Privacy Policy
1. Scope
This Privacy Policy applies exclusively to the website lagona-divers.com including all of its subpages.
Internal development, testing or staging environments (e.g. stage. or dev.) are not publicly accessible and are not subject to this Privacy Policy. Redirects from other domains lead exclusively to subpages of this website.
2. Controller & Data Protection Contact
Controller within the meaning of the GDPR:
Generation X GmbH
Marktstraße 5
93098 Mintraching
Germany
Phone: +49 9406 2831-0
Email: info@lagona-divers.com
Website: https://www.lagona-divers.com
No Data Protection Officer has been appointed. If you have any questions regarding data protection, you may contact us at the details provided above at any time.
3. General Information on Data Processing
We process personal data exclusively in accordance with applicable legal provisions, in particular the General Data Protection Regulation (GDPR).
Personal data is processed only where necessary to provide this website, where you voluntarily provide such data, where there is a legal obligation, or where we have a legitimate interest.
The specific purposes, categories of data and legal bases are explained in the following sections.
4. Hosting & Server Log Files
4.1 Hosting
This website is hosted by a service provider located within the European Union:
Mittwald CM Service GmbH & Co. KG (Germany)
Processing is carried out on the basis of a data processing agreement pursuant to Art. 28 GDPR.
4.2 Server Log Files
When you access this website, information is automatically collected in so-called server log files, including:
- IP address
- date and time of access
- accessed page or file
- browser type and operating system
- referrer URL
These data are used exclusively to ensure technical security, system stability and error analysis.
Legal basis: Art. 6(1)(f) GDPR
5. Cookies & Consent Management
This website uses cookies. To manage user consent, we use Borlabs Cookie.
The following cookie categories are used:
- strictly necessary cookies
- statistics cookies
- marketing cookies
Non-essential cookies are set only after explicit consent.
Legal bases:
Strictly necessary cookies: Art. 6(1)(f) GDPR
Statistics & marketing cookies: Art. 6(1)(a) GDPR
6. Bookings, Enquiries & Online Shop (WooCommerce)
Touristic services (e.g. diving packages, hotel bookings, transfers) can be booked via this website. No physical goods requiring shipment are sold.
In the context of bookings or enquiries, we process personal data such as name, address, contact details and service-related information.
Legal basis: Art. 6(1)(b) GDPR
7. Payment Processing
Payment processing is carried out exclusively via external payment service providers. We do not process or store any payment data ourselves.
Depending on the selected payment method, data may be transferred to:
- PayPal
- Stripe (including iDEAL and other national payment methods)
- Credit card payments via Nexi / NetS
- Bank transfer
Legal basis: Art. 6(1)(b) GDPR
8. User Accounts
Creating a customer account is voluntary. Bookings can also be made as a guest. Due to the nature of the services offered, personal data is always required.
Customer accounts can be deleted at any time upon request, provided that no statutory retention obligations apply.
Legal basis: Art. 6(1)(b) GDPR
9. Protection Against Spam and Abuse
To protect our website from automated access and misuse, we use alternative anti-spam services:
- Google reCAPTCHA
- hCaptcha
- Cloudflare Turnstile
Depending on the service used, IP addresses, device information and interaction data may be processed. These services are never used simultaneously.
Legal basis: Art. 6(1)(f) GDPR
10. Newsletter (FluentCRM)
Newsletter distribution is carried out via FluentCRM, which is operated locally on our website. Registration takes place using the double opt-in procedure.
For performance measurement, we evaluate newsletter opens and link clicks. Upon unsubscribing, this evaluation also ends.
Legal basis: Art. 6(1)(a) GDPR
11. Email Delivery Infrastructure (AWS)
The technical delivery of emails is carried out via infrastructure provided by Amazon Web Services (AWS), acting as a processor pursuant to Art. 28 GDPR.
12. Web Analytics with Google Analytics (GA4)
We use Google Analytics 4 to analyse the use of our website. Activation takes place only after consent via Borlabs Cookie.
Legal basis: Art. 6(1)(a) GDPR
13. Google reCAPTCHA
Google reCAPTCHA is used to protect against automated access. Google acts as a processor. As of April 2, 2026, processing is carried out exclusively on our behalf.
Legal basis: Art. 6(1)(f) GDPR
14. Transfers to Third Countries
When using certain services (e.g. Google, AWS), personal data may be transferred to countries outside the European Union. Such transfers take place on the basis of appropriate safeguards pursuant to Art. 44 et seq. GDPR (e.g. standard contractual clauses).
15. Social Media Presence
We maintain profiles on Facebook, Instagram and WhatsApp Business. These are operated in joint responsibility with the respective platform provider. Our website contains only linked social media buttons.
16. Rights of Data Subjects
You have the right to access, rectification, erasure, restriction of processing, data portability, and to withdraw any consent given. You also have the right to lodge a complaint with a supervisory authority.
17. Currency of this Privacy Policy
This Privacy Policy is valid as of February 2026 and will be updated as necessary.
