Privacy Policy

Archipel collects personal information necessary to provide marine tourism services, respond to inquiries, and maintain operational safety. The following categories of data may be collected:

Personal Identification Data

Name, email address, phone number, mailing address, date of birth, nationality, and passport information where required for travel arrangements and permits.

Health and Safety Information

Medical conditions, diving certifications, swimming ability, dietary restrictions, emergency contact details, and insurance information to ensure participant safety during marine activities.

Payment Information

Billing address, payment method details processed through secure third-party payment processors. Archipel does not store complete credit card numbers.

Usage Data

Website visit information including IP address, browser type, pages viewed, time spent on pages, and referring websites, collected through cookies and analytics tools.

Communications

Content of emails, form submissions, phone conversations, and other communications with Archipel regarding bookings, inquiries, or feedback.

Legal Basis for Processing

Data is processed based on consent (inquiry forms, newsletter subscriptions), contract fulfillment (booking confirmations, service delivery), legal obligations (safety requirements, tax records), and legitimate business interests (service improvement, fraud prevention).

Data Retention Periods

Client booking records and safety information are retained for seven years following trip completion, as required by Malaysian maritime regulations and insurance requirements. Marketing communications data is retained until consent is withdrawn. Website analytics data is retained for two years.

Personal information collected by Archipel is used for the following purposes:

Service Delivery

Processing bookings, coordinating transportation and accommodations, arranging permits for marine park access, matching participants to appropriate experiences based on abilities and interests, and communicating trip details and itinerary changes.

Safety and Emergency Response

Assessing participant suitability for marine activities, maintaining emergency contact information, coordinating with medical services if needed, and complying with maritime safety regulations.

Communication

Responding to inquiries, sending booking confirmations and pre-trip information, providing updates about experiences or schedule changes, and gathering feedback after trip completion.

Marketing Communications

Sending newsletters about new experiences, conservation updates, and travel opportunities to those who have opted in. All marketing emails include unsubscribe options.

Website Improvement

Analyzing usage patterns to improve website navigation, content, and user experience. Understanding which pages and information are most helpful to visitors.

Legal Compliance

Meeting requirements under Malaysian law for tourism operations, tax reporting, and maritime safety records. Responding to lawful requests from authorities when required.

Third-Party Sharing

Personal information may be shared with boat operators for trip logistics, accommodation providers for reservations, insurance companies for coverage verification, payment processors for transaction completion, and conservation organizations when participants opt to receive updates about supported projects. Data is never sold to third parties for their marketing purposes.

Archipel implements the following security measures to protect personal information:

Technical Security

SSL encryption for website data transmission, secure servers with regular security patches and updates, encrypted storage for sensitive information, and regular backups of data systems.

Access Controls

Limited staff access to personal information based on job requirements, password-protected systems with regular password updates, and separate storage for health/safety data with restricted access.

Monitoring and Auditing

Regular security audits of data systems, monitoring for unauthorized access attempts, and logging of data access by staff members.

Breach Notification

In the event of a data breach affecting personal information, Archipel will notify affected individuals within 72 hours of becoming aware of the breach, as required by Malaysian Personal Data Protection Act. Notification will include details of compromised data, steps taken to address the breach, and measures individuals can take to protect themselves.

Third-Party Processor Security

All third-party services used for payment processing, email communications, or analytics are required to maintain security standards equivalent to or exceeding our own. Contracts with third parties include data protection clauses.

The Archipel website uses cookies to improve user experience and analyze site usage. Cookies are small text files stored on your device when you visit our website.

Types of Cookies Used

Essential cookies required for website functionality, analytics cookies to understand site usage patterns, and preference cookies to remember user settings. Detailed information about cookie usage, including how to manage cookie preferences, is available in our Cookie Policy.

Under Malaysian Personal Data Protection Act and applicable international privacy regulations, individuals have the following rights regarding their personal data:

Right to Access

You may request copies of personal information Archipel holds about you. We will provide this information within 30 days of receiving your request.

Right to Rectification

You can request correction of inaccurate or incomplete personal information. We will update records within 14 days of receiving verification of correct information.

Right to Erasure

You may request deletion of personal information where we no longer have legal basis to retain it. Note that certain information must be retained for legal or safety reasons (trip safety records, payment records for tax purposes).

Right to Data Portability

You can request personal information in structured, commonly used format for transfer to another service provider.

Right to Object

You may object to processing of personal information for marketing purposes or where processing is based on legitimate interests rather than consent.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw that consent at any time. This does not affect lawfulness of processing before consent withdrawal.

Right to Lodge Complaint

You have the right to lodge complaints about our data handling practices with the Malaysian Personal Data Protection Commissioner or relevant supervisory authority in your jurisdiction.

Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We may require verification of identity before processing requests. There is no fee for exercising these rights unless requests are manifestly unfounded or excessive.

The Archipel website may contain links to third-party websites including accommodation providers, conservation organizations, or travel resources. We are not responsible for privacy practices of external sites. We encourage you to review privacy policies of any third-party sites you visit. Links to external sites do not constitute endorsement of their privacy practices.

Archipel marine experiences are designed for participants 18 years and older. We do not knowingly collect personal information from individuals under 18 without parental consent. For family bookings including minors, parents or guardians provide consent and information on behalf of children. If we become aware that personal information of a minor has been collected without appropriate consent, we will delete that information promptly.

This privacy policy may be updated periodically to reflect changes in our practices, legal requirements, or service offerings. Material changes will be communicated through email to active clients and prominently displayed on our website. Continued use of services after policy changes indicates acceptance of updated terms. The "Last Updated" date at the top of this policy indicates when it was most recently revised.

For questions about this privacy policy, to exercise your data rights, or to raise concerns about how your information is handled, please contact:

We aim to respond to all privacy-related inquiries within 14 business days.