Privacy Policy

Article 1: Consent to Collection of Personal Information and Collection Method

DIVEROID (“diveroid.com” hereinafter “DIVEROID” and any associated websites and applications, apps, collectively referred to as “DIVEROID”) establishes a procedure for allowing customers to click the button “Agree” to the terms of use, collection of personal information, and details of personal information used. Customers shall be deemed to have agreed to the collection and use of their personal information by clicking the “Agree” or “Accept” button as suitable.

Article 2: Personal Information Items Collected and Purpose of Using Personal Information

Personal Information" means information on living persons and refers to their names, resident registration numbers, or any other information that identifies such persons. (Even if such information alone cannot identify a certain person, such information that can be easily combined with other information and be used to identify such a person.)

General members:

  • Time of collection: Signing up for membership
  • Mandatory collection items: ID, password, emails, names
  • Optional collection items: Profile images, date of birth, telephone number, address
  • Purpose of using personal information: Signing up for membership, customer consulting for the use of services, and delivery of notices
  • Retention period: Immediately deleted upon withdrawal of membership or retained for five (5) years for purchasing members

Order information (including members and non-members):

  • Time of collection: Upon placing orders
  • Mandatory collection items: Information of customers placing orders (name, address, telephone, and email), information on recipient (name, address, telephone), payment approval information
  • Optional collection items: Delivery of messages
  • Purpose of using personal information: Payment and delivery of ordered products
  • Retention period: Retained for five (5) years

Article 3: Collection of Personal Information via Cookies

The Website or App may install and operate cookies that store and frequently retrieve customers’ information. A cookie means a small amount of text files that a website sends to users’ computer browsers (Internet Explorer, and others)

Purposes of using cookies:

  • Providing differentiated information, depending on individuals’ interests
  • Analyzing the access frequency or staying time of users, identifying users’ tastes and interests, and using them for target marketing and as a measure for service improvement
  • Tracing the information on items purchased and items to which users pay attention, and providing tailor-made services

Operation of cookies and rejection of cookies:

  • Cookies are stored at the hard disk of users’ computers. Cookies identify users’ computers but do not personally identify users.
  • Customers may accept or reject all cookies, or go through checks whenever cookies are stored by changing settings on their web browser.
  • However, if customers refuse to store cookies, they may not use some services that require them.

Method for changing settings to reject cookies:

  • Internet Explorer: Directly change settings by clicking Tools > Internet Options > Personal Information tab on the upper menu of a web browser
  • Chrome: Directly change settings by clicking Menu icon on the upper right bar of a web browser >Settings > Advanced Settings on the bottom of the screen > Contents Setting button on Personal Information section > Cookies section

Article 4: Periods of Retaining and Using Personal Information and Destruction of Personal Information

Customers’ personal information shall be destroyed without any delay after the purposes of collection and use of their personal information have been fulfilled. However, if customers’ personal information needs to be retained for a certain period of time for the following purpose of verifying transaction parties’ rights and obligations in accordance with provisions of relevant and applicable statutes or laws as per the geography we are operating in, such as the Protection of Consumers in e-commerce and Other Transactions Act in South Korea, such information shall be retained for the specified period:

A] Article 6 of the Protection of Consumers in e-commerce and Other Transactions Act

  • Records on contracts or withdrawal of offers: Retained for five (5) years
  • Records on payments and the supply of goods: Retained for five (5) years
  • Records on the resolution of customers’ complaints or disputes: Retained for three (3) years

B] Article 15.2 of the Protection of Communication Secrets Act

  • Log-in records: Retained for three (3) months

C] Other related statutes

  • The Website shall destroy personal information in the following manner:

A] Destruction procedure:

  • The information entered for membership sign-up shall be transferred to a separate database (in case of information on paper, a separate filing cabinet), stored for a certain period of time in accordance with internal guidelines and other relevant statutes, and then destroyed.
  • The above retained personal information shall not be used for any purposes other than for the purposes stipulated by applicable laws and regulations or during any incident investigation or any enquiry from the court of law.

