InspirationTours & ExperiencesCourses
HelpCart

Your all-in-one blue planet adventures booking platform.

ThreadsInstagramFacebook

Destinations

TaiwanJapanPhilippinesMalaysiaThailandSingapore

Tours & Experiences

Scuba DivingFreedivingSnorkellingSUPKayakingSurfing

Professional Courses

PADISSINAUISDICMASBSAC
TDIAIDAPFIERDI

Support

Help CentreTerms & ConditionsPrivacy PolicyCookie PolicyBecome a SupplierMerchant Login
Privacy Policy

Privacy Policy

Terms and ConditionsPrivacy PolicyCookie Policy

Effective Date: Dec 19, 2026

Introduction

DiverGO ("we," "our," "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, process, use, and protect your personal information when you use our online platform (the "Platform"). The Platform serves as an intermediary connecting customers with merchants offering water-related services, including diving, snorkelling, freediving, stand-up paddleboarding, related courses, and equipment rentals. We do not provide these services directly and are not responsible for the services or the privacy practices of the merchants. This Privacy Policy is governed primarily by the Personal Data (Privacy) Ordinance Cap. 486 of Hong Kong (PDPO). Where you reside in another market we serve, applicable local laws also apply (see Section 12).

Please note that:

  • When you provide us with information of any third party (e.g., a traveler or contact person), you represent and warrant that the third party has authorized you to provide their personal information to us and has acknowledged and agreed to the terms of this Policy.
  • If you are not an adult under the laws of your country, please ensure that your guardians have read this Policy and that you register as a DiverGO member or submit personal information with their consent.

For questions, comments, or to exercise your rights under this Policy, please contact us at info@diver-go.com

1. Scope of this Policy

1.1 This Policy applies to all personal information collected from DiverGO members, potential customers (e.g., those requesting information or participating in marketing activities), or partners (e.g., affiliates, content creators) through the DiverGO website (diver-go.com) and mobile application (personal information refers to data related to any identified or identifiable natural person).

1.2 If you link to third-party domains or apps not part of the DiverGO website or app, we cannot guarantee the security of your personal information. Please review the privacy policies of those domains or apps before proceeding.

1.3 When you book services listed by merchants on the DiverGO Platform, or provide personal information directly to merchants, their privacy policies govern the collection, processing, and use of your order-related information. We recommend reviewing their policies before booking.

2. How We Collect Personal Information

2.1 Personal Information Provided by You

We collect personal information you provide through the DiverGO website, app, telephone, email, or other communication methods, including:

2.1.1 Membership

Identification data (e.g., name, email address, phone number) and account details (e.g., account number, password). You may choose to update your membership data. If not updated, we cannot auto-fill order details, but we recommend regular password updates for account security.

2.1.2 Order

  • Customer/ Traveller/ Contact Data: Depending on the service (e.g., diving courses, equipment rentals), you may need to provide identification data (e.g., name, passport details for international activities) or contact details. Sensitive information (e.g., health data for diving suitability) may be required for specific bookings, processed in accordance with this Policy.
  • Payment Data: Credit card details (card number, expiry date, security code) or other payment method information.
  • Refund Proof Data: For cancellations or refunds, supporting documents (e.g., medical certificates) may be required.

2.1.3 Business Partners

For affiliates or content creators, we collect identification, contact details, qualification proof, and financial account data for payments.

2.1.4 Customer Service

When you contact us with inquiries or complaints, we collect identification and contact data. Phone conversations may be recorded.

2.1.5 Reviews

If you submit reviews for services booked via DiverGO, we may collect information included in your review (e.g., name, photos).

2.2 Obtained from Third-Party Service Providers

When you register via third-party providers (e.g., Google, Facebook, Apple), we collect data (e.g., name, email, photo) based on your settings with those providers. We may also collect data about your interactions with DiverGO on third-party platforms (e.g., likes, comments).

2.3 Automatic Collection via Online Behaviors

We use cookies or similar technologies to collect:

  • IP address, device type, unique device identifiers, and other technical data.
  • Browsing behaviour, traffic data, and location data are inferred from your IP address or selected country.

See our Cookie Policy for details.

2.4 Provided by Business Partners

For joint marketing activities, we may obtain personal information (e.g., prize winner data) from business partners as necessary.

3. Why We Collect and Use Personal Information

3.1 Membership Management

We create and manage membership profiles to process your account data, as we need to fulfil our contract with you (e.g., Terms and Conditions). You can update your data or password in "Account Settings."

3.2 Order Management

3.2.1 To process and fulfil bookings (e.g., reserving activities, processing payments, sending confirmations), we collect customer/ traveller data.

3.2.2 For cancellations or refunds, we may require additional data (e.g., medical certificates) shared with merchants as needed.

Legal Basis: Contract performance, your request before a contract, our legitimate interest to operate services, or your consent.

3.3 Business Partner Management

We collect partner data to review qualifications, make payments, and recommend products, based on contract performance or our legitimate interest in market services.

3.4 Customer Service

We use your contact data to address inquiries or complaints, sharing data with merchants or service providers as needed. Communication records may be used as evidence in disputes.

Legal Basis: Contract performance, legitimate interest to improve services, or to protect our rights.

3.5 Marketing

With your consent, we use your contact information to send newsletters, discounts, or targeted ads on third-party platforms.

