Big Nomad

Privacy Notice

Last updated: 4 June 2026

This Privacy Notice explains how Big Nomad ("we", "us") collects and processes your personal data when you visit bignomad.com or enquire about our services. It is written to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data controller

The data controller is K2Diving Krzysztof Miłek, a sole proprietorship registered in Poland (NIP 692-13-59-779, REGON 527697881), trading in the United Kingdom as "Big Nomad" via bignomad.com. Contact: [email protected] — +48 607 605 417.

2. Personal data we collect

  • Enquiry data: name, email, phone, certification level, preferred dates, message content.
  • Booking data: address, date of birth, emergency contact, medical declarations and dive qualifications.
  • Technical data: IP address, browser type, device information, pages viewed (via essential and analytics cookies, where consented).

3. Lawful bases for processing

  • Contract (Art. 6(1)(b) UK GDPR) — to provide diving services you've booked.
  • Legitimate interests (Art. 6(1)(f)) — to respond to enquiries and improve our service.
  • Consent (Art. 6(1)(a)) — for non-essential cookies and marketing communications.
  • Legal obligation (Art. 6(1)(c)) — to meet tax, accounting and safety record-keeping duties.
  • Vital interests (Art. 6(1)(d)) and Art. 9(2)(c) for health data — diver safety.

4. How long we keep your data

Enquiry data is kept for up to 24 months. Booking and dive records are kept for 7 years to comply with accounting and insurance requirements. You may request earlier erasure where no legal obligation requires retention.

5. International transfers

Your data may be transferred to Poland (our headquarters) and France (where dives take place). The UK Government recognises the EU/EEA, including Poland and France, as providing an adequate level of data protection.

6. Sharing

We share data only with: our boat operators and insurers in France; payment processors; IT and email providers; and authorities where legally required. We never sell personal data.

7. Your rights under UK GDPR

You have the right to access, rectify, erase, restrict, port and object to processing of your personal data, and to withdraw consent at any time. Send requests to [email protected]. If unsatisfied, you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Security

We use appropriate technical and organisational measures including TLS encryption, access controls and supplier vetting.

9. Changes

We may update this Notice from time to time. Material changes will be highlighted on this page.