec Interactive LLC and KnowledgeDirectWEB, Dominknow, Adobe and DPS, as described in this Privacy Policy statement. If PADI decides to change its privacy policy, it will post those changes on this page so that you are always aware of what information PADI collects, how it is used and under what circumstances PADI will disclose it. As PADI implements new technology and introduces new services, this Privacy Policy will be updated, so PADI encourages you to review it often.

Special Considerations Regarding Children Younger Than Thirteen Years of Age/Sixteen Years of Age in the EU
PADI collects participant information regarding children younger than 13 years of age/16 years of age in the EU who participate in Training Programs, with such participation requiring parental approval. Except for the purposes of providing program completion materials and administering the PADI Quality Management process, information from such children is kept private, is not used by PADI and is not provided for use by any third party at any time.

While PADI cannot prevent children younger than 13 years of age/16 years of age in the EU from viewing the PADI websites or PADI Club, such children may not use or register for the services offered on the sites, or on PADI Club. PADI strongly encourages parents and guardians to supervise the activity of all children younger than 18 years of age in their use of the internet. PADI is compliant with the Children’s Online Privacy Protection Act of 1998 (COPPA). For more information on COPPA, visit: http://www.coppa.org.

Emergency First Response Corp. (EFR®) Programs
Emergency First Response Corp. (“EFR”), as one of the PADI companies, adheres to the overall PADI Privacy Policy, and uses PADI’s normal materials and processes for the collection, use, retention and elimination of private data collected from students and others interacting with it, as described herein.

Persons Making Inquiries to the PADI Companies

What information do the PADI Companies obtain?
From persons making inquiries to PADI, only the information provided by the inquirer is obtained.

How is the information used?
Information obtained from persons making inquiries is used to respond to such inquiries but is not used in any other manner. Such information is stored according to PADI’s normal document retention guidelines and is not provided to third parties.

Visitors to PADI.com and Users of PADI Apps

What information does PADI obtain?
When someone registers on padi.com or uses PADI Apps, the following information may be obtained: email address, name, mail address, phone number, personal demographic information, etc. In some instances, registrants may decide what information they choose to provide. Sometimes, however, complete information is needed for PADI to respond to requests and/or include registrants in contest eligibility, etc.

What does PADI do with the information?
PADI treats the information from visitors to padi.com or the PADI Apps differently than the information gathered from participants who register for Training Programs (as described above). For site/App visitors, PADI may gather information for the sole purposes of identifying visitors and their interests, aggregating demographic data, providing personalized notices and promotions, and improving the site/Apps. PADI will not provide, market, trade or sell the information it obtains from such site/App visitors to third parties, except in the aggregate as part of statistical reports prepared by PADI for industry analysis; such aggregate information does not include identifying information. An exception to this would involve sign-ups for certain promotions, sweepstakes offers, etc. that may include the sharing of certain data with PADI’s industry partners, for the purpose of providing diving-related information and opportunities (such intended uses would be disclosed within the specific program information provided on padi.com/PADI App).

Opting Out of Ad Networks
How to opt out. If you wish to not have this cross-site information used for the purpose of serving you targeted ads, you may opt-out of many ad networks by visiting the DAA WebChoices Tool (or if located in the European Union, by visit Your Online Choices). You will continue to receive ads on the sites you visit, but the ad networks from which you have opted out will no longer target ads to you based upon your activities on other sites.
Please note, however, that these opt-out mechanisms are cookie based, so if you delete cookies, block cookies or use another device, your opt-out will no longer be effective. For more information about Interest Based Advertising, please visit Your Ad Choices.

Email Addresses
Email addresses may be collected from those who communicate with PADI through padi.com and/or a PADI App. Notwithstanding the information provided in other parts of this Privacy Policy, PADI will not share any information with third parties unless they have agreed to maintain the confidentiality, security and integrity of the personal information they obtain from PADI. PADI may also share aggregate or summary information regarding its users with partners or third parties. These activities will be undertaken in accordance with governing laws and regulations and will not disclose individual information.

What does PADI use to track information from users?
PADI uses various standard web-measuring tools to trace padi.com's visitor movements through the site, such as Salesforce, Silverpop and Google Analytics (a web analytics service provided by Google, Inc.).

