🛏️ Dive & Stay Deal Package Deal 🚤 Shenron Liveaboard Liveaboard Promo 🎓 Next IDC 2026 Next IDC
EN FR DE ES
Book / Contact
EN FR DE ES
🤿 Daily Diving Day trips · Mantas · All levels Best Value 🌴 Dive Resort Stay, dive & relax Boutique 🚤
Shenron Liveaboard Komodo & Alor · 8 guests max
PADI Divemaster DM + IDC Combo PADI IDC Komodo Staff Instructor Talk to a Course Director
All Courses → Best Sellers OW + Advanced Combo Advanced Open Water Deep Diver Nitrox Sidemount Other Courses Discover Scuba Diving Open Water Rescue Diver Drift Diving
Our Team Why Dragon Dive Blog Safety Playbook
Daily Diving Guide Liveaboard Guide Best Time to Dive How to Get to Komodo Park Fees FAQ
Prices & Inclusions
WhatsApp Us Book Now

PMA Dragon Dive Komodo · Legal

Privacy Policy

How we collect, use, share and protect your personal data when you interact with Dragon Dive Komodo and book our diving services, accommodation, training programs or Shenron liveaboard cruises.

Last updated: 14 May 2026

Contents

  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. Legal Basis for Processing
  5. Sharing With Third Parties
  6. International Transfers
  7. How Long We Keep Your Data
  8. Your Rights
  9. Cookies and Analytics
  10. Data Security
  11. Children's Privacy
  12. Changes to This Policy
  13. Contact

1. Who We Are

This Privacy Policy describes how PMA Dragon Dive Komodo ("Dragon Dive Komodo", "we", "our", "us") collects, uses and protects your personal data.

We are a registered foreign investment company (PMA) in Indonesia with our main office at Jalan Mutiara, Kampung Ujung, Labuan Bajo, Kecamatan Komodo, Kabupaten Manggarai Barat, Nusa Tenggara Timur 86754, Indonesia. We operate a PADI 5★ IDC Dive Resort, the Shenron liveaboard, and a walk-in booking office located on Jalan Soekarno Hatta. We act as the data controller for personal data processed in connection with our diving services, accommodation, training programs and liveaboard cruises.

This policy applies to data we collect through our website dragondivekomodo.com, our booking platform at ddk.divehq.cloud, by email, by WhatsApp, by phone, in person at our resort and booking office, during diving activities, and during stays at our resort or on board Shenron.

2. Data We Collect

Data you provide directly

  • Identity and contact data: full name, date of birth, nationality, email address, phone number, WhatsApp number, postal address.
  • Booking data: trip selection, course selection, package selection, arrival and departure dates, group size, room preferences, dietary requirements, special requests, payment confirmation.
  • Diving qualification data: certification level, certification number, certification agency (PADI, SSI, CMAS, etc.), number of logged dives, dive history.
  • Health data: information disclosed in the PADI Medical Statement, including any medical conditions or medications you declare. This is sensitive data and is handled with extra care.
  • Emergency contact: name, relationship and phone number of a person to contact in case of emergency.
  • Identity document: passport details when required by Komodo National Park authorities for park entry registration, by Indonesian immigration when staying at our resort, or by Indonesian maritime authorities when boarding Shenron.
  • Professional training data: if you enroll in our PADI Divemaster, IDC or other professional programs, we collect additional information required by PADI for instructor-level registration, including academic and professional history where relevant.

Data collected automatically

  • Website usage data: pages visited, time on page, device type, browser, approximate location based on IP — collected via Google Analytics 4 (GA4) and Google Tag Manager.
  • Photos and videos: images and footage taken during diving trips, courses and liveaboard cruises by our staff (with the option to opt out — see Photography section in our Terms & Conditions).

3. How We Use Your Data

We use your personal data for the following purposes:

  • To process and confirm your bookings (diving trips, courses, accommodation, liveaboard cruises) and take payment.
  • To communicate with you before, during and after your trip (logistics, transfer details, weather updates, course progress, post-trip thanks).
  • To verify your diving qualification and ensure your safety underwater.
  • To comply with Komodo National Park entry requirements, Indonesian immigration regulations, and maritime safety requirements for liveaboard operations.
  • To process PADI course registration and issue your certification.
  • To manage your stay at our resort (room assignment, housekeeping preferences, dietary requirements).
  • To respond to your enquiries and customer service requests.
  • To improve our website, services and customer experience based on aggregated analytics.
  • To send marketing communications, only if you have given explicit consent (you can withdraw consent at any time).
  • To meet our legal, accounting and tax obligations under Indonesian law.

4. Legal Basis for Processing

Where the European Union General Data Protection Regulation (GDPR) applies (if you are a resident of the European Economic Area or the United Kingdom), we rely on the following legal bases:

  • Performance of a contract (Article 6(1)(b)): for processing your booking and providing the services you have requested.
  • Legal obligation (Article 6(1)(c)): for tax records, park authority requirements, immigration regulations and maritime safety obligations.
  • Legitimate interests (Article 6(1)(f)): for improving our services and ensuring website security and analytics.
  • Consent (Article 6(1)(a)): for marketing communications and use of your image in marketing materials.
  • Vital interests (Article 6(1)(d)): for handling medical and emergency contact data in case of a diving or maritime incident.

