GDPR Compliance

Last updated: June 2, 2026

Our Commitment to GDPR

Although Cove Dive operates in Australia, we respect the privacy rights of all individuals, including those protected under the European Union's General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR principles.

Legal Basis for Processing

We process personal data under the following legal bases:

• Contract performance: Processing necessary to fulfill expedition bookings
• Consent: Where you have given explicit permission for specific uses
• Legitimate interests: For business operations that don't override your rights
• Legal obligation: Where required by Australian or international law

Your GDPR Rights

If you are an EU resident, you have the following rights:

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data, subject to legal retention requirements.

Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances.

Right to Data Portability

You can request your data in a structured, commonly used format for transfer to another service.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

Right to Lodge a Complaint

You have the right to complain to your local data protection authority.

Data Protection Measures

We implement technical and organizational measures to protect your data:

• Encrypted data transmission using SSL/TLS protocols
• Access controls limiting staff access to personal data
• Regular security assessments and updates
• Secure backup systems with encryption
• Data minimization practices

International Data Transfers

Your data is primarily stored and processed in Australia. If we transfer data internationally, we ensure appropriate safeguards are in place through:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions where applicable
• Your explicit consent for specific transfers

Data Retention Periods

We retain personal data only as long as necessary:

• Booking inquiries: 90 days if no booking is made
• Completed bookings: 7 years for insurance and legal compliance
• Marketing communications: Until you unsubscribe or request deletion
• Website analytics: 26 months

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect data from children. If we become aware of such collection, we will delete it promptly.

Exercising Your Rights

To exercise any GDPR rights, contact us at:

Email: [email protected]

We will respond to requests within 30 days. If we need additional time, we will inform you and explain the reason for the delay.

Data Protection Officer

For GDPR-related inquiries, you may contact our privacy team:

Email: [email protected]

Address: 47 Marine Sanctuary Drive, Port Douglas, QLD 4877, Australia

Updates to This Policy

We may update this GDPR compliance statement as regulations evolve. Significant changes will be communicated via email to affected individuals.