Legal Basis: Consent or legitimate interest to market services.

3.6 Surveys and Analytics

We analyse browsing behaviour and activity participation to optimise services and recommend products, based on legitimate interest or consent.

3.7 Legal Obligations

We may use or share personal information to resolve disputes, comply with legal requests, or fulfil statutory obligations, based on legitimate interest, public interest, or legal requirements.

4. Who Obtains Personal Information

We may share personal information with:

  • Cloud Service Providers for storage.
  • Communication Platforms for contacting you.
  • Payment/ Logistics Providers for transaction fulfilment.
  • Merchants for order fulfilment or cancellations (merchants follow their own privacy policies).
  • Affiliates or Business Partners for joint activities or localised services.
  • Analytics/ Advertising Platforms for hashed data to improve ad performance.

5. Personal Information Storage and Cross-Border Transmission

5.1 We use trusted cloud storage providers to store your data. Because DiverGO connects travellers and merchants across multiple Asia-Pacific markets, your data may be transferred between Hong Kong, the merchant's country and our service providers' regions.

5.2 For cross-border transfers, we implement appropriate safeguards consistent with HK PDPO requirements. For transfers involving the European Economic Area or the United Kingdom, we additionally rely on Standard Contractual Clauses (SCCs) where required by the GDPR / UK GDPR.

5.3 Data protection laws in recipient jurisdictions may differ, but we take reasonable measures to secure your data.

6. Retention Period

We retain your personal information only as long as necessary for the purposes outlined in this Policy or as required by applicable law. If you delete your account: (a) profile data, saved travellers, payment methods, wishlist, Dive Coins balance and reviews are permanently and irreversibly deleted; (b) platform activity / audit logs are anonymised (your user identifier, IP address, device information and request metadata are removed); (c) booking and payment records are anonymised (your name, contact details and identifiers removed) and retained for up to seven (7) years to satisfy Hong Kong tax record-keeping rules (Inland Revenue Ordinance Cap. 112) and equivalent rules in the markets we serve.

7. How We Protect Personal Information

  • We use administrative and technical measures (e.g., encryption, secure servers) to protect your data.
  • We work with merchants and partners to ensure data security, but we cannot guarantee absolute security over the internet.
  • Third-party websites linked from our Platform have their own privacy policies, which you should review.

8. Your Rights

Subject to applicable law in your jurisdiction, you may:

  • Access your personal information or request a copy.
  • Rectify inaccurate data.
  • Object to or Restrict processing, or request Erasure.
  • Withdraw Consent (without affecting prior processing).
  • Data Portability: Receive your data in a machine-readable format or transfer it to another party.
  • Avoid Automated Decision-Making with significant effects.

To exercise these rights, contact us at info@diver-go.com. You may also lodge a complaint with the data-protection authority in your jurisdiction β€” see Section 12 for the relevant authority in each market we serve.

9. Personal Information of Minors

We do not directly provide services to minors. If you submit a minor's data, you warrant that their guardian consents. Minors must have guardian approval to register or submit data.

10. Changes to This Policy

We may update this Policy. Significant changes will be notified via the Platform or email. If you disagree with updates, contact us at info@diver-go.com

11. Account Deletion and Anonymisation

When you delete your DiverGO account, we follow a strict anonymise-don't-keep approach for personal data and a retain-for-tax approach for transaction records.

  • Personal data β€” profile, saved travellers, wishlist, Dive Coins balance, reviews, payment methods β€” is permanently and irreversibly deleted.
  • Audit logs (records of platform activity for security purposes) are anonymised: your user identifier, IP address, device information and request metadata are removed. Only aggregate, non-identifying activity counters are retained.
  • Booking and payment records are anonymised in the same way (customer identifier, name and contact details removed) and retained for up to seven (7) years to comply with Hong Kong tax record-keeping requirements (Inland Revenue Ordinance Cap. 112). After seven years they are permanently deleted.

Account deletion is irreversible. Once initiated, your access cannot be restored, and the personal data described above cannot be recovered.

12. Jurisdiction-specific Rights and Authorities

The data-protection regime that applies to you depends on where you reside. The list below identifies the law and the relevant authority in each market we serve:

  • Hong Kong: Personal Data (Privacy) Ordinance Cap. 486 (PDPO). Authority: Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD).
  • Taiwan: Personal Data Protection Act (PDPA, 2010). Authority: Ministry of Digital Affairs / Personal Data Protection Authority.
  • Singapore: Personal Data Protection Act 2012 (PDPA). Authority: Personal Data Protection Commission (PDPC).
  • Japan: Act on the Protection of Personal Information (APPI). Authority: Personal Information Protection Commission (PPC).
  • South Korea: Personal Information Protection Act (PIPA). Authority: Personal Information Protection Commission (PIPC).
  • Philippines: Data Privacy Act of 2012. Authority: National Privacy Commission (NPC).
  • Malaysia: Personal Data Protection Act 2010. Authority: Department of Personal Data Protection (JPDP).
  • Thailand: Personal Data Protection Act 2019. Authority: Personal Data Protection Committee Thailand.
  • European Economic Area / United Kingdom visitors: EU GDPR / UK GDPR and applicable member-state law. Authority: your local supervisory authority.

Last Updated: May 11, 2026