ALBA is committed to complying with the General Data Protection Regulation (GDPR) and ensuring the privacy and security of any personal data we collect. This policy outlines how we handle your information.
Our Principles
We apply the following principles in managing your data:
- Purpose Limitation: We only collect and store personal data necessary to fulfill your requests and meet our legal obligations.
- Consent: Your explicit consent is required for us to collect, store, and use your data, such as when signing up for a retreat or subscribing to our newsletter.
- Access & Control: You have the right to access, amend, or request the deletion of your personal data at any time. Please note that changes to your data status may affect your retreat bookings.
- Data Security: Your information is stored securely and is only accessible to authorised personnel, including the communications manager, bookings manager, retreat managers, and the retreat leader.
- Retention Period: Except for your name and email (if you choose to stay on our mailing list), all personal data will be deleted three months after the retreat.
- Early Deletion: If you wish to have your details removed sooner, please contact us at [email protected].
- Confidentiality: We do not share, sell, or disclose your data to unauthorised individuals or external organisations.
For any GDPR-related inquiries, please get in touch with us at [email protected].
Next review date: April 2026
