Data Protection Policy

Our Commitment to Data Protection

Dive Admin, developed by AWcode Co Ltd, is committed to protecting personal data and ensuring compliance with international data protection regulations including GDPR and PDPA.

Data Controller Information

AWcode Co Ltd

Address: 244/127-128 Moo 6, Soi Phon prapha nimit 16, Phon prapha nimit road Nongprue, Banglamung, Chonburi 20150, Thailand

Phone: +66 33 003 036

Email: [email protected]

Data Protection Officer

For data protection inquiries, please contact our Data Protection Officer at:

Email: [email protected]

Response Time: Within 7 days

Part 1: Our Data Protection Policies

Types of Data We Process

Personal Data
  • Names and contact information
  • Email addresses and phone numbers
  • Diving certification details
  • Medical information (with consent)
  • Payment and billing information
Business Data
  • Dive center operational data
  • Customer booking information
  • Financial transaction records
  • Equipment and inventory data
  • Staff and instructor records

Legal Basis for Processing

  • Contract Performance: Processing necessary to provide our software services
  • Consent: Explicit consent for marketing communications and optional data processing
  • Legitimate Interest: Improving our services and ensuring system security
  • Legal Obligation: Compliance with applicable laws and regulations

Data Security Measures

Technical Safeguards
  • End-to-end encryption for data transmission
  • Secure data storage with encryption at rest
  • Regular security updates and patches
  • Multi-factor authentication for access
  • Regular security audits and assessments
Organizational Measures
  • Staff training on data protection
  • Access controls and role-based permissions
  • Regular backup and recovery procedures
  • Incident response and breach notification
  • Vendor security assessments

Data Retention

  • Customer Data: Duration of service + 7 years
  • Financial Records: 7 years for tax compliance
  • Marketing Data: Until consent withdrawal
  • System Logs: 2 years maximum

Your Data Protection Rights

Right to Access

Request copies of your personal data and information about how we process it.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data under certain circumstances.

Right to Restrict Processing

Request limitation of processing in specific situations.

Right to Data Portability

Request transfer of your data to another service provider.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Part 2: How We Support Your GDPR Compliance

Our Role as a Data Processor

When you use Dive Admin to manage your dive center, we act as a data processor for your customer data. This means:

  • We process personal data on your behalf and under your instructions
  • You remain the data controller for your customers' personal information
  • We have a Data Processing Agreement (DPA) that outlines our responsibilities
  • We implement appropriate technical and organizational measures to protect data

GDPR Compliance Features We Provide

Data Subject Rights Management
  • Customer data export functionality
  • Data deletion capabilities
  • Data rectification tools
  • Consent management system
Privacy Controls
  • Granular access permissions
  • Data retention settings
  • Audit trail logging
  • Secure data transmission

Data Processing Agreement (DPA)

We provide a comprehensive DPA that includes:

  • Clear definition of processing activities
  • Security measures and safeguards
  • Data breach notification procedures
  • Sub-processor management
  • Data transfer safeguards
  • Audit and compliance requirements

International Data Transfers

We ensure adequate protection for international data transfers through:

  • Standard Contractual Clauses (SCCs): EU-approved contractual safeguards
  • Adequacy Decisions: Transfers to countries with adequate data protection
  • Binding Corporate Rules: Internal data protection policies
  • Certification Schemes: Third-party data protection certifications

Breach Notification Support

In the event of a data breach, we will:

  • Notify you within 24 hours of becoming aware of a breach
  • Provide detailed information about the breach
  • Assist with your notification obligations to supervisory authorities
  • Support your communication with affected data subjects

Third-Party Data Sharing

We may share data with trusted third parties only when necessary:

  • Service Providers: Hosting, payment processing, email services (with data protection agreements)
  • Legal Requirements: When required by law, court order, or regulatory authority
  • Business Transfers: In case of merger, acquisition, or asset sale (with user notification)
  • Consent: When you explicitly consent to specific data sharing

Contact Us

For any data protection inquiries, requests, or concerns:

General Inquiries

Email: [email protected]

Phone: +66 33 003 036

Data Protection Officer

Email: [email protected]

Response Time: Within 7 days

Policy Updates

This Data Protection Policy may be updated periodically to reflect changes in our practices or legal requirements.

Last Updated: October 14th 2025 | Version: 1.1

We will notify users of significant changes via email or through our platform.