B] Destruction methods:

  • Personal information printed out on paper shall be destroyed by shredding or burning and appropriate evidence shall be maintained. - Personal information in electronic file format shall be entirely destroyed by technological methods so that they may not be restored or regenerated and appropriate evidence of destruction shall be maintained.
  • The Website shall give dormant members (who have not used services for the last twelve (12) months) a notice on the forfeiture of membership in accordance with Article 29.2 of the Act on Promotion of Information and Communications Network Utilization and Information Protection and other applicable laws and regulations as per the country in which it is operating in. If such members fail to reply to such a notice, they may be considered to have forfeited their membership at the Website’s discretion. In such a case, dormant members’ personal information may be stored and managed separately from other members’ personal information. Such personal information that is separated and stored shall be destroyed after the lapse of the statutory retention period as applicable and in accordance in which we are operating. In case a customer makes a request, then such a customer’s personal information that is not destroyed shall be made available again post successful validation at the time of resuming the use of services.

Article 5: Use of Personal Information for Community Posts

The Website shall neither use customers’ personal information nor provide such information for other persons, companies, and institutions beyond the scope and purpose as defined in the Article 2 above (Personal Information Items Collected and Purpose of Using Personal Information).

The following cases are exceptions.

  • When customers’ personal information is required by relevant institutions including government or government authorized institutions for investigative purposes in accordance with relevant and applicable statutes, laws, and regulations in the country where we operate.
  • When customers’ personal information is provided in a form that cannot identify certain individuals for advertisers, suppliers, or research organizations to compile statistics or conduct academic or market research
  • When customers’ personal information is requested in accordance with pre-determined procedures under other relevant and applicable statutes, laws and regulations in the country where we operate.
  • Even if personal information is provided in accordance with the foregoing, we do our best to ensure that such information is not indiscriminately provided against the original purpose of collection and use of such information.

Use of Personal Information for Community Posts:

  • Members acknowledge and agree that all materials, including but not limited to text, images, and other content, posted on both the Website and the App become the intellectual property of DIVEROID. By posting such materials, Members grant DIVEROID an exclusive, worldwide, royalty-free license to use, reproduce, modify, adapt, publish, translate, distribute, perform, and display the materials for community and promotional purposes.
  • Commercial use by DIVEROID includes, but is not limited to, marketing, promotions, advertisements, and any other activities intended for generating revenue. Members expressly waive any claims to compensation or royalties for such commercial use.
  • DIVEROID reserves the right to sublicense the aforementioned rights to third parties for commercial use. Members understand that their materials may be featured in various promotional materials, both online and offline, without further consent.
  • Members retain moral rights to be identified as the author of their materials. However, DIVEROID may use the materials without attributing authorship for community and promotional purposes, as long as it does not intentionally misrepresent the origin of the materials.
  • The Website shall prominently display and notify users of the intention to use their provided photos, dive logs, and other related content as community posts. Users may choose to opt-out of this feature through privacy settings.

Article 6: Outsourcing of Personal Information Processing

The Website outsources the processing of users’ personal information to outside professional organizations as follows for the smooth conduct of businesses, such as provision of better services and customers’ convenience.

  • ⦁ Delivery of ordered products: OO Delivery Service (revised)
  • ⦁ Establishing and maintaining computer systems: Hosting companies (revised)
  • ⦁ Delivery tracking system service: Goodsflow Inc.
  • ⦁ Payment and escrow service: PG (revised)
  • ⦁ Self-authentication, i-PIN service: Dream Security Inc.
  • ⦁ Insurers and Professional including Legal and Financial advisers_


The information shared with outsourcing companies shall be limited to the minimum information required to fulfill the original purpose of outsourcing. In addition, optional personal information is provided for outsourcing companies at the request of customers for services.
A separate data processing agreement with all the suppliers where the personal data is shared shall be in place which prohibits them to share the information with others, implement a stronger or equivalent security (physical, technical and administrative) and organizational measures as implemented by Diveroid.
The list of outsourcing companies may be subject to change, depending on changed services and contractual periods. Any change in this list shall be announced in advance via notices. Customers participating in short-term events shall be individually notified of such events.

