Privacy Policy

Last Updated: 1 March 2025 

1. NO FEAR DIVING'S COMMITMENT TO PROTECTING PRIVACY

We consider you an important customer. Our first priority is to offer you exceptional stays and experiences.

Your complete satisfaction and confidence in No Fear Diving absolutely essential to us.

That's why, as part of our commitment to meeting your expectations, we have established a comprehensive Privacy Policy that formalizes our commitments to you and describes how No Fear Diving uses your personal data.

2. SCOPE OF APPLICATION

In this Privacy Policy, “No Fear Diving” means:

• PT. No Fear Diving Bali with registered offices at Banjar Dinas, Desa Purwakerti, Desa/Kelurahan Purwa Kerthi, Kec. Abang, Kab. Karangasem, Bali, 80852, Indonesia;
• Subsidiary, designated partner, designated affiliate, related brand, or “family” companies of No Fear Diving involved in the hotel, diving, and other affiliated businesses of No Fear Diving; and
• hotels, dive resorts, restaurants, and other venues operated under one of the No Fear Diving brands, including, but not limited to, No Fear Diving and Amed'ku Villas.

3. NO FEAR DIVING'S TEN PRINCIPLES FOR PROTECTING YOUR PERSONAL DATA

In No Fear Diving in accordance with applicable regulations, in particular the European General Data Protection Regulation, we have instituted the following ten principles:

1. Lawfulness: We use personal data only if:
   • we obtain the consent of the person, OR
   • it is necessary to do so for the performance of a contract to which the person is a party, OR
   • it is necessary for compliance with a legal obligation, OR
   • it is necessary in order to protect the vital interests of the person, OR
   • we have a legitimate interest in using personal data and our usage does not adversely affect the persons’ rights
2. Fairness: We can explain why we need the personal data we collect.
3. Purpose limitation and data minimization: We only use personal data that we really need. If the result can be achieved with less personal data, then we make sure we use the minimum data required.
4. Transparency: We inform people about the way we use their personal data
5. We facilitate the exercise of the people’s rights: access to their personal data, rectification and erasure of their personal data and the right to object to the use of their personal data
6. Storage limitation: We retain personal data for a limited period
7. We ensure the security of personal data, i.e. its integrity and confidentiality.
8. If a third party uses personal data, we make sure it has the capacity to protect that personal data.
9. If personal data is transferred outside Europe, we ensure this transfer is covered by specific legal tools.
10. If personal data is compromised (lost, stolen, damaged, unavailable…), we notify such breaches to the respective country’s responsible authority and to the person concerned, if the breach is likely to cause a high-risk in respect of the rights and freedoms of this person.

For any questions concerning the ten principles of No Fear Diving protection policies, please contact us at data-privacy@nofeardiving.com.

4. WHAT PERSONAL DATA IS COLLECTED?

At various times, we may collect information about you and/or the persons accompanying you, including the following:

• Contact details (for example, last name, first name, telephone number, email)
• Personal information (for example, date of birth, nationality)
• Information relating to your children (for example, first name, date of birth, age)
• Your credit card number (for transaction and reservation purposes)
• Information contained on a form of identification (such as ID card, passport or driver license)
• Your arrival and departure dates
• Your preferences and interests (for example, smoking or non-smoking room, preferred floor, type of bedding, type of newspapers/magazines, sports, cultural interests, food and beverages preferences, etc.)
• Your questions/comments, during or following a stay
• Technical and location data you generate as a result of using our websites and applications.

The information collected in relation to persons under 16 years of age is limited to their name, nationality and date of birth, which can only be supplied to us by an adult. We would be grateful if you could ensure that your children do not send us any personal data without your consent (particularly via the Internet). If such data is sent, you can contact us at data-privacy@nofeardiving.com to arrange for this information to be deleted.

In order to meet your requirements or provide you with a specific service (such as PADI® courses or dietary requirements), we may have to collect sensitive information, such as medical conditions. In this case, we will only process this data if you provide your express prior consent.

