Privacy Policy

Introduction

Deepwell operates yacht charter services from Pantai Cenang, Langkawi. We are committed to protecting the personal information of our guests and website visitors. This privacy policy explains how we collect, use, store, and protect your data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

For any questions regarding this policy or your personal data, contact us at [email protected].

Information We Collect

Booking Information

When you request or confirm a charter booking, we collect name, email address, phone number, preferred departure dates, group size, and any dietary requirements or special requests you provide. For Thai border crossing charters, we also collect passport numbers as required by Malaysian and Thai maritime authorities.

Website Usage Data

When you visit our website, we automatically collect IP address, browser type, device information, pages visited, and time spent on site through standard server logs and cookies.

Communication Records

Email correspondence, phone call notes, and any feedback or reviews you provide are stored for service improvement and record-keeping purposes.

How We Use Your Information

We use your personal data for the following purposes:

• Processing and confirming charter bookings
• Communicating with you about your charter details and any changes
• Meeting legal requirements for maritime passenger records and Thai border documentation
• Accommodating dietary preferences and special requests
• Responding to enquiries and providing customer service
• Improving our services based on feedback
• Sending occasional updates about our charter services if you have opted in

Legal basis for processing: Charter bookings are processed under contract performance. Website analytics and marketing communications are processed based on legitimate interest and consent where required.

Data Sharing and Third Parties

We do not sell your personal data to third parties. We share information only as follows:

• Malaysian Marine Department and Thai maritime authorities for border crossing charters (legal requirement)
• Payment processors for secure transaction handling
• Website hosting services that store our data
• Email service providers for communications

All third-party service providers are required to maintain appropriate data security measures and use your information only for specified purposes.

Data Retention

We retain your personal data for different periods depending on the type:

• Booking information: Seven years from charter date (maritime regulatory requirement)
• Passport details for border crossings: Two years from charter completion
• Email correspondence: Three years from last contact
• Website analytics: Aggregated data retained indefinitely, individual IP data deleted after 12 months
• Marketing consent records: Until you withdraw consent, then deleted within 30 days

Data Security

We implement appropriate technical and organisational measures to protect your personal data:

• SSL encryption for website data transmission
• Secure password-protected systems for booking records
• Access to personal data limited to authorised staff only
• Regular backups stored in encrypted format
• Staff training on data protection requirements

Cookies and Tracking

Our website uses the following types of cookies:

• Essential cookies: Required for website functionality and security. Always active.
• Analytics cookies: Help us understand how visitors use our website. Can be disabled in cookie settings.
• Preference cookies: Remember your settings and choices. Can be disabled in cookie settings.

For detailed information about cookies we use, see our Cookie Policy.

Your Rights

Under the Personal Data Protection Act 2010, you have the following rights:

• Right to access: Request a copy of the personal data we hold about you
• Right to correction: Request correction of inaccurate or incomplete data
• Right to withdraw consent: Withdraw marketing consent at any time
• Right to limit processing: Object to use of your data for marketing purposes
• Right to data portability: Request transfer of your data to another service provider

To exercise any of these rights, contact [email protected]. We will respond within 21 days as required by PDPA.

Children's Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors without parental consent. Charter bookings involving children require an adult guardian to provide all information and consent on the child's behalf.

International Data Transfers

For Thai border crossing charters, your passport information is shared with Thai maritime authorities as legally required. This constitutes an international data transfer. We ensure such transfers comply with applicable data protection regulations and only share the minimum information necessary for border clearance.

Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. Significant changes will be communicated via email to active customers or prominently displayed on our website. The "Last Updated" date at the top indicates when changes were made.

Contact Information

For questions or concerns about this privacy policy or how we handle your personal data: