Effective date: May 6th, 2022
Soulbreeze Yoga Retreats welcomes you. Please READ carefully. Your access and use of this Website (defined below) is subject to legally binding terms and conditions, which you accept and agree to by accessing this Webite.
1.1 The website https://soulbreeze.org/ (hereinafter the “Website”) is owned and operated by “Sofia Athanasiadi – SOULBREEZE YOGA RETREATS” (“Company”, “SOULBREEZE”, “we”, “us” and “our”). We are committed to protecting the personal data of the Website users and/or any clients making bookings for our Services (“Guests”) (both “Users” and “Guests” hereinafter referred to as “You”, “Your” or “Yours) by respecting and complying with the applicable data protection and privacy laws. In this Notice we provide you with transparent information on how we collect and process your personal data when you use the Website and its services and/or make bookings via the Website. We encourage you to carefully read this Notice which we have written in a clear and comprehensible manner to facilitate its understanding.
2. Who we are - Data Controller
2.1 The Website belongs to “Sofia Athanasiadi – SOULBREEZE YOGA RETREATS”, a private company legally seated in Athens, Greece. The Company is the Data Controller within the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and is responsible for the processing of your personal data.
You can contact us:
(a) by email at firstname.lastname@example.org
(b) by telephone at +30 6980725759
3. What personal data we collect – Purposes and legal bases for the data processing
A. INFORMATION PROVIDED VOLUNTARILY
3.1 RESERVATION FORM FOR RETREATS, MOON RITUALS AND YOGA SESSIONS
When you fill in the Reservation Form on the Website to submit a booking request, we collect the requested data (e.g., full name, email address, contact number, country, comments, etc.) to process your request, manage your booking, facilitate your payment, and communicate with you in this regard. We will also process payment and transaction data. The processing is necessary for the performance of a contract to which you are a party (article 6 (1) (b) GDPR). The processing of some data related to your transactions may also be necessary for compliance with a legal obligation to which we are subject (e.g., tax law etc.) (article 6 (1) (c) GDPR).
3.2 WELCOME SURVEY
When you submit a booking request, we send you a confirmation email with a link to a “Welcome Survey” which you have to complete. We collect additional data (time and place of arrival/departure, food allergies) that are necessary for us to provide our Services (e.g., we need to know place of arrival to schedule a pickup service) or to protect your health (e.g., we need to know if you have any allergies to keep you safe). Food allergies is regarded as “Special category of personal data” and the legal basis is your consent (article 9 (2) (a) GDPR) which you give by ticking a checkbox before the submission.
3.3 MARKETING TO EXISTING WEBSITE USERS
We may also use the contact details (email address) of our existing website users (e.g., those who have already visited our Website) for marketing purposes to promote our new retreats and exclusive offers. The processing of personal data for marketing purposes is regarded as carried out for our legitimate interest to promote our services (article 6 (1) (f) GDPR). However, you are always entitled to object to this processing as we provide an opt-out option (“unsubscribe”) within each marketing email you receive.
We also process personal data when you subscribe to our newsletter. To subscribe to our newsletter, you submit a valid email address. We will send an automated email to the email address indicated after the first registration step to check whether you are the owner of the specified email address or whether the owner agrees to receive the Newsletter. We will add the email address provided to our mailing list only after confirmation of the Newsletter registration via a link in the confirmation email. We do not collect any further data beyond the email address. When you subscribe to our Newsletter, we will process your personal data to keep you notified about new retreats and exclusive offers. The legal basis for the processing is your consent (article 6 (1) (a) GDPR). Remember that you may at any time unsubscribe from the newsletter by following the instructions that we provide you within each email.
3.5 SELF LOVE UPGRADE / FREE GUIDED MEDITATION
We also process personal data when you subscribe for the “Self Love Upgrade” or “Free guided meditation” or other free services. To subscribe, you submit a valid email address. We do not collect any further data beyond the email address. If you subscribe, we will process your personal data notify you about the launch of “Self Love Upgrade” or “Free guided meditation” or other free services, and new retreats and exclusive offers. The legal basis for the processing is your consent (article 6 (1) (a) GDPR). Remember that you may at any time unsubscribe by following the instructions that we provide you within each email.
3.6 HEALTH DATA / COVID-19
We may rarely process personal information regarding your health. More specifically, in case you cannot travel due to infection by COVID-19, you may request a rebooking within the calendar year provided that you provide us with sufficient proof (medical statement with regard to COVID-19). The legal basis for the processing is your consent (article 9 (2) (a) GDPR). By submitting such documents to us, you explicitly give your consent for the data processing.
