top of page

Privacy Policy

​​Sukelluskoulu Rausku Privacy Policy in accordance with the EU General Data Protection Regulation (GDPR), drafted on 1 March 2026.

 

1. Controller and contact details

Sukelluskoulu Rausku

Business ID: 3603908-9

info@sukelluskoulurausku.fi

 

2. Data storage location

Personal data collected through forms is stored on the Wix.com platform (Wix.com Ltd). In addition, data is transferred to and/or stored in the Google environment (Google Workspace; Google Ireland Limited / Google LLC) for handling inquiries and customer service (e.g. email and/or Google Sheets). Wix.com and Google are responsible for the implementation, data security, and backup of their systems.

​

Course completion and study records are stored in the PADI organization’s system. PADI is responsible for the implementation, data security, and backup of its systems.

​

Billing and accounting are handled through the OP Kevytyrittäjä service. OP is responsible for the implementation, data security, and backup of its systems.

​

Privacy policies of the systems we use:

https://www.wix.com/about/privacy

https://policies.google.com/privacy?hl=en-US

https://www.padi.com/privacy

https://www.op.fi/tietosuoja/tietosuojaselosteet-ja-yhteystiedot

 

3. Name of the register

Sukelluskoulu Rausku customer, order, billing, and marketing register

​

4. Legal basis and purpose of processing personal data under GDPR

The legal basis for processing personal data is:

  • contract (the data subject is a party to the contract)

  • legitimate interest of the controller (customer relationship)

  • consent (marketing)

 

The purpose of processing personal data is customer communication, management of the customer relationship (e.g. course delivery, equipment rental), billing and accounting, and marketing.

We do not use the data for automated decision-making or profiling.

 

5. Content of the register, data retention period, and data sources

The register contains data related to the customer relationship and service provision. The register includes the following:

  • name

  • date of birth

  • contact and billing details (phone number, email address, address)

  • website addresses

  • IP address of the internet connection

  • information on ordered services

  • other possible information related to the customer relationship and ordered services (e.g. equipment size information, diving classification data)

 

We do not collect or process health data. Any health questionnaires are completed directly in the PADI system.

We retain personal data:

  • for the duration of the customer relationship

  • as required by accounting legislation (billing data) for the legally required period (6–10 years)

  • certification data is stored in the training organization’s system according to their practices

 

Data is collected from customers (data subjects) themselves and updated based on the information provided by them. Customers may provide data, for example, via website forms, by phone, messaging applications, email, social media services, or during in-person meetings.

​

6. Disclosure and transfer of data outside the EU or EEA

Data may be disclosed to:

  • the PADI organization for certification purposes

  • the accountant

  • authorities when required by law

 

Data is not sold to third parties.

 

As PADI operates internationally, data may be transferred outside the EU/EEA in accordance with applicable data protection legislation. PADI is responsible for the data in its system.

​

Wix.com and Google, where data is stored, operate internationally, and data may be transferred outside the EU/EEA in accordance with applicable data protection legislation.

​

Billing and accounting are carried out through the OP Kevytyrittäjä service in Finland.

 

7. Protection of the register

We exercise due care in processing and protecting the register and protect the data appropriately. We take data protection requirements into account when storing data on internet servers. Data is processed confidentially and only by persons for whom processing is necessary.

 

8. Use of photos and videos

Photos and videos may be taken during courses and diving activities.

The material may be used:

  • on the company website

  • on social media

  • in marketing materials

 

Images are not used in an offensive or misleading manner.

​

Customers may prohibit the use of images by informing staff before or after the activity. Upon request, images will be removed within a reasonable time.

 

9. Marketing communications

By registering for a diving course, diving activities, or renting equipment, the customer may give consent to marketing communications.

Marketing communications may include information about:

  • upcoming courses

  • events

  • offers

  • new services

 

Customers may withdraw consent to marketing communications at any time:

  • via the unsubscribe link in emails

  • by contacting the controller

 

10. Cookies and analytics

Our website uses cookies.

Cookies are small text files stored on the user’s device that help improve the user experience.

We use the following types of cookies:

  • necessary cookies (site functionality)

  • analytics cookies (e.g. visitor statistics)

  • marketing cookies (e.g. targeted advertising)

 

Users can manage cookie settings through their browser or via the website’s cookie notice.

The website uses Google Analytics, which collects information on how users interact with the site. The information collected by cookies is anonymized and is not used to identify individual users. The data helps improve the user-friendliness of the site.

You can change your cookie settings and refuse consent. If you continue using the website without making a selection, analytical cookies will not be set.

​

More information about Google’s privacy practices is available on Google’s website. You can also prevent data collection by installing a browser add-on.

​

The website is implemented on the Wix.com platform. Wix automatically collects technical data about site usage, such as IP address, browser details, device type, page visits, and session duration. This data is used to ensure and improve site functionality.

 

Data may be transferred outside the EU. Processing is based on user consent and contract. Users can manage cookie settings via the site’s cookie banner.

 

11. Rights of the data subject

The data subject has the right to:

  • access their data

  • request rectification

  • request deletion

  • restrict or object to processing

  • withdraw consent

  • lodge a complaint with a supervisory authority

 

In Finland, the supervisory authority is the Tietosuojavaltuutetun toimisto.

bottom of page