Google Analytics uses Cookies to collect and record information about visitor behavior on padi.com/PADI App. Google Analytics stores information about what pages visitors visit, how long they are on the site, how they got here and what they click onto. This data is not tied to personally identifiable information, such as your name or address, so this information can’t be used to identify who you are. PADI has turned on Google Analytics Demographics and Interest Reporting to get an idea of user’s demographics and interests. You can use the Google Analytics Opt-Out Browser Add-on to disable tracking by Google Analytics.

Visitors to Scubaearth.com

What information does PADI obtain?
When someone registers on ScubaEarth, the following information may be obtained: email address, name, mailing address, phone number, personal demographic information, etc. Additionally, in certain portions of the site, such as the Dive Log, Gear Locker and Show My PADI Certifications Online, visitors may voluntarily decide to provide additional information such as dive, dive training and equipment preferences, dive details, etc. or to post questions and make other inquiries, as relevant to each such function or opportunity within the site. Certain portions of the site will allow visitors to upload photographic and video images.

What does PADI do with the information?
ScubaEarth receives data about visitors whenever they interact with the site, such as when they look at the various sections or features of the site; review a dive destination or equipment description.

ScubaEarth receives data from computers, mobile phones or other devices visitors use to access the site. This may include such information as IP address, location, the type of browser used, time of the visit and the pages visited. Some functions, such as Dive Shop Locator, may also obtain GPS location to determine the nearest PADI Dive Center.

When a visitor posts photos or videos on the site, ScubaEarth may receive additional related data (or metadata), such as the time, date, and place the photo or video was taken.

ScubaEarth compiles data and creates collections of aggregate data from the information gathered from and about visitors to assist PADI and ScubaEarth and their advertising and promotional partners in tailoring content and communications to individual interests. For example, compilations of the equipment planning and preferences indicated by postings to the Gear Locker may be provided to manufacturers offering the types of equipment listed in individual Gear Lockers (individual preferences will not be revealed, unless the information has been marked “Everyone” as described below). Similarly, individual interests shown in Dive Destinations’ content can help ScubaEarth provide visitors with opportunities tailored to their personal dive travel preferences.

Email addresses may be collected from those who communicate with PADI through ScubaEarth. Notwithstanding the information provided in other parts of this Privacy Policy, PADI will not share any information with third parties unless they have agreed to maintain the confidentiality, security, and integrity of the personal information they obtain from PADI. PADI may also share aggregate or summary information regarding its users with partners or third parties. These activities will be undertaken in accordance with governing laws and regulations and will not disclose individual information.

Personal Decisions Concerning Privacy
Registered ScubaEarth users will have the ability to designate much of their information as “Everyone,” “Buddies” or “Only Me.” When an individual’s information is designated as “Only Me,” it will be used only within compilations of aggregate information for the purposes of establishing trends, usage patterns and frequency, regional activity, etc. and will not include any individually identifiable data.

Service Providers
ScubaEarth may give visitors’ information to the people and companies that help ScubaEarth provide its services. For example, outside vendors may be used to help host the website, host photos and videos, process payments or provide search results, and, in some cases, ScubaEarth may provide a service jointly with another company. When working with third parties in these ways, ScubaEarth will enter into confidentiality agreements through which the vendors agree to only use visitor information in a manner consistent with ScubaEarth’s Privacy Policy. However, if ScubaEarth were to use a third party not bound by such a confidentiality agreement in the future, the third party will be identified. In such a case, it is the responsibility of the user to read and consider the third party’s Privacy Policy/Terms and Conditions prior to accessing that feature or function.

Advertising
ScubaEarth does not share individual visitor information with advertisers. After an ad runs, ScubaEarth may provide advertisers with reports on how their ads performed; for example, reports telling advertisers how many users saw or clicked on their ads. Some advertisers may place Cookies on a visitor’s computer.

Closing Personal Accounts
Registered users may close their accounts at any time. Once the account is closed, the personal information within it is no longer accessible. However, the data will continue to be included within compilations of anonymous information, in which no individual information is identifiable.

Visitors to Travel.padi.com

What information does PADI Travel obtain?
Notwithstanding other website information provided in this Privacy Policy, when someone registers on travel.padi.com, the following information may be obtained: email address, name, mail address, phone number, personal demographic information, etc.

What does PADI Travel do with the information?
People who register on travel.padi.com to access travel and travel package information may receive various communications about PADI Travel and its travel offerings from time to time, but may choose to “unsubscribe” from receiving any further information at any time.

