top of page


Privacy Policy


The entity responsible for data processing is:
retreats for change GbR
Dachauer Str. 103
80335 Munich
Germany
hello@retreatsforchange.com

We appreciate your interest in our website. Protecting your privacy is of great importance to us. Below, we provide you with detailed information regarding the handling of your data.


1. Access Data and Hosting

You can visit our websites without providing any personal information. With each visit to a webpage, the web server automatically stores a so-called server log file, which includes, for example, the name of the requested file, your IP address, date and time of access, amount of data transferred, and the requesting provider (access data) and documents the access. This access data is evaluated solely for the purpose of ensuring the smooth operation of the website and improving our offering. This serves to protect our predominant legitimate interests in presenting our offering correctly, as part of a balance of interests, pursuant to Article 6(1) Sentence 1 lit. f of the GDPR. All access data is processed for as long as it is necessary for the purposes described above.


Hosting

The hosting and website display services are partly provided by our service providers as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and data collected in the provided forms on this website are processed on their servers. For questions about our service providers and the basis of our cooperation with them, please contact the contact information described in this privacy policy.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: Israel, South Korea, USA.

There is a European Commission decision on an adequate level of data protection for the USA as the basis for a transfer to third countries, provided that the respective service provider is certified. Certification is in place. Our service providers are located and/or use servers in these countries: Taiwan, Brazil, Mexico, India, Ukraine, Guatemala, Philippines. There is no adequacy decision from the European Commission for these countries. Our cooperation with them is based on these safeguards: European Union's standard data protection clauses.


2. Data Processing for Contact and Customer Communication


Contact

We collect personal data when you voluntarily provide it to us during contact with us (e.g., through a contact form or email). Mandatory fields are marked as such because in these cases, we require the data to process your contact request, and we cannot send the contact request without this information. The data collected can be seen in the respective input forms. We use the data you provide for processing your inquiries according to Article 6(1) Sentence 1 lit. b of the GDPR.

After completing your customer inquiry, your data is restricted for further processing and, in accordance with Article 6(1) Sentence 1 lit. c of the GDPR, will be deleted after the statutory retention periods for tax and commercial law have expired unless you have expressly consented to further use of your data according to Article 6(1) Sentence 1 lit. a of the GDPR, or we reserve the right to further data usage that is legally permitted, and we inform you about it in this statement.


3. E-Mail Advertising


3.1 E-Mail-Newsletter with Registration

When you subscribe to our newsletter, we use the data required for this or separately provided by you to regularly send you our email newsletter based on your consent, as per Article 6(1) Sentence 1 lit. a of the GDPR. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact information described below or via a dedicated link in the newsletter. After unsubscribing, we delete your email address from the recipient list unless you have expressly consented to further use of your data according to Article 6(1) Sentence 1 lit. a of the GDPR, or we reserve the right to further data usage that is legally permitted and inform you about it in this statement.


4. Cookies und other Technologies


4.1 General Information

To make your visit to our website more appealing and to enable the use of certain features, we use technologies on various pages, including so-called cookies. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., when you close your browser (session cookies). Others remain on your device and allow us to recognize your browser on your next visit (persistent cookies).

Privacy Protection on End Devices

When using our online offering, we use technologies that are absolutely necessary to provide the expressly desired telemedia service. Storing information on your device or accessing information already stored on your device does not require consent in this regard.

For non-essential functions, storing information on your device or accessing information already stored on your device requires your consent. Please note that if you do not grant your consent, parts of the website may not be fully usable. Your granted consents remain valid until you adjust or reset the respective settings on your device.

Subsequent Data Processing via Cookies and Other Technologies

We use technologies that are essential for the use of certain features of our website (e.g., website preference settings). These technologies collect and process IP addresses, visit times, device and browser information, as well as information about your usage of our website (e.g., information about your preferences). This is done within the framework of a balance of interests, primarily to support our legitimate interests in providing an optimized presentation of our offering, as per Article 6(1) Sentence 1 lit. f of the GDPR.

