Privacy policy.
Privacy Policy for Yogalife UG Retreats and Trainings
1. Data Controller
The responsible entity (data controller) within the meaning of the EU General Data Protection Regulation (GDPR) is:
Yogalife UG (haftungsbeschränkt)
Sonnenhang 16, 34587 Felsberg, Germany
Commercial Register: HRB 11943
Email: info@yogalife.org
2. Purpose and Legal Basis of Processing
We process personal data of participants and interested parties in accordance with the GDPR and the German Federal Data Protection Act (BDSG).
Data is processed for the following purposes:
Administration of retreat and training bookings
Communication before, during, and after the event
Invoicing and payment handling
Safety management and emergency contact information
Optional marketing communication (only with consent)
The legal bases for processing are:
Art. 6 (1)(b) GDPR – performance of a contract or steps prior to entering a contract
Art. 6 (1)(c) GDPR – legal obligations (e.g., accounting, tax)
Art. 6 (1)(a) GDPR – consent for voluntary data (e.g., photos, newsletter)
Art. 6 (1)(f) GDPR – legitimate interests such as internal communication and business management
3. Categories of Data Collected
Depending on your interaction with us, we may collect and process:
Identification and contact data (name, address, email, phone)
Booking and payment details
Health information voluntarily provided for safety reasons (e.g., allergies, injuries)
Travel details relevant to event logistics
Media consent information (photos, videos)
We do not collect or process sensitive health data beyond what is voluntarily disclosed for your safety during participation.
4. Sharing of Data
We only share data with third parties to the extent necessary for contract performance or legal compliance. Typical recipients may include:
Retreat venues, accommodation providers, or catering services in the destination country (e.g., Indonesia)
Accountants, tax authorities, or payment processors
IT service providers under data-processing agreements (Art. 28 GDPR)
If data is transferred outside the EU/EEA (e.g., to Indonesia), we ensure an adequate level of protection through contractual safeguards or explicit participant consent.
5. Storage Duration
We retain your data only as long as necessary for the above purposes or as required by German statutory retention periods (typically 10 years for tax-relevant data, 3 years for general contractual data).
After expiry of these periods, data will be deleted or anonymized.
6. Your Rights under GDPR
You have the following rights regarding your personal data:
Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object to processing (Art. 21 GDPR)
Right to withdraw consent at any time (Art. 7 GDPR)
To exercise your rights, please contact info@yogalife.org.
7. Right to Lodge a Complaint
If you believe your data has been processed unlawfully, you may lodge a complaint with your local supervisory authority.
For Yogalife UG, the competent authority is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI)
Postfach 3163, 65021 Wiesbaden, Germany
Website: www.datenschutz.hessen.de
8. Security of Data
We take appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, consistent with Art. 32 GDPR.
9. Marketing & Media
Photos or recordings made during retreats are used for promotional purposes only with prior consent. You may withdraw consent at any time by emailing info@yogalife.org.
We do not sell or trade your data to third parties for marketing.
10. Updates to this Policy
We may update this Privacy Policy to reflect legal or operational changes. The latest version will always be available on our website.
Substantial changes will be communicated via email before taking effect.
Last updated: October 2025