This Privacy Notice sets out the basis on which we will process the personally identifying information (‘Personal Data’) that we collect and receive from and about users of our websites (satvada-retreats.co.uk), (together “the Sites”) and customers who purchase events, attend our events or subscribe to our newsletters.

Our privacy commitments

We will only collect, keep, use and share Personal Data for legitimate business purposes that we explain here below, or if we’re legally required to do so.

We will be as clear and open as we can with you on what Personal Data we collect and how it will be processed.

For as long as we maintain records of your Personal Data, we will keep it up to date and protect it with appropriate safety measures.

CUSTOMERS and SITES VISITORS

Data Collection

We collect the following Personal data from or about you as a Satvada Ltd customer:

• Personal Data collected directly from you through the booking process: your name, phone number, postal address, email address. Our legal basis for the collection and processing of this data is the provision to you of the services purchased by you.

• Personal Data collected directly from you through completion of a booking or health questionnaire or similar: your name, phone number, postal address, email address and health issues. Our legal basis for the collection and processing of this data is the provision to you of the services purchased by you.

• Personal Data Collected Automatically from the use by you of the Sites. The data transmitted from your browser includes your IP address, the date and time of the visit the pages accessed, the access status/HTTP status code, your browser, your operating system and interface, as well as the language and version of the browser software. The legal basis for collecting and processing this personal data is to be able to operate the Sites and provide you with access to the pages you wish to access.

• Personal Data received Indirectly through our suppliers, which enables us to create and store a record of your purchase history. The legal basis for collecting and processing this personal data is our legitimate interests in knowing more about our customers.

Data Uses

We use your Personal Data:

• For the administration of your purchases and our events and to contact you about your purchase (for example with details on your events and your attendance).

• For processing of payments for events you have requested.

• To contact you with marketing messages which you have requested or agreed to receive from us (for example via a branded newsletter);

• To contact you with surveys and feedback requests

• To analyse the purchase history of our customers and the way our customers use the Sites.

• To re-target our website visitors with relevant marketing messages (for example by using cookies hosted on our Sites);

• To collect site statistics.

• To help ensure your safety by ensuring that we have sufficient information of any health conditions or injuries and to help us identify if there are any reasons why we consider it unsafe for you to participate in an event.

Cookies

We use cookies (small text files which are transferred to your browser by the Sites to identify data traffic patterns, personalise contents and support security. The cookies we use are described in more detail below. They do not provide any information which might disclose the identity of a specific person but they may potentially identify your computer, your browser and your internet settings. You may change the storing of cookies in your browser settings at any time by selecting the function “accept no cookies”. However, disabling essential cookies will result in you no longer be able to purchase events via the Sites.

Google Analytics:

A random unique number or string of letters and numbers are stored in the cookie to identify the browser, the times and dates our visitors interact with the site. These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

_ga - duration 2 years

_gid - duration 2 days

_gat - duration 2 minutes

weben - duration 1 day

ci_token - 1 day.

statcounter

Non personally identifiable information that allows stat counter to determine whether you are visiting the website for the first time.

sc_is_visitor_unique - duration 2 years.

is_visitor_unique - duration 2 years

Used to maintain the security of stat counter and their host platform.

__cfduid - duration 1 year

mailchimp

By subscribing / unsubscribing and accessing mailchimp hosted media, mailchimp specific cookies will be downloaded to your computer. We refer you to mailchimp's cookie statement for details of all cookies that will be downloaded. https://mailchimp.com/legal/cookies/

Data Sharing

Satvada Ltd will not sell your information. We will not share your information with any third party except as stated in this Privacy Notice or as required to operate the Sites, provide our services to you and administer your account.

Data Processors

We use third party processors to collect, export, process and store Personal Data on our behalf. The processors we use currently are the following:

Social Media

We will not share your information directly with Social Media platforms and your decision to follow or subscribe to the information that we post to such platforms will be left at your discretion.

We may, however, use Facebook pixels to track effectiveness of advertising campaigns that are displayed via Facebook.

A pixel is a small transparent image that is displayed buy your browser upon accessing a specific website address and allows us to track if you have completed a purchase as a result of clicking on or otherwise interacting with an advertisement on Facebook. Such information does not allow us to track an individual and provides purely a statistical view of advertising effectiveness.

Facebook,. https://www.facebook.com/privacy/explanation

Data Analysis

To enable us to evaluate the effectiveness of marketing we use two systems, which compile non-personally identifiable information, gathered when access our websites.

Google Analytics

Google Analytics, a web analytics service provided by Google, Inc. (“Google”) also places the "Google Analytics" cookies on your computer, to enable Google to provide us with activity reports relating to the Sites. Google uses this data only to provide us with information on how users use the Sites and does not associate your IP address with any other data held by Google. The information generated by Google cookies about your use of the platform (including your IP address) will be transmitted to and stored by Google on servers in the United States. You may refuse these cookies by selecting the appropriate settings on your browser or by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Google analytics enable data retention to be configured. We have minimised the data retention period to the minimum allowed of 14 months.

Statcounter

Statcounter, a web analytics service provided by statcounter.com, places the "Statcounter" cookies on your computer, to enable Statcounter to provide us with activity reports relating to the Sites. Statcounter uses this data only to provide us with information on how users use the Sites and detailed by their privacy policy: https://statcounter.com/about/legal/. The information generated by Statcounter cookies about your use of the platform (including your IP address) will be transmitted to and stored by Statcounter on servers in the United States. You may refuse these cookies by selecting the appropriate settings on your browser or by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Mailchimp

mailchimp, a email marketting suite of services provided by mailchimp, places the "Mailchimp" cookies on your computer, to enable mail chimp to provide us with activity reports relating to the Sites. mailchimp uses this data only to provide us with information on subscription and un-subscription behaviour and activity of user in relation to marketing emails that they have subscribed and received from us. and detailed by their privacy policy: https://mailchimp.com/legal/privacy/. The information generated by mail chimp cookies about your use of the platform (including your IP address) will be transmitted to and stored by mail chimp on servers in the United States. You may refuse these cookies by selecting the appropriate settings on your browser or by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB. You may also unsubscribe from the service at any time.

