Skip to content


Privacy Data Information Model for Website


(European Regulation on the Protection of Personal Data)

1. Introduction

ONE OCEAN ZANZIBAR takes the user's privacy seriously and is committed to respecting it. It is a company owned by MONSOON LTD, operating in the scuba diving sector. This privacy policy ("Privacy Policy") describes the personal data processing activities carried out by MONSOON LTD through the website (Site) and the related commitments made by the Company in this regard. MONSOON LTD may process user's personal data when they visit the Site and use the services and features available on the Site. In the sections of the Site where the user's personal data is collected, a specific information notice is normally published in accordance with art. 13/15 of EU Regulation 2016/679. Where provided for by EU Regulation 2016/679, the user's consent will be required before proceeding with the processing of their personal data. If the user provides personal data of third parties, they must ensure that the communication of the data to MONSOON LTD and the subsequent processing for the purposes specified in the applicable privacy policy complies with EU Regulation 2016/679 and applicable law.

2. Identification details of the owner, controller, and Privacy Officer

The Data Controller is MONSOON LTD, Po Box 3182, Zanzibar (Tanzania)

3. Types of data processed

Visiting and consulting the Site generally does not involve the collection and processing of the user's personal data, except for navigation data and cookies as specified below. In addition to the so-called "navigation data" (see below), personal data voluntarily provided by the user may be processed when they interact with the Site's features or request to use the services offered on the Site. In compliance with the Privacy Code, MONSOON LTD may also collect the user's personal data from third parties in the performance of its activities.

4. Cookies and navigation data

The Site uses "cookies." By using the Site, the user consents to the use of cookies in accordance with this Privacy Policy. Cookies are small files stored on the user's computer's hard drive. There are two main categories of cookies: technical cookies and profiling cookies.

Technical cookies are necessary for the proper functioning of a website and to allow user navigation; without them, the user may not be able to view pages correctly or use some services.

Profiling cookies are used to create user profiles in order to send advertising messages in line with the preferences expressed by the user during navigation.

Cookies can also be classified as:

- "session cookies," which are deleted immediately when the browsing browser is closed;

- "persistent cookies," which remain within the browser for a certain period of time. They are used, for example, to recognize the device connecting to a site, facilitating authentication operations for the user;

- "first-party cookies," generated and managed directly by the website manager on which the user is browsing;

- "third-party cookies," generated and managed by subjects other than the website manager on which the user is browsing.

5. Cookies used on the site

The Site uses the following types of cookies:

a. proprietary cookies, session, and persistent, necessary to allow navigation on the Site, for internal security purposes, and system administration;

b. third-party cookies, session, and persistent, necessary to allow the user to use multimedia elements present on the Site, such as images and videos;

c. third-party cookies, persistent, used by the Site to send statistical information to the Google Analytics system, through which MONSOON LTD can perform statistical analysis of access/visits to the Site. The cookies used pursue exclusively statistical purposes and collect information in aggregate form. Through a pair of cookies, one persistent and the other session (expiring when the browser is closed), Google Analytics also saves a log with the start and end times of the visit to the Site. Google can prevent data detection via cookies and subsequent data processing by downloading and installing the browser plug-in from the following address:

d. third-party cookies, persistent, used by the Site to include in its pages the buttons of some social networks (Facebook, Twitter, and Google+). By selecting one of these buttons, the user can post on their personal page of the relevant social network the contents of the Site page they are visiting.

The Site may contain links to other websites (so-called third-party sites). MONSOON LTD does not access or control cookies, web beacons, and other user tracking technologies that may be used by third-party sites that the user can access from the Site; MONSOON LTD does not control the content and materials published by or obtained through third-party sites, nor their methods of processing the user's personal data, and expressly declines any responsibility for such eventualities. The user is required to check the privacy policy of third-party sites accessed through the Site and to inquire about the conditions applicable to the processing of their personal data. This Privacy Policy applies only to the Site

as defined above.

6. How to disable cookies in browsers

If desired, the user can manage cookies directly through their browser settings. However, by deleting cookies from the browser, they may remove the preferences set for the ONE OCEAN ZANZIBAR site, so it would be advisable to periodically visit this page to check their preferences.

For further information and support, it is also possible to visit the specific help page of the web browser being used:

Internet Explorer;





7. Storage of personal data

Personal data is stored and processed through computer systems owned by MONSOON LTD and managed by third-party technical service providers; for more details, please refer to the "Scope of accessibility of personal data" section that follows. The data is processed exclusively by specifically authorized personnel, including personnel tasked with carrying out extraordinary maintenance operations. Personal data will be kept for the duration of the contract and after the end of the contract in order to fulfill MONSOON LTD's legal obligation, including claims for any claims, in accordance with applicable law, and will then be deleted or anonymized.

If we consent to the processing of our products and services for direct marketing purposes after the expiry of the contract, we will process the data until consent is revoked.