Additionally, we use technologies to fulfill the legal obligations to which we are subject (e.g., to provide proof of consent to process your personal data) and for web analysis and online marketing. Further information, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.

You can find the cookie settings for your browser at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have given your consent to the use of these technologies as per Article 6(1) Sentence 1 lit. a of the GDPR, you can revoke your consent at any time by sending a message to the contact information described in the privacy policy.


4.2 Use of the Wix Consent Manager Tool for Managing Consents

On our website, we use the Wix Consent Manager Tool to inform you about the cookies and other technologies we use on our website, as well as to obtain, manage, and document your potentially required consent for the processing of your personal data through these technologies. This is necessary in accordance with Article 6(1) Sentence 1 lit. c of the GDPR to fulfill our legal obligation under Article 7(1) of the GDPR, which requires us to provide evidence of your consent to process your personal data. The Wix Consent Manager Tool is provided by Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel ('Wix'). After you provide your cookie statement on our website, the Wix web server stores your IP address, the date and time of your statement, browser information, as well as information about your consent behavior and its traceability (user ID). Additionally, a cookie is used to contain information about your consent behavior. Your data will be deleted once the aforementioned purpose no longer applies unless you have expressly consented to further use of your data according to Article 6(1) Sentence 1 lit. a of the GDPR, or we reserve the right to further data usage that is legally permitted and inform you about it in this statement.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: Israel, South Korea, USA.

There is a European Commission decision on an adequate level of data protection for the USA as the basis for a transfer to third countries, provided that the respective service provider is certified. Certification is in place. Our service providers are located and/or use servers in these countries: Taiwan, Brazil, Mexico, India, Ukraine, Guatemala, Philippines. There is no adequacy decision from the European Commission for these countries. Our cooperation with them is based on these safeguards: European Union's standard data protection clauses.


5. Use of Cookies and Other Technologies for Web Analysis and Advertising Purposes

To the extent that you have given your consent under Article 6(1) Sentence 1 lit. a of the GDPR, we use the following cookies and other technologies from third-party providers on our website. Once the purpose has been fulfilled and the use of the respective technology by us has ended, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information about your withdrawal options can be found in the section 'Cookies and Other Technologies.' Additional information, including the basis of our cooperation with individual providers, can be found with the respective technologies. For questions about the providers and the basis of our cooperation with them, please contact the contact information described in this privacy policy.

 

Use of Google Services


Google Analytics

For the purpose of optimizing the marketing of our website, we have activated the data sharing settings for 'Google Products and Services.' This allows Google to access the data collected and processed by Google Analytics and subsequently use it to improve Google services. The data sharing with Google under these data sharing settings is based on an additional agreement between data controllers. We have no influence on the subsequent data processing by Google.

For creating and conducting tests, we also use the extension function of Google Analytics, Google Optimize.

For the purpose of optimizing the marketing of our website, we use the so-called User-ID function. With this function, we can assign a unique, permanent ID to your interaction data for one or more sessions on our online presence, allowing us to analyze your user behavior across devices and sessions.

The extension function of Google Analytics, Google Signals, enables 'Cross-Device Tracking' for web analysis. If your internet-capable devices are linked to your Google account and you have activated the 'personalized advertising' setting in your Google account, Google can generate reports about your usage behavior, especially cross-device user numbers, even if you switch your device. We do not process personal data in this regard; we only receive statistics created based on Google Signals.

Google Ads

For advertising purposes in Google search results and on third-party websites, the so-called Google Remarketing cookie is set when you visit our website. It enables interest-based advertising by automatically collecting and processing data (IP address, visit time, device and browser information, as well as information about your use of our website) and using a pseudonymous cookie ID and based on the pages you have visited. Further data processing only occurs if you have activated the 'personalized advertising' setting in your Google account. In this case, if you are logged into Google during your visit to our website, Google uses your data along with Google Analytics data to create and define audience lists for cross-device remarketing.

For website analysis and event tracking, we measure your subsequent usage behavior through Google Ads Conversion Tracking when you have reached our website through a Google Ads advertisement. This may involve the use of cookies and the collection of data (IP address, visit time, device and browser information, as well as information about your use of our website based on events predefined by us, such as visiting a webpage or subscribing to a newsletter), from which usage profiles are created using pseudonyms.

