Cursosdebuceo.com – Privacy Policy and General Terms and Conditions Privacy Policy (Data Protection) Cursosdebuceo.com is committed to protecting users' privacy and to processing personal data in accordance with applicable law, in particular Regulation EU 2016/679 General Data Protection Regulation and the Spanish Organic Law 3 2018 on Personal Data Protection and Digital Rights. This Privacy Policy explains who the data controller is, what data we collect, for what purposes and on which legal bases we process it, to whom it is disclosed, whether international transfers take place, how long data is retained, what rights users have, and how we protect the information. Identity of the Controller: The controller of personal data collected through Cursosdebuceo.com is Yuliia Kliusa, NIF 24558827W, with address at Calle Matilde Diez 10, 08006 Barcelona, España. For any data protection matter, please use our contact form at https://cursosdebuceo.com/home/contacto. These details are provided in compliance with Spanish Law 34 2002 on Information Society Services and Electronic Commerce. Personal data collected: The personal data we may collect and process through Cursosdebuceo.com includes among others Registration data: information provided when creating an account or making a booking, such as first name and last name, email address, contact phone number and password the password is stored in encrypted form. If the user represents a partner dive centre we collect contact details of the centre representative name surname entity tax id CIF or NIF centre address email and phone. Booking and transaction data: information required to manage course contracting such as the selected course, activity date and time, number of participants, any preference or requirement the user shares, and data necessary to process the payment for example payment method used and transaction details. We do not store full financial information like a complete credit card number. Booking QR code: after completing a booking we generate a unique QR code linked to it which is delivered to the user as proof. We keep the identifier of that QR code associated with the booking data so it can be validated and redeemed at the dive centre. Communication records: logs of communications exchanged with the user for example confirmation emails, notices of changes or cancellations, responses to support inquiries and newsletter subscriptions when the user has provided consent. Browsing data and cookies: information derived from website use such as IP address, browser type, language, geographic areas from which access occurs, access times and pages visited. We use cookies and similar technologies to facilitate navigation and obtain usage statistics. Some cookies belong to third parties for example analytics or social media cookies. See our Cookie Policy on the website for details. In general, we request and process only the personal data that is adequate relevant and limited to what is necessary in relation to the purposes for which it is collected principle of data minimisation. The user guarantees that the data provided is truthful accurate and up to date and undertakes to inform us of any change. Purposes of processing and legal bases: We process users' personal data for the following legitimate purposes Service provision and booking management: We use users' data consumers to manage account registration, enable navigation through the platform, facilitate the search and comparison of diving courses and primarily to process B2C course contracting offered via Cursosdebuceo.com. This includes processing the booking, managing online payment, issuing the booking confirmation and the corresponding QR, and sharing that information with the selected dive centre so it can deliver the reserved service. The legal basis is the performance of a contract or the application of pre contractual measures requested by the data subject article 6 1 b GDPR. Customer service and communications: We use contact data to communicate with the user regarding the booking or to respond to information and support requests. For example we send confirmation emails, activity reminders and change notices and we answer questions about a course. The legal basis is the performance of the contract concerning the service information and our legitimate interest in responding to user enquiries article 6 1 f GDPR given the reasonable expectation of a reply. Commercial communications marketing: If the user has expressly authorised it we may use contact data such as email to send commercial communications newsletters promotions or offers related to diving courses, diving destinations, equipment or services in the diving sector that may be of interest. This processing is based on the user's explicit consent article 6 1 a GDPR. The user can opt out or withdraw consent at any time. Every promotional email provides a simple unsubscribe mechanism. Management of partner dive centres: For users who are representatives of partner dive centres we process their personal data to manage the commercial relationship, allow them to publish their courses on the platform, administer their received bookings and send operational communications for example notifications of new bookings incidents or platform updates. The legal basis is the performance of the contract with the centre or pre contractual steps and in some aspects our legitimate interest in maintaining necessary communications for the intermediation service. Technical operation of the site and service improvement: We process browsing and usage data for example via anonymous cookies and analytics tools to ensure the correct operation and security of our online services and to perform aggregate statistical analysis that helps improve user experience platform functions and the course offering. These processing activities rely on our legitimate interest in keeping services secure and improving them considering that no sensitive data is involved and the impact on privacy is limited by using aggregated or pseudonymised data. For non essential cookies such as analytics or personalisation we obtain prior consent via the cookie banner in line with ePrivacy rules. When the legal basis is consent the user may withdraw it at any time without retroactive effect through the mechanisms indicated in each case for example via the unsubscribe link in commercial emails or by configuring cookie preferences. Withdrawal does not affect the lawfulness of processing before withdrawal. When the legal basis is contract performance the requested data is necessary and without it we cannot properly manage the contractual relationship or provide the requested service for example we cannot book a course without the participant's name or process the payment without required details. Data recipients and processors: Personal data collected is used exclusively for the stated purposes and generally will not be disclosed to third parties unrelated to Cursosdebuceo.com. However certain service