Payment processors

We use a number of payment processors to process the payment for events.

reservie

The booking engine that is responsible for processing and managing bookings

stripe

Stripe, located in the U.S. Privacy Shield Certified https://stripe.com/privacy-shield-policy.

If you you elect to pay for events via 'credit card', we will share the following information to enable the payment to be processed and to allow you to be verified and validated.

• Credit / debit card information

• Card name

• Card registered address.

• Details of event being purchased.

Paypal

Paypal, is located in the US https://www.paypal.com/ee/webapps/mpp/ua/privacy-full.

If you elect to pay for an event via paypal, we will share the following information to enable the payment to be processed and to allow you to be verified and validated.

• Details of event being purchased.

If you elect to pay via paypal, you will be referred to https://www.paypal.com/cgi-bin/webscr to complete the payment. In the event that your payment is successful, paypal will share your name, email address and telephone number with us.

gocardless

gocardless is located in the UK https://gocardless.com/legal/privacy/

We use gocardless should you elect to pay via direct debit. Gocardless requires direct and explicit sign-up and requires you to enter you name, postal address, email address and bank details.

If you elect to pay via direct debit and setup an account with gocardless:

• gocardless will share your name, address and email address with Satvada Ltd.

• Satvada will share details of monies owed and associated invoices, so that gocardless can charge your account on our behalf.

This information is shared for the purpose of managing and processing payments.

directli

directli is located in the UK

https://www.directli.co.uk/legal/privacy-policy

We use directli should you elect to pay via direct debit. directli acts as an interface between our accountancy software, xero, and gocardless and acts to:

• Share details of monies owed and associated invoices with gocardless

• Track payments of monies received and to share this information with Satvada Ltd.

This information is shared with us for the purpose of managing and processing event payments.

Email campaigns and marketing

mailchimp

mailchimp is located in the US https://kb.mailchimp.com/accounts/management/about-mailchimp-the-eu-swiss-privacy-shield-and-the-gdpr

We use mailchimp exclusively for the purpose of email campaign marketing. You are entered into this list if you have elected to do so.

Cloud Storage:

Dropbox is located in the US https://www.dropbox.com/help/security/data-transfers-europe-us

We use dropbox to store and maintain company data.

Accountancy software:

xero is located in the US https://www.xero.com/uk/about/terms/privacy/

We use xero to store to process and manage the day to day accountancy of the company. Upon purchasing an event through the Sites, your name, email address and in some circumstances telephone and postal address will be shared with xero in addition to purchases.

Where you elect to pay via direct debit or via invoice, xero will contact you on our behalf with payment and invoice information and share invoice information with directli to enable direct debits to be processed via directli and gocardless.

International Data Transfers

We use data processors located outside the European Economic Area only after taking such steps as are required to ensure that Personal Data they process on our behalf receives protection equivalent to that provided in the EEA. Our processors are either certified as compliant with the EU-U.S. Privacy Shield Framework where they are located in the USA or have entered into an agreement with us containing the model clauses approved by the European Commission as providing contractual protection equivalent to that provided by the data protection regulations applicable in the EEA. To learn more about the Privacy Shield program, please visit www.privacyshield.gov.

Data Security

• We maintain technical and physical safeguards that are designed to protect the security and integrity of your Personal Data, and to guard it against accidental or unauthorised access, use, alteration or disclosure to unauthorised third parties. These measures include device encryption, firewalls and virus checking procedures.

• Where we keep Personal Data files on local devices these devices are protected and accessible only to authorised Satvada Ltd employees.

• We regularly review our security systems to ensure that your Personal Data remains safe and secure.

• We regularly review our security systems to ensure that your Personal Data remains safe and secure.

• Where you have provided a paper health questionnaire, this will be locked in a secure cabinet. .

Duration of Storage

We will maintain records of your Personal Data:

• for as long as you remain a registered subscriber to our mailing list;

• for as long as you remain a registered user of any of our Sites;

• you have completed a purchase with Satvada Ltd in the last 36 months; or

• for as long as is necessary to provide our services to you.

If you have not opened any email communication from Satvada Ltd or interacted in any other way with our brands for 36 months we will regard you as an inactive subscriber and delete your details from our records except where retention is necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees.

We will retain all health forms for 7 years from the date of completion or from the date of the last class that you attended.

Your Rights in Relation to Personal Data

You can update your subscription preferences or unsubscribe from our marketing communications at any time by following the link in the footer of the last email you received from one of our brands (“Update your subscription preferences” or “Unsubscribe”) or by sending your request with detailed instructions for our Customer Services team.

You have the right to update and correct the personal information on your account. You also have the right to request from us all personal information that we hold that relates to you, to request restriction of the processing of that data and to request that we delete that data. Where allowed by applicable law there may be an administrative charge for supply of copies of data and we may also require you to provide us with appropriate identification before we comply with this request. You also have the right to object to our continued processing of your personal data. You may also have the right to data portability. If you have a complaint about the way in which we use your personal information you have the right to complain to the Information Commissioner www.ico.gov.uk.

You can contact us with questions about the personal information we hold about you using the contact information provided in the contact us section of this privacy notice.

Changes to our Privacy Notice

We will update this Privacy Notice from time to time to reflect changes in our business. All such changes will be posted to the Sites and if we consider it to be appropriate we will notify subscribers of any material changes by e-mail.