Data Protection

Privacy Policy

Your Privacy Matters to Us

The Dive Machine is committed to protecting and respecting your personal data in accordance with applicable Mexican and international data protection laws.

Who We Are

Data Controller

In accordance with Mexico's Federal Law on Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares — LFPDPPP), The Dive Machine is the entity responsible for the collection, use, storage, and protection of your personal data.

The Dive Machine is a company legally constituted under Mexican law, located at Calle 6 Norte bis, #227, Colonia Centro, Solidaridad, Playa del Carmen, Quintana Roo, C.P. 77710, Mexico.

For any inquiries or requests regarding your personal data, you may contact our Data Protection Officer at: info@thedivemachine.com

What We Collect

Personal Data Collected

Categories of personal data we may collect from you

Identification Data

Full name, date of birth, nationality, and government-issued identification details when required for diving certifications or legal purposes.

Contact Information

Email address, home and mobile phone numbers, physical address, hotel or accommodation details during your stay in Playa del Carmen.

Health & Medical Data

Medical conditions, diving fitness declarations, and health questionnaires required for safe diving activities, as mandated by international diving standards.

Emergency Contacts

Name, relationship, phone number, and address of your designated emergency contact person for safety during diving activities.

Certification Details

Diving certification level, agency (PADI, SSI, etc.), certification number, and diving experience log relevant to the services you request.

Payment Information

Billing details processed through secure third-party payment platforms. The Dive Machine does not store credit card numbers on its own servers.

How We Use It

Purposes of Processing

Your personal data will be used solely and exclusively for the following purposes:

Primary Purposes

These are essential to fulfill the services you have requested:

  • Service delivery — To provide diving excursions, courses, certifications, and related services you have booked with us
  • Safety compliance — To verify your fitness to dive, comply with international diving safety regulations, and ensure your well-being during all activities
  • Booking management — To process reservations, confirmations, schedule changes, and cancellations
  • Communication — To contact you regarding your booking details, pre-dive instructions, meeting points, and post-dive follow-ups
  • Legal obligations — To comply with applicable laws, regulations, and diving industry standards

Secondary Purposes

These are not strictly necessary but help us improve your experience:

  • Marketing communications — To send you promotions, special offers, new diving packages, and newsletters (only with your consent)
  • Service improvement — To analyze customer satisfaction, improve our diving services, and enhance our website
  • Database updates — To keep your information current and accurate in our records

If you do not wish your data to be used for secondary purposes, you may opt out at any time by contacting us at info@thedivemachine.com with the subject line “Opt-Out Secondary Purposes”.

Special Categories

Sensitive Data

Due to the nature of diving activities, we may collect sensitive personal data including health and medical information. This data is collected exclusively for the purpose of ensuring your safety during diving activities and complying with international diving standards set by certification agencies such as PADI and SSI.

In the case of sensitive data such as marital status, nationality, education, family and non-family references (name, address, telephone, relationship), these will be used solely and exclusively for purposes analogous or compatible with those described above.

We will always obtain your explicit consent before collecting sensitive data. You may revoke this consent at any time, although doing so may limit our ability to provide certain diving services that require medical clearance.

Your Rights

ARCO Rights

Under Mexican law, you have the right to Access, Rectify, Cancel, and Oppose the processing of your personal data

A

Access

You have the right to know what personal data we hold about you, how it was obtained, and the purposes for which it is being used.

R

Rectification

You have the right to request the correction of your personal data if it is inaccurate, incomplete, or outdated.

C

Cancellation

You have the right to request the deletion of your personal data from our records when it is no longer necessary for the purposes collected.

O

Opposition

You have the right to oppose the processing of your personal data for specific purposes, particularly for marketing communications.

How to Exercise Your ARCO Rights

To exercise any of these rights, please send a request to info@thedivemachine.com with the subject line “ARCO Rights Request”. Your request must include your full name, a copy of an official identification, a clear description of the data and rights you wish to exercise, and any supporting documents. We will respond to your request within 20 business days from the date we receive it, as required by law.

How We Protect You

Data Security

The Dive Machine has implemented administrative, technical, and physical security measures to protect your personal data against unauthorized access, damage, loss, alteration, destruction, or misuse. These measures include:

  • Encrypted connections — Our website uses SSL/TLS encryption (HTTPS) to protect data transmitted between your browser and our servers
  • Access controls — Personal data access is restricted to authorized personnel only, on a need-to-know basis
  • Secure payment processing — Financial transactions are handled through certified third-party payment processors; we never store credit card details on our servers
  • Regular audits — We periodically review our data protection practices to ensure compliance with applicable standards

While we take every reasonable measure to protect your data, no method of transmission over the internet or electronic storage is completely secure. We continuously work to enhance our security practices.

Data Sharing

Third-Party Transfers

Your personal data may be shared with the following third parties when necessary to fulfill our services:

  • Diving certification agencies — PADI, SSI, or other relevant certification bodies when processing your diving certifications
  • Insurance providers — When required for diving insurance coverage or in the event of an incident
  • Government authorities — When required by law, regulation, or legal proceedings under Mexican jurisdiction
  • Payment processors — Secure third-party platforms that handle financial transactions on our behalf

We require all third parties to respect the security and confidentiality of your personal data and to treat it in accordance with applicable data protection laws. We do not sell, rent, or trade your personal information to any third party for marketing purposes.

Online Data

Cookies & Website Data

Our website uses cookies and similar technologies to enhance your browsing experience. Cookies are small text files stored on your device that help us understand how you interact with our site. The types of cookies we use include:

  • Essential cookies — Required for the website to function correctly, including navigation, security, and accessibility preferences
  • Analytics cookies — Help us understand how visitors use our website through aggregated, anonymous data (Google Analytics)
  • Marketing cookies — Used to measure the effectiveness of our advertising campaigns and to show you relevant content

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our website. Our accessibility settings (text size, contrast, link highlighting) are stored locally on your device via cookies and are not transmitted to our servers.

How Long

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. Specifically:

  • Booking and service records — Retained for 5 years after the date of service, as required by Mexican commercial and tax regulations
  • Diving certification records — Retained permanently as required by certification agencies for diver safety
  • Medical and health data — Retained for the duration of your active relationship with us, then securely deleted within 12 months
  • Marketing preferences — Retained until you withdraw your consent or request deletion

Once the retention period expires or the data is no longer needed, we will securely delete or anonymize your personal data.

Updates

Changes to This Policy

The Dive Machine reserves the right to modify or update this Privacy Policy at any time to reflect changes in our practices, legal requirements, or regulatory standards. Any modifications will be communicated through our website and, when significant, via email, telephone, or any other means of communication we deem appropriate.

We encourage you to review this page periodically to stay informed about how we protect your personal data.

Last updated: February 12, 2026

Questions About Your Data?

If you have any questions about this Privacy Policy or wish to exercise your ARCO rights, please do not hesitate to contact us.

Contact Us Chat on WhatsApp
Accessibility Settings
Text Size

Adjust text size for better readability

High Contrast

Increase color contrast for better visibility

Enable high contrast
Highlight Links

Make all links more visible and identifiable

Enable link highlighting
Accessibility Statement
Ask by WhatsApp for our promotions