Privacy Notice
This document outlines how we handle specifics about individuals who interact with comparissenusvsca.it.com during their exploration of diving career pathways and underwater tourism education opportunities.
We operate under a stewardship framework. That means we see ourselves as temporary custodians rather than permanent owners of the details entrusted to us. Every piece of data has a lifecycle—it emerges when someone reaches out or signs up, gets worked with during our service delivery, stays with us only as long as functionally necessary, then disappears when its purpose ends.
Questions about tracking technologies like cookies and analytics scripts belong in a separate document. This notice focuses solely on how identifiable and operational information moves through our organization, why it matters, and what control mechanisms exist.
What We Capture and When
During Initial Inquiry
When someone fills out a contact form or sends an email to [email protected], we receive basic identifiers: a name, an email address, sometimes a phone number. Occasionally people mention their current location or diving certification level—these aren't required, but if provided, they help us tailor our response.
Identity Elements
Full names and preferred contact methods. We don't request government IDs or passport numbers during initial outreach. Those only become relevant much later if someone enrolls in a program requiring travel documentation.
Communication Channels
Email addresses serve as primary touchpoints. Phone numbers get recorded when someone calls our Seattle office at +14357557670 or includes theirs in a message. We don't harvest this from third-party databases or social media profiles.
Geographic Context
Where someone lives influences which training locations make sense and what travel logistics might look like. This usually comes from voluntary disclosure rather than IP tracking.
Professional Background
Career changers often share what field they're leaving behind. Current dive instructors mention their certifications. These details shape how we explain pathways and suggest next steps.
When Enrollment Moves Forward
If someone decides to join a program scheduled for late 2025 or early 2026, additional operational specifics become necessary. Payment processing requires billing addresses. Insurance paperwork needs emergency contacts. Equipment sizing forms collect physical measurements. Medical clearance documents reference health conditions relevant to diving safety.
These aren't collected for curiosity—they serve distinct functional purposes tied directly to program delivery. A billing address ensures payment processors can verify transactions. Emergency contacts matter if something goes wrong during open water training. Medical histories help instructors identify participants who need modified ascent protocols.
We don't build comprehensive profiles by aggregating unrelated data points. Each piece serves a narrow purpose and gets handled accordingly.
Interactions Generate Records
Every email exchange creates a timestamp. Phone calls get logged with date and duration. Someone who downloads our 2025 program guide triggers a record that they accessed that resource. These operational logs exist primarily for internal coordination—so our team knows who talked to whom about what and when.
Some systems automatically capture technical metadata: which browser someone used, whether they opened an email on mobile or desktop, roughly what region their connection originated from based on network routing. This metadata rarely gets examined individually unless troubleshooting a technical issue, but it exists within our infrastructure.
Why This Intake Happens
Different categories serve different functions. Let's walk through the operational necessity rather than speaking in abstract legal terms.
Service Delivery Cannot Occur Without Certain Details
Enrolling someone in a dive master preparation course requires knowing their email so we can send joining instructions. Billing them requires payment information. Scheduling open water sessions needs phone contact for last-minute weather changes. These represent core transactional requirements—without them, the service literally cannot happen.
Communication Continuity Depends on Historical Context
When someone emails us in March 2025 asking about underwater photography specialization, then follows up in June about travel logistics, our team needs to see that history. Otherwise every conversation starts from zero and people have to repeat themselves endlessly. This continuity improves their experience significantly.
Safety Obligations Create Documentation Needs
Diving involves inherent physical risk. Medical screening forms aren't bureaucratic theater—they help instructors identify participants who might experience nitrogen narcosis more severely or who need modified decompression schedules. Emergency contacts become critical if someone gets bent during a training dive.
Failing to collect and reference these details wouldn't just be inconvenient; it would be genuinely dangerous. So this intake occurs under what privacy regulations call "vital interests," though we think of it more plainly as basic duty of care.
Operational Improvement Through Aggregate Pattern Recognition
Looking at enrollment trends helps us figure out whether to add another cohort in summer 2026 or shift resources toward specialized certifications. Seeing that most inquiries mention career transition rather than recreational advancement tells us something about market dynamics.
This analysis happens at aggregate levels. We're not profiling individuals—we're spotting broader patterns that inform resource allocation and program design.
Legal compliance creates additional retention requirements. Tax records must persist for regulatory periods. Certain training certifications require maintaining graduation records indefinitely because certification bodies audit historical documentation.
Internal Access and External Movement
Who Inside the Organization Touches What
Not everyone on our team can see everything. Access gets segmented based on functional necessity. The person managing social media inquiries sees names and email addresses but doesn't access financial records. Our accountant sees billing information but not medical forms. Instructors receive relevant safety documentation before training sessions but don't get marketing communication histories.
This segmentation isn't about distrust—it's about limiting exposure. Fewer access points means fewer opportunities for accidental disclosure or mishandling. It also reduces cognitive load; people don't wade through irrelevant information when performing their specific tasks.