5. WHEN IS YOUR PERSONAL DATA COLLECTED

Personal data may be collected on a variety of occasions, including:

• Hotel or dive and related activities:
  • Booking a room or activity
  • Checking-in and paying
  • Hotel stays and services provided during a stay
  • Eating/drinking at the hotel bar or restaurant during a stay
  • Requests, complaints and/or disputes.
• Participation in marketing programs or events:
  • Signing up for loyalty programs
  • Participation in customer surveys (for example, the Guest Satisfaction Survey)
  • Online games or competitions
  • Subscription to newsletters, in order to receive offers and promotions via email.
• Transmission of information from third parties:
  • Tour operators, travel agencies (online or not), GDS reservation systems and others
• Internet activities:
  • Connection to No Fear Diving websites (IP address, cookies in No Fear Diving)
  • Online forms (online reservation, questionnaires, No Fear Diving pages on social networks, social networks login devices such as Facebook login, conversations with chatbot, etc.).

6. WHAT PURPOSES IS YOUR DATA COLLECTED FOR AND HOW LONG DO WE RETAIN IT?

The table below sets out why we process your data, the lawful basis for the processing and the associated retention period:

1. We share your data with a number of authorized people and departments in No Fear Diving in order to offer you the best experience across our brands. The following teams may have access to your data:
   • Hotel and dive resort staff
   • Reservation staff using No Fear Diving reservation tools
   • IT departments
   • Commercial partners and marketing services
   • Medical services if applicable
   • Legal services if applicable
   • Generally, any appropriate person within No Fear Diving entities for certain specific categories of personal data.
2. With service providers and partners: your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay, for example:
   • External service providers: IT sub-contractors, international call centres, banks, credit card issuers, external lawyers, dispatchers, printers.
   • Commercial partners: No Fear Diving may, unless you specify otherwise to the Data Privacy department, enhance your profile by sharing certain personal information with its preferred commercial partners. In this case, a trusted third party may cross-check, analyse and combine your data. This data processing will allow No Fear Diving and its privileged contractual partners to determine your interests and customer profile to allow us to send you personalized offers.
   • Social networking sites: In order to allow you to be identified on the No Fear Diving website without the need to fill out a registration form, No Fear Diving has put in place a social network login system. If you log in using the social network login system, you explicitly authorize No Fear Diving to access and store the public data on your social network account (e.g. Facebook, LinkedIn, Google, Instagram…), as well as other data stated during use of such social network login system. No Fear Diving may also communicate your email address to social networks in order to identify whether you are already a user of the concerned social network and in order to post personalized, relevant adverts on your social network account if appropriate.
3. With local authorities: We may be obliged to send your information to local authorities if this is required by law or as part of an inquiry. We will ensure that any such transfer is carried out in No Fear Diving in accordance with local regulations.

8. PROTECTION OF YOUR PERSONAL DATA DURING INTERNATIONAL TRANSFERS

For the purposes set out in clause 6 of this Privacy Policy, we may transfer your personal data to internal or external recipients who may be in countries or regions offering different levels of personal data protection.

Consequently, in addition to implementation of this charter, No Fear Diving employs appropriate measures to ensure secure transfer of your personal data to an No Fear Diving entity or to an external recipient located in a country or region offering a different level of privacy from that in the country or region where the personal data was collected.Your data may be sent, in particular as part of the reservation process, to No Fear Diving hotels.

Other than those that are required to carry out your reservation, data transfers to countries having different levels of personal data protection, are regulated by standard contractual clauses defined by the European Commission. 

9. DATA SECURITY

No Fear Diving takes appropriate technical and organizational measures, in No Fear Diving in accordance with applicable legal provisions (in particular: Art. 32 GDPR), to protect your personal data against illicit or accidental destruction, alteration or loss misuse and unauthorized access, modification or disclosure. To this end, we have taken technical measures (such as firewalls) and organizational measures (such as a user ID/password system, means of physical protection etc.) to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. In relation to the submission of credit card data when making a reservation, SSL (Secure Socket Layer) encryption technology is used to guarantee a secure transaction. Organizational measures ensure the security of the processing. 

10. COOKIES

No Fear Diving uses cookies and other tracking technologies on its websites. To find out more about how No Fear Diving uses these trackers and how to configure them, please consult our policy on trackers using the “Cookies” link at the bottom of our web pages. 