Does PADI Travel Share the personal information it obtains with third parties?
PADI Travel does not share its registrants’ personal information with third parties, except as necessary when a travel package is purchased. In such cases, the necessary information is provided to the chosen travel package provider(s) for the purpose of providing the services included in the package.  (See also PADI Travel's user Terms of Service at https://travel.padi.com/terms/)

Participants in PADI Club

Along with the general guidelines within PADI’s Privacy Policy, there are several special considerations regarding PADI Club (“Club”) registration and your privacy.

You must be at least 13 years of age/16 years of age in the EU to register on PADI Club. In consideration for your use of Club, you agree to provide true and accurate information in your Club registration form and to update your registration information as necessary to keep it accurate and current. If you provide information that is false, inaccurate, not current or incomplete, or if PADI, in its sole discretion, determines that such information may be false, inaccurate, not current or incomplete, PADI has the right to suspend or terminate your account and refuse your present or future use of Club.

PADI Club Considerations Regarding Children Younger Than Thirteen Years of Age/Sixteen Years of Age in the EU
While PADI Club cannot prevent children younger than 13 years of age/16 years of age in the EU from visiting and viewing the public portions of the Club website, in a commitment to safe-guard their online privacy, clear notice is given that children younger than 13 years of age/16 years of age in the EU are not permitted to register on Club. The required birth date field will not allow the registration to continue when a birth date indicating younger than 13 years of age/16 years of age in the EU is entered. Only registered visitors are allowed entry to the interactive portions of the site, which prevents personal information from being collected on children known to be younger than 13 years/16 years in the EU. Club does not knowingly collect personal information from children younger than 13 years of age/16 years of age in the EU. If Club becomes aware that a child younger than 13 years of age/16 years of age in the EU has provided personal information, reasonable steps will be taken to remove such information and terminate the child's account. PADI Club strongly encourages parents and guardians to supervise the activity of all children younger than 18 years of age in the use of the internet.

PADI Club is compliant with the Children’s Online Privacy Protection Act of 1998 (COPPA). For more information on COPPA, visit: http://www.coppa.org.

Participants With PADI Media
PADI Media includes Sport Diver Magazine, Scuba Diving Magazine (received as a benefit of PADI Club membership) and their respective websites. Along with the general guidelines within PADI's overall Privacy Policy, there are a number of special considerations regarding PADI Media data collection and use, and your privacy. (For further information on PADI Media's General Privacy Policy, click here.)

Other Important Information

Can I Decide What Information to Receive From or Through PADI (ie Opt-Out)?
Yes. Except for the information that is used to send participants of Training Programs the appropriate completion materials, and materials used in the Quality Management process, in which participants may be sent program evaluation forms and related correspondence, anyone can elect not to receive any information, or to receive only certain types of information. To change your preferences, please contact your PADI Regional Headquarters.

Limits on PADI’s Abilities to Protect Personal Information
Your privacy is very important to PADI. However, due to the existing legal and technical environment, PADI cannot ensure that your personally identifiable information will not be disclosed to third parties in ways not described in this Privacy Policy. For example, PADI may be forced to disclose information to the government or third parties under certain circumstances, or third parties may unlawfully intercept or access transmissions or private communications. Additionally, PADI can (and you authorize PADI to) disclose any information about you to private entities, law enforcement or other government officials as PADI, in its sole discretion, believes necessary or appropriate to address or resolve inquiries or problems.

Cookies And Other Tracking Technologies

PADI uses Cookies and similar technologies like pixels and tags to ensure that visitors have the best possible experience on padi.com and other sites. A Cookie is a small amount of data that is transferred to your browser by a web server and can only be read by the server that gave it to you. It functions as your identification card, recording your passwords, purchases and preferences. It can’t be executed as code or deliver viruses.

Most browsers are initially set to accept Cookies. You can set your browser to notify you when you receive a Cookie, giving you the chance to decide whether or not to accept it. (For some web pages that require an authorization, Cookies are not optional. Users choosing not to accept Cookies will probably not be able to access those pages, and may be precluded from ordering or from maintaining an account on the site.) If you use padi.com or other PADI sites without changing your browser settings, PADI will assume that you’re happy to receive all Cookies on the website.

Trusted partners like DoubleClick help PADI serve advertising on and off PADI’s sites. Analytics companies like Google Analytics, Facebook, Salesforce, Adroll and Silverpop may also place Cookies on your machine. Please read their privacy policies to ensure that you’re comfortable with the manner in which they use Cookies.

