Website & Personal Information Security

Short Version 1-3:

(1) We may process payments from MasterCard, Visa cards and Debit Cards over the phone, and via PayPal, securely and without retaining this sensitive information on our server or computers.

(2) We are committed to protecting your privacy. We will only use the information that we collect about you lawfully, never passed on or sold to third parties.

(3) In accordance with the GDPR. We collect information about you for 2 reasons: firstly, to process your order and second, to provide you with the best possible service. The type of information we will collect about you includes: your name address phone number email address order history and massage/health forms on retreats.

Long Version 1-4:

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

1) Definitions

References in this policy to “data protection law” mean (as applicable) the Data Protection Act 1998, the General Data Protection Regulation (Regulation (EU) 2016/679), and all related data protection legislation having effect in the United Kingdom from time to time (including the Data Protection Act 2018).

2) How we use your information

2.1  The following sections explain what information we hold about you, why we are processing that information, the legal basis for the processing, the duration for which we keep your information and (if applicable) who your information will be shared with and where those recipients are based.

2.2  Which information do we process and for what purpose?
We will collect and process the following data about you:

2.2.1  Information you give us. This is information about you that you give us by filling in forms on our site/via email/on retreat or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site or the application, subscribe to a service we provide, place an order on our site and report a problem with our site to us. The information you give us may include your name, address, e-mail address and phone number, medical history, lifestyle and diet financial and credit card information and others.

2.2.2  Information we collect about you. When you visit our website we will automatically collect the following information: technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, and operating system and platform; and Information about your visit, including the full Uniform Resource Locators (URL), through and from our site (including date and time), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number. Information about your stay with us regarding your detox diet and process, therapy and massage sessions and others.

2.2.3 Information we receive from other sources.  This will typically comprise your name and contact information when your information is given by one party booking a retreat for another party who is attending the retreat, or who is an emergency contact for a participant on the retreat. We may request information from a third-party company regarding a participant who may have received services from that company if we deem they are necessary for our provision of services our correspondence with the party, or our legal requirements.

2.3  How is my information used?
We use information held about you in the following ways:

2.3.1  to carry out our obligations arising from any contracts entered into between you (or the organisation you work for or represent) and us. For customers, this includes providing you (or your organisation) with the information, products and services that you request from us. For suppliers this includes us obtaining price quotations from you and engaging you (or your organisation) to supply us with products and services;

2.3.2  in the case of customers (or employees or representatives of customer organisations), to notify you about changes to our service;

2.3.3  in the case of customers (or employees or representatives of customer organisations), to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;

2.3.4  to otherwise respond to your enquiry or follow up our own enquiries;

2.3.5  to ensure that the content from our site is presented in the most effective manner for you and for your computer; and

2.3.6  to administer our site, including for troubleshooting, data analysis, testing, research, statistical and survey purposes.

2.4  What are the grounds for processing your information?
We are processing your data on the following grounds:

2.4.1  if you are a customer or supplier of ours, because the processing is necessary for the performance of the contract between you and us, including the taking of pre-contractual steps at your request;

2.4.2  if you are an employee or representative of a customer or supplier of ours, because we have a legitimate interest in processing your information in order to perform the contract between us and your employer or principal, including taking pre-contractual steps at their request. In accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest in processing your information in this way and are satisfied that we are justified in doing so;

2.4.3  in certain circumstances, the processing is necessary for us to comply with our legal or regulatory obligations;

2.4.4  in all other cases, the processing is necessary for achieving our legitimate interests of: Maintaining accurate internal records of customers, suppliers, contractors and their contacts for administrative and commercial purposes. This includes where we keep a record of potential supplier details with a view to using their services or purchasing their products in the near future;  responding to your enquiry, whether submitted through our website, email, over the telephone, in person or otherwise; or  sending you marketing information about our products and services (including, where applicable, on the basis of the soft opt-in under the Privacy and Marketing Communications Regulations). You can unsubscribe from these communications at any time by following the instructions contained in the communication or by contacting us using the details set out below, and in accordance with data protection law we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for this purposes; and

2.4.5  we are otherwise processing your data on the basis of your consent. This will typically be the case where you have opted into receiving marketing communications from us.