8. Purposes and methods of data processing

MONSOON LTD may process the user's common and sensitive personal data for the following purposes: use by users of services and features available on the Site, management of requests and reports from its users, sending newsletters, management of applications received through the Site, etc. Furthermore, with the additional and specific optional consent of the user, MONSOON LTD may process personal data for marketing purposes, i.e., to send promotional material and/or commercial communications related to the Company's services to the user, at the addresses indicated, both through traditional contact methods (such as, postal mail, telephone calls with operator, etc.) and automated (such as, communications via internet, fax, e-mail, SMS, applications for mobile devices such as smartphones and tablets - so-called APPS -, social network accounts - e.g., via Facebook or Twitter -, automatic operator telephone calls, etc.). Personal data is processed both in paper and electronic form and entered into the company's information system in full compliance with EU Regulation 2016/679, including security and confidentiality profiles and inspired by the principles of correctness and lawfulness of processing. In accordance with EU Regulation 2016/679, the data is kept and stored for the time necessary to achieve the purposes for which it is processed and in any case for as long as you decide to be registered on our website.

9. Security and quality of personal data

MONSOON LTD is committed to protecting the security of the user's personal data and complies with the security provisions provided by applicable law to prevent data loss, unlawful or unauthorized use of data, and unauthorized access to them, with particular reference to the Technical Disciplinary on minimum security measures. Furthermore, the information systems and computer programs used by MONSOON LTD are configured to minimize the use of personal and identifying data; such data is processed only to achieve the specific purposes pursued from time to time. MONSOON LTD uses multiple advanced security technologies and procedures to protect users' personal data; for example, personal data is stored on secure servers located in locations with controlled and protected access. The user can help MONSOON LTD update and maintain their personal data correctly by communicating any changes to their address, qualification, contact information, etc.

10. Scope of communication and access to data

The user's personal data may be disclosed to:

- all subjects to whom access to such data is recognized by regulatory provisions;

- to our collaborators, employees, within the scope of their duties;

- to all those natural and/or legal persons, public and/or private, when communication is necessary or functional to the performance of our activity and in the ways and for the purposes illustrated above;

11. Nature of providing personal data

The provision of certain personal data by the user is mandatory to allow the Company to manage communications, requests received from the user, or to contact the user to follow up on their request. This type of data is marked with an asterisk [*], and in this case, provision is mandatory to allow the Company to follow up on the request, which, in the absence of which, cannot be processed. On the contrary, the collection of other data not marked with an asterisk is optional: failure to provide them will not have any consequences for the user.

The provision of personal data by the user for marketing purposes, as specified in the section "Purposes and methods of processing," is optional, and refusal to provide them will have no consequences. The consent given for marketing purposes is understood to extend to communications made through both automated and traditional contact methods, as exemplified above.

12. Rights of the data subject

12.1 Art. 15 (right of access), 16 (right to rectification) of EU Regulation 2016/679

The data subject has the right to obtain from the data controller confirmation as

to whether or not personal data concerning them is being processed and, where that is the case, access to the personal data and the following information:

a. the purposes of the processing;

b. the categories of personal data concerned;

c. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

d. the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

e. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

f. the right to lodge a complaint with a supervisory authority;

g. where the personal data are not collected from the data subject, any available information as to their source;

h. the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

12.2 Right pursuant to art. 17 of EU Regulation 2016/679 - right to erasure ("right to be forgotten")

The data subject has the right to obtain from the data controller the erasure of personal data concerning them without undue delay, and the data controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

a. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

b) the data subject withdraws consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a), and where there is no other legal ground for the processing;

c. the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);

d. the personal data have been unlawfully processed;

e. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

f. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of EU Regulation 2016/679.

12.3 Right pursuant to art. 18 Right to restriction of processing

The data subject has the right to obtain from the controller restriction of processing where one of the following applies:

a. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

b. the processing is unlawful, and the data subject opposes the erasure of the personal data and requests instead the restriction of their use;

c. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;

d. the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

12.4 Right pursuant to art.20 Right to data portability

The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

13. Withdrawal of consent to processing

The data subject has the right to revoke consent to the processing of their personal data by sending a registered letter to the following address: MONSOON LTD, Po Box 3182, Zanzibar (Tanzania) accompanied by a photocopy of their identity document, with the following text: "withdrawal of consent to the processing of all my personal data" or via email to the address At the end of this operation, your personal data will be removed from the archives as soon as possible.

If you wish to have more information on the processing of your personal data, or exercise the rights referred to in the previous point 7, you can send a registered letter to the following address: MONSOON LTD, Po Box 3182, Zanzibar (Tanzania) accompanied by a photocopy of your identity document, with the following text: "withdrawal of consent to the processing of all my personal data" or via email to the address Before we can provide or modify any information, it may be necessary to verify your identity and answer some questions. A response will be provided as soon as possible.