11. YOUR RIGHTS

You have the right to obtain information about and access your personal data collected by No Fear Diving subject to applicable legal provisions. Also you have the right to have your personal data rectified, erased or have the processing of it restricted. Furthermore you have the right to data portability and to issue instructions on how your data is to be treated after your death (hopefully as late as possible!). You can also object to the processing of your personal data, in particular to the sharing of the data related to your stays, preferences and satisfaction between the hotels operating under No Fear Diving brands.
In the event that you wish to exercise any of your above rights, please contact us at data-privacy@nofeardiving.com or by writing to the address below:

No Fear Diving
Banjar Dinas, Desa Purwakerti, Desa/Kelurahan Purwa Kerthi, Kec. Abang, Kab. Karangasem, Bali, 80852, Indonesia

For the purposes of confidentiality and personal data protection, we will need to check your identity in order to respond to your request. In case of reasonable doubts concerning your identity you may be asked to include a copy of an official piece of identification, such as an ID card or passport, along with your request. A black and white copy of the relevant page of your identity document is sufficient.

All requests will receive a response as swiftly as possible.If you are in Australia or New Zealand and have a complaint about how we collect, hold, use or disclose your personal data, you can also contact us at data-privacy@nofeardiving.com. 

12. UPDATES

We may modify this Privacy Policy from time to time. Consequently, we recommend that you consult it regularly, particularly when making a reservation at one of our hotels. 

13. QUESTIONS AND CONTACTS

For any questions concerning the No Fear Diving Privacy Policy, please contact us at data-privacy@nofeardiving.com. 

14. NOTICES RELATED TO LOCAL LAWS AND REGULATIONS

No Fear Diving is compliant with the European General Data Protection Regulation (“GDPR”). But in addition to the GDPR, there are other laws and regulations which, depending on your specific situation, may also govern the use of your personal data. You will find below additional information that may apply to you.

14.1. Privacy Notice for California residents

This “Privacy Policy for California residents” is part of the No Fear Diving “General Terms & Conditions of Service” and should therefore be read in conjunction with it.The California Consumer Privacy Act 2018 (“CCPA”) requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, and sale of personal information and of the rights of California residents regarding their personal information.The CCPA defines “Personal Information” as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. In the context of this “Privacy Policy for California residents” section, the term “Personal Information” will refer to this information.

No Fear Diving may collect the categories of Personal Information as described in section 4. WHAT PERSONAL DATA IS COLLECTED? of our Privacy Policy.If you would like more details about when your Personal Information is collected, what purposes it is collected for and how long we retain it, please see sections below of our Privacy Policy:

5. WHEN IS YOUR PERSONAL DATA COLLECTED?

6. WHAT PURPOSES IS YOUR DATA COLLECTED FOR AND HOW LONG DO WE RETAIN IT?

In addition to the purposes set forth in our Privacy Policy we currently collect and have collected and “sold” (see section “Do Not Sell” below) Personal Information for the following business or commercial purposes:

• Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards
• Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
• Debugging to identify and repair errors that impair existing intended functionality
• Performing services, including maintaining or servicing accounts, providing customer service, processing reservations, verifying customer information, processing payments, providing advertising or marketing services, or providing analytic services
• Undertaking activities to verify or maintain the quality or safety of our services, and to improve, upgrade, or enhance same
• Commercial purposes, such as by inducing another person to buy, join, subscribe to, provide, or exchange property or information, or enabling or effecting, directly or indirectly, a commercial transaction

We may share your Personal Information with internal and external recipients subject to the conditions set forth in section 7. CONDITIONS OF THIRD-PARTY ACCESS TO YOUR PERSONAL DATA OF OUR PRIVACY POLICY. The categories of third parties to whom your Personal Information may be disclosed or “sold” (see section “Do Not Sell” below) on a need-to-know basis are:

• Service Providers: external Service Providers;
• Other Third Parties: appropriate persons within hotels and No Fear Diving entities; commercial partners; social networking sites; local authorities (if and as legally required).

We do not knowingly “sell” (see section “Do Not Sell” below) the Personal Information of minors under 16 years of age. For more information on data collected in relation to persons under 16 years of age and to arrange for this information to be deleted, see section 4. WHAT PERSONAL DATA IS COLLECTED? of our Privacy Policy

RIGHT TO KNOW ABOUT PERSONAL INFORMATION

As a California resident, you have the right to request that we disclose what Personal Information we have collected about you in the 12-month period preceding your request, and more specifically the following:

• The categories of Personal Information we have collected about you;
• The categories of sources from which the Personal Information was collected;
• The business or commercial purpose for collecting Personal Information, and if applicable, for “selling” Personal Information;
• The categories of Personal Information that we “sold” (if applicable) or disclosed for a business purpose;
• The categories of third parties to whom we have “sold” (if applicable) or disclosed Personal Information; and
• The specific pieces of Personal Information we have collected about you.

