Privacy Policy

Welcome to the Dive 365 Privacy Statement. This is where we describe how we handle your "Personal Data", which is information that is directly linked or can be linked to you. It applies to the Personal Data that DM Software processes as the "Data Controller" when you interact with its websites, applications, and services that display this Statement (collectively, "Services"). This Statement does not apply to services or products that do not display this Statement, such as Previews, where relevant.

End User Notice: Organization-Provided Dive 365 Accounts

Should you access a Dive 365 Service through an Account provided by an Organization, such as your employer or school, the Organization becomes the Data Controller, and this Privacy Statement's direct applicability to you changes. Even so, Dive 365 remains dedicated to preserving your privacy rights. In such circumstances, Dive 365 functions as a Data Processor, adhering to the Data Controller's instructions regarding your Personal Data's processing. A Data Protection Agreement governs the relationship between Dive 365 and the Data Controller. For further details regarding their privacy practices, please refer to the privacy statement of the Organization providing your Account.

In cases where your Organization grants access to Dive 365 service, Dive 365 acts as the Data Controller solely for specific processing activities. These activities should be clearly defined in a contractual agreement with your Organization, typically known as a Data Protection Agreement. For those limited purposes, this Statement governs the handling of your Personal Data. For all other aspects of Dive 365 service usage, your Organization's policies apply.

Third Party Access and Data Protection

Any third-party extensions, integrations, or follow references and links within our Services, the privacy policies of these third parties apply to any Personal Data you provide or consent to share with them. Their privacy statements will govern how this data is processed.

Personal Data We Collect

Personal Data is collected from you or your governing Organization directly. No Personal Data is collected automatically from your device(s). Collected information includes:

• Member data - We collect certain information when you sign up to use Dive 365. This includes your name, email address, birthday, and country of origin (used to determine whether you are a minor).

• Demographic information - We collect gender and birthday information to ensure users are assigned to appropriate Sessions, competitions, and events.

• User content and files - On occasion, some Members will be required to provide information for the purposes of consent, role validation, etc. In these cases, the files, photos, and information provided are stored with your Member in Dive 365.

• Profile information - We collect information to create appropriate Member profiles. This includes name, emergency contact information, address, and (where appropriate) email address and phone number.

Personal Data We Do Not Collect

Dive 365 pledges not to collect the following information:

• Payment information - Dive 365 utilizes Stripe to perform payment actions. Payment information provided to Stripe is not collected by Dive 365 outside of an acknowledgement that payment has been collected.

• Usage data - Dive 365 collects usage patterns that are not attributable to any individual Member. For example, page view counts are collected to understand the popularity of a feature, but there is no record of the individual Members that accessed a feature.

How We Use Your Personal Data

The usage of the Personal Data we collect is dependent on the Services being accessed.

Registration

The Registration Service uses your Personal Data as follows:

• Registration tracking - Members are assigned to Sessions and Registration Categories (e.g. "Athlete", "Official", "Coach", etc.). Member names and gender are displayed in Session assignments.

• Class views - Coaches are able to view Member names and contact information (including emergency contacts) for the purposes of viewing their Class list as well as contacting relevant parties in the case of an emergency.

• Reports - Organizations will use personal data to generate reports for the purposes of insurance, role criteria satisfaction, etc. Generally reports will not include Personal Data outside of name, birthday, gender.

• Communication - On occasion, Organizations will communicate with Session participants. Emails issued directly from the application will utilize the Account owner's contact information. Coaches or Organization administrators may also use phone numbers to contact Account owners if/when appropriate. Dive 365 will NOT utilize contact information.

Store

The Store uses your Personal Data as follows:

• Session applicability - Dive 365 will determine whether Members in your Account are applicable for a Session based on their age. Member names are shown in the Store Service to assist you with selecting Members for a Session.

• Store accessibility - The Store may only be accessed by an Account owner who must be of the age of majority.

Account

The Account Service is designed to allow Account owners the ability to create Members and configure all relevant Personal Data. Account owners may enter and edit all Personal Data at any time via the Account Service.

Sharing of Personal Data

Dive 365 does not share any Personal Data with third-parties. Personal Data is not made available to any Organization unless explicitly provided by you, the Account owner via the Account Service or during a purchase. Information that is already publicly available (e.g. competition results) may be available publicly via Dive 365.

Your Privacy Rights

Dive 365 takes your personal privacy rights seriously. At any time, you may delete Members from your Account and even delete your account entirely. For data integrity purposes, deleting a Member and/or your Account will NOT delete the underlying reportable data; however, any personally-identifiable data will be removed. For example, names will be removed (i.e. "Jamie Doe" becomes "[Deleted]") and birthdays will be reset to the start of the relevant Season.

International Data Transfers

Dive 365 stores data in Microsoft Azure's SQL Database service located in the "Canada East" region. Data is encrypted at rest and in transit. As of this writing, Personal Data is not transferred between regions and remains stored entirely within eastern Canada.

Security and Retention

Security

Dive 365 uses administrative, technical, and physical security controls where appropriate to protect your Personal Data. Data is encrypted at rest and in transit. Access to data is limited to you and the Organizations to which you have provided it.

Retention

Dive 365 uses appropriate administrative, technical, and physical security controls to protect your Personal Data. We’ll retain your Personal Data as long as your Account is active and as needed to fulfill contractual obligations, comply with legal requirements, resolve disputes, and enforce agreements. The retention duration depends on the purpose of data collection and any legal obligations.

Contact Us

Contact us by emailing info[at]dive365[dot]ca.

Information for Minors

Our Services are not intended for individuals under the age of majority outside of competition form entry (e.g. dive sheets). We do not intentionally collect Personal Data from such individuals unless explicitly provided by Account owners over the age of majority. If you become aware of a minor that has created an Account and provided Personal Data, please notify us.

Use of Cookies and Tracking Technologies

Dive 365 does not directly utilize cookies or tracking technologies. Authentication services are provided by Microsoft Azure Business to Customer (B2C). Any detected cookies or tracking technologies are solely used to provide authentication capabilities. Dive 365 does not track individual usage, nor do we inspect or otherwise utilize cookies.

Changes to Our Privacy Statement

Dive 365 may periodically revise this Privacy Statement. The effective date will be updated, but no direct communication will be issued to you. If a substantive change is made, communications may be issued to Organizations who may then elect to notify their users (you).