Privacy Policy
Effective Date: March 23, 2026
1. Introduction and Organizational Commitment
At DIVESCOM SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIA (“we”, “us”, “our”, or the “Company”), we are deeply committed to protecting the privacy, confidentiality, and integrity of all personal data entrusted to us. We view personal information as a valuable asset and believe that responsible, transparent handling of such data is fundamental to building and maintaining long-term trust with our users, clients, business partners, and other stakeholders.
This Privacy Policy explains in clear and straightforward terms how we collect, use, store, share, protect, and otherwise process personal data obtained through our website (the “Site”) and related online interactions. Our practices comply with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) (EU) 2016/679, and we strive to meet or exceed widely accepted industry standards.
Our primary objectives when processing personal data are:
- Providing prompt and effective responses to inquiries, consultation requests, and support needs
- Continuously improving the usability, accessibility, functionality, and overall performance of our website
- Gaining insights into user behavior and preferences to refine and enhance our services and content
- Maintaining the security, integrity, availability, and proper functioning of our IT systems and infrastructure
- Supporting essential internal business operations, including analytics, auditing, and legal compliance
We process personal data lawfully, fairly, and in a transparent manner. We apply appropriate technical and organizational measures — proportionate to the risks involved — to protect personal data from unauthorized or unlawful access, accidental loss, destruction, damage, alteration, or disclosure.
If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your personal data, please contact our team at: sales@divescom.com. We aim to respond to all inquiries within one month.
2. Scope and Application
This Privacy Policy applies to all individuals (“you” or “your”) who visit, browse, or interact with our website, including those who submit information via contact forms, consultation requests, or other online features we may offer.
By accessing or using the Site, you confirm that you have read, understood, and agree to the terms of this Privacy Policy and to the processing of your personal data as described herein.
This policy covers only personal data collected directly through our website and associated online services. It does not apply to data collected through third-party websites, applications, or services (even if linked from our Site), nor does it cover offline interactions or data processed under separate agreements with clients or partners.
3. Who We Are (Data Controller)
DIVESCOM SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIA acts as the data controller for the personal data processed under this Privacy Policy.
Our registered/business address and primary point of contact for privacy matters is available upon request via sales@divescom.com.
We have not appointed a formal Data Protection Officer (DPO) as we do not engage in large-scale processing of special categories of data or systematic monitoring on a large scale; however, privacy inquiries are handled directly by our management team.
4. Categories of Personal Data Collected
We collect only the personal data that is necessary for the purposes described in this policy.
Voluntarily provided data: When you submit a contact form, request a consultation, or communicate with us, we may collect:
- Full name
- Email address
- Phone number (optional)
- Company name or organization (optional)
- Message content, inquiry details, or any other information you choose to provide
Automatically collected data: As you browse our Site, we and our service providers may automatically collect technical and usage information, including:
- IP address (often anonymized or pseudonymized)
- Browser type and version
- Device type, model, and operating system
- Referring and exit URLs / pages
- Pages visited, time and duration of visits, scroll depth, and click/stream behavior
- Date and time of access
- Approximate geographic location (derived from IP address at country/region level)
- Cookies, device identifiers, and similar tracking technologies (see Section 9)
We do not intentionally collect or process special categories of personal data (sensitive data such as racial/ethnic origin, political opinions, religious beliefs, health data, biometric data, etc.) unless you voluntarily include such information in a message or form — in which case we process it only to respond to your specific inquiry and delete it promptly thereafter unless retention is legally required.
5. Purposes of Data Processing
We process personal data strictly for legitimate business purposes, including but not limited to:
- Responding to your inquiries, providing consultations, quotes, or information you requested
- Communicating with you about our services, updates, or follow-up matters
- Improving website performance, content relevance, navigation, and user experience
- Analyzing aggregate usage trends and patterns (never at an identifiable individual level unless necessary)
- Detecting, preventing, and investigating security incidents, fraud, abuse, or unauthorized access
- Complying with legal obligations, responding to lawful requests from authorities, defending legal claims, or enforcing our rights
- Conducting internal audits, quality assurance, and business planning
We limit processing to what is adequate, relevant, and strictly necessary for each stated purpose (data minimization principle).
6. Legal Basis for Processing
We rely on one or more of the following lawful bases under Article 6 GDPR (and equivalent provisions in other laws):
- Consent: For non-essential cookies, analytics tracking, and certain marketing communications (you can withdraw consent at any time without affecting prior processing)
- Legitimate interests: For responding to inquiries, improving our Site and services, ensuring security and fraud prevention, and basic analytics — after balancing our interests against your rights and freedoms
- Legal obligation: When processing is required to comply with laws, court orders, or regulatory requirements
- Contract: In limited cases where processing is necessary to take steps at your request prior to entering a contract (e.g., consultation requests that lead to service agreements)
When we rely on legitimate interests, we conduct a balancing test to ensure our interests do not override your fundamental rights and freedoms. You may contact us for more information about any such assessment.
7. Data Storage, Security, and Protection
We store personal data on secure servers managed by reputable, GDPR-compliant hosting and cloud providers located within secure data centers. Access is strictly limited to authorized personnel under confidentiality obligations and need-to-know principles.