RIGHT TO REQUEST DELETION OF PERSONAL INFORMATION

As a California resident and subject to certain exemptions, you have the right to request the deletion of your Personal Information that we collect.

HOW TO SUBMIT A REQUEST TO KNOW OR TO DELETE

You may submit a request to know or to delete:

• by sending an email to data-privacy@nofeardiving.com
• by contacting us at +62 823 42138069, or
• by writing to the address below:

No Fear Diving
Banjar Dinas, Desa Purwakerti, Desa/Kelurahan Purwa Kerthi, Kec. Abang, Kab. Karangasem, Bali, 80852, Indonesia

When you submit your request, we will need to verify your identity pursuant to regulations adopted by the Attorney General and ask you to provide sufficient information in order to allow us to reasonably verify you are the person about whom we have collected information.

As part of our verification method, we will seek to verify the information in your request with the Personal Information we maintain about you. We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure or deletion as applicable. In addition, you may be required to submit a signed declaration under penalty of perjury stating that you are the individual whose Personal Information is being requested.

We will respond to your request to know or to delete within 45 days, unless additional time is needed, in which case we will let you know.

AUTHORIZED AGENTS

The CCPA allows California residents to designate an authorized agent to exercise their rights. If you submit a request via an authorized agent acting on your behalf, we will require this authorized agent to provide proof that you gave the agent signed permission to submit the request.

“DO NOT SELL MY PERSONAL INFORMATION”: RIGHT TO OPT-OUT OF THE SALE OF PERSONAL INFORMATION

Under the CCPA, the disclosure of Personal Information to a third party for monetary or other consideration of value can be considered as a "sale", the term “sale” being broadly defined.The CCPA defines a “sale” as selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California resident’s Personal Information to another business or a third party for monetary or other valuable consideration.The CCPA gives residents of California the right to opt out of the "sale" of their Personal Information.

We do not “sell” customers’ personal data in the strictest sense of the term. However, we offer Californian residents the opportunity to exercise this right, should one of our business practices be considered a “sale” within the meaning of the CCPA.To opt-out of our use of third-party advertising cookies, see the “COOKIES” section below.You may submit a request to opt-out of the sale of your Personal Information:

• by sending an email to data-privacy@nofeardiving.com,
• by contacting us at +62 823 42138069,
• by writing to the address below:

No Fear Diving
Banjar Dinas, Desa Purwakerti, Desa/Kelurahan Purwa Kerthi, Kec. Abang, Kab. Karangasem, Bali, 80852, Indonesia

COOKIES

On the No Fear Diving websites, No Fear Diving and its partners store or retrieve information on your device in order to: operate the websites and provide you with the services you request (these cannot be rejected), enhance and customize website functionalities, measure website audience and performance, profile your interests to provide you with relevant advertising and allow you to interact with social networks.

You can modify your choices at any time by clicking on the "Cookies" link at the bottom of the respective website.Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the websites do not currently interpret, respond to or alter their practices when they receive “Do Not Track” signals.

FINANCIAL INCENTIVES AND NON-DISCRIMINATION

We will not discriminate against you for exercising any of your CCPA rights.

Unless permitted by the CCPA, we will not:

• Deny you goods or services;
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
• Provide you a different level or quality of goods or services;
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, as permitted by and in compliance with the CCPA, we may offer you certain financial incentives that can result in a different price, rate, level, or quality of services. Any financial incentive we offer will be reasonably related to the value of your Personal Information and your participation will be subject to any applicable terms. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

SHINE THE LIGHT LAW

If you are a California resident, California Civil Code § 1798.83 permits you to request information regarding the disclosure of your personal information by us to third parties for the third parties’ direct marketing purposes (as those terms are defined in that statute).

This information is as follows: in No Fear Diving in accordance with European regulations, we will only disclose your personal information to third parties for the third parties’ direct marketing purposes with your express prior consent and a prior information on the third parties your information will be disclosed to.

14.2 Privacy Notice for Nevada residents

Nevada law allows Nevada residents to opt-out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We do not currently sell personal information as defined in the Nevada law.

However, if you are a Nevada resident, you still may submit a verified request to opt-out of sales. Opt-out requests may be sent to data-privacy@nofeardiving.com.