providers may access personal data solely to fulfil the purposes described acting as processors or in limited cases as joint controllers or independent controllers depending on the service. In particular data may be disclosed to the following third party recipients Selected dive centre: When the user books a course necessary data for example name contact details and booking details will be shared with the dive centre that will deliver the course solely to identify the participant and render the contracted service. The dive centre acts as controller for the direct delivery of the course and is subject to its own legal obligations. Cursosdebuceo.com requires partner centres by contract to use the data only for the booking purpose and to comply with data protection law. Payment gateway Stripe: Card payments are processed through Stripe's secure platform a third party electronic payment provider. When making a payment some data needed to process the operation such as cardholder name purchase amount and other financial data is collected directly in Stripe forms. Cursosdebuceo.com does not store nor access full credit or debit card details. Stripe Payments Europe Ltd based in Dublin acts as our processor for payment processing. Some data may be transferred to Stripe Inc in the United States for fraud detection or operational purposes see International Transfers below. Web hosting services Azure: Cursosdebuceo.com is hosted on Microsoft Azure cloud infrastructure. This means the data provided to us for example upon registration or booking is stored and processed on servers supplied by Microsoft preferably located within the European Economic Area whenever possible. Microsoft acts as a processor providing secure technology infrastructure. We have entered into appropriate contractual terms to ensure GDPR compliant processing. See Azure privacy information on Microsoft's official website. Content translation services Google Translate: To offer the platform and courses in several languages Cursosdebuceo.com may use the Google Cloud Translation API to automatically translate course descriptions reviews or other site content. In this process snippets of text that might include minimal personal data for example the name of a dive centre or a location within a public description are sent to Google servers for translation. Google LLC acts as a processor for this limited purpose. We configure the service so that free text fields with users' sensitive personal information are not translated. Processing may take place on Google's global infrastructure which could involve a transfer outside the EEA see below. Google states it keeps the confidentiality of data processed by its translation APIs and does not use that content for its own purposes according to its service terms. Other providers: We may rely on additional third party providers for ancillary functions always under appropriate data protection safeguards. Examples include providers of transactional email, web analytics or cloud storage. Where used these parties act as processors follow our instructions and access only the minimum data necessary for the contracted service for example the email address to send a message. An updated list of our data processing providers is available upon request. All external processors have signed a data processing agreement including confidentiality and compliance obligations ensuring they process information only for the specified purposes and following our instructions. We will not share your personal data with third parties for purposes other than those described such as third party marketing without your consent. We will only disclose personal data to additional recipients where there is a valid legal basis for example a legal obligation valid requests from public authorities tax law fraud prevention or accounting duties or where you have provided specific consent. International transfers: Whenever possible we seek to store and process users' personal data within the European Economic Area. However some of our service providers mentioned above may be located or process data outside the EEA which means data could be transferred to third countries for the purposes described above. In particular the use of Stripe and Google services may involve international transfers Stripe: Although Stripe Payments Europe Ireland primarily performs the processing for European users Stripe may store or access data from the United States Stripe Inc or other countries. Google: Google LLC operates global infrastructure. Any data sent to Google Translation or other Google services may be processed on servers outside the EEA for example in the United States. Microsoft: Microsoft is a multinational company based in the United States. For Azure we have selected EU data centres. Microsoft could transfer data outside the EU for support or continuity of service but in such cases ensures adequate protection. For all such transfers we apply appropriate safeguards under GDPR articles 44 and following. In the absence of an adequacy decision by the European Commission for the destination country we rely on Standard Contractual Clauses approved by the Commission, Binding Corporate Rules where applicable or other valid legal mechanisms. This ensures an essentially equivalent level of protection for your personal data even when transferred internationally. Copies of these contractual safeguards are available upon request. When applicable providers also adhere to recognised privacy frameworks for example the EU US Data Privacy Framework if certified. Data retention periods: We retain personal data only for as long as necessary to fulfil the purposes for which it was collected subject to statutory retention periods. In general User account data is kept while the account remains active. If a user requests account deletion we will delete or anonymise data within a reasonable time unless we must keep it blocked for additional periods required by law for example pending legal responsibilities. Booking and transaction data is retained as long as needed to manage the booking and for the period during which legal liabilities or claims relating to the service may arise. This typically requires retention of certain contractual and financial records after course completion to comply with tax accounting and warranty requirements. For example commercial and tax law obliges us to keep invoicing and accounting records for certain years according to applicable Spanish law. Data used for commercial communications newsletter is kept until the user withdraws consent or unsubscribes or we cease sending such communications. Browsing data for example server logs is kept for short periods for security and operations usually a few months. Cookies have their own expiration periods see the Cookie Policy. In any case we will securely delete or anonymise personal data when it is no longer necessary. If we cannot immediately remove some data from backups we will place it out of use blocked