Company
For Agents
Support
Follow us
Company
For Agents
Support
Language and Currency
EN
© 2016–2026 DivingBuddy. All rights reserved.
DivingBuddy ("we," "us," or "our") operates the DivingBuddy.com platform (the "Platform"), an AI-powered marketplace connecting diving travel agents ("Agents") with divers and underwater enthusiasts ("Divers"). This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our Platform, and your rights regarding that data.
We are committed to protecting your privacy and complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Bulgarian Personal Data Protection Act, and all applicable EU and Bulgarian data protection legislation.
Data Controller: [COMPANY_LEGAL_NAME_PLACEHOLDER]
UIC: [REGISTRATION_NUMBER_PLACEHOLDER]
Registered office: [REGISTERED_ADDRESS_PLACEHOLDER]
Email: [PRIVACY_EMAIL_PLACEHOLDER]
Data Protection Officer (DPO): [DPO_NAME_PLACEHOLDER]
Email: [DPO_EMAIL_PLACEHOLDER]
We collect different categories of data depending on whether you use the Platform as a Diver, an Agent, or a visitor.
Data Collected from All Users:
• Account information — Name, email address, phone number, password (hashed)
• Profile information — Profile photo, bio, diving certifications, preferences
• Technical data — IP address, browser type, device type, operating system, screen resolution
• Usage data — Pages visited, features used, search queries, click patterns, session duration
• Communication data — Messages sent through the Platform, support requests, feedback
• Cookie data — Session identifiers, preferences, analytics identifiers
Additional Data Collected from Divers:
• Booking data — Trip selections, dates, passenger details, special requests
• Payment data — Payment method type, last four digits of card, billing address, transaction history
• Travel preferences — Preferred destinations, diving experience level, equipment needs
Note: Full payment card details are processed directly by our payment processor, Stripe. We never store complete card numbers, CVVs, or full card details on our servers.
Additional Data Collected from Agents:
• Business information — Company name, business registration number, tax ID, business address
• Licensing data — Diving certifications, operating licenses, insurance documentation
• Listing data — Trip descriptions, photos, pricing, availability, vessel information
• Financial data — Bank account details for payouts, commission records, invoices
Data Processed by AI Features:
Our Platform uses artificial intelligence to enhance user experience. AI features may process search queries and preferences, listing content, booking patterns, and user interactions. AI processing is based on legitimate interest (Art. 6(1)(f) GDPR) for platform improvement and consent (Art. 6(1)(a) GDPR) for personalized recommendations. You may opt out of AI-based personalization at any time through your account settings.
Core Platform Services:
• Facilitating bookings between Divers and Agents
• Processing payments and refunds
• Communicating booking confirmations, updates, and reminders
• Providing customer support
• Managing Agent accounts and listing verification
Platform Improvement:
• Analyzing usage patterns to improve Platform functionality
• Training and improving AI features using aggregated, anonymized data
• Conducting A/B testing and feature evaluation
• Debugging and resolving technical issues
Communication:
• Sending service-related notifications (booking confirmations, payment receipts, policy updates)
• Sending marketing communications (only with your explicit consent)
• Responding to inquiries and support requests
Safety and Compliance:
• Detecting and preventing fraud
• Verifying Agent credentials and licensing
• Complying with legal obligations (tax reporting, anti-money laundering)
• Enforcing our Terms and Conditions
We share your personal data only when necessary and as described below:
• Agents (when you book) — Name, email, phone, booking details, special requests — for fulfilling the booked trip
• Divers (booking details shared with Agent) — Booking confirmation, payment status — for trip coordination
• Stripe (payment processor) — Payment information as required — for payment processing
• OpenObserve — Anonymized usage data, error logs — for platform monitoring and performance
• Google Analytics / GTM — Anonymized usage data — for analytics and marketing attribution
• Legal authorities — As required by law — for legal compliance
• Professional advisors — As necessary — for legal, accounting, and audit services
We do not sell your personal data to third parties. We do not share your data with third parties for their own marketing purposes.
When your data is transferred outside the European Economic Area (EEA), we ensure adequate protection through EU Standard Contractual Clauses (SCCs), adequacy decisions, and additional technical and organizational measures.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
• Account data — Duration of account + 3 years (contract and legal obligations)
• Booking records — 7 years from booking date (tax and accounting obligations under Bulgarian law)
• Payment records — 7 years from transaction date (tax and accounting obligations)
• Marketing consent records — Duration of consent + 2 years (proof of consent)
• Support communications — 3 years from resolution (quality and dispute resolution)
• Technical logs — 12 months (security and debugging)
• AI training data — Anonymized and retained indefinitely (platform improvement, no personal data)
When data is no longer needed, it is securely deleted or anonymized so that it can no longer be associated with you.
As a data subject, you have the following rights:
Right of Access (Art. 15): You may request a copy of all personal data we hold about you. We will respond within 30 days.
Right to Rectification (Art. 16): You may request correction of inaccurate or incomplete personal data. You can also update most information directly through your account settings.
Right to Erasure (Art. 17): You may request deletion of your personal data ("right to be forgotten"). Note that we may retain certain data where we have a legal obligation to do so (e.g., tax records for 7 years).
Right to Restriction (Art. 18): You may request that we restrict processing of your data while we verify its accuracy or assess a legitimate interest claim.
Right to Data Portability (Art. 20): You may request your data in a structured, commonly used, machine-readable format (JSON or CSV) and transmit it to another controller.
Right to Object (Art. 21): You may object to processing based on legitimate interest, including profiling and AI-based recommendations. We will cease processing unless we demonstrate compelling legitimate grounds.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: You have the right to lodge a complaint with the Commission for Personal Data Protection of the Republic of Bulgaria (CPDP), 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria. Website: https://www.cpdp.bg
To exercise any of these rights, contact us at [PRIVACY_EMAIL_PLACEHOLDER] or [DPO_EMAIL_PLACEHOLDER]. We will respond within 30 days.
We implement appropriate technical and organizational measures to protect your personal data, including:
• Encryption in transit (TLS/SSL) and at rest
• Access controls and authentication mechanisms
• Regular security assessments
• Employee training on data protection
• Incident response procedures
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the CPDP within 72 hours and notify affected individuals without undue delay, as required by Articles 33 and 34 of the GDPR.
We use cookies and similar technologies on our Platform. For detailed information, please see our Cookie Policy at /legal/cookies.
For questions about this Privacy Policy or your personal data:
Email: [PRIVACY_EMAIL_PLACEHOLDER]
Data Protection Officer: [DPO_EMAIL_PLACEHOLDER]
Post: [COMPANY_LEGAL_NAME_PLACEHOLDER], [REGISTERED_ADDRESS_PLACEHOLDER]
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a prominent notice on our Platform and sending an email to registered users for significant changes. Continued use of the Platform after changes become effective constitutes acceptance of the revised policy.