Privacy Policy

As of April 2026

We are delighted that you have visited our website. Protecting your personal data is very important to us. Below, we provide information in accordance with Art. 13 GDPR about the type, scope, and purpose of the processing of personal data.

1. Responsible party

Frankfurt Dive Center GmbH

12C Vogesenstraße

60529 Frankfurt am Main

Germany


Managing Directors: Martin Andreas Wellnitz, Laura Vantellini

Email: info@frankfurtdivecenter.de

2. Website hosting (Squarespace)

Our website is hosted by Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland.

When you visit the website, the following data is automatically processed:

  • IP address

  • Date and time of access

  • Browser type and version

  • operating system

  • referrer URL

  • pages accessed

This processing serves the technical provision, security, and stability of the website.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

A data processing agreement has been concluded with Squarespace in accordance with Art. 28 GDPR.

3. Content Delivery Network & Security (Cloudflare)

We use Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

Cloudflare provides security and performance features (CDN, DDoS protection, firewall).

Processed data may include:

  • IP address

  • browser information

  • access time

  • requested content

  • security log data

Legal basis: Art. 6(1)(f) GDPR

Data transfer to the USA is based on the EU-US Data Privacy Framework (DPF) and, in addition, on the use of standard contractual clauses in accordance with Art. 46 GDPR.

4. Cookies & consent management

Our website uses cookies.

During your first visit, you can use the cookie banner to:

  • accept all cookies

  • reject

  • manage individually

Non-essential cookies (e.g., marketing/tracking) will only be set after you give your consent.

Legal basis: Art. 6(1)(a) GDPR, Section 25 TTDSG

5. Google Ads & Conversion Tracking

We use Google Ads, provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

When you click on an ad, a conversion cookie is set to measure the effectiveness of our ads.

Processed data may include:

  • IP address

  • page views

  • clicking behavior

  • device information

  • approximate location data

Processing will only take place with your consent.

Legal basis: Art. 6(1)(a) GDPR, Section 25 TTDSG

Data transfer is based on the EU-US Data Privacy Framework (DPF).

Privacy policy: https://policies.google.com/privacy

6. Meta Pixel (Facebook & Instagram)

We use the Meta Pixel from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.

Purpose:

  • visitor statistics

  • Advertising optimization

  • target group formation

Processed data:

  • IP address

  • usage behavior

  • page views

  • device information

Meta processes data on its own responsibility in the sense of joint responsibility in accordance with Art. 26 GDPR. A corresponding agreement has been concluded.

Processing will only take place with your consent.

Legal basis: Art. 6(1)(a) GDPR, Section 25 TTDSG

Data transfer is based on the EU-US Data Privacy Framework (DPF).

Privacy policy: https://www.facebook.com/privacy/policy/

7. Contact form

When you use our contact form, we process:

  • Name

  • email address

  • message

Purpose: Processing your request.

Legal basis: Article 6(1)(b) of the GDPR (pre-contractual measures).

Retention period: Until the request has been fully processed; thereafter, in accordance with legal retention requirements.

8. Newsletter (Mailchimp)

We use Mailchimp (Intuit Inc., 2535 Augustine Drive, Santa Clara, CA 95054, USA) to send out our newsletter.

Processed data:

  • email address

  • Name, if applicable

We use the double opt-in process. You can unsubscribe at any time.

Legal basis: Art. 6(1)(a) GDPR

Data transfer is based on the EU-US Data Privacy Framework (DPF).

Privacy policy: https://mailchimp.com/legal/privacy/

9. Online store & payment processing (Shopify)

We use Shopify International Ltd., Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, Ireland, to operate our online store.

Processed data:

  • Name

  • billing address

  • email address

  • phone number

  • payment information

  • Order details

Legal basis: Art. 6(1)(b) GDPR

There is a data processing agreement in place with Shopify.

Data transfer is based on the EU-US Data Privacy Framework (DPF) and standard contractual clauses.

Privacy policy: https://www.shopify.com/legal/privacy

9a. Shopify Payments (Stripe)

Credit card payments are processed by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland. Stripe processes payment data on its own behalf.

Legal basis: Art. 6(1)(b) GDPR

Privacy policy: https://stripe.com/privacy

9b. PayPal

PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. PayPal processes payment data on its own behalf.

Legal basis: Art. 6(1)(b) GDPR

Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

9c. Klarna

Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden. Klarna processes data on its own behalf for credit checks and payment processing.