For health data (Article 9), we rely on your explicit consent given when you sign the PADI Medical Statement.

5. Sharing With Third Parties

We do not sell your data. We share it only when necessary, with the following categories of recipients:

  • Booking platform: DiveHQ, our booking and operations management system, processes your booking, accommodation and contact data on our behalf.
  • Payment processors: card payments are handled directly by the payment processor (we do not store full card details). Bank transfer details are visible only to our finance team.
  • Komodo National Park authorities: for park entry registration, we share name, nationality and passport number as required by Indonesian law.
  • Indonesian immigration and maritime authorities: for resort stays exceeding 30 days, and for all Shenron liveaboard passengers (passenger manifest required under maritime safety regulations).
  • Insurance and emergency services: in case of a diving or maritime incident, we share necessary medical and emergency contact data with hyperbaric chambers, hospitals, evacuation services (e.g. DAN Asia-Pacific) and your emergency contact.
  • PADI: for course registration and certification purposes, we share your name, date of birth, contact details and (for professional programs) qualification history to issue your PADI certification at recreational or professional level.
  • Government and tax authorities: when required by Indonesian law.
  • Professional advisers: accountants, auditors and lawyers under confidentiality obligations.

6. International Transfers

We are based in Indonesia. If you are based outside Indonesia (in the EU, UK, or elsewhere), your personal data is transferred to and processed in Indonesia when you book or interact with us.

Indonesia has its own data protection framework under Law No. 27 of 2022 on Personal Data Protection (PDP Law). We apply security measures consistent with both Indonesian and GDPR requirements where applicable.

Some of our service providers (Google Analytics, DiveHQ infrastructure) are based in the United States or use US-based infrastructure. We rely on their respective contractual safeguards for international transfers.

7. How Long We Keep Your Data

  • Booking and payment records: 5 years after your last booking, for accounting and tax purposes under Indonesian law.
  • Medical statements and liability releases: 7 years, for legal protection in case of dispute.
  • PADI professional training records: retained for the duration required by PADI standards and Indonesian law, typically 10 years.
  • Resort guest registry: 5 years, as required by Indonesian hospitality regulations.
  • Marketing data: until you withdraw consent or after 3 years of inactivity, whichever comes first.
  • Website analytics: in accordance with Google Analytics 4 default retention (typically 14 months for user-level data).
  • Photos and videos: archived indefinitely unless you request removal of your image.

8. Your Rights

If GDPR applies to you (or under similar protections of the Indonesian PDP Law), you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: ask us to correct inaccurate or incomplete data.
  • Right to erasure: ask us to delete your data, subject to legal retention obligations.
  • Right to restriction: ask us to limit the processing of your data.
  • Right to data portability: receive your data in a structured, commonly used format.
  • Right to object: object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent: where processing is based on consent, you can withdraw it at any time.
  • Right to lodge a complaint: with your local data protection authority.

To exercise any of these rights, contact us at diving@dragondivekomodo.com. We will respond within 30 days.

9. Cookies and Analytics

Our website uses cookies and similar tracking technologies to function properly and to understand how visitors use our site.

Essential cookies

Required for the website to function (session management, security, language preferences across our EN/FR/DE/ES versions). These cannot be disabled.

Analytics cookies

We use Google Analytics 4 via Google Tag Manager to collect anonymous usage statistics. This helps us improve the site. IP addresses are anonymised before storage.

Advertising cookies

We use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. We do not use third-party remarketing cookies that follow you across the web.

Managing cookies

You can manage cookies through your browser settings or through our cookie consent banner. Disabling cookies may affect site functionality.

10. Data Security

We take reasonable technical and organisational measures to protect your data, including:

  • Encrypted website connection (HTTPS/TLS) across all our domains.
  • Restricted access to booking, accommodation and customer data on a need-to-know basis.
  • Secure third-party providers (DiveHQ, payment processors) with their own security standards.
  • Regular backups of customer records.
  • Staff training on data handling and customer confidentiality.

However, no method of internet transmission or storage is 100% secure. In the unlikely event of a data breach affecting your data, we will notify you and the relevant authorities as required by law.

11. Children's Privacy

Our services are not directed at children under 10. PADI courses have minimum age requirements (10 for Junior Open Water, 12 for Open Water, 15 for Advanced Open Water). When children participate, parental or guardian consent and signature are required for the medical statement and liability release.

We do not knowingly collect personal data from children under 13 through our website without parental consent. If you believe we have collected such data inadvertently, contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page shows the most recent version. For significant changes, we will notify guests with active bookings by email or display a prominent notice on our website.

13. Contact

PMA Dragon Dive Komodo

Jalan Mutiara, Kampung Ujung
Labuan Bajo, Kecamatan Komodo
Kabupaten Manggarai Barat
Nusa Tenggara Timur 86754, Indonesia

Privacy enquiries: diving@dragondivekomodo.com
WhatsApp: +62 811 3823 490
Walk-in booking office: Jalan Soekarno Hatta, next to Oh!Julia Hotel

This Privacy Policy is written in good faith to comply with Indonesian PDP Law and GDPR principles. It does not constitute formal legal advice. For specific data protection enquiries, contact us directly.