What types of Cookies does PADI use?
PADI uses two types of Cookies – persistent and session. A persistent Cookie is set once you’ve logged in to your PADI account. The next time you visit a PADI website using the same device, the persistent Cookie recognizes you as an existing user, so you may not need to log in before using the services of your PADI account.

A session Cookie is used to identify a particular visit to the website. Session Cookies expire after a short time, or when you close your web browser.

When does PADI put Cookies on your device?
Cookies may be set by PADI when you visit a PADI website, or they may be set by other websites or services who run content on the page you’re viewing (known as third-party Cookies).

How are Cookies used on PADI websites?
Cookies can be used to do lots of different things, like recognizing you when you navigate, storing your preferences and improving your experience. Cookies also make your interactions with PADI more secure and faster, and help ensure that your experience is personalized to you and in line with your settings. Additionally, Cookies allow PADI to bring you advertising both on and off padi.com and other sites, and bring customized features to you through PADI plugins such as PADI’s share button.

PADI uses Cookies for a number of additional purposes, including:

  • Security – PADI uses Cookies to support or enable security features and to help detect malicious activity and violations of User Agreements.
  • Preferences, Features and Services – PADI uses Cookies to know which language you prefer, what your communications preferences are, and they help you fill out forms on PADI sites. Plus, they provide you with features, insights, and customized content through our plugins.
  • Advertising – PADI may use Cookies to show you relevant advertising both on and off the padi.com and other sites. PADI may also use Cookies to learn whether visitors who saw an ad on a PADI site later visited the advertiser’s site. Similarly, PADI’s partners may use Cookies to determine whether PADI has shown an ad and how it performed, or to provide PADI information about how you interacted with them. PADI may also work with a partner to show you an ad on or off a PADI site, such as after you’ve visited a partner’s site or application. Cookies and ad technology such as web beacons, pixels, and anonymous ad network tags help PADI more effectively serve ads to you, as well as to collect aggregated auditing, research and reporting for advertisers. Note: Because your web browser may request advertisements and web beacons directly from ad network servers, those networks can view, edit or set their own Cookies, just as if you had requested a web page from their site.
  • Performance, Analytics and Research – PADI sites use Cookies to help PADI learn how well its sites and plugins perform across the globe. PADI also uses Cookies to understand, improve, and research products, features, and services, including when you access PADI sites from other websites, applications or devices such as your work computer or your mobile device.

Most browsers allow you to control Cookies through their settings preferences. Limiting the ability of websites to set Cookies, however, may worsen your overall user experience.

Does PADI track IP addresses?
As part of the statistical tracking of PADI sites, information about visitors’ devices and browsers are collected, such as browser version and type, IP address, website referred from and country of visitor.

GPS Data
When the PADI obtains information concerning an individual’s location through GPS data, such as when certain custom PADI Dive Shop Locator functions that show the nearest PADI Dive Center or Resort are accessed, the information specific to the user is utilized by PADI solely for that purpose and is kept by PADI only long enough to provide the specific service used. Aggregate information, which does not include any individually identifiable data, is compiled, however, for the purpose of establishing trends, search frequency, regional activity, etc.

Use of Information Collected Via Mobile Devices
In connection with its mobile applications, PADI may use third-party service providers to analyze non-personally identifiable user activity to fix errors, monitor usage and improve the performance of the mobile applications. For example, PADI receives reports on some of its mobile applications’ aggregate usage and browsing patterns, including information about the type of device used, articles accessed and other events occurring within PADI apps. PADI also receives reports on certain errors occurring within mobile applications. None of these third party service providers gathers information in a manner intended to identify any particular user personally.

Data Recipients and International Data Transfers
Personal data collected on the PADI sites may be transferred from time to time to PADI subsidiaries and affiliates and their personnel across the global organization, as well as to PADI’s third-party service providers located throughout the world, including in countries where the local law may grant you fewer rights than you have in your own country. Additionally, user data may be viewed and hosted by PADI and its third-party service providers anywhere in the world. Where required by law, PADI has put in place legal mechanisms designed to ensure adequate data protection of your personal data that is processed by PADI subsidiaries, affiliates and third- party service providers, including the transfer of your personal data to countries other than the one in which you reside. If you would like more information about these legal mechanisms, which may include the EU’s Standard Contractual Clauses, please contact your regional PADI office at the addresses below. By using any of the PADI programs, services and sites and providing information to any of them, you voluntarily consent to such trans-border transfer and hosting of such information.

