Diving is one of the few activities where a centre genuinely needs some medical information about you, because your safety in the water can depend on it. That makes handling your data carefully more important here than for an ordinary business, not less. This page explains plainly what we collect, why, who sees it, how long we keep it, and the rights you hold over it — with particular care over the health information that diving requires, which we treat more carefully than anything else we hold. Last reviewed June 2026.
The data controller is Sinai Blue Diving S.A.E., trading as Blue Horizon Dive Centre, 14 Sharia al-Mashraba, Dahab 46617, South Sinai Governorate, Egypt, VAT (ETA) 724-518-093. Data questions go to [email protected].
To book and run your diving we hold your name and contact details, your diving experience and certification level, and — for any in-water activity, as safety requires — a completed medical questionnaire. For courses we also hold the training and certification records that your qualification requires. When you contact us we hold your message and reply details. We collect nothing beyond what booking, safety and certification genuinely require.
This is the most sensitive data we hold, so we treat it accordingly. Before diving or a course you complete a standard diving medical questionnaire; where it flags a condition, we may need a doctor's sign-off before you dive. We collect this health information only with your consent and only to keep you safe in the water, we share it only with the instructor or guide who needs it to dive with you safely, and we do not use it for anything else whatsoever. You can ask to see, correct or have it deleted at any time, subject to the safety record we must keep for a dived activity.
For bookings the basis is the contract to provide your diving. For the medical information the basis is your explicit consent together with our duty of care — we cannot responsibly take you diving without knowing of a condition that could endanger you. For general enquiries the basis is your consent and our legitimate interest in replying. We never process your data for advertising; we run none.
Booking and contact records are kept while you are an active customer and for a reasonable period after for our accounts, then deleted. Certification records are kept as the certifying agency requires, since they are your permanent qualification. Medical questionnaires are kept only as long as the safety record of the activity requires and then deleted; we do not retain your health data beyond that need. Enquiry messages with no booking are deleted within a year.
Inside the centre, only the people who need your data to book you in or dive safely with you can see it — and your medical information only the instructor or guide actually in the water with you. Outside, the only parties who touch it are our payment processor (for payment) and the certifying agency (for your qualification, which is yours). We never sell, rent or share your data for anyone's marketing.
The site runs no advertising network, no identifying analytics, no social trackers, and sets no non-essential cookies, so there is no cookie banner. It is a set of static pages; the only data it transmits is what you enter into a form and choose to send.
Payment is taken through a regulated payment channel. Your full card number goes into the processor's secure system, not ours; we hold only the record of payment our accounts require and never store your card number. The booking form is submitted by the post method, so nothing sensitive appears in a web address.
We sometimes take photos and video underwater and on the shore, which divers love and which we may use to show the centre's work. We ask your consent before using an image in which you are identifiable, never name you without specific permission, and will remove any image on request. Tell us in advance if you would rather not be photographed and we will respect it throughout your time with us.
You can ask what we hold about you, ask us to correct it, ask us to delete it (subject to the safety and certification records we must keep), and withdraw consent for correspondence or for us to hold your image. Write to us and we will respond within thirty days, free of charge. Your medical data in particular we will delete the moment the safety need has passed if you ask.
We protect what we hold with access controls and encryption in transit, and by holding little of value to an attacker — no stored card numbers, and medical data kept only as long and as narrowly as safety requires. Your health information is held more tightly than anything else we keep.
As a small dive centre rather than a data business, we have deliberately kept what we hold to the minimum that booking, safety and certification require. We build no profile of you, track nothing about your behaviour, and keep no dormant database for some future use. With your medical information in particular, the safest approach is to collect only what safety needs and delete it the moment that need has passed — and that is exactly what we do. Information we never collected cannot be lost or misused, which is a protection for you and a relief for us.
Any email from us is about your booking, your course, your certification or a reply to a message you sent — never marketing. We do not run a promotional mailing list and we do not pass your address to anyone for theirs. If you would prefer we stopped contacting you once your diving with us is done, just say so and we will, while keeping only what we are obliged to for our accounts.
When you complete a course, your certification is registered with the international certifying agency, because the qualification is recognised worldwide and belongs to you for life. The agency receives only what it needs to issue and record your certification. This is the one piece of your data that is meant to outlast your time with us — because it is your qualification to carry to any dive centre, anywhere, forever.
Where a booking includes children — on a course with a minimum age met, or on a snorkelling trip — their details are provided by the accompanying parent or guardian, who gives consent on their behalf, including for any medical questionnaire a young diver needs. We hold the minimum about a child that safety requires, use it only to run their activity safely, never share it for any other purpose, and delete it once it is no longer needed. A parent can ask to see, correct or delete their child's data at any time.
It is worth restating plainly: this website is a set of static pages. It runs no accounts, tracks nothing about your visit, and transmits nothing about you except what you choose to type into the booking form and send. There is no analytics watching your behaviour, no advertising network, and no cookie following you between pages. The bookings themselves are handled separately by our staff; the website is simply where you read about us and get in touch.
If we change how we handle data we will update this page and its date. If you are unhappy with how your data — especially your medical information — has been handled, raise it with us first so we can put it right; you also keep the right to complain to the data-protection authority in your country. Reach us through the contact page, and a real person at the centre will deal with it personally.