Article 7: International Transfers of the Personal Data

⦁ We and our other group companies / partners have offices and facilities in countries (name of the countries??). Transfers to our companies shall be governed by your consent and/or legal basis namely the proper administration of our business and the performance of a contract between you and us and protected either by appropriate safeguards - i.e., the data processing agreements incorporating the data protection contractual clauses as modelled under applicable data protection laws and applications as per the countries we operate in, which includes the administrative, physical, technical and organizational measures (much stronger or equivalent to our measures) to protect the personal data.

⦁ Our servers are hosted in AWS Data Centres in USA and are certified against numerous data security and data protection standards and framework. The details of the same are available on the:
https://aws.amazon.com/compliance/data-protection/

⦁ Supplier or subcontractor [is] OR [are] situated globally. Data Transfers between the suppliers and our companies shall be governed by your consent and/or legal basis namely the proper administration of business operations and the performance of a contract between you and us and protected by appropriate safeguards, i.e., the data processing agreements incorporating the data protection contractual clauses as modelled under applicable data protection laws and applications as per the countries we operate in, which includes the administrative, physical, technical and organizational measures (much stronger or equivalent to our measures) to protect the personal data.

Article 8: Access and Modification of Personal Information

⦁ Customers may access or modify their personal information registered at the Website at any time. Customers may click the Change Members’ Information menu and directly access or modify their personal information. They may also request for such access or modification by sending e-mails or written requests to a chief privacy officer or a personal information handling employee at the Website. Then, the Website shall take relevant measures without any delay.

⦁ If customers demand the correction of any errors in their personal information, such personal information shall be neither used nor provided by the Website until such errors have been corrected.

⦁ If incorrect personal information has been already provided for any third party, then the Website shall immediately notify such third party of the result of correction of this information and have this third party also modify the information.

Article 9: Withdrawal of Consent to Collection, Use, and Provision of Personal Information

⦁ Customers may withdraw their consent to the collection, use, and provision of their personal information that is made available when signing up for membership at any time. They may do so by clicking Withdrawal of Consent (Membership) in the Personal Information Management Menu on the initial landing page of the Website. They may also do so by contacting the chief privacy officer of the Website in writing, by telephone, or through e-mail. Then, the Website shall immediately take necessary measures, such as deletion of personal information. The Website shall immediately notify customers of such measures, including withdrawal of consent and destruction of personal information.

⦁ The Website shall take necessary measures to ensure that customers withdraw their consent (membership) to the collection of their information through an easier method than what they used to give their consent to the method of collecting personal information.

Article 10: Restrict and Object the Processing of the Personal Data

⦁ In some circumstances Customers have the right to restrict the processing of their personal data. Those circumstances are: Customer contest the accuracy of the personal data; processing is unlawful; Customer no longer need the personal data for the purposes of our processing, and Customer have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store Customer personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

⦁ Customers have the right to withdraw their consent or object to our processing of their personal data on grounds relating to their particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: The performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If Customer make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

⦁ Customers have the right to object to our processing of their personal data for direct marketing purposes (including profiling for direct marketing purposes). In such cases, we will cease to process customer personal data for this purpose only.

⦁ Customers have the right to object processing of their personal data for scientific or historical research purposes or statistical purposes on grounds relating to their particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest or for the establishment, exercise or defence of legal claims.

Article 11: Other Data Privacy Rights

⦁ To the extent that the legal basis for processing of personal data is:(a)consent; (b) that the processing is necessary for the performance of a contract to which customer are party or in order to take steps at Customer request prior to entering into a contract, and such processing is carried out by automated means, Customer have the right to receive their personal data from us in a structured, commonly used and machine-readable format to port the data to another system. However, this right does not apply where it would adversely affect the rights and freedoms of others.

