Privacy Policy

PRIVACY AT A GLANCE (TL;DR)

We know legal policies are long, so here is the short version of how we look after you:

• Order Fulfilment: We collect your name, address, and contact info solely to get your gear to you and keep you updated on your order.

• Secure Payments: We never see or store your credit card details. All payments are handled by Shopify Payments or PayPal using industry-standard (PCI-compliant) encryption.

• Relevant Browsing: We use cookies to remember your cart and show you products you're actually interested in.

• Hashed Data Sharing: To show you our latest offers on sites like Google or Facebook, we share your data in a "scrambled" (hashed) format. This means they can't "read" your email, but they can show you our ads on our behalf.

• Your Control: You can opt out of marketing or ask us to delete your data at any time.

DIRDIRECT ONLINE PRIVACY POLICY

This policy notice outlines how Underwater Explorers Ltd. trading online as Dirdirect.com looks after your personal information (Personal Data), what information we collect to process your order(s), how that information is used, encrypted and securely stored, and how we conform with the General Data Protection Regulation (GDPR) as well as the Payment Card Industry Data Security Standard (PCI DSS).

"Personal Data" is information that can be used to identify you, directly or indirectly, alone or together with other information, when you purchase something from us.

This includes your full name, email address, phone number, network information, IP address and online orders you have brought to checkout or made through us. 

THE INFORMATION WE COLLECT

When you visit our Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases and fulfil your order(s). We may also collect additional information if you contact us for customer support.

In this Privacy Policy, we refer to any information about an identifiable individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

Device Information

• Purpose of collection: to load the Site accurately for you, to perform analytics on Site usage to optimise our Site, to enhance your overall shopping experience.
• Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
• Disclosure for a business purpose: shared with our processor, Shopify.

Personal Data

• Your contact details: your name, age, gender, postal address including billing and delivery addresses, telephone numbers (including mobile numbers), email address and other relevant demographic information.
  
• Purchases made by you, as well as your online browsing activity on our site, including your shopping cart and any "abandoned cart".
• The marketing preferences you have chosen.
• Any correspondence and communications you have with us.
• Any other publicly available data, you may share via social media platforms such as YouTube, Facebook, Instagram or X.
• The version of web browser you use, your IP address, time zone, cookie information, and acceptance of our Terms and Conditions prior to a purchase. 

Order Information

• Purpose of collection: to provide products or services to you to fulfil our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
• Source of collection: collected from you.
• Disclosure for a business purpose: shared with our processor, Shopify.
• Personal Information collected: name, billing address, delivery address; plus your email address, phone number, and payment information, and current and past orders. (including encrypted credit card information handled only by Shopify Payments as a PCI-compliant 3D secure payment gateway).
• Any and all information collected on this site will be kept strictly confidential and will not be sold, reused, rented, disclosed, or loaned.
• None of the cookies used on this site stores your credit card information, which is handled separately and through a secure, encrypted payment processing gateway.
• We do not access or hold any sensitive credit card information.
• We do not contact you for anything else but to satisfactorily conclude any order you have started or made unless you have agreed to receive our advertising or emails.

Sharing Personal Information

We share your Personal Information with service providers to help us provide our services and fulfil our contracts with you. For example:

• We use Shopify to power our online store, handle orders, and retain customer information. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
• We use encrypted Shopify Payments as our payment gateway to handle PCI-compliant and 3D secure checkouts on our behalf.
• We use PayPal as a payment gateway to process your PayPal purchases securely.
• We may use your personal information in the form of name and email address, but only with your consent and opt-in, for advertisements or marketing communication via email.
• We may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
• We may share information with companies that help us provide a better experience tailored to you, including providers of intelligence tools and social media platforms, website hosting providers, marketing and advertising services, and third-party apps that run our loyalty schemes.
• As we use service providers such as Shopify, Google, and Meta, your information may be transferred to and stored in locations outside the UK or the European Economic Area (EEA). We ensure these transfers are protected by appropriate legal safeguards, such as Standard Contractual Clauses.

MARKETING AND BEHAVIOURAL ADVERTISING

When you visit other websites or browse the internet, you may see banner ads for our products. These ads appear based on your interaction with our website. We work with advertising specialists to deliver these ads, utilising tools such as ad tags, web beacons, pixels, mobile identifiers, and cookies placed on your devices.

Automated decision-making software handles this information, including demographic data, to fulfil our legitimate interest in improving our services and products, and to tailor targeted advertisements or marketing communications that we believe may be of interest to you. 

We want the ads you see to be relevant to your interests rather than random. To do this, we work with trusted partners like Google and Meta to show you customised offers based on your previous visits to our store or on information you've shared with us (such as your email address). We share this data in a secure, 'hashed' format (a way of scrambling the data so it isn't readable as an email address) so they can show you our ads on our behalf.

• Google Services: We use Google Analytics to understand how customers use our site. We also share information about site usage and purchases with Google to show you relevant products. Any data shared with Google is used to provide advertising services on our behalf, in full compliance with Google’s user consent policies. You can read Google’s privacy policy and opt out of Google Analytics here.