until complete deletion. User rights: At any time users may exercise the rights granted by data protection law GDPR and LOPDGDD. In particular Right of access: to obtain confirmation of whether we process their personal data and where applicable access that data and information about purposes categories recipients retention periods data source if not provided directly and the existence of automated decisions. Right to rectification: to request correction or update of inaccurate or incomplete personal data. Right to erasure: to request deletion of personal data right to be forgotten when among other reasons it is no longer necessary for the purposes collected consent is withdrawn in consent based processing or the data has been processed unlawfully. Right to restriction: to obtain restriction blocking of processing in certain circumstances for example while accuracy is verified or when processing is unlawful and the user prefers restriction to deletion. Right to object: to object at any time on grounds relating to their particular situation to processing based on public interest or our legitimate interest. We will stop processing unless we demonstrate compelling legitimate grounds or for the establishment exercise or defence of legal claims. Users can also object at any time to processing for direct marketing in which case we will stop such communications. Right to data portability: when processing is based on consent or a contract and carried out by automated means to receive personal data in a structured commonly used machine readable format and transmit it to another controller when technically feasible. Users also have the right not to be subject to decisions based solely on automated processing including profiling that produce legal effects or similarly significantly affect them. Cursosdebuceo.com does not normally carry out such processing without human involvement. If in the future we implement any automated decision system we will provide prior information under article 22 GDPR and the user will have the right to obtain human intervention express their point of view and contest the decision. To exercise any of these rights users may send a specific request indicating which rights they wish to exercise via our contact form at https://cursosdebuceo.com/home/contacto or by postal mail to the Controller's address. We may need additional information or a copy of an official ID to verify identity especially where there is doubt. Exercising rights is free of charge except for manifestly unfounded or excessive requests for example repetitive in which case we may charge a reasonable fee based on administrative costs or refuse to act. We will respond as soon as possible and in any case within one month of receipt extendable by two additional months for complex cases or a high volume of requests in which case we will inform you of the extension within the first month. If you believe your rights have not been properly addressed or that processing does not comply with the law you have the right to lodge a complaint with the competent supervisory authority. In Spain this is the Spanish Data Protection Agency AEPD at www.aepd.es. We encourage you to contact us first so we can try to resolve the matter amicably. Data security: We take information security very seriously. We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk and to protect personal data against unauthorised access alteration loss destruction or disclosure. Measures include among others encrypted transmission of sensitive data our website uses SSL TLS, storage on secure servers with firewalls and strict access controls, password hashing and encryption in our databases, regular backups, procedures to manage and notify personal data breaches and limiting access to personal data only to employees contractors and agents who need it for the purposes described subject to confidentiality obligations. We also require our providers to implement comparable safeguards. While no system is completely invulnerable if a personal data breach occurs that is likely to result in a high risk to your rights we will notify you in accordance with GDPR article 34 and inform the AEPD under article 33 as applicable. Processors and confidentiality: As noted above some third parties process personal data on behalf of Cursosdebuceo.com. All are contractually subject to confidentiality and security obligations. Our staff and direct collaborators who have access to personal data are informed and trained on their responsibilities and commit to confidentiality. Data accuracy and user responsibility: Users guarantee that personal data provided to Cursosdebuceo.com whether directly through forms or via communications is true correct and relevant for the required purpose and that they will notify any modification or update so we can keep information current. Cursosdebuceo.com will not be responsible for damage resulting from lack of truthfulness or failure to update user provided information. Minors: The services of Cursosdebuceo.com are not intended for persons under 18 years of age. We do not knowingly collect personal data from minors without parental or guardian consent. Only adults with full legal capacity may register and make bookings on our platform. Where for certain courses a parent or legal guardian registers a minor as participant they must provide the minor's data under their responsibility ensuring they are authorised to do so. If we learn that we received data from a child under 14 without verifiable parental consent we will delete it. Policy updates: We may update this Privacy Policy periodically to reflect changes in our data processing or legal requirements. We will publish changes in this same section of the website indicating the date of last update. If changes are significant we may notify registered users by email. We recommend reviewing the policy from time to time. Use of Cursosdebuceo.com after changes take effect implies acceptance of the updated policy. If you have any question about this Privacy Policy or about processing of your data please contact us using the website contact form at https://cursosdebuceo.com/home/contacto. Last update 14 November 2025
Configuración de Cookies
Utilizamos cookies propias y de terceros para mejorar nuestros servicios, elaborar información estadística y mostrarle publicidad personalizada a través del análisis de su navegación.
Puede aceptar todas las cookies, rechazarlas o configurar su uso. Para más información, consulte nuestra
Política de Cookies.
Panel de Configuración de Cookies
Aquí puede configurar qué cookies permite que utilicemos.
Son aquellas que permiten al usuario la navegación a través de la página web y la utilización de las diferentes opciones o servicios que en ella existan.
Son aquellas que permiten el seguimiento y análisis del comportamiento de los usuarios de los sitios web a los que están vinculadas.
Son aquellas que permiten la gestión, de la forma más eficaz posible, de los espacios publicitarios.