14.3 Privacy Notice for Chinese residents

14.3.1 Introduction
This Privacy Notice for China is part of the No Fear Diving "Privacy Policy" and should be read in conjunction with it. This notice is made pursuant to the Personal Information Protection Law of the People's Republic of China ("PIPL") and applies to our personal information processing activities:

• in the People's Republic of China (which, for the purposes of this notice only, excludes the Hong Kong SAR, Macau SAR and Taiwan China) ("China"); and
• outside China for the purposes of providing products and services to people in China.

For the above personal information processing activities, if there is any inconsistency between this Privacy Notice for China and the above Customer Personal Data Protection Charter, this Privacy Notice for China prevails.

14.3.2 Collection, Use and Retention of Personal Information

The PIPL defines "Personal Information" as any kind of information related to an identified or identifiable natural person as electronically or otherwise recorded, excluding information that has been anonymized. Processing activities include the collection, storage, use, processing, transmission, provision, disclosure, and deletion of personal information.To know more about how we collect, use and retain your personal information, please read the following sections in the Privacy Policy:

4. WHAT PERSONAL DATA IS COLLECTED?

5. WHEN IS YOUR PERSONAL DATA COLLECTED?

6. WHAT PURPOSES IS YOUR DATA COLLECTED FOR AND HOW LONG DO WE RETAIN IT?

The PIPL gives "Sensitive Personal Information" extra protection and defines it as information that, once leaked or illegally used, will easily lead to the infringement of human dignity or harm to the personal or property safety of a natural person. No Fear Diving will only process Sensitive Personal Information if there is a specified purpose, necessity and strict measures for its protection. Sensitive Personal Information we collect may include information such as transaction information, ID card or passport related information, location information and stay records.

The Personal Information of minors under 14 is also Sensitive Personal Information in China, which we normally only collect from parents or guardians and is limited to their name, nationality and date of birth. We would be grateful if you could ensure that your children do not send us any personal information without your consent (particularly via the Internet). If such information is sent, you can contact us at data-privacy@nofeardiving.com to arrange for this information to be deleted.

14.3.3 Justification of Processing for China

We only process Personal Information if there is a "lawful basis", including:

• Your consent;
• The processing is necessary for the conclusion or performance of a contract to which you are a contracting party;
• The processing is necessary for performing a statutory responsibility or statutory obligation;
• The processing is necessary for responding to a public health emergency, or protecting the life, health or property of a natural person in an emergency;
• The personal information is processed within a reasonable manner to carry out any news reporting, supervision by public opinions or any other activity for public interest purposes;
• The personal information has already been disclosed by the individual or otherwise legally disclosed and is processed within a reasonable scope and in No Fear Diving in accordance with the PIPL; or
• Any other circumstance as provided by law or administrative regulations of China.

All our processing in China is conducted under one of the above lawful bases as described in section 6. WHAT PURPOSES IS YOUR DATA COLLECTED FOR AND HOW LONG DO WE RETAIN IT? in the "Privacy Plicy" except for the following activities which are conducted under the lawful bases described in the table below:

Purpose/Activity	Lawful basis for processing
Use a trusted third party to cross-check, analyze and combine your collected data at the time of booking or at the time of your stay, in order to determine your interests and develop your customer profile and to allow us to send you personalized offers.	Consent
Securing and enhancing your use of No Fear Diving websites, applications and services by: Improving navigation; Maintenance and support; and Implementing security and fraud prevention.	The conclusion or performance of a contract to which you are a contracting party
Internal management of lists of customers having behaved inappropriately during their stay at the hotel (aggressive and anti-social behavior, non-compliance with safety regulations, theft, damage and vandalism or payment incidents).	The conclusion or performance of a contract to which you are a contracting party
Securing payments by determining the associated level of fraud risk. As part of this analysis, No Fear Diving and hotels may use the No Fear Diving risk prevention service provider to refine their analysis. Depending on the results of the investigations carried out, No Fear Diving may take security measures, in particular No Fear Diving may request the use of a different booking channel or for the use of an alternative payment method. These measures will have the effect of suspending the execution of the booking or, if the result of the analysis does not guarantee the safety of the order, of cancelling it. Fraudulent use of a means of payment leading to payment default may result in the entry of data in the No Fear Diving incident file, which may lead No Fear Diving to block future payments or carry out additional checks.	The conclusion or performance of a contract to which you are a contracting party
Securing properties and persons and preventing non-payments. For these reasons, some hotels have a feature that allow them to include in the category of "ineffective" customers, any customer whose behavior has been inappropriate in the following ways: aggression and rudeness, non-compliance with the hotel contract, failure to observe safety rules, theft, damage and vandalism, or payment issues. The status of "ineffective" may cause the hotel where this listing originated to refuse a customer's reservation when he/she returns to the same hotel.	The conclusion or performance of a contract to which you are a contracting party
Using services to search for persons staying in No Fear Diving dive centers, hotels, and other properties or services in the event of serious events affecting the hotel in question (natural disasters, terrorist attacks, etc.).	Responding to a public health emergency, or for protecting the life, health or property safety of a natural person in the case of an emergency;