B. INFORMATION COLLECTED AUTOMATICALLY
When you visit the Website, some information is automatically collected from our server and recorded in log files. This data may include Date and time of session, URL, User Agent (browser and operating system), remote IP address. The temporary storage of the IP address is necessary to enable the delivery of the website to the user’s computer. We store the above data to ensure the Website functionality, security, availability, integrity, and confidentiality of information from accidental or unlawful acts or incidents. The legal basis for the temporary storage of data and log files is Article 6 (1) (f) GDPR.
4. Who we share your personal data with
4.1 Your data shall not be disclosed to any third party, apart from the following:
(a) Vendors who are required to have access to personal data to provide their services (IT services company, hosting providers, accounting office, Mailchimp). All vendors are bound by specific agreements (controller-to-processor contracts) ensuring protection of your data.
(b) Authorized employees who have access to personal data only when this is necessary (e.g., to handle your requests) and are bound by non-disclosure and confidentiality agreements.
(c) Travel Agencies, Hotels, Transportation Service Providers, or other Offices (“Partners”) with whom we cooperate to provide you with the services. These Partners are also bound by specific agreements (controller-to-processor or controller-to-controller contracts) that provide for the respective responsibilities of both parties and ensure the security and confidentiality of the information.
(d) Public or independent authorities such as Public Prosecutor’s Office, Cybercrime Division, Data Protection Authority (DPA), etc. when that disclosure is necessary to comply with a law or to prevent unlawful acts against us or users of the Website.
(e) Third-party partners setting cookies. Some Cookies are put in place by third-party service providers. These partners have access to cookie-related information that may under certain circumstances constitute personal data (for more information about cookies, see our Cookies Notice).
5. How long we retain your data
5.1 We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law. In particular, when you fill out the contact form, we will keep the requested data until the communication request is fulfilled. When you fill out the booking form, we will keep the requested data for as long as we have an ongoing relationship and provide you with our services. Please note that we will keep transaction data for the period necessary to comply with applicable laws. When you subscribe to our newsletter or the “Self Love Upgrade” or “Free guided meditation” inner email circle, we keep your email until you unsubscribe from our mailing lists. We keep all the information collected automatically and stored in log files for one (1) month. As regards the documents proving COVID-19 infection, we do not store such information.
The above periods may be extended if (a) we must keep data to comply with applicable law or to keep evidence for such compliance; (b) there is a dispute or claim and we need to retain all relevant information until it is resolved; or (c) we must keep the information for our legitimate business interests, such as fraud prevention and website users’ security.
6. International Data transfers - Data security
6.1 Our servers are located in Germany. For service efficiency purposes, some of our third-party providers may hold servers outside the European Economic Area (EEA). We inform you that this data is transferred with adequate safeguards and is always kept safe.
We have adopted measures of a technical and organizational nature required to guarantee the security of your data and prevent it from being lost, processed, or accessed illegally. We regularly monitor our systems for possible vulnerabilities and attacks and review all processing practices to update security measures.
7. Links to third-party websites
7.1 The Website may contain links, hyperlinks, banners or tabs leading to websites operated by third-parties. We kindly recommend that you review the Privacy Notice of each external website and get informed about how each third-party uses your personal data. Company shall not be held responsible for processing activities carried out by those third-parties.
8. Rights of data subjects
8.1 We want to ensure that you can exercise your rights enshrined under the applicable laws. To this end, for as long we retain your data you may exercise your rights free of charge. However, we may charge a reasonable fee in case of manifestly unfounded, disproportionate or repeated requests. In particular, you have the following rights:
- to request access to the personal data that we hold;
- to request rectification of inaccurate or incomplete data;
- to request erasure of your personal data to the extent that they are no longer necessary for the purpose for which we need to keep processing them, as we have explained above, or when we are no longer legally permitted to process them;
- to request that we limit the processing of your personal data, which entails that in certain cases you can request us to temporally suspend the processing of the data or that we keep them longer than necessary;
- if you have given us your consent to process your data, you also have the right to withdraw such consent at any time. In the event that you withdraw your consent, this will not affect the legality of the processing carried out previously.
- When we process your data based on your consent or for the purposes of a contract, you can also request portability of your personal data.
- When the processing of your data is based on our legitimate interest, you are entitled to object to the processing.
You can exercise the above-mentioned rights by sending us an email message at email@example.com.
Finally, we inform you that you have the right to lodge a complaint with the competent Data Protection Authority if you have concerns that we have violated your rights.
9. Changes to the Privacy Notice
9.1 We may amend the information contained in this Privacy Notice when we consider this appropriate having regard the applicable laws. The version of the Privacy Notice that applies to the processing of your data, is the one available at the Website when you visit it. In case of an amendment, we will also change the “Effective Date”/”Last Updated” date at the beginning and end of this Privacy Notice.