• Social Media: We use tools like Facebook Custom Audiences to show you relevant updates and ads on platforms like Instagram and Facebook.

• Direct Sharing: We may share some information directly with advertising partners via cookies, pixels, or mobile identifiers to help tailor our marketing to you.

Your Choices and Opt-outs

You have control over how you are tracked. You can opt out of targeted advertising by emailing us at sales@dirdirect.com or by using the following links:

• FACEBOOK: Ad Settings

• GOOGLE: Personalised Ads Settings

• BING: Personalised Ads Policy

• Digital Advertising Alliance: You can also visit their opt-out portal here.

LAWFUL BASIS

Pursuant to the UK Data Protection Act, UK GDPR, General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area, we process your personal information under the following lawful bases and for the purposes of:

• Your consent to perform our contract with you;
• The performance of the contract between you and the Site;
• Compliance with our legal obligations;
• To protect your vital interests;
• To perform a task carried out in the public interest;
• For our legitimate interests, which do not override your fundamental rights and freedoms;
• Promoting, marketing and advertising our products;
• Understanding customer preferences, needs and behaviour;
• Improving our website and services.

RETENTION

When you place an order through the Site, we will retain your Personal Information for our records unless and until you request that we erase it. For more information on your right of erasure, please see the ‘Your rights’ section below.

AUTOMATIC DECISION-MAKING - PAYMENTS

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data. Our processor, Shopify, uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

• Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a few hours.
• Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a few days.

YOUR RIGHTS

Under the UK Data Protection Act, you have the right to access the personal information we hold about you, and to ask that it be corrected, updated, or erased. You also have the right to object to or restrict certain processing of your data. If you would like to exercise these rights, please contact us at sales@dirdirect.com.

MINORS

The Site is not intended for individuals under the age of 18. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address above to request deletion.

COOKIES

Like most websites, we use cookies to collect information. A cookie is a small piece of information that is downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies, as outlined above.

Cookies improve your browsing experience by allowing the website to remember your actions and preferences (such as login and region selection). You don’t have to re-enter this information when you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance, whether it’s their first time visiting or if they are frequent visitors. You can see the cookies we use to optimise your site experience and provide our services under our Cookies Policy.

INFORMATION USED: WHAT, WHY, WHO

We have listed here the information we require, what we use it for and who has access to it:

INFORMATION	WHY	WHO
Full Name, Billing, Delivery Address and Phone Number	To accept, process and deliver your order	Us, the Courier/Mail service who delivers the order
	For customs clearance and duties where required	Any authorities in the country of delivery where a customs declaration is required. The information would include our business name and contact details, copy of the commercial invoice with receiver name, address, description of  goods, number of items, package weight and size, the value of shipment as well as receiver phone number and email.
	For payment method and security checks	Us, your card issuer, PayPal handling your and our respective accounts, our secure online payment processing gateway provider Shopify, our bank (does not have access to your phone number)
E-mail	To accept and process your order	Us, your card issuer, our bank, PayPal handling your and our respective accounts, our secure online payment processing gateway provider Shopify
	To update you on the progress of your order	Only us
	To inform you of tracking or delivery status	Us, the courier or delivery service involved
	To follow up any abandoned shopping carts via email	Only us
	For newsletter subscription only if you register	Us, 3rd party newsletter app
IP Address*	To accept and process your order	Us, your card issuer, PayPal handling your and our respective accounts, our secure online payment processing gateway provider Shopify
	Browser and operating system information. In-house order notification	Only Us. Anonymous details on the browser and operating systems browsing our store are logged. When an order is made, email notifications are sent to our sales team containing your login name of choice (if entered), if a payment has been approved or declined with no personally identifiable information.
Payment Card Details**	To receive funds for your purchase	Your card issuer and our secure online payment processing gateway provider Shopify, your own PayPal registered account
Order and ordered item details	Details of your orders will be kept on our system for as long as legally required and not longer	Only us
ADDITIONAL INFORMATION WE HAVE ACCESS TO:
INFORMATION	WHY	WHERE AND HOW
Declined and Failed Orders - Full name, billing and delivery address, email address, phone number, IP address and order details.	To help us assist in completing your order if payment processing problems occur	Where payment has been declined or funds have not been transferred after checkout attempt: Us, Your card issuer and our secure online payment processing gateway provider Shopify, your own PayPal registered account
Abandoned Carts - Unfinished Baskets: The Email address and Profile Name you have entered, cart contents, cart opening date and time	In order for us to assist you in following up an order that has not been completed but left at checkout	Only Us

*An IP address is a unique string of numbers separated by full stops that identify each computer using the Internet Protocol to communicate over a network and can, therefore, identify the network address of an order placed. You can find your own IP address at any time by clicking on this link: http://www.whatsmyip.org/

* Only full-time staff at Underwater Explorers/DirDirect have access to payment method information and limited card details that do not include any identifiable card number or security code, for your safety. This information is handled securely and in an encrypted manner by your card issuer and Shopify gateway (or PayPal).

Last Updated: June 2025