14.3.4 System Permissions

When you use our App and Weixin Mini-program, we will seek system permissions on your device to ensure the functionality of our products/services and their safe and stable operation as follows:

Name of system permissions	Description	Purposes	Applicable platforms
android.permission.ACCESS_NETWORK_STATE	View network status	Allows an application to view the status of all networks.	Android
android.permission.INTERNET	Full internet access	Allows an application to create network sockets.	Android
android.permission.WAKE_LOCK	Prevent phone from sleeping	Allows an application to prevent the phone from going to sleep.	Android
android.permission.ACCESS_WIFI_STATE	View Wi-Fi status	Allows an application to view the information about the status of Wi-Fi.	Android
com.google.android.c2dm.permission.RECEIVE	C2DM permissions	Permission for cloud to device messaging.	Android
android.permission.RECEIVE_BOOT_COMPLETED	Automatically start at boot	Allows an application to start itself as soon as the System has finished booting.	Android
android.permission.FOREGROUND_SERVICE	Allows a regular application to use service.startforeground	Allows a regular application to use service.startforeground.	Android
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE	Get APP installation information for notification pushing	To get information about the origin of the installation of the APP by the user in order for the push notification system to reach Google servers and push the notification on the right device.	Android
android.permission.VIBRATE	Control device vibration	Allows the application to control device vibration.	Android
com.No Fear Diving.appli.hybrid.inhouse.batch.permission.INTERNAL_BROADCAST	Push notifications	To request user authorization to send him/her push notifications	Android
android.permission.READ_EXTERNAL_STORAGE	Read external storage contents	Allows an application to read external storage. Necessary to install the application on a device without internal memory.	Android
android.permission.WRITE_EXTERNAL_STORAGE	Read/modify/delete external storage contents	Allows an application to write to external storage. Necessary to install the application on a device without internal memory.	Android
android.permission.READ_PHONE_STATE	Read phone state and identity	Allows the application to access the phone features of the device. Feature to call No Fear Diving customer Help Center in the app.	Android
android.permission.BLUETOOTH	Create Bluetooth Connections	Allows applications to connect to paired Bluetooth devices. Necessary to have the No Fear Diving Hotel Keyless functionality (keyless door lock).	Android
android.permission.BLUETOOTH_ADMIN	Bluetooth Administration	Allows applications to discover and pair Bluetooth devices. Necessary to have the No Fear Diving Hotel Keyless functionality (keyless door lock).	Android
android.permission.ACCESS_FINE_LOCATION	Fine (GPS) location	Access fine location sources, such as the GPS on the phone, where available. Necessary for the geolocation hotel search feature (find a hotel around me).	Android
android.permission.ACCESS_COARSE_LOCATION	Coarse (networkbased) location	Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Necessary to define the language to be displayed in the application.	Android
NSCalendarsUsageDescription	Calendar	Add booking to calendar	iOS
NSMicrophoneUsageDescription	Microphone	Voice Search feature	iOS
NSLocationAlwaysUsageDescription	Location	Find hotels + taxi or chauffeur-driven car	iOS
NSLocationWhenInUseUsageDescription	Location	Find hotels + taxi or chauffeur-driven car	iOS
NSSpeechRecognitionUsageDescription	Speech recognition	Voice search feature	iOS
NSUserTrackingUsageDescription	Tracking (IDFA/ATT)	Tracking. Necessary because of mandatory IDFA / ATT Apple’s rule. Consent is needed prior sending identifier to partners.	iOS
	Push notification	Push	iOS
	Background app refresh	Allow the application to be refreshed in background. Can be turned off in iOS settings	iOS
NSBluetoothAlwaysUsageDescription	Bluetooth	Necessary to have the No Fear Diving Hotel Keyless functionality (keyless door lock)	iOS
Share Profile (Nickname, Gender, region, Country, Image/Avatar)		Avoid to fill the same information in a form in Mini-Program	Weixin Mini-Program
Share Mobile number		Automatically fill in the mobile phone number, which is used to send SMS notifications such as room information.	Weixin Mini-Program
Share WeChat Chat feature		Activation of chat notification.	Weixin Mini-Program
Share WeChat Pay		Payment through WeChat.	Weixin Mini-Program
Share Geo fencing		Geo localization, necessary for the geolocation hotel search feature (find a hotel around me).	Weixin Mini-Program