We apply industry-standard security measures, including (but not limited to):
- Encryption of data in transit (TLS/HTTPS) and, where appropriate, at rest
- Firewalls, intrusion detection/prevention systems, and regular vulnerability scanning
- Access controls, multi-factor authentication, and role-based permissions
- Regular security updates, patching, and monitoring
- Incident response procedures and regular employee training on data protection
While we take these reasonable steps, please be aware that no internet-based transmission or electronic storage method is 100% secure. We cannot guarantee absolute security, but we commit to notifying you and relevant authorities of any personal data breach in accordance with legal requirements (e.g., within 72 hours under GDPR where required).
8. Third-Party Services and Data Sharing
We engage carefully selected third-party processors to support website functionality, analytics, security, and operations. These providers act only on our documented instructions and are bound by strict data processing agreements (including EU Standard Contractual Clauses where relevant).
We do not sell your personal data to third parties for their independent marketing purposes.
Third-Party Services Overview
| Service | Purpose | Data Processed | Legal Basis (GDPR) | Data Retention | Privacy Policy |
|---|---|---|---|---|---|
| Google Analytics 4 | Website analytics, performance measurement, user behavior insights (anonymized/aggregated) | IP address (anonymized), device info, usage data, cookies | Consent | Up to 14 months (configurable) | Link |
| Google reCAPTCHA | Protection against spam, bots, and abusive form submissions | IP address, user behavior/interaction data, device information | Legitimate Interest | As determined by Google | Link |
We may also disclose personal data if required by law, in response to valid legal requests, to protect our rights, safety, or property, or in connection with a merger, acquisition, or sale of assets (with appropriate protections).
9. Cookies and Tracking Technologies
Our website uses cookies and similar technologies (e.g., pixels, local storage) to enable core functionality, remember preferences, analyze usage, and enhance your experience.
Types of cookies/technologies we use:
- Essential / Strictly Necessary: Required for basic site operation (e.g., session management, security). These do not require consent.
- Analytics / Performance: Help us understand how visitors use the site (e.g., Google Analytics). These require consent.
- Functional: Remember choices (e.g., language) to improve usability. Consent usually required.
- Marketing / Advertising: Not currently used, but if added in future, would require explicit consent.
You can manage or withdraw consent for non-essential cookies via our cookie banner/preference center or browser settings. Note that disabling cookies may limit site functionality. For more details, see our separate Cookie Policy [link if separate] or the third-party links above.
10. International Data Transfers
Some of our service providers (e.g., Google) are based in countries outside the European Economic Area (EEA), primarily the United States, which may not offer an adequacy decision under GDPR.
Where personal data is transferred to such countries, we ensure appropriate safeguards are in place, including:
- EU-approved Standard Contractual Clauses (SCCs) with the recipient
- Supplementary measures (e.g., encryption, pseudonymization) where needed
- Reliance on any applicable derogations or adequacy mechanisms
You may request a copy of the relevant safeguards by contacting us at sales@divescom.com.
11. Data Retention
We keep personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required/permitted by law. Typical retention periods include:
- Contact form inquiries: Up to 12–24 months (or longer if needed for follow-up or legal reasons)
- Analytics data (anonymized): Up to 14 months (Google Analytics default)
- Log/security data: Up to 12 months
After the retention period, data is securely deleted, anonymized, or destroyed unless a longer period is justified (e.g., ongoing legal dispute).
12. Your Rights as a Data Subject
Under GDPR and similar laws, you have the following rights regarding your personal data (subject to verification of identity and applicable exceptions):
- Right to be informed (covered by this policy)
- Right of access — request a copy of your data
- Right to rectification — correct inaccurate/incomplete data
- Right to erasure (“right to be forgotten”) — delete data in certain circumstances
- Right to restrict processing — limit use in specific cases
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent — at any time (where processing is consent-based)
To exercise any of these rights, please email us at sales@divescom.com with sufficient detail for us to verify your identity and process your request. We will respond within one month (extendable by two months for complex cases). There is normally no fee for exercising these rights unless requests are manifestly unfounded or excessive.
13. Children’s Privacy
Our website and services are not directed to children under the age of 16 (or the applicable digital consent age in your jurisdiction). We do not knowingly collect personal data from children.
If we become aware that we have collected personal data from a child without verifiable parental consent, we will promptly delete such data. If you believe we have collected information from a child, please contact us immediately at sales@divescom.com.
14. Automated Decision-Making and Profiling
We do not currently carry out automated decision-making (including profiling) that produces legal effects or similarly significantly affects you. Should we introduce such processing in the future, we will update this policy and provide you with meaningful information about the logic involved, significance, and envisaged consequences.
15. Marketing Communications
We may occasionally send you service-related or informational emails (e.g., responses to inquiries or updates about our offerings) based on legitimate interests or consent. We will not send unsolicited promotional/marketing emails without your prior opt-in consent.
You can opt out of any non-essential communications at any time by following the unsubscribe link in the email or by contacting us. We honor opt-out requests promptly.
16. Complaints and Right to Lodge with a Supervisory Authority
If you are unsatisfied with how we have handled your personal data or responded to your privacy concerns, you have the right to lodge a complaint with a supervisory authority — in particular in the EU Member State of your habitual residence, place of work, or where the alleged infringement occurred.
A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en
We encourage you to contact us first so we can attempt to address your concern directly.
17. Updates to This Policy
We may revise this Privacy Policy from time to time to reflect changes in our practices, technology, services, or legal obligations. The updated version will be posted here with a new effective date at the top. Where changes are material, we may provide additional notice (e.g., via email or a prominent notice on the Site).
We encourage you to review this policy periodically. Continued use of the Site after changes constitutes acceptance of the updated terms.