Privacy Policy

Marevane ("we," "us," or "our") is committed to protecting the privacy of our guests and website visitors. This Privacy Policy explains how we collect, use, store, and protect your personal information when you interact with our services, book trips, or visit our website.

By using our website or services, you consent to the practices described in this policy. We operate in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and other applicable data protection regulations.

For privacy-related questions or concerns, contact us at privacy@marevira.

2.1 Personal Information

We collect information you provide directly when booking trips or contacting us:

• Full name and contact details (email address, phone number)
• Billing and payment information for trip bookings
• Emergency contact information for trip participants
• Health and fitness information relevant to water activities (swimming ability, medical conditions affecting participation)
• Passport or identification details when required for permits
• Dietary requirements and preferences for multi-day trips
• Trip preferences and special requests

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain technical information:

• IP address and browser type
• Device information and operating system
• Pages visited and time spent on our website
• Referring website and search terms used
• Cookies and similar tracking technologies (see our Cookie Policy)

2.3 Information from Third Parties

We may receive information about you from:

• Payment processors when you complete bookings
• Travel agencies or partners who refer you to our services
• Social media platforms if you interact with our pages

We use collected information for the following purposes:

3.1 Service Delivery

• Processing trip bookings and reservations
• Coordinating transportation, accommodation, and activities
• Ensuring appropriate safety measures based on disclosed health information
• Communicating trip details, itinerary changes, and important updates
• Providing customer support and responding to inquiries

3.2 Legal Compliance

• Obtaining necessary permits for marine park access
• Meeting tourism regulatory requirements
• Maintaining records for tax and accounting purposes
• Fulfilling legal obligations under Malaysian law

3.3 Communication

• Sending booking confirmations and trip reminders
• Providing updates about weather conditions or itinerary adjustments
• Sharing educational content about reef conservation (with consent)
• Sending promotional offers for future trips (opt-in basis)

3.4 Website Improvement

• Analyzing website usage to improve user experience
• Troubleshooting technical issues
• Understanding which content resonates with visitors

We process your personal information based on the following legal grounds:

• Contractual Necessity: Processing required to fulfill trip booking contracts and deliver services
• Consent: You have provided explicit consent for specific processing activities
• Legitimate Interest: Processing necessary for our business operations, fraud prevention, and security
• Legal Obligation: Compliance with Malaysian laws and regulations

We share personal information only as described below. We do not sell your information to third parties.

5.1 Service Providers

We share information with trusted third parties who assist in trip operations:

• Boat operators for mainland-island transfers
• Accommodation providers on Tioman Island
• Payment processors for secure transaction handling
• Website hosting and analytics providers
• Email service providers for communications

5.2 Government Authorities

We disclose information when legally required:

• Marine park authorities for permit processing
• Tourism regulatory bodies
• Law enforcement when legally mandated
• Tax authorities for compliance purposes

5.3 Emergency Situations

We may share information with emergency services or medical providers if participant safety requires immediate action.

We retain personal information for different periods based on purpose:

• Booking Records: 7 years for tax and legal compliance
• Marketing Consent: Until consent is withdrawn or 3 years of inactivity
• Website Analytics: 26 months maximum
• Inquiry Forms: 2 years from last contact

After retention periods expire, we securely delete or anonymize personal information.

We implement appropriate security measures to protect personal information:

• Encryption of data transmission using SSL/TLS protocols
• Secure storage systems with restricted access controls
• Regular security audits and vulnerability assessments
• Employee training on data protection practices
• Secure disposal of physical and electronic records

While we take reasonable precautions, no internet transmission is completely secure. You acknowledge this inherent risk when providing information online.

Under Malaysian data protection law, you have the following rights:

8.1 Right of Access

Request a copy of personal information we hold about you.

8.2 Right to Correction

Request correction of inaccurate or incomplete information.

8.3 Right to Erasure

Request deletion of your information (subject to legal retention requirements).

8.4 Right to Object

Object to processing for marketing purposes or based on legitimate interest.

8.5 Right to Withdraw Consent

Withdraw consent for processing activities that require it.

To exercise these rights, contact us at privacy@marevira. We respond to requests within 30 days.

Our website uses cookies and similar technologies to enhance user experience and analyze website usage. For detailed information about our cookie practices, please review our Cookie Policy.

You can control cookie preferences through your browser settings or our cookie consent modal.

Our services are intended for individuals aged 18 and above. We do not knowingly collect personal information from children under 18 without parental consent. When minors participate in trips, their information must be provided by a parent or legal guardian.

If we discover we have collected information from a child under 18 without appropriate consent, we will delete it promptly.

Personal information may be transferred outside Malaysia when using third-party services (such as cloud hosting or email providers). We ensure appropriate safeguards are in place for international transfers through:

• Contractual agreements requiring adequate protection
• Choosing providers with strong privacy frameworks
• Regular review of data processing practices

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email if you have an active booking or subscription
• Provide prominent notice on our website

Continued use of our services after changes become effective constitutes acceptance of the updated policy.

For privacy-related questions, concerns, or to exercise your rights, contact us:

If you have unresolved concerns, you may file a complaint with the Personal Data Protection Commissioner of Malaysia.