Effective Date: May 12, 2026 | Last Updated: May 12, 2026

1. Introduction and Scope

Pangaea Exploration LLC (“Pangaea Exploration,” “we,” “us,” or “our”) is a sailing expedition and adventure company headquartered in Florida. We are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, share, and protect information about you when you:

Visit our website at www.panexplore.com
Register for, book, or participate in any of our sailing expeditions or programs
Communicate with us by any means (email, phone, web form, or in person)
Use any of our mobile applications or digital services

This Policy applies to all individuals who interact with Pangaea Exploration, including customers, prospective customers, website visitors, and crew applicants. It covers information collected in the United States and, where applicable, from individuals in the European Economic Area (EEA), United Kingdom, and other jurisdictions.

2. Applicable Laws and Compliance Frameworks

Pangaea Exploration complies with all applicable privacy laws and regulations, including but not limited to:

Florida Digital Bill of Rights (FDBR) – Effective July 1, 2024, governing the privacy rights of Florida consumers
General Data Protection Regulation (GDPR) – Applicable to personal data of individuals in the European Economic Area and United Kingdom
California Consumer Privacy Act (CCPA) / CPRA – Applicable to California residents
Health Insurance Portability and Accountability Act (HIPAA) – Applicable to protected health information (PHI) where Pangaea Exploration acts as a covered entity or business associate
CAN-SPAM Act – Governing commercial electronic communications
Children’s Online Privacy Protection Act (COPPA) – Protecting the privacy of children under 13
California Online Privacy Protection Act (CalOPPA)

3. Personal Information We Collect

We collect the following categories of personal information:

3.1 Identity and Contact Information

Full legal name, date of birth, and gender
Mailing address, email address, and telephone number
Emergency contact details

3.2 Government-Issued Identification

Because sailing expeditions may involve international waters and foreign ports of entry, we collect:

Passport number, country of issue, and expiration date
Visa information where required
Other government-issued identification as mandated by maritime or customs law

This information is collected solely to comply with applicable maritime, customs, and immigration regulations. We treat passport and government ID data as sensitive personal information and apply heightened security controls to its storage and transmission.

3.3 Health and Medical Information

Participant safety is our highest priority. We collect health and medical information to ensure the safety of all participants and crew, including:

Medical history relevant to sailing activities (cardiovascular conditions, motion sickness, mobility limitations, etc.)
Current medications and allergies
Fitness level and physical limitations
Emergency medical authorizations
Vaccination status where required by destination ports or maritime regulations

Where this information constitutes Protected Health Information (PHI) under HIPAA, we handle it in full compliance with the HIPAA Privacy Rule (45 CFR Part 164). We will not use or disclose your PHI except as permitted or required by HIPAA. A separate Notice of Privacy Practices will be provided upon request for health-related information.

3.4 Location and GPS Data

For safety and operational purposes, we may collect:

Real-time vessel GPS location during expeditions
Participant location data on board (via safety tracking systems)
Approximate location derived from your IP address when visiting our website

Location data collected during expeditions is used exclusively for safety monitoring, emergency response, and operational coordination. It is not used for advertising profiling.

3.5 Financial Information

Payment card information (processed securely; we do not store full card numbers)
Billing address and transaction history

3.6 Communications and Technical Data

Emails, enquiry forms, and other correspondence with us
Website usage data, cookies, and analytics information (see Section 7)
Browser type, IP address, and device identifiers

4. How We Use Your Personal Information

We use your personal information for the following purposes and on the following legal bases:

4.1 Contractual Necessity

Processing bookings, registrations, and payments
Coordinating logistics for sailing expeditions
Communicating pre-departure information, itineraries, and updates

4.2 Legal Obligation

Complying with maritime law, customs, and immigration requirements (requiring passport data)
Complying with HIPAA obligations regarding health information
Fulfilling tax, accounting, and regulatory reporting obligations
Responding to lawful requests from government authorities

Ensuring the safety of all participants and crew during expeditions
Improving our services and website functionality
Fraud prevention and network security
Sending you information about similar services you may be interested in (with opt-out available)

Sending marketing communications where required by law (you may withdraw consent at any time)
Placing non-essential cookies (see Section 7)
Sharing your information with third parties for purposes beyond those listed above

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information only in the following circumstances:

Service Providers: Trusted vendors who assist in operating our website, processing payments, managing bookings, or providing IT support, under strict data processing agreements
Maritime and Customs Authorities: Government agencies requiring passenger manifests, passport data, or health documentation as mandated by law
Medical Personnel and Emergency Services: In the event of a medical emergency on board
Legal Requirements: When disclosure is required by law, court order, or to protect our legal rights
Business Transfers: In the event of a merger, acquisition, or asset sale, with notice provided to affected individuals

We require all third parties to respect the security of your personal information and to treat it in accordance with applicable law. We do not permit our service providers to use your personal data for their own purposes.