⦁ If Customer consider that processing of their personal information infringes data protection laws, you have a legal right to lodge a complaint with the relevant concerned regulatory authorities responsible for data protection. You may do so in the state/country of your habitual residence, your place of work or the place of the alleged infringement.

⦁ Customer may exercise any of their Data privacy rights in relation to their personal data or submit any grievances by sending us e-mail to: support@diveroid.com.
While registering your grievances,

⦁ Customer have to ensure not to impersonate another person while providing his/her personal data for a specific purpose.

⦁ Customer have to ensure not to suppress any material information while providing personal data.

⦁ Customer have to ensure not to register a false or frivolous grievance or complaint with us

⦁ Customer have to furnish only such information as is verifiably authentic .

Article 12: Measures for Ensuring the Security of Personal Information

The Diveroid shall take technological/administrative/physical and other organizational measures required for ensuring the physical and logical security of personal information in commensurate with the risk assessed to the personal data and / or in accordance with the applicable data protection laws and regulations. Diveroid shall protect the personal data against destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however, therefore, while we strive to use commercially acceptable security methods, tools and means to protect the personal data, but however we cannot guarantee its absolute security. At the same time, we encourage customer to use caution when disclosing personal data online. More specifically, we have taken the measures to protect the personal data on the servers – restricted access, firewall protected and as well for data in transit or at rest by encrypting the same and many other security measures. If customers have any questions about security on our website or mobile apps – iOS and Android OS, please send us e-mail to support@diveroid.com. .

Article 13: Protection of Personal Information of Children under Fourteen Years of Age

We neither encourage or promote our products and services to be used by our customers below the age of 14 and hence the below measures are taken

⦁ Enhanced Age Verification:The Website and the app places utmost importance on the protection of children’s personal information within online environments. As an enhanced measure, it prohibits individuals under the age of fourteen (14) from applying for membership, requiring the consent of their legal counsel.

⦁ Unauthorized Membership:In the event that individuals under the age of fourteen (14) illicitly sign up for the Website and the app or provide their personal information through the unauthorized use of names or information, the Website reserves the right to take immediate action.

⦁ Legal Counsel Intervention:In such instances, the legal counsels / guardians / the parents of these individuals may be notified, and they are granted the right to exercise all legal rights available to them. The Website and the app disclaim any responsibility for unauthorized access by individuals under the age of fourteen (14) and places the onus on legal counsels / guardians / the parents to rectify such instances.

⦁ Exclusion from Services:Individuals under the age of fourteen (14) who attempt to register on the Website and the app against the stipulated age requirements may be subject to immediate exclusion from services. The Website, in its sole discretion, may take appropriate measures to enforce this age restriction.

⦁ No Liability for Unauthorized Access:The Website shall not be held liable for any unauthorized access or provision of personal information by individuals under the age of fourteen (14), and legal counsels are encouraged to monitor and supervise the online activities of their wards. In case of any liability if it arises, then the entire responsibility shall be borne by the legal counsels / guardians / the parents of the children.The Website commits to maintaining ongoing vigilance and implementing necessary technological measures to verify the age of users during the registration process. However, it is ultimately the responsibility of legal counsels to ensure compliance with age restrictions and usage policies.By using the Website and the apps, all users implicitly acknowledge and agree to these enhanced measures for the protection of children’s personal information.

Article 14: Chief Privacy Officer

The organization appoints the following chief privacy officer who is responsible for the handling of personal information and the handling of customers’ complaints regarding personal information and damage reliefs.

▶ Chief Privacy Officer
Name: Jungil Kim
Title: CEO
Contact point: support@diveroid.com.

Article 52: Modification of the Guideline on Personal Information Processing

This guideline on personal information processing shall take effect on its effective date 10th January 2024. Any addition of change under statutes and this guideline, and deletion and correction of anything in this guideline shall be announced via notices seven (7) days prior to the effectuation of such addition, deletion, or correction.