Ma Pamboli (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services. We comply with the UK GDPR and EU GDPR.
Data Controller
Ma Pamboli
Email: info@mapamboliretreats.com
We are responsible for deciding how your personal data is processed.
Personal Data We Collect
We may collect and process the following categories of personal information:
Information you provide directly
- Name
- Email address
- Phone number
- Billing address
- Payment information (processed securely through third-party providers; we do not store card details)
- Information submitted through contact forms or booking forms
- Any other details you voluntarily provide
Information collected automatically
When you visit our website, we may collect:
- IP address
- Browser type and version
- Device information
- Pages viewed and time spent on the site
- Cookies and tracking technologies (see Cookie Policy)
How We Use Your Personal Data
We use your data for the following purposes:
- To process bookings, payments, and manage your retreat participation
- To respond to enquiries and provide customer support
- To send you confirmations, updates, and essential service messages
- To send newsletters or marketing communications (only with your consent)
- To improve our website, services, and user experience
- To comply with legal obligations and protect our business interests
Legal Basis for Processing
We process your personal data under the following legal grounds:
- Contract: to manage your booking or provide services you requested
- Consent: for marketing emails or optional communications
- Legitimate Interest: to improve our website and services
- Legal Obligation: to meet accounting, tax, or regulatory requirements
Sharing Your Personal Data
We do not sell your data. We may share your information with trusted third-party providers, such as:
- Payment processors
- Email and newsletter platforms
- Booking or CRM systems
- Website hosting and analytics providers
- Professional service providers (e.g., accountants)
These third parties are required to comply with GDPR and process your data securely.
International Data Transfers
If any service provider transfers data outside the UK/EU, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs)
- UK adequacy decisions
- Additional protective measures
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:
- Delivering and managing your retreat booking
- Meeting legal, regulatory, or accounting requirements
- Handling disputes or enforcing our agreements
Retention periods vary depending on the type of information but typically range from 1 to 7 years in line with UK legal and best-practice standards.
Your Rights Under GDPR
You have the following rights:
- Right to access your personal data
- Right to rectification of inaccurate information
- Right to erasure (“right to be forgotten”)
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent at any time
- Right to lodge a complaint with the Information Commissioner’s Office (ICO)
To exercise any rights, please email: info@mapamboliretreats.com
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. Any updates will be posted on this page and will include a revised “Last Updated” date.
Last Updated: 14 November 2025
Contact Us
If you have any questions about this Privacy Policy or how your data is handled, please contact: info@mapamboliretreats.com