6. International Data Transfers

If you are located in the European Economic Area, United Kingdom, or another jurisdiction outside the United States, please be aware that we transfer your personal data to the United States, which may not offer the same level of data protection as your home country.

Where required by law, we implement appropriate safeguards for such transfers, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions, where applicable
Other transfer mechanisms as permitted under applicable data protection law

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website. Cookies are small data files placed on your device that help us improve your experience and understand how our site is used.

7.1 Types of Cookies We Use

Essential Cookies: Required for the website to function (shopping cart, session management). Cannot be disabled.
Analytics Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics)
Advertising/Retargeting Cookies: Used by advertising partners such as AdRoll and Google AdSense to show relevant ads on other websites
Preference Cookies: Remember your settings and preferences for future visits

You can control non-essential cookies through your browser settings or our cookie preference centre. You may also opt out of interest-based advertising via:

Google Ad Settings: https://adssettings.google.com
Network Advertising Initiative: https://optout.networkadvertising.org
AdRoll opt-out: https://app.adroll.com/optout/safari

We honor Do Not Track (DNT) browser signals. When a DNT signal is detected, we do not track your activity, plant advertising cookies, or engage in behavioral advertising on our site.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. Retention periods by data type:

Booking and transaction records: 7 years (tax and legal compliance)
Passport and government ID data: Deleted within 90 days of expedition completion, unless longer retention is mandated by law
Health and medical information: Retained for the duration required by applicable health regulations and HIPAA, and deleted securely thereafter
Marketing communications preferences: Until you unsubscribe or withdraw consent
Website analytics data: Up to 26 months (anonymised after 14 months)

9. How We Protect Your Information

We implement technical and organizational security measures appropriate to the sensitivity of the data we process, including:

Encryption of sensitive data (including health information and passport data) in transit and at rest using industry-standard protocols (TLS/SSL, AES-256)
Access controls limiting personal data access to authorized personnel on a need-to-know basis
Regular security vulnerability scanning and malware detection
Staff training on data protection and confidentiality obligations
Incident response procedures, including breach notification protocols

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant regulatory authorities within the timeframes required by applicable law (within 72 hours under GDPR; within 7 business days under our Fair Information Practices commitment for other users).

10. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

10.1 Rights for All Users

Right to access: Request a copy of the personal information we hold about you
Right to correction: Request correction of inaccurate or incomplete data
Right to opt out of marketing: Unsubscribe from marketing communications at any time

Right to erasure (‘right to be forgotten’): Request deletion of your data where there is no compelling reason for its continued processing
Right to restriction: Request restriction of processing in certain circumstances
Right to data portability: Receive your data in a structured, machine-readable format
Right to object: Object to processing based on legitimate interests or for direct marketing
Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
Right to lodge a complaint: With your national data protection supervisory authority

10.3 Additional Rights for Florida Residents (FDBR)

Right to know what personal data is collected and how it is used
Right to opt out of the sale of personal data (we do not sell personal data)
Right to opt out of targeted advertising using your personal data
Right to deletion and correction of personal data
Right to data portability
Right to appeal our decision on a rights request

10.4 Additional Rights for California Residents (CCPA/CPRA)

Right to know about personal information collected, disclosed, or sold
Right to delete personal information (with certain exceptions)
Right to opt out of the sale or sharing of personal information
Right to non-discrimination for exercising your privacy rights
Right to correct inaccurate personal information
Right to limit use and disclosure of sensitive personal information

To exercise any of the above rights, please contact us at hello@panexplore.com or by calling us. We will respond within the timeframe required by applicable law (generally within 45 days). We will verify your identity before processing your request.

11. Children’s Privacy

Our services are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at hello@panexplore.com and we will take prompt steps to delete such information. For sailing expeditions involving participants under 18, we require written parental or guardian consent and apply additional safeguards.

12. Special Notice Regarding Health Information (HIPAA)

Where Pangaea Exploration collects and processes protected health information (PHI) as defined under HIPAA, we act in compliance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule. Your PHI will be used only to:

Ensure your safety during expeditions
Coordinate emergency medical care if required
Comply with applicable maritime safety regulations

We will not use or disclose your PHI for marketing purposes without your explicit written authorization. You have the right to receive a Notice of Privacy Practices at any time by contacting us. We maintain appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of your PHI.

13. Third-Party Links and Services

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies. We use the following third-party services on our website:

Google Analytics and Google AdSense (see Section 7 for opt-out options)
AdRoll retargeting advertising
Payment processors (governed by their own PCI-DSS compliant privacy policies)

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will notify you by:

Posting the updated Policy on our website with a revised “Last Updated” date
Sending an email notification to registered users (where required by law)
Displaying a prominent notice on our website

We encourage you to review this Policy periodically. Continued use of our services following notice of changes constitutes acceptance of the updated Policy.