PADI will not intentionally disclose or transfer (and will take reasonable steps to prevent the unauthorized or accidental disclosure of) your personal data to third parties without your consent, whether for such third parties’ own marketing purposes or otherwise, except as follows: PADI may provide access to your personal data to third-party service providers engaged by PADI to provide services related to programs, services and sites, provided that such third- party service providers will first agree to maintain the strict confidentiality of such information and provide the same level of data security as provided by PADI.

PADI may also may share your personal data with third-party service providers who perform services and functions on PADI’s behalf to support interactions with you, including, for example, processing Training Program documents, administering surveys and contests or communicating with you. These third-party service providers are not permitted to use or disclose your personal data except as necessary to perform services on PADI’s behalf or to comply with legal requirements.

In addition, PADI may disclose information about you:
If required to do so by law or legal process;

  • To law enforcement authorities or other government officials;
  • When PADI believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
  • If disclosure is necessary to protect the vital interests of a person;
  • To enforce PADI’s various policies and Terms of Use;
  • To protect PADI’s property, services and legal rights;
  • To prevent fraud against the PADI Companies and/or business partners;
  • To support auditing, compliance and corporate governance functions; or
  • To comply with any and all applicable laws.

PADI maintains processes designed to ensure that any processing of personal data by third-party service providers is consistent with this Privacy Policy and protects the confidentiality, availability and integrity of your personal data.

In addition, PADI may disclose or transfer your personal data in the event of a re-organization, merger, sale, joint venture, assignment or other transfer or disposition of all or any portion of PADI’s business.

User Forums
You should be aware that whenever you publicly disclose information online, that information could be collected and used by others. PADI is not responsible for any action or policies of any third parties who collect information that users publicly disclose in any such forums on the Sites.

Links to Third-Party Sites
PADI sites may provide links to third-party websites or information as a service to users. If you use these links, you will leave the PADI sites. Such links do not constitute or imply an endorsement, sponsorship or recommendation by PADI of the third party, the third-party website or the information contained therein, and PADI shall not be responsible or liable for your use thereof. Such use shall be subject to the terms of use and privacy policies applicable to those sites.

Social Networking
The PADI websites and programs such as PADI Club may allow you to sign into and associate your social network accounts including, but not limited to, Twitter, LinkedIn, Facebook, and YouTube, with PADI. The sites and programs also may allow you to log in to a PADI account using certain social network account credentials. By associating your social network account with PADI or logging in to a PADI account using your social network account credentials, you give PADI permission to access information that you have made available in your public profile for that social network account. The information available in your public profile varies based on the social network and your settings, but may include your email address, real name, profile picture, gender and location. If PADI uses such information received from your social network account, any such use will be carried out in accordance with the social networks’ privacy policies and terms of use, which go into effect at the point of such contact; as well as this Privacy Policy. Please refer to the privacy settings in your social network account for information about what data may be shared with PADI and other connected applications, and to manage the data that is shared through your account, including information about your activities using PADI’s websites and programs.

If you would like to disconnect a social media account from PADI, refer to the settings of that social network account and its provider.

Facebook Custom Audience and Google Custom Match
Where legally permissible, PADI may use certain limited personal information about you, such as your email address, to hash it and to share it with social media platforms, such as Facebook Custom Audience and Google Custom Match, to generate leads, drive traffic to PADI’s websites or otherwise promote PADI’s products and services. These processing activities are based on PADI’s legitimate interest in undertaking advertising activities to offer you products or services that may be of your interest.

Your information may be used for these purposes if you have communicated with PADI through PADI websites or apps; have registered on ScubaEarth or joined PADI Club; have completed a PADI Training program and opted-in to receive information about PADI’s programs, products and services and other information from PADI; or have corresponded with PADI requesting such information. Can I decide to opt-out of Facebook Custom Audience and Google Customer Match advertising? You may, at any time, have PADI cease processing your data for these advertising purposes by contacting your local PADI Regional Office.

Security
PADI has implemented generally accepted standards of technology and operational security to protect personal data from loss, misuse, alteration or destruction. Only authorized PADI personnel and third- party service providers are provided access to personal data, and these employees and service providers are required to treat this information as confidential. Despite these precautions however, PADI cannot guarantee that unauthorized persons will not obtain access to your personal data.

