Last Modified Date: 20th May 2018
Your privacy is important.
The personal information we collect, if you provide it, will be used to contact you, send you more information about our products and services, provide service fulfillment and provide more information upon request.
- When you provide us with your information for these purposes, you consent to our collection and processing.
- We do not share your information with third-parties
By visiting our website, submitting online forms to request more information, check availability, get travel assistance, to make a reservation or simply by providing your contact information in email you consent to the collection and processing of your personal identifiable information, PII, as defined here.
General Data Protection Regulation (GDPR) data controller is THE_COMPANY.
Information You Might Provide Subject to the GDPR
- Personal identifiable information you might provide are to order a service, request more information, receive travel information requested by submit using an online form, by emailing us, calling by phone, using post mail or otherwise contacting us at www.mantaray.com (the website).
- Personally Identifiable Information you provide are your name and contact information, diver certification information, payment information for reservations, travel information for booking flights or other requests made by you.
Your Data Security
We are committed to compliance with the GDPR (article 5)
- Personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).
We use current enterprise information systems to maintain customer information backed with modern digital security and dedicated system manager. Our organization has a “DPO” Data Protection Officer that can be reached using the contact page of this website.
We use third party providers to host our website and provide the communication, shipping, invoicing / accounting and payment processing.
We use industry standard methods, best-practices and encryption wherever possible when receiving, sending and storing your information.
By providing personal information, you agree to this.
Information we collect when visiting our website:
- your IP address, browser, operating system and computer type with extensions, plugins and other device information
- how you got to our website, date and time you visit our website and about the content you view, referring site and search engine information.
Sharing Your Data
We would disclose your information only with your consent or to comply with governing laws or court orders.
If you submit a contact form on our website, the fields you submit are sent to Roommaster hotel service software and Constant Contact newsletter management service. These are GDPR compliant third-party data processors.
If you email, call on the phone or otherwise contact us, we may reply by email – our servers are provided by GoDaddy and we use Microsoft Outlook email software. Godaddy and Microsoft are GDPR compliant third party data processors.
All third party data processors we use are GDPR compliant
- Google – Email and Website Analytics Provider
- Microsoft – Email Server Provider
- Constant Contact – Email Marketing Provider
- Roommaster – CRM Provider
- GoDaddy – Web Host and Hardware Provider
- GoogleDrive – Document Transfer/Storage Solution
- Facebook – Marketing Service Provider
- Quickbooks – Accounting Software
- Merchant Account – Payment Processor
We would only disclose your information in accordance with the law or a corporate acquisition / merger.
How we use your data
- Information provided by you is used to satisfy requirements to any requests for information or services, updates to relevant worldwide laws, promotions and recommendations.
- Information we collect is used to study our website activity and improve the content and user experience, monitor advertising expenses and efforts as well as target recommendations by interest.
Your rights under the GPDR
- Right to Information – The right to ask what personal data there is and how it’s being used.
- Right to Access – The right to view your personal data.
- Right to Rectification – The right to correct and modify if it is not updated.
- Right to withdraw consent – The right to revoke the consent to collection and processing of personal information.
- Right to Objection – The right to the objection of your personal data being processed.
- Right to object to automated processing – The right to object to a decision made by automated processing.
- Right to be forgotten – The right to request your data to be deleted.
- Right for data portability – The right to request transfer of your data – data must be provided or transferred in a machine-readable electronic format.
How long do we keep your data?
We will maintain customer information for as long as it is necessary to fulfill a service order and facilitate requests as well as comply with legal requirements.
Contact us about removing your data.
Disclosures by Minors under 16 years-old
Parental consent is required before providing us with your personal information.
Revoke your consent
Contact our office and specify this is a request to revoke consent to collection and processing of your personal information.
Subject Access Request (SAR)
In accordance with the GDPR,
- you can request that we send you detail about any personal information we hold, or
- you can request that we fix any discrepancies, or
- you may request us to delete all of your data.
In accordance with the GDPR, all access requests are provided for free within  days.
For any questions relating to your data, or to submit requests, please contact us:
Manta Ray Bay Resort
PO Box MR
Yap, FSM 96943
We do not accept any responsibility or liability for the privacy handling of third-parties.
Cookies are used with your permission, they are small files on your computer that identify you to our website.
Types of cookies we use
- Website Analytics: provides the numbers of visitors, traffic acquisition and content behavior in order to improve our marketing and user experience.
- Advertising Targeting: records actions being taken on our website such as the content you requested and links you click. We use this to improve material and messages on our website and materials.
Third-party cookies which may be set on our website include:
- Google’s Remarketing cookie provides a method of refining content delivered to you based on your browsing history of our website. You can opt out of this in your Google Ad Settings.
- Roommaster, by Inquest, is our hotel booking and transaction system.
- Wordfence is WordPress Security Option that uses a cookie to determine if you are a human user.
- Facebook Pixel provides website traffic analysis to measure ad performance.
You can block cookies by changing the setting of your browser.