Legal basis: Art. 6(1)(b) GDPR

Privacy policy: https://www.klarna.com/de/datenschutz/

10. Appointment Scheduling (Acuity Scheduling)

We use Acuity Scheduling, a service provided by Squarespace Inc., 225 Varick Street, 12th Floor, New York, NY 10014, USA, for online appointment booking on the /termine page.

When you use the booking form, the following data is processed:

  • Name

  • email address

  • phone number (if applicable)

  • Event Details

Legal basis: Article 6(1)(b) of the GDPR (pre-contractual measures)

Data transfers to the United States are carried out in accordance with the EU-U.S. Data Privacy Framework (DPF) and the standard contractual clauses under Article 46 of the GDPR.

Since Acuity Scheduling is a service provided by Squarespace, the data processing agreement referred to in Section 2 applies accordingly.

Privacy Policy: https://www.squarespace.com/privacy

11. Health Questionnaire (Diving Fitness)

Participants are required to complete a health questionnaire when taking part in diving courses and activities. This form is available at forms.frankfurtdivecenter.de/gesundheit.

In doing so, special categories of personal data are processed in accordance with Article 9 of the GDPR, in particular:

  • Health information (pre-existing conditions, medications, physical limitations)

  • Name, date of birth

  • Contact Information

Purpose: To assess participants’ fitness for diving in order to protect their health and safety and to fulfill our duty of care as a diving school.

Legal basis: Article 9(2)(a) of the GDPR (explicit consent) in conjunction with Article 6(1)(b) of the GDPR

The data is processed exclusively for internal use and is not shared with third parties, unless this is necessary to provide medical care in an emergency.

Retention period: For the duration of the course relationship and thereafter in accordance with statutory retention requirements.

12. Equipment Rental & Email Delivery (EmailJS)

We use EmailJS (EmailJS Ltd., United Kingdom) to process our equipment rental forms digitally. Completed form data (including signatures) is sent to us via email.

Processed data:

  • Name

  • email address

  • Selected rental equipment

  • Signature

Legal basis: Art. 6(1)(b) GDPR

Privacy Policy: https://www.emailjs.com/legal/privacy-policy/

13. Social Media Links

Our website contains links to Instagram and Facebook. Data is only transmitted to the respective platform when you click on a link. We have no control over how these platforms process data.

14. Retention period

We only store personal data for as long as necessary:

  • Contact requests: max. 12 months

  • Newsletter: until consent is withdrawn

  • Order data: in accordance with commercial and tax law retention requirements (usually 6–10 years)

  • Health questionnaires: for the duration of the course, and thereafter in accordance with legal requirements

  • Technical logs: up to 7 days

15. Your Rights

You have the right to:

  • Information (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Deletion (Art. 17 GDPR)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Objection (Art. 21 GDPR)

  • Withdrawal of consent (Art. 7(3) GDPR)

To exercise your rights, please contact: info@frankfurtdivecenter.de

Right to file a complaint with the competent supervisory authority:

The Hessian Commissioner for Data Protection and Freedom of Information https://datenschutz.hessen.de

16. FDC Club – Membership & SEPA Direct Debit

When you sign up for an FDC Club membership, we process the following data:

  • Name, Address, Email, Phone

  • Bank account details (IBAN, financial institution) for SEPA direct debit

  • Membership details (pet, fee, start date)

Purpose: To fulfill the terms of the membership agreement and collect monthly dues via SEPA direct debit.

Legal basis: Art. 6(1)(b) GDPR

The data is stored in a Google Sheet (Google Ireland Ltd., Dublin). Email notifications are sent via Google Apps Script (Google Ireland Ltd.). A data processing agreement is in place with Google.

Retention period: For the duration of the membership and thereafter in accordance with commercial and tax law retention requirements (typically 6–10 years).

16a. FDC Club – Sharing of Data with aqua med

As part of your FDC Club DIVE membership, the following data will be shared with Medical Helpline Worldwide GmbH (aqua med), Otto-Lilienthal-Straße 18, 28199 Bremen, with your express consent:

  • Name, address, email, date of birth

Purpose: Completion of the aqua med dive card basic.

Legal basis: Art. 6(1)(a) GDPR (consent)

The dive card contract is entered into directly between you and aqua med. aqua med's privacy policy: www.aqua-med.eu