When you begin a checkout or redemption process within PADI’s sites, PADI requires that a secure connection between your computer and PADI’s server(s) be established. To do this, PADI’s sites utilize a technology called Secure Socket Layers (SSL). SSL encrypts your personal and credit card information before it travels over the Internet. SSL technology is the industry standard for secure online transactions. Because PADI uses SSL, registering on PADI eLearning/KnowledgeDirectWEB, for example, is just as safe as providing your credit card number over a telephone. SSL is an industry standard with advanced encryption technology that works with current versions of Internet Explorer, Chrome, Firefox, Safari and numerous other web browsers. A secure connection is maintained until the checkout process is either completed or canceled by the user.

Although PADI uses such industry-standard efforts to safeguard the confidentiality of your personally identifiable information, 'perfect security' does not exist on the Internet.

PADI’s Data Retention Policy
PADI retains personal data, as necessary, for the duration of the relevant relationship. PADI may also retain personal data for longer than the duration of the relationship should it be needed to protect PADI against legal claims, for analysis or historical record-keeping or to comply with PADI’s information management policies and schedules. If you request that PADI delete your personal data, PADI will make reasonable attempts to delete all instances of the information in their entirety. For requests for access, corrections or deletion, please refer to the “Your Rights” section of this Privacy Policy.

Your Rights
Where granted by local law, you may have the right to request access to the personal data that PADI has collected about you for the purposes of reviewing, modifying or requesting deletion of the data. You may also have the right to request a copy of the personal data that we have collected about you and to have any inaccuracies in that data corrected. In certain circumstances, you may also request that we cease processing your personal data.

If you would like to make a request to access, review or correct the personal data we have collected about you, or to discuss how we process your personal data, please contact PADI at [email protected]. To help protect your privacy and security, PADI will take reasonable steps to verify your identity, such as requiring a password and user ID, before granting access to your personal data. PADI will make reasonable attempts to promptly investigate, comply with, or otherwise respond to your requests as may be required by applicable law. Different laws may prevent PADI from providing access to your personal data or otherwise fully complying with your request, depending upon the circumstances and the request, such as for example, where producing your information may reveal the identity of someone else. PADI reserves the right to charge an appropriate fee for complying with your request where allowed by applicable law, and/or deny your requests when they may be manifestly unfounded, and/or excessive, or otherwise objectionable or unwarranted under applicable law.

In addition, and where granted by local law, you have the legal right to lodge a complaint with a competent data protection authority.

You may also unsubscribe from mailing lists or any registrations on any of the sites. To do so, please either follow instructions on the page of the site on which you have provided such information, subscribed or registered, or contact PADI at the address provided at the bottom of this Privacy Policy.

Consent – Changes to the Privacy Policy
By using PADI’s programs, services and websites, you consent to the collection, use, and storage of your personal data by PADI in the manner described in this Privacy Policy and as disclosed elsewhere associated with PADI’s individual programs, services and websites. As has been referenced within this document, the information provided during various types of interactions may be treated differently. PADI reserves the right to make changes to this Privacy Policy from time to time and will alert you to any such changes by updating this Privacy Policy. If PADI makes material changes that increase its rights to use personal data that PADI has previously collected about you, PADI will obtain your consent either through an email to your registered email address or by prominently posting information about the changes onto padi.com. Any changes will only apply to information collected after the posted date of any such change. Additionally, information may be provided to governmental bodies and other entities as required by law.

PADI’s International Offices
Besides the office in the United States, PADI has regional offices and distribution centers in Australia, Brazil, Canada, China, Japan, Russia and the United Kingdom, each serving a defined territory, plus PADI Travel offices in Switzerland, the United Kingdom and the United States (collectively “PADI Offices”). The laws and regulations concerning data privacy and related rights and responsibilities differ by country. Each of the PADI Offices has the appropriate policies in place to provide compliance with the laws and regulations of the countries it serves, and each is legally bound to uphold PADI’s global policies and procedures. For more information about any regional office’s specific privacy policies, please contact the office using the contact information provided below.

Who Should Be Contacted Regarding the Privacy Policy or the Information the PADI Companies Retain?
For questions or comments, the contacts are:

Non-Agency Disclosure and Acknowledgment
As a user of PADI’s programs, services and websites, you are informed, understand and agree that PADI Members are licensed to use various PADI Trademarks and to conduct PADI training, but are not agents, employees or franchisees of PADI. You are further informed, understand and agree that the business activities of PADI Members are independent, and are neither owned nor operated by PADI. While PADI establishes the standards for PADI diver training programs, it is not responsible for, nor does it have the right to control, the operation of the PADI Members’ business activities or the day-to-day conduct of PADI Members or the supervision of divers by PADI Members or their associated staff.