When Information Leaves Our Direct Control
Certain operations require involving external entities. Payment processing gets handled by financial service providers who briefly touch transaction details to verify and transfer funds. Email delivery goes through infrastructure providers who route messages between our servers and recipients' inboxes. Program insurance requires sharing participant lists with underwriters who assess risk pools.
These transfers occur under contractual arrangements. Service agreements explicitly prohibit external processors from repurposing the data for their own marketing or aggregation efforts. They function as extensions of our operations rather than independent third parties with separate interests.
Legal Demands Occasionally Compel Disclosure
If a court order arrives demanding records related to a specific individual, compliance becomes legally mandatory. If a regulatory body investigating certification practices requests training documentation, refusal isn't an option. These situations remain rare, but the possibility exists.
We don't voluntarily hand over participant information to law enforcement absent formal legal process. Informal requests without accompanying judicial authorization get declined.
Business Structure Changes Could Transfer Custody
If comparissenusvsca ever merged with another training organization, got acquired, or sold specific program divisions, participant records associated with those programs might transfer to the new operational entity. This would occur under continuity principles—the new custodian would inherit the same handling obligations we operated under.
Such transfers aren't imminent or planned, but structural business changes remain possible in any organization's lifespan. Participants would receive advance notice if this scenario materialized.
Protection Approach and Residual Risk
We implement layered safeguards, though absolute security remains technically impossible. Here's what exists and what vulnerabilities persist despite our efforts.
Technical Barriers
Encryption protects data both during transmission and while stored on servers. Access requires multi-factor authentication rather than just passwords. Systems get patched regularly against known vulnerabilities. Backups exist in geographically separated locations so a single catastrophic failure doesn't cause total information loss.
These measures create significant barriers. Someone attempting unauthorized access would need to overcome multiple distinct technical hurdles rather than exploiting a single weakness.
Procedural Controls
Staff receive training about handling participant information responsibly. Protocols exist for responding to suspected security incidents. Regular audits verify that access logs match legitimate business activity. Physical documents get stored in locked facilities at our Seattle office on 7003 3rd Ave NW, rather than left in open workspaces.
What Remains Vulnerable
Sophisticated attackers could potentially breach our systems despite these protections. A determined adversary with substantial resources might find an exploit we haven't identified. Insider threats—someone on our team deliberately misusing their access—remain difficult to prevent entirely through technical means alone.
Email itself represents an inherently insecure medium. Messages traveling between our servers and someone's personal inbox pass through multiple intermediate systems we don't control. Encryption helps, but most people's email providers don't implement end-to-end protection.
Human error creates ongoing risk. Someone might accidentally send a message to the wrong recipient or leave a laptop unlocked in a public space. We work to minimize these incidents through training and procedure, but eliminating them entirely exceeds what's realistically achievable.
No organization can truthfully promise complete security. We invest significantly in protective measures while acknowledging that risk reduction differs from risk elimination.
Control Mechanisms Available to Individuals
Inspection Rights
Anyone can request to see what specific details we hold about them. This includes contact information, program enrollment records, communication history, and any notes our team has recorded during interactions. Requests go to [email protected] with "Access Request" in the subject line. We respond within two weeks, providing copies in readable electronic format.
Correction Capability
If something in our records is wrong—an outdated phone number, misspelled name, incorrect certification level—letting us know triggers an update. We don't require elaborate verification for straightforward corrections. An email saying "my phone number changed" is sufficient.
Removal Requests
People can ask us to delete their information entirely. This gets honored except where retention is legally required or functionally necessary for ongoing service delivery. Someone enrolled in a program starting in March 2026 can't have their records deleted while participating—we need those details to operate the program safely. After program completion, once regulatory retention periods expire, deletion becomes feasible.
Processing Objections
If someone believes we're handling their data in ways that exceed what's necessary or appropriate, they can object. This triggers internal review. We'll either adjust our practices, explain why the current handling is essential, or stop the contested activity if it proves non-critical.
Communication Opt-Out
Marketing emails include unsubscribe links. Clicking removes someone from promotional lists while preserving their ability to receive operational messages about programs they've enrolled in. We can't send someone training schedule updates if they've requested zero contact, so complete communication blackout only works for people without active enrollments.
Portability Options
Upon request, we'll provide structured exports of someone's data in formats they can transfer to another service provider. This matters most if someone decides to continue their training through a different organization and wants their certification history to move with them.
Exercising these rights doesn't require hiring lawyers or submitting formal legal demands. A straightforward email explaining what you want usually suffices. We respond to good-faith requests cooperatively rather than treating them as adversarial interactions.
Getting in Touch About Privacy Concerns
Questions about how your information gets handled, requests to exercise control rights, or concerns about potential mishandling should go directly to us rather than festering as background anxiety.
We prefer transparency and direct engagement over formal escalation processes. Most concerns get resolved through straightforward conversation once we understand what's bothering someone.
If our response feels inadequate or if you believe we're violating applicable privacy regulations, external complaint mechanisms exist. Depending on jurisdiction, this might involve data protection authorities, consumer protection agencies, or other regulatory bodies. We'd rather resolve things directly, but escalation options remain available.