2.5  Duration and further processing. 
We only keep your information for as long as it is reasonably necessary. Generally speaking, we keep your personal information for the following periods of time:

2.5.1  customer, supplier and contractor information (including contact details of employees and representatives) where we enter into a contract–7 [seven] years from the date of termination of our contract; customers who participate in a retreat are in this category.

2.5.2  potential customer, customers, supplier and contractor information (including contact details of employees and representatives) where a contract is not entered into between us–2 [two years] from the last communication between us.

We endeavour not to keep your information for a longer period and will inform you of the reason and grounds for doing so, upon request.

2.6  Who is your information shared with?

Your personal information is not shared with anyone except in the rare case where we are required to do so to comply with the law, to protect our rights, to deliver or improve our services or to efficiently operate our business or our communications with you. In order to achieve these purposes, we will share your data with the following people or groups of people:

2.6.1 our outsourced IT providers. Our IT providers may in certain circumstances require access to data held on our systems, for example when we need to troubleshoot a technical issue. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection laws at all times;

2.6.2  potential purchasers of our business, subject to those persons entering into strict confidentiality obligations with us and only to the extent permissible under data protection law; and

2.6.3  our professional advisers, or professional colleagues, such as our accountants and solicitors, who are subject to professional duties of confidentiality.

To the best of our knowledge, understanding and belief, your information will not be transferred outside of the European Economic Area or to any country which is not approved by the European Commission. If this changes then we will let you know.

2.7  Automated decision making

We do not make automated decisions about you based on your information. If this changes in the future then we will let you know.

2.8 Where we store your personal data

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted pursuant to our payment processors’ protocols. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share passwords with anyone outside of the organisation to which those passwords were supplied.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security safeguards to try to prevent unauthorised access.

3) Your Rights

3.1 Under data protection law you have the following rights:

3.1.1  the right to be informed as to what we do with your information. This includes but is not limited to the right to know what information we gather, process and store, what we do with it, who we share it with and how long we keep it. This information is set out in this policy;

3.1.2  if we are processing your data on the basis of your consent then you have the right to withdraw that consent at any time. One way of doing so would be to notify us using the details set out below. In the case of marketing communications sent to you on the basis of your consent, each communication will clearly indicate how you can withdraw your consent. Please note that the lawfulness of our historic processing based on your consent will not be retrospectively affected by your subsequent withdrawal of consent;

3.1.3  the right to access a copy of your information which we hold. This is called a ‘subject access request’. Additional details on how to exercise this right are set out in section 4, below;

3.1.4  the right to prevent us from processing your information for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent

3.1.5  the right to object to decisions being made about you by automated means. We will inform you if your information is subject to automated processing;

3.1.6  the right to object to us processing your personal information in certain other situations;

3.1.7  the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate; and

3.1.8  the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law.

3.2 From 25 May 2018 you will have the following additional rights under data protection such as processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using the details set out below;

3.2.1  enhanced rights to request that we erase, rectify, cease processing and/or delete your information; and

3.2.2  in certain circumstances, the right to request the information we hold on you in a machine-readable format so that you can transfer it to other services. This right is called ‘data portability’. Additional details on how to exercise this right are set out in section 4, below.

3.3  You also have the general right to complain to us (in the first instance) and to the Information Commissioner’s Office (if you are not satisfied with our response) if you have any concerns about how we hold and process your information. Our contact details are set out below. The Information Commissioner’s Office website is

3.4  For further information on your rights under data protection law and how to exercise them, you can contact the Citizens Advice Bureau or the Information Commissioner’s Office

4) Access to Information 

4.1  Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you. You must send us proof of your identity and proof of authority if making the request on behalf of someone else before we can supply the information to you. Requests should be sent to us using the contact details in section 8 below

4.2   We will also be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive. In very limited circumstances, we are also entitled to refuse to comply with your request if it is particularly onerous; and

4.2.2  in certain circumstances, be entitled to receive the information in a structured, commonly used and machine-readable form.