Privacy Policy

Last Updated: November 8, 2025

1. Introduction

One Sanctum ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website https://www.onesanctum.org and use our retreat booking services.

This Privacy Policy complies with the European Union General Data Protection Regulation (GDPR) and applies to all users of our website and services.

2. Data Controller

One Sanctum is the data controller responsible for your personal information. For questions about this Privacy Policy or our data practices, please contact us at:

Contact Information:

  • Email: info@onesanctum.org

3. Information We Collect

3.1 Personal Information You Provide

When you book a retreat or use our services, we may collect:

  • Contact Information: Name, email address, phone number, mailing address

  • Booking Information: Retreat preferences, dates, special requirements, dietary restrictions

  • Payment Information: Credit card details, billing address (processed securely through third-party payment processors)

  • Account Information: Username, password, and profile information if you create an account

  • Communication Data: Records of correspondence with us, feedback, and inquiries

3.2 Information Automatically Collected

When you visit our website, we automatically collect:

  • Technical Data: IP address, browser type, operating system, device information

  • Usage Data: Pages visited, time spent on pages, links clicked, referring website

  • Cookies and Tracking Technologies: See our Cookie Policy section below

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: To fulfill our contract with you when you book a retreat

  • Legitimate Interests: To improve our services, prevent fraud, and ensure website security

  • Legal Obligations: To comply with tax, accounting, and legal requirements

  • Consent: Where you have provided explicit consent for specific processing activities (e.g., marketing communications)

5. How We Use Your Information

We use your personal information for the following purposes:

  • Retreat Booking and Management: Processing reservations, sending confirmations, managing your retreat experience

  • Customer Service: Responding to inquiries, providing support, and addressing concerns

  • Payment Processing: Facilitating secure payment transactions

  • Communications: Sending booking confirmations, updates, and important service-related information

  • Marketing: With your consent, sending promotional materials about upcoming retreats and special offers

  • Website Improvement: Analyzing usage patterns to enhance user experience and functionality

  • Legal Compliance: Meeting legal, regulatory, and tax obligations

  • Security: Protecting against fraud, unauthorized access, and illegal activities

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

  • Booking Data: Retained for 7 years for tax and accounting purposes

  • Marketing Data: Retained until you withdraw consent or we no longer have a legitimate interest

  • Account Data: Retained until you request account deletion

  • Technical Logs: Typically retained for 12-24 months

7. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

7.1 Service Providers

Third-party vendors who assist us with:

  • Payment processing

  • Email communications

  • Website hosting and maintenance

  • Analytics and performance monitoring

  • Customer relationship management

All service providers are contractually obligated to protect your data and use it only for specified purposes.

7.2 Legal Requirements

We may disclose your information when required by law, court order, or government regulation, or to:

  • Protect our legal rights

  • Prevent fraud or illegal activities

  • Protect the safety of our users or the public

7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity.

8. International Data Transfers

Your personal information may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission

  • Data Processing Agreements with service providers

  • Adequacy decisions by the European Commission where applicable

9. Your Rights Under GDPR

As an EU resident, you have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal information

  • Right to Rectification: Request correction of inaccurate or incomplete data

  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")

  • Right to Restrict Processing: Request limitation of how we use your data

  • Right to Data Portability: Receive your data in a structured, commonly used format

  • Right to Object: Object to processing based on legitimate interests

  • Right to Withdraw Consent: Withdraw consent for marketing or other consent-based processing

  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact us using the information provided in Section 2. We will respond to your request within 30 days.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience.

10.1 Types of Cookies We Use

  • Essential Cookies: Required for website functionality (e.g., shopping cart, security)

  • Performance Cookies: Collect anonymous data about website usage and performance

  • Functional Cookies: Remember your preferences and settings

  • Marketing Cookies: Track your activity to deliver relevant advertisements (with your consent)

10.2 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may affect website functionality. To opt out of third-party analytics cookies, visit:

  • Google Analytics: https://tools.google.com/dlpage/gaoptout

11. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:

  • SSL/TLS encryption for data transmission

  • Secure payment processing through PCI-DSS compliant providers

  • Regular security assessments and updates

  • Access controls and authentication measures

  • Employee training on data protection

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete such information.

14. Marketing Communications

With your consent, we may send you marketing communications about retreats, special offers, and updates. You can opt out at any time by:

  • Clicking the "unsubscribe" link in our emails

  • Contacting us directly

  • Updating your account preferences

Even if you opt out of marketing, we will still send essential service-related communications about your bookings.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting a notice on our website

  • Updating the "Last Updated" date

  • Sending an email to registered users (for significant changes)

Your continued use of our services after changes take effect constitutes acceptance of the updated Privacy Policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

One Sanctum

  • Email: info@onesanctum.org

Your Rights and How to Exercise Them:

To exercise your data protection rights, please submit a written request to the contact information above. We may require verification of your identity before processing your request. We will respond within 30 days of receiving your request.

Supervisory Authority:

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority. You can find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en