Privacy Policy

Mimpi Indah Dive Resort respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data when booking accommodation, diving activities, or courses through our website.

1. Who We Are
Our website address is: https://mimpiindah.com
We operate a boutique eco-friendly dive resort in North Sulawesi, Indonesia, where guests can book accommodation, diving packages, and PADI courses online.

2. What Data We Collect
When you make a booking or order a course through our website, we collect the following information:
• Personal details:Name, address, email, phone number.
• Booking details:Accommodation dates, number of guests, chosen packages/courses.
• Payment details:Depending on the payment method, we may collect necessary billing details. Payment transactions are processed securely by our payment providers (see Section 6).
• Diving/course data:Certification level, age, and any relevant health information needed for safety during diving activities.
• Communication data:Any messages or special requests you send to us through our forms.
We do not intentionally collect more data than necessary to process bookings and ensure safety.

3. Cookies and Tracking Technologies
Our website uses cookies to improve your experience and enable bookings.
• Functional cookies:Required for the booking and checkout process.
• Preference cookies:To remember your settings (such as selected language or currency).
• Analytics cookies:We may use services like Google Analytics to track how visitors use our website, in order to improve our services.
• Payment cookies:Our payment providers may place cookies to process your payments securely.

You can control cookies through your browser settings. Disabling cookies may affect the booking process.

4. How We Use Your Data
We use your data to:
• Process and confirm your bookings.
• Manage payments and invoicing.
• Communicate with you about your reservation, diving activities, or course details.
• Ensure safety requirements for diving participants.
• Send you essential service-related information (such as booking confirmations or schedule changes).
• Improve our website and services.

We do not use your data for unsolicited marketing unless you have explicitly opted in.

5. Legal Basis for Processing
We process your personal data based on:
• Contractual necessity:To provide the booking and services you requested.
• Legal obligations:For accounting, invoicing, and tax purposes.
• Legitimate interests:To improve our services and ensure website security.
• Consent:For optional marketing communications or analytics, where required.

6. Who We Share Your Data With
We do not sell or rent your personal data. We only share data with:
• Payment providers (e.g., Stripe, PayPal, Mollie) to process payments securely.
• IT and hosting providers that operate our website and booking system.
• Travel or diving partners (only when necessary to arrange your booked services).

All partners are required to protect your data and use it only for the agreed purpose.

7. Data Retention
• Booking records (including invoices) are retained as required by tax and legal obligations (typically 7 years).
• Customer accounts (if you register) remain active until you request deletion.
• Emails and communication related to bookings may be stored as long as necessary to provide services.

8. Your Rights
You have the right to:
• Request a copy of the personal data we hold about you.
• Correct or update inaccurate information.
• Request deletion of your personal data (unless required by law to retain it).
• Object to certain data processing (e.g., marketing).
• Withdraw consent (where consent was the legal basis).

Requests can be made via our contact details below.

9. Data Transfers
As we operate in Indonesia and Europe, your data may be transferred internationally. We ensure that adequate protection measures are in place to safeguard your data during transfers.

10. Data Security
We use appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, or alteration. However, no method of transmission over the internet is 100% secure.

11. Children’s Privacy
Children aged 10 years and above are welcome to stay at our resort and participate in diving activities, always under the supervision and consent of a parent or legal guardian.
We only collect the minimum personal data required to process their booking and ensure safety during diving activities (such as age, certification level, and medical fitness).
If you are a parent or guardian and believe we may have collected personal information about a child under 10 without consent, please contact us immediately so we can delete the information.

12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with the new “last updated” date.

13. Contact Us
For questions about this Privacy Policy or your data, please contact us:info@mimpiindah.com