Please note that by turning on any of the permissions, you authorize us to collect and use the relevant personal information to provide you with the corresponding services, and by turning off any of the permissions, you cancel your authorization, and we will no longer collect and use the relevant personal information based on the corresponding permissions, nor can we continue to provide you with the services corresponding to the permissions. Your decision to cancel your authorization will not affect any previous collection and use of information based on your authorization. You can manage your authorizations through your device settings.

14.3.5 Conditions of Third-Party Access to Your Personal Information

Entrusted Personal Information Processing

In order to provide certain services to you, we may need to entrust a service provider to process some of your personal information. We will enter into strict confidentiality agreements and personal information protection clauses with such entrusted parties, requiring them to process and protect your personal information in No Fear Diving in accordance with our requirements, this Privacy Notice and any other relevant confidentiality and security requirements.

Providing Personal Information to Third-Party Service Providers

In order to give you a better service experience, we provide you with access to a variety of products or services provided by third party service providers. When you use these services, we may, with your explicit authorization or consent, provide or share your personal information for the purposes described in the Privacy Policy among members of the No Fear Diving or third party service providers, including:

• No Fear Diving subsidiaries, designated partners, and designated affiliates;
• Franchised and managed hotels;
• Master franchisees;
• Diving, spa, restaurant, health club, concierge and other outlets at properties to provide you with services;
• Loyalty programs partners;
• No Fear Diving loyalty program;
• Travel agencies and distributions systems
• Payment services providers;
• Travel insurance partners;
• Advertising network and analytics providers for No Fear Diving's websites and mobile applications.

Third-Party SDKs We Use

Our website, App and Mini-program may have integrated third-party software development kits (SDKs) to ensure their stable operation and to provide relevant services to you. If you want to know more information about the third-party SDKs we use, please see the following SDK list:

Number	Name of the SDK	SDK service provider	Purposes of processing personal information	Personal information collected via SDK	SDK service provider's privacy policy
1	Firebase	Google, Inc.	User tracking and engagement.	No personal information, only anonymous navigation data.	https://firebase.google.com/support/privacy
2	Firebase Crashlytics	Google, Inc.	User crash monitoring.	No personal information, only anonymous data about crash: device, OS version	https://firebase.google.com/support/privacy
3	Firebase Remote Config	Google, Inc.	Enable feature without submitting a new app on the store.	No personal information, only anonymous data: app version	https://firebase.google.com/support/privacy
4	Firebase Analytics	Google, Inc.	User tracking and engagement.	No personal information, only anonymous navigation data: screen view, click, time on each page	https://firebase.google.com/support/privacy
5	GoogleAnalytics	Google, Inc.	User tracking and engagement.	No personal information, only anonymous data	https://developers.google.com/analytics/ devguides/collection/protocol/policy
6	GoogleTagManager	Google, Inc.	Managing tracking plan in the app	No personal information, only anonymous data	https://marketingplatform.google.com/ about/analytics/tag-manager/use- policy/#:~:text=If%20You%20have% 203rd%20Party,responsible%20for%203 rd%20Party%20Tags.&text=to%20upload %20any%20data%20to,such%20information %20by%20Google%2C%20or
7	Branch	Branch Metrics, Inc.	Deeplink handling.	No personal data	https://branch.io/policies/privacy-policy/
8	Batch	IMEDIAPP SA	User push notification management.	Device installation ID	https://batch.com/privacy-policy
9	BatchExtension	IMEDIAPP SA	Custom push notification	Device installation ID	https://batch.com/privacy-policy
10	Dynatrace	Dynatrace LLC	Application API call tracking, used for stats and API debugging.	Anonymous data, except PMID (user id). With this PMID we can show: -App version -User actions -User crashs -Device -OS version -IP Adress	https://www.dynatrace.com/company/ trust-center/privacy/
11	One Trust	One Trust, LLC.	User consent management platform.	Cookie consent for one device / no user data	https://www.onetrust.com/privacy-notice/
12	Alamofire	Open Source (https://github.com/Alamofire/Alamofire)	HTTP networking library for iOS	No personal information	NA
13	Apollo	MG Code EPE	Android Graph QL API client	No personal information	https://www.apollographql.com/ privacy-policy/
14	Content Square	Content Square, Inc.	Web analytics feature	No personal information, only anonymous data	https://contentsquare.com/privacy-center/privacy-policy/
15	Materiel Design	Google	User Interface Design Tool	No personal information	NA
16	Kingfisher	Open Source (https://github.com/onevcat/Kingfisher/)	Library for downloading and caching images from the web	No personal information	NA
17	FSCalendar	Open source (https://github.com/onevcat/Kingfisher/FSCalendar)	Library for downloading and caching images from the web	No personal information	NA
18	Threat Matrix	LexisNexis Risk Solutions Inc.	Security analytics.	No personal information	https://risk.lexisnexis.com/group/privacy-policy
19	Cardinal Commerce	Visa, Inc.	PSD2 Banking authorisation management.	No personal information	https://usa.visa.com/legal/ privacy-policy.html
20	Imperva	Imperva, Inc.	Bot detection / security	No personal information	https://www.imperva.com/trust-center/privacy-statement/
21	Karhoo	Flit Technologies Ltd	Chauffeur driven car booking SDK.	No personal information	https://www.karhoo.com/ privacy-policy/
22	Stay My Way	Stay My Way	Contactless door opening.	PMID / Reservation ID	NA
23	Debug Tool Kit	Open Source (https://github.com/dbukowski/DBDebugToolkit)	Access to debugging logs	No personal information, only anonymous data	NA
24	Nimble	Open Source (https://github.com/Quick/Nimble )	express the expected outcomes of Swift or Objective-C expression	No personal information	NA
25	Facebook	Meta, Inc.	User tracking, such as Firebase, for Facebook purposes	PMID (user identifier)	https://www.facebook.com/policy.php
26	Baidu Maps	Baidu, Inc.	Mapping application for China.	No personal information	http://privacy.baidu.com/policy
27	Retrofit2	Open source (https://square.github.io/retrofit/ )	Android REST API client.	No personal information	NA

