Privacy Policy

This Privacy Policy of Octopus, a BigBlue Expeditions company, in accordance with GDPR Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”) ; sets out how we use and protects your personal data provided by you when using our website or any other communication channels. We may change this Privacy Policy from time to time. You should periodically visit this page from time to time to ensure that you are convenient with any changes. Any changes to this privacy policy will become effective when we post the revised Privacy Policy on our website. We will inform you of significant updates and ask for your consent where it is required by law to do so. This Privacy Policy is effective as of 24 March 2024. This Privacy Policy applies to all information collected or submitted on this website or through any other communication channels. Terms and conditions of this Privacy Policy are set forth as follows:
A. What we collect We only collect, use or disclose your personal data where it is necessary or there is a lawful basis for collecting, using or disclosing it. This includes where we collect, use or disclose your personal data based on the legitimate grounds of legal obligation, performance of contract made by you with us, our legitimate interests, performance under your consent and other lawful basis. We may collect or obtain the following types of information, whether directly from you or indirectly from other sources, which may include your general personal data and sensitive data but not limited to:
  • Personal details: such as, first name, last name, title, age, date of birth, gender, nationality, photos, education, work-related information (e.g., job title, company you work for), information on government-issued cards (e.g., national identification number, passport number), signatures, your license or permit and other identifiers;
  • Contact details: such as address, phone number and email address, Facebook or other social media accounts, or emergency contact person;
  • Financial information: such as bank account, bank statement, bank guarantee, loan agreement, cheque, credit records and other financial details;
  • Sensitive Data: such as biometric information, political beliefs, criminal record, etc.;
  • Other information in connection with the relationship between you and us: such as employment contract, service contract, customer surveys, etc.
In the case that consent is required by law, or that we have no basis for collecting, processing, or disclosing your personal data as specified above, we will ask for your consent prior to collecting, processing, or disclosing your personal data. We will collect personal data of a minor, a quasi-incompetent person, and an incompetent person only when a consent from legal representative, curator or guardian is obtained. Any information collected, without a consent from those above-mentioned persons, will be deleted promptly or be processed to the extent permitted by law, as the case may be.
B. What we do with the gathered personal data Pursuant to the legal basis specified in the GDPR, we may collect, use, or disclose your personal data for the following purposes:
  • Improvement of our products and services;
  • Performing obligations under any agreements entered or to be entered between you and us;
  • Customization of our website;
  • Disclosure of your information to service providers, agents, and/or contractors, from time to time to help us to provide and market our products and services to you;
  • For statistical analysis and includes our disclosure of your information to our customer service agencies for research and analysis purposes so that we can monitor and improve the services we provide;
  • For administrative and management purposes;
  • IT systems and support for the operation of the website;
  • Security and system monitoring, such as authentication and access controls and logs where applicable, monitoring of system, devices and internet, ensuring IT security, prevention and solving crimes, as well as risk management and fraud prevention;
  • Compliance with the GDPR, and any other applicable laws and regulations.
C. To whom we may disclose or transfer your personal data We may disclose or transfer your personal data to the following third parties who collects, uses and discloses personal data in accordance with the purpose under this Privacy Policy. These third parties may be located either in or outside Liechtenstein. Our affiliates: namely, BigBlue Expeditions. Our service providers: We may use other companies, agents or contractors to perform services on our behalf or to assist with the business relationship with you. We may share your personal data including, but not limited to (1) infrastructure, software, and website developer and IT service providers; (2) payment service providers; (3) research agencies; (4) analytics service providers; (5) survey agencies; (6) marketing, advertising media, and communications agencies; (7) logistics service providers; (8) outsourced administrative service providers; (9) data storage and cloud service providers; (10) customer service center; (11) insurance service providers; and (12) commercial banks. In the course of managing our business relationship, the service providers may have access to your personal data. However, we will only provide our service providers with the information that is necessary for them to perform the services, and no service provider is authorized to use your information for any purpose other than those specified in this privacy policy. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law. We may use your personal information to send you direct marketing information about us and/or third parties which we view you may find interesting if you tell us that you wish this information to be sent. Third parties required by law: In certain circumstances, we may be required to disclose or share your personal data in order to comply with a legal or regulatory obligation. This includes any law enforcement agency, court, regulator, government authority or other third party where we believe it is necessary to comply with a legal or regulatory obligation or to protect our benefits or rights. Professional advisors: This includes lawyers, technicians, financial advisors, and auditors who assist in running our business and defending or bringing any legal claims. Business Transfer: We may choose to buy or sell assets,and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal data could be one of the assets transferred to or acquired by a third party.
D. International transfers of your personal data We may disclose or transfer your personal data to third parties or servers located overseas, which the destination countries may or may not have the same equivalent level of protection for personal data protection standards. We will take steps and measures to ensure that your personal data is securely transferred and that the receiving parties have in place an appropriate level of protection standards. We will request your consent where consent to cross-border transfer is required by law.
E. Retention period of your personal data We will retain your personal data for as long as is reasonably necessary to fulfil the purpose for which we obtained it, and to comply with our legal and regulatory obligations. If such personal data is collected and processed for multiple purposes, such personal data will be deleted or recorded in an untraceable format upon the fulfillment of the last purpose. However, we may have to retain your personal data for a longer duration, as required by applicable law.
F. Your rights as a data subject Subject to applicable laws and exceptions thereof, you may have the following rights:
  • Right of access: You have the right to access or request a copy of the personal data we are collecting, using and disclosing about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you;
  • Right of withdrawal: you have the right to withdraw your consent at any time. Such withdrawal of the consent does not affect the lawfulness of the processing done prior to withdrawal;
  • Right of rectification: You have the right to rectify any incomplete, inaccurate, misleading, or not up to date personal data that we collect, use and disclose;
  • Right to data portability: You have the right to obtain personal data we hold about you, in a structured, electronic format, and to send or transfer such data to other data controllers or to yourself for certain reasons unless it is against the laws or affect the rights and freedom of other persons;
  • Right of objection: You may have the right to object to certain collection, use and disclosure of your personal data;
  • Right to deletion or suspension: You have the right to request us to erase your data or to suspend the use of your personal data for certain reasons unless we have to comply with the laws or have exercised our legal claim under the relevant laws for keeping such data.
You can submit a written request for exercising the above rights through the contact channels provided below. No charge will be incurred for exercising the above rights. If no legal cause for rejection of such request is present, we will consider and arrange for your request as soon as possible, and in any case, within 30 days from the date that we have received such request.
G. To reach out to us We welcome your views and feedback about our Privacy Policy and your personal information furnished to us. If you would like to contact us with any queries or comments, you may reach out to us by: (a) Sending an email to: (b) Sending a letter to us at Octopus BigBlue Expeditions, Baarerstrasse 65, 6300 Zug, Switzerland.