Google Maps

For the visual representation of geographic information, Google Maps collects data about your use of the Maps features, including your IP address and location data. This data is transmitted to Google and subsequently processed by Google. We have no control over this subsequent data processing.

Google reCAPTCHA

For the purpose of protecting our web forms from abuse and spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, visit time, browser information, and information about your use of our website) and performs an analysis of your use of our website using JavaScript and cookies. In addition, other cookies stored by Google services in your browser are also evaluated. There is no extraction or storage of personal data from the input fields of the respective form.


Google Fonts

For the consistent presentation of content on our website, data (IP address, visit time, device and browser information) is collected by the script code 'Google Fonts,' transmitted to Google, and subsequently processed by Google. We have no control over this subsequent data processing. We use the following technologies from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ('Google'). The information automatically collected about your use of our website through Google technologies is usually transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. Unless otherwise stated for each technology, data processing is based on an agreement for the respective technology between joint controllers according to Article 26 of the GDPR. Further information about data processing by Google can be found in Google's privacy policy. Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has determined an adequate level of data protection by decision. Our service providers are located and/or use servers in countries outside the EU and the EEA. There is no adequacy decision from the European Commission for these countries. Our cooperation with them is based on the European Commission's standard data protection clauses.

For web analysis purposes, data (IP address, visit time, device and browser information, as well as information about your use of our website) is automatically collected and stored with Google Analytics, from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from the EU, your IP address is stored on a server located in the EU for location data derivation and then immediately deleted before the traffic is forwarded to other Google servers for processing. Data processing is based on an agreement on data processing by Google.


6. Social Media

Our online presence on Facebook (by Meta) and Instagram (by Meta)

If you have given your consent under Article 6(1) Sentence 1 lit. a of the GDPR to the respective social media operator, when you visit our online presences on the social media platforms mentioned above, your data is automatically collected and stored for market research and advertising purposes, from which usage profiles are created using pseudonyms. These profiles can be used to display advertisements both within and outside the platforms that presumably match your interests. Cookies are usually used for this purpose. For detailed information on data processing and usage by the respective social media operator, as well as your contact options and rights and settings for the protection of your privacy, please refer to the privacy policies linked below. If you need further assistance in this regard, you can contact us.

Facebook (by Meta) is an offering from Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ('Meta Platforms Ireland'). The information automatically collected about your use of our online presence on Facebook (by Meta) by Meta Platforms Ireland is usually transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. Data processing as part of visiting a Facebook (by Meta) fan page is based on an agreement between joint controllers according to Article 26 of the GDPR. Further information (Information on Insights Data) can be found here.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina. There is an adequacy decision of the European Commission for the USA as the basis for a transfer to a third country as far as the respective service provider is certified. Such certification is available.

Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. There is no adequacy decision of the European Commission for these countries. Our cooperation with them is based on the European Commission's standard data protection clauses.

Instagram (by Meta) is an offering from Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ('Meta Platforms Ireland'). The information automatically collected about your use of our online presence on Instagram is usually transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, Menlo Park, California 94025, USA and stored there. Data processing as part of visiting an Instagram (by Meta) fan page is based on an agreement between joint controllers according to Article 26 of the GDPR. Further information (Information on Insights Data) can be found here.

Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina. There is an adequacy decision of the European Commission for the USA as the basis for a transfer to a third country as far as the respective service provider is certified. Such certification is available.

Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. There is no adequacy decision of the European Commission for these countries. Our cooperation with them is based on the European Commission's standard data protection clauses.


7. Information for booking clients

When using the "retreats for change" platform to book services such as a KAP session or a yoga class, a service contract is entered into with the respective provider of the service.

In order to facilitate the booking of the service through our platform, the following data is collected: Personal information (first name, last name, email address), booking details (provider, booked service, date, time), additional booking details (exclusion criteria, terms of participation), payment information, payment confirmation.