14.3.6 Protection of Your Personal Data During International Transfers

We use central systems hosted in the United States to process your booking, stays and membership information.

We will work with these personal information recipients located outside China through agreements and other means that require them to take necessary personal information security measures and clarify their personal information protection responsibilities to ensure that your personal information receives adequate and uniform protection in China and countries or regions outside China.

14.3.7 Data Security

We take appropriate technical and organizational measures, in No Fear Diving in accordance with applicable legal provisions, to protect your personal information against unlawful or accidental destruction, alteration, loss, misuse, access, modification or disclosure. For more information, please read 9. DATA SECURITY in the Privacy Policy.

14.3.8 Your Rights

In addition to your rights under 11. YOUR RIGHTS in the"Pivacy Policy", unless otherwise provided by law or administrative regulations of China, you also have the following rights:

• the right to be informed about and the right to decide on the processing of your personal information, as well as the right to restrict or deny us from processing of your personal information;

• the right to access or make copies of your personal information from us;

• the right to have your personal information transferred to another entity that you designate, provided that the conditions prescribed by the national cybersecurity authority are met;

• the right to ask us to correct or complete your personal information;

• the right to withdraw your consent if our processing activities are based on your consent;

• the right to ask us to explain the rules of processing your personal information;

• the right to ask us to explain decisions we make through automated decision-making, if the decision has a material impact on your rights and interests, as well as the right to refuse the making of decisions by us solely by means of automated decision-making.

As introduced in 11. YOUR RIGHTS in the "Privacy Policy" you may contact us at data-privacy@nofeardiving.com in the event that you wish to exercise any of your rights. In addition, if you use our App you can also correct, complete or delete some of your personal information by clicking on the “Account” button, then clicking on “Advanced settings” and then on “Request the deletion of your account”.

We will deal with your requests to exercise your rights under applicable Chinese laws or administrative regulations promptly and within 15 working days.

14.3.9 Questions and Contacts

In the event that you have any questions about your personal information or wish to exercise any of your rights, please contact us by sending an email to data-privacy@nofeardiving.com or by writing to the address below:

No Fear Diving
Banjar Dinas, Desa Purwakerti, Desa/Kelurahan Purwa Kerthi, Kec. Abang, Kab. Karangasem, Bali, 80852, Indonesia