Privacy Policy
Published: 19 April 2026
Last updated: 19 April 2026
This Privacy Policy ("Policy") describes how Peter Martin Botman collects, stores, processes and protects the personal information of users of the websites pbfree.school, freedivingdolphins.com and freemauritius.tilda.ws (collectively, the "Websites").
By using the Websites or submitting personal data through them, you acknowledge and agree to this Policy. If you do not agree, please refrain from using the Websites.
1. Data Controller
1.1. The data controller is:
Peter Martin Botman (sole proprietor)
Address: Levantkade 23a, 1019 MC, Amsterdam, Netherlands
Privacy contact: personalbestfreediving@gmail.com
1.2. The Controller operates freediving courses, training sessions and events under the brand Personal Best Freediving.
2. Applicable Law
2.1. This Policy is drafted in accordance with:
– Regulation (EU) 2016/679 of 27 April 2016 (the General Data Protection Regulation, "GDPR");
– Federal Law of the Russian Federation No. 152-FZ "On Personal Data" of 27 July 2006;
– other applicable laws of the user's country of residence.
2.2. GDPR applies to users located in the European Economic Area (EEA); Russian Federal Law 152-FZ applies to users located in the Russian Federation.
3. Data We Collect
3.1. Information you provide voluntarily:
– first name and last name;
– email address;
– phone number / messenger contact (WhatsApp, Telegram);
– country of residence and citizenship;
– booking and payment details (dates, selected course or event, group composition);
– health information and freediving experience level (to the extent necessary to ensure safety during courses and events);
– any other information submitted through contact forms, booking forms or in correspondence.
3.2. Information collected automatically:
– IP address;
– cookies and similar technologies data;
– browser, operating system, and device information;
– referral page and behavioural data on the Websites;
– date and time of visit.
3.3. The Controller does not collect special categories of data, except health information voluntarily provided by the user for the purpose of ensuring safety during courses and events.
4. Purposes and Legal Bases of Processing
4.1. The Controller processes personal data for the following purposes:
(a) Processing bookings and performing contracts (legal basis: performance of contract / Art. 6(1)(b) GDPR):
– handling booking requests for courses and events;
– confirming reservations, payments and logistics;
– communication regarding the course or event.
(b) Ensuring safety (legal basis: vital interests / Art. 6(1)(d) GDPR):
– using health information to assess the user's readiness to participate;
– emergency contact in case of incidents.
(c) Informational and marketing communications (legal basis: consent / Art. 6(1)(a) GDPR or legitimate interest / Art. 6(1)(f) GDPR):
– sending email updates about upcoming courses, events and news;
– sharing topical content related to freediving;
– for users who previously submitted a booking request via the Websites, communications are sent on the basis of the Controller's legitimate interest in maintaining contact regarding relevant services; users may unsubscribe at any time with one click via the footer of any email.
(d) Website improvement and analytics (legal basis: legitimate interest / Art. 6(1)(f) GDPR):
– analysing traffic and user behaviour to improve Website functionality;
– advertising targeting and retargeting, subject to cookie consent.
(e) Legal compliance (legal basis: Art. 6(1)(c) GDPR):
– retaining accounting, tax and other records in accordance with applicable law.
5. Data Sharing with Third Parties
5.1. The Controller does not sell personal data and does not share it with third parties for commercial purposes.
5.2. The Controller may share data with the following categories of processors acting on its behalf under data processing agreements:
– website hosting and builder services (Tilda Publishing, Tilda.cc);
– email marketing services (SendPulse, Unisender);
– payment providers (Stripe, Prodamus, PayPal and others, depending on currency and region);
– web analytics services (Google Analytics, Yandex.Metrica);
– cloud storage services (Google Workspace, Apple iCloud);
– partner dive centres, hotels and transport providers — solely to the extent necessary to perform contracts for organising a specific course or event.
5.3. Data transfers outside the EEA are carried out under Standard Contractual Clauses approved by the European Commission, or other lawful transfer mechanisms.
6. Retention Periods
6.1. Booking-related data is retained for the duration of the contract and for 3 (three) years after the completion of the course or event to resolve potential disputes and evidence the fulfilment of obligations.
6.2. Data collected for the purpose of email communications is retained until the user withdraws consent (unsubscribes) or for 3 (three) years from the user's last interaction with the communications, whichever occurs first.
6.3. Accounting and financial records are retained for the period required by Dutch tax law (up to 7 years).
6.4. Cookie data is retained for the period specified for each cookie type; detailed information is available in the Controller's Cookie Policy.
7. Your Rights
7.1. You have the right to:
– access the personal data we hold about you (right of access);
– request correction of inaccurate or incomplete data (right to rectification);
– request erasure of your data (right to be forgotten), where legally applicable;
– restrict processing of your data;
– receive your data in a machine-readable format and transmit it to another controller (right to data portability);
– object to processing based on the Controller's legitimate interest, including direct marketing;
– withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal;
– lodge a complaint with a supervisory authority in your country of residence (for the EU — the Dutch Data Protection Authority, Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl; for Russia — Roskomnadzor).
7.2. To exercise any of these rights, please contact personalbestfreediving@gmail.com. The Controller will respond within 30 (thirty) calendar days.
7.3. You can unsubscribe from email communications with one click via the "Unsubscribe" link in the footer of any email, or by contacting personalbestfreediving@gmail.com.
8. Cookies and Similar Technologies
8.1. The Websites use cookies to ensure functionality, personalise content, conduct analytics and target advertising.
8.2. On your first visit, you are presented with a choice of cookie categories to allow. Strictly necessary cookies are used without separate consent.
8.3. You may change your preferences or delete cookies at any time via your browser settings.
9. Data Security
9.1. The Controller implements organisational and technical measures to protect personal data from unauthorised access, destruction, alteration, blocking, copying and distribution, including:
– encrypted data transmission (HTTPS);
– access controls for staff and contractors;
– regular review of the security of third-party processors;
– team training in information security fundamentals.
10. Children's Data
10.1. The Websites are not intended for individuals under 16 years of age. The Controller does not knowingly collect personal data from minors without parental consent.
10.2. If the Controller becomes aware that data from a minor has been collected without appropriate consent, such data will be deleted.
11. Changes to this Policy
11.1. The Controller may update this Policy from time to time. The current version is always available on the Websites.
11.2. Material changes will be communicated to users via email or a notice on the Websites at least 14 days before they take effect.
12. Contact
For any questions regarding the processing of your personal data, or to exercise your rights, please contact:
Peter Martin Botman
Levantkade 23a, 1019 MC, Amsterdam, Netherlands
Email: personalbestfreediving@gmail.com