Privacy Policy

Personal Information

• Name and contact information (email, phone number)
• Account credentials
• Booking and transaction information
• Communication preferences
• Reviews and feedback you submit

Automatically Collected

• Device information (browser type, operating system)
• IP address and location data
• Pages visited and time spent on the site
• Referring website addresses
• Cookies and similar tracking technologies

• Provide and maintain our services
• Process bookings and transactions
• Send you relevant communications and updates
• Improve our website and user experience
• Respond to your inquiries and support requests
• Prevent fraud and ensure security
• Comply with legal obligations

• Dive Schools: When you book, we share necessary information with the school to process your request.
• Service Providers: Third-party companies that help us operate (hosting, analytics, payment processing).
• Legal Requirements: When required by law or to protect our rights and safety.

We do not sell your personal information to third parties for marketing purposes.

• Essential Cookies: Required for the website to function properly.
• Analytics Cookies: Help us understand how visitors use our site.
• Preference Cookies: Remember your settings and preferences.

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

• Encryption of data in transit (HTTPS)
• Secure data storage practices
• Regular security assessments
• Access controls and authentication

No method of internet transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Under Singapore's PDPA and applicable data protection laws, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Object to or restrict certain processing
• Data portability
• Withdraw consent at any time

To exercise these rights, contact us at privacy@wegodive.com.

We retain your personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law. Account information is retained while your account is active and for a reasonable period thereafter.

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

SideEye Labs Pte. Ltd.
Singapore (UEN: 202606926K)
privacy@wegodive.com

• Email: privacy@wegodive.com
• Contact form: wegodive.com/contact

For the purposes of the Thai PDPA, the data controller responsible for your personal data is:

WeGoDive, operated by SideEye Labs Pte. Ltd.
Singapore (UEN: 202606926K)

Contact: hello@wegodive.com

Data Protection Officer: hello@wegodive.com

We process your personal data under the following legal bases as defined by the Thai PDPA:

• Consent (Section 19): For marketing communications, promotional emails, newsletters, and non-essential cookies and tracking technologies. You may withdraw your consent at any time.
• Contractual Necessity (Section 24(3)): For processing bookings, managing your account, processing payments, and delivering the services you have requested.
• Legitimate Interest (Section 24(5)): For fraud prevention, platform security, service improvement, and analytics to enhance user experience, where such interests do not override your fundamental rights.
• Legal Obligation (Section 24(6)): For compliance with applicable laws, tax regulations, and accounting requirements.

As WeGoDive operates internationally, your personal data may be transferred to and processed in countries outside of Thailand. We ensure that adequate data protection safeguards are in place for all cross-border transfers, including standard contractual clauses and service provider agreements.

Your data may be transferred to the following jurisdictions:

• Singapore — Stripe (payment processing), SideEye Labs (company operations)
• United States — Vercel (hosting and content delivery), Resend (transactional email), Sentry (error monitoring)

These service providers are bound by data processing agreements that require them to protect your personal data in accordance with standards no less protective than those required under the Thai PDPA.

Under the Thai PDPA, you have the following rights with respect to your personal data:

• Right of Access (Section 30): You may request access to the personal data we hold about you and obtain a copy.
• Right to Data Portability (Section 31): You may request that we transmit your personal data in a structured, commonly used, and machine-readable format to another data controller.
• Right to Object (Section 32): You may object to the collection, use, or disclosure of your personal data where processing is based on legitimate interest or public interest.
• Right to Erasure (Section 33): You may request deletion or de-identification of your personal data when it is no longer necessary for the purpose for which it was collected, subject to exceptions for legal obligations or the establishment, exercise, or defence of legal claims.
• Right to Restrict Processing (Section 34): You may request that we restrict the processing of your personal data in certain circumstances.
• Right to Rectification (Section 36): You may request correction of inaccurate, incomplete, or misleading personal data.
• Right to Withdraw Consent (Section 19): Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at hello@wegodive.com. We will respond to your request within 30 days.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods are as follows:

• Booking and transaction data: 7 years, as required by Thai accounting and tax regulations.
• Account data: Retained while your account is active and until you request deletion.
• Analytics data: 26 months from the date of collection.
• Cookie data: Retained according to your cookie consent preferences. You may update your preferences at any time.

After the applicable retention period expires, we will securely delete or anonymize your personal data unless retention is required by law.

If you believe that we have not handled your personal data in accordance with the Thai PDPA, you have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand.

Before filing a complaint with the PDPC, we encourage you to contact us first at hello@wegodive.com so that we may address your concerns directly.