Effective date: [1st July 2024]
Last reviewed: [18th Feb 2026]

This Privacy Policy explains how we collect, use, disclose and protect personal data when you visit or interact with our website (www.freedivinglondon.co.uk), purchase or book our services, communicate with us, or otherwise provide personal information to us. It applies to our activities as a UK private limited company and is written to meet the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are (Data controller)
For the purposes of data protection law, the data controller is the company that operates www.freedivinglondon.co.uk (“we”, “us”, “the Company”).

Company details:
• Registered name: Freediving London ltd
• Trading as / website: Freediving London — www.freedivinglondon.co.uk
• Registered office: 70 The Avenue, Gosport, Hampshire, PO122JU
• Company registration number: 15773714
• Contact email for data/privacy queries: hello@freedivinglondon.co.uk

2. The personal data we collect
We may collect and process the following categories of personal data about you:
-Identity & contact details: name, title, postal address, email address, telephone number.
-Transactional data: booking details, payment information (note: full card details are not retained by us if a third-party payment processor is used), invoices, receipts.
-Technical data: IP address, browser type and version, device identifiers, pages visited on our site,
referral URLs, cookies and analytics data.
-Communications data: records of your communications with us (email, phone calls, messages).
-Special categories (only where strictly necessary): health or medical information needed to assess fitness to participate in freediving activities (e.g., disclosed medical conditions). We will only collect such data where you provide it voluntarily and where we have an appropriate lawful basis and additional safeguards in place.

3. How we collect personal data
We collect personal data when you:
• make a booking or purchase on our website or by phone/email;
• register for newsletters, offers or accounts;
• complete online forms, contact forms, or request information;
• communicate with us by phone, email or social media;
• when you visit our website (through cookies and analytics);
• provide medical or emergency information as required to participate in our activities.

We may also receive personal data from third parties (e.g., payment processors, booking platforms, partnered travel agents) or public sources where permitted.

4. Purposes of processing and lawful bases
We process personal data for the following purposes and on the lawful bases indicated:
• To deliver bookings and services (including safety/medical checks): necessary for the performance of a contract with you.
• To process payments and prevent fraud: necessary for performance of contract and our legitimate interests in preventing unlawful activity.
• To send booking confirmations, updates and service-related communications: necessary for performance of contract.
• To send marketing communications (newsletters, offers) only where you have consented: consent. You may withdraw consent at any time.
• To manage our website, security and analytics (including cookies): our legitimate interests in improving our services and protecting our systems and where required by law (cookies subject to PECR rules — see section on cookies).
• To comply with legal and regulatory obligations (e.g., HMRC, safety reporting): legal obligation.
• To process special category personal data (e.g., health information) where required to assess fitness and safety: explicit consent or another specific condition under UK GDPR and the Data Protection Act 2018.
You can find ICO guidance on lawful bases and how to choose them here.

5. Disclosure of personal data (recipients)
We may share personal data with the following categories of third parties where necessary for the purposes above:
• Service providers and processors (payment processors, booking platforms, CRM and email providers, web host and analytics providers).
• Professional advisers (legal, accounting, insurance) where required.
• Emergency services or medical professionals in case of an incident or where required for safety.
• Regulators, law enforcement or other public authorities when required by law.
• Third-party partners (e.g., travel agents or retreat partners) where you have booked a combined service we will make you aware when this is the case. Other third-party processors we use include; Stripe, Global Payments, Woo Commerce & Google Analytics.

We require all processors to process data only on our instructions and to implement appropriate
technical and organisational safeguards.

6. International transfers
Where we transfer personal data outside the UK or EEA we will ensure appropriate safeguards are in place (for example, adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms). If you require details of the specific safeguards in place, contact us at the address above.

7. Retention periods
We retain personal data only for as long as necessary for the purposes set out above, including to: perform our contract with you; comply with legal obligations (for example tax and accounting rules may require records to be retained for 6–7 years); and to defend or bring legal claims.

8. Your rights
Under the UK GDPR you have the following rights in relation to your personal data (subject to any legal exemptions):
• the right to be informed about how your data is used (this notice).
• the right of access (subject access request) — to obtain a copy of personal data we hold about you. In most cases we must respond within one month.
• the right to rectification of inaccurate or incomplete data.
• the right to erasure (the “right to be forgotten”) in certain circumstances.
• the right to restriction of processing in certain circumstances.
• the right to data portability in certain cases where processing is carried out by automated means and on the basis of consent or contract.
• the right to object to processing based on our legitimate interests or for direct marketing.
• the right to withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at hello@freedivinglondon.co.uk If you are unhappy with our response, you also have the right to lodge a complaint with the supervisory authority, the Information Commissioner’s Office (ICO). You can find ICO contact details and further guidance on privacy notices and individual rights on the ICO website.

9. Cookies, tracking and electronic marketing
We use cookies and similar technologies for essential site functionality, analytics and (with your consent where required) marketing. The Privacy and Electronic Communications Regulations (PECR)set rules for cookies and electronic marketing; where consent is required, we will obtain it and provide clear information on how to manage cookie settings. For more information on cookies and related guidance see the ICO.

10. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. Measures include access controls, encryption where appropriate, secure servers, restricted access on a need-to-know basis, and staff training. No method of transmission or storage is completely secure; if you suspect a breach involving your data please contact us immediately so we can investigate and, if required, notify the ICO and affected individuals in accordance with legal requirements.

11. Special category / health data
Because some of our activities are physical in nature, we may ask for medical or health information to assess your fitness to participate in freediving activities. We will only collect this where it is necessary for the purpose of providing our services and with your explicit consent (or other applicable lawful condition). Such data will be handled with heightened safeguards and retained only for as long as necessary.

12. Children
Our services are primarily intended for adults. If you are under 18 you must obtain consent from a parent or guardian before booking or providing personal information. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information.

13. Automated decision-making and profiling
We do not use automated decision-making that produces legal effects or similarly significantly affects individuals, except where we may use automated processes for routine operational purposes (for example fraud screening) where we do so we will explain the logic and your rights on request.

14. Changes to this privacy policy
We may update this policy from time to time. Where the changes are significant, we will update the “Effective date” above. Please check this page regularly to stay informed.

15. How to contact us and make a complaint
If you have any questions about this privacy policy, wish to exercise your rights, or want to make a complaint, contact us at: hello@freedivinglondon.co.uk or at our registered office address above.If you remain dissatisfied you have the right to complain to the UK data protection supervisory authority, the Information Commissioner’s Office (ICO): Information Commissioner’s Office. ICO guidance on your rights and how to complain is available on their website.