The legal basis for this data processing is the fulfillment of a contract (the service contract between you and the provider). If you choose one of the available payment methods to pay for the online service, you will be redirected to the payment service provider, where you can enter your data directly. If the transaction is successful, we receive a payment confirmation from the payment service provider. Payments through our online platform are offered via Wix Payments, provided by Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel ("Wix").

All booking details, optional information, the payment confirmation, and your personal data as required by the provider are transmitted to them.

The payment confirmation is stored in accordance with legal requirements. The data is received by "retreats for change" and the processor of the "retreats for change" platform. Third parties involved include the payment provider you selected for payment information and the respective service provider for booking details and optional information where you booked the service.

 
8. Information for partner companies


8.1. Filling out a business inquiry form

By filling out a form on the retreats for change platform (e.g., the "apply now" form), we collect all the data you enter into the form, as well as the date and time of contact. This information includes, among other things, your first and last name, job title, qualifications, email address, social media links, company name, and company location.

The purpose of processing this data and the legal basis is to initiate a contract at the request of the data subject (business initiation). The data is stored and used by retreats for change to establish contact with you. The data is deleted 12 months after the last contact, unless there is another legal basis for further processing. retreats for change and its data processor have access to this data.


8.2. Business transactions following the conclusion of a partner agreement

With the conclusion of a partner agreement with retreats for change, several business processes involving the processing of personal data are relevant for you. We collect the following data for the purpose of regular business operations, based on the legal basis for the fulfillment or preparation of the partner agreement: Basic data (name, email address, phone number, company, country, industry, business purpose), business correspondence (name, email/phone/postal address, messages, metadata), business documents (invoices, contracts, payment orders, quotes).

The data is stored and processed as necessary for the fulfillment or preparation of the contract between you and retreats for change. This includes communication, invoicing, and accounting. Data is deleted 12 months after the last contact, unless there is another legal basis for further processing (e.g., a legal retention obligation). The data is received by retreats for change, the data processor, and the tax consultant.

Offering Services on the Platform

After signing the partner contract, you have the opportunity to list your own events and retreats on the retreats for change platform. In this case, the following information is relevant:

All data you provide will be processed by retreats for change on your behalf. This means you are the data controller, and retreats for change is the data processor (responsible for the process of storing and publishing your data on the retreats for change platform). This processing is covered by the data processing agreement you signed with retreats for change.


9. Contact Information and your Rights


9.1 Your Rights

As an affected individual, you have the following rights:

  1. According to Art. 15 GDPR, the right to obtain information about the personal data we process.

  2. According to Art. 16 GDPR, the right to have incorrect or incomplete personal data corrected without delay.

  3. According to Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

  4. According to Art. 18 GDPR, the right to request the restriction of the processing of your personal data, provided that the accuracy of the data is contested by you, the processing is unlawful, but you oppose its erasure, we no longer need the data, but you require it for the assertion, exercise, or defense of legal claims, or you have objected to the processing according to Art. 21 GDPR.

  5. According to Art. 20 GDPR, the right to receive your personal data provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller.

  6. According to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. Normally, you can contact the supervisory authority in your habitual residence or workplace or our company headquarters for this purpose.

 

Right to object

As far as we process personal data as explained above to safeguard our legitimate interests, which outweigh your interests within the scope of a balancing of interests, you can object to this processing with effect for the future. If the processing serves the purpose of direct marketing, you can exercise this right at any time as described above. Insofar as the processing serves other purposes, you have a right to object only if there are reasons arising from your particular situation.

After you have exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.

This does not apply if the processing serves the purpose of direct marketing. In that case, we will no longer process your personal data for this purpose.


9.2 Contact options

For questions regarding the collection, processing, or use of your personal data, as well as for information, correction, restriction, or deletion of data, and for revoking granted consents or objecting to specific data usage, please contact us directly using the contact information provided in our imprint.

You can download this privacy policy using the following link, save it on your device, and print it when necessary: Privacy Policy.

If you have any inquiries about your personal data or any requests related to data privacy, please don't hesitate to reach out to us via the contact details provided in our imprint. You can also download and save this privacy policy for your reference using the provided button.

bottom of page