Privacy Policy

1. Who We Are & Scope of This Policy

This Privacy Policy applies to the Oasis website, booking platform, retreat and experience bookings, online shop, newsletter, and related services (collectively, the "Services").

When we say "we", "us" or "Oasis", we refer to the operators of this website and the experiences offered through it, based in Greece. For the purposes of applicable data protection laws (such as the EU General Data Protection Regulation – GDPR), Oasis acts as the "data controller" for the personal data described in this Policy.

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please refrain from using the Services.

2. What Personal Data We Collect

The data we collect depends on how you interact with us. We may collect the following categories of personal data:

• Identity & contact data: name, surname, email address, phone number, country, and (where relevant) date of birth.
• Booking & experience data: selected experience or retreat, dates and schedule slots, number of guests, composition of your group (e.g. adults/children), preferences, notes you share with us, booking status, check-in and participation information.
• Account & authentication data(if you create an account): login email, encrypted password, account settings, and account activity relating to bookings or purchases.
• Payment, billing & invoice data: payment method details processed via our payment providers, billing details, invoice data (such as name, address, VAT details, invoice numbers, amounts, currency, status), and payment/transaction references or refunds.
• Gift cards, discount codes & vouchers: gift card codes, remaining balances, currency, discount codes or vouchers you use, redemption history, and in some cases the assigned recipient or corporate company.
• Corporate & B2B data: company name, VAT number, contact person, email, phone, budgets, purchase order numbers, invoice numbers, and booking details for corporate experiences or group events.
• Shop & order data (if you buy products): items ordered, quantities, price, shipping address and billing details, order status, and related payment information.
• Communication data: messages you send via our contact forms, "Schedule a call" or email, support notes, feedback, reviews or survey responses, and any information you voluntarily provide in those contexts.
• Newsletter & marketing preferences: your subscription status, email address, newsletter engagement (e.g. opens, clicks) where permitted by law, and your opt-in or opt-out choices.
• Technical & usage data: IP address, browser type and version, device information, operating system, pages viewed, time and date of visits, and how you interact with the website (e.g. clicks, scrolls, time on page). This is often collected via cookies and similar technologies.

We do not intentionally collect sensitive categories of personal data (such as health information) unless you choose to share it with us in the context of tailoring your experience (for example, dietary restrictions, allergies or accessibility needs). In that case, we will use such data only to support your experience and with appropriate safeguards.

3. How We Collect Your Data

We collect personal data in several ways:

• Directly from you when you make a booking, purchase a product, create an account, subscribe to the newsletter, schedule a call, or contact us.
• Automatically when you use our website, via cookies, server logs and similar technologies.
• From third-party services we use (for example, payment processors, email delivery platforms, or analytics tools), but only to the extent necessary to provide the Services and in line with their privacy practices.

4. Why We Use Your Data (Purposes & Legal Bases)

We process your personal data only where we have a valid legal basis under applicable law, such as:

• Contract – to perform a contract with you or to take steps at your request before entering into a contract. For example:
  • Processing and managing your bookings and orders.
  • Issuing booking confirmations, invoices and payment receipts.
  • Communicating with you about dates, availability, changes or special requests.
• Legitimate interests – where necessary for our legitimate interests and not overridden by your rights. For example:
  • Improving the website and our Services.
  • Managing our relationship with you (e.g. tailored offers to existing guests, asking for feedback).
  • Preventing fraud, misuse of discount codes, or abuse of our booking system.
  • Running internal analytics on bookings, gift cards or voucher usage, and shop performance.
• Legal obligation – to comply with laws, such as:
  • Keeping invoices, payment records and booking data for tax and accounting requirements.
  • Responding to lawful requests from public authorities or courts.
• Consent – where you have given us explicit permission. For example:
  • Sending you newsletters and broader marketing communications.
  • Using certain cookies or analytics tools beyond what is strictly necessary.

Where we rely on consent, you may withdraw it at any time, without affecting the lawfulness of processing based on consent before withdrawal.

5. Cookies & Similar Technologies

We use cookies and similar technologies to operate and improve our website. Cookies are small text files stored on your device that help us recognize your browser and remember certain information.

We may use, for example:

• Strictly necessary cookies for basic site functionality, security and booking flows.
• Performance & analytics cookies to understand how the site is used, which pages are visited and how we can improve the experience.
• Functional cookies to remember your preferences, such as language or region.

You can control cookies through your browser settings. If you disable or block certain cookies, parts of the website may not function properly.

6. Booking, Payment & Invoicing Data

When you make a booking or purchase, we process the necessary data to:

• Reserve places for you and your group on a specific date.
• Apply the correct pricing, discount codes, vouchers or gift cards.
• Process payments through secure payment providers (for example, card processors or bank transfer partners).
• Issue invoices, receipts and, if applicable, credit notes or refunds.

Card payments are typically processed by external payment providers. We do not store your full card details on our own servers; instead, tokens or references provided by the payment providers may be stored so we can link payments to bookings, invoices or refunds.

7. Gift Cards, Discount Codes & Vouchers

If you purchase or redeem a gift card, discount code or voucher, we will process data such as the code, value, currency, associated bookings or orders, and, where applicable, the email addresses or names of purchasers and recipients.

We use this data to issue, track and manage redemptions, prevent misuse, and comply with tax and accounting obligations.

8. Corporate & Group Bookings

For corporate or group bookings, we may process additional data about your company or organization (such as VAT number, billing address, contact person, budgets and invoice references). This data is used to prepare proposals, manage bookings, allocate credits, and issue invoices and receipts.

9. Newsletter & Marketing Communications

You may choose to subscribe to our newsletter or receive updates about new experiences, retreats, shop items and special offers. When you do so, we process your email address and, in some cases, your name and language preferences.

We may track general engagement (e.g. email opens or link clicks) to understand which content is most relevant. You can unsubscribe at any time by using the link in our emails or by contacting us directly.

Even if you unsubscribe from marketing emails, we may still send you essential service communications about your bookings, payments, or legal matters.

10. How We Share Your Data

We do not sell or rent your personal data. We may share your data with:

• Service providers who help us operate the Services, such as hosting providers, payment processors, email delivery services, analytics tools, booking management tools and accountants.
• Professional advisors such as lawyers or tax consultants, where necessary for compliance or to protect our legal rights.
• Public authorities or courts where we are legally required to do so or where necessary to protect our rights or the rights of others.

When we share data with third-party service providers, we do so under data protection agreements that require them to handle your data securely and only for the specified purposes.

11. International Data Transfers

Our servers and some of our service providers may be located in different countries. This means that your data may be transferred and processed outside of your country of residence, including outside the European Economic Area (EEA).

Where we transfer personal data outside the EEA, we take steps to ensure that an adequate level of protection is in place, such as using the European Commission's standard contractual clauses or relying on decisions of adequacy, where available.

12. How Long We Keep Your Data

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, including for legal, accounting, or reporting requirements. Retention periods may vary depending on the type of data and the context.

For example, booking and invoice data may be kept for several years in accordance with tax and accounting laws. Newsletter subscription data is generally kept for as long as you remain subscribed (and for a limited period afterward to record your opt-out). Data relating to support enquiries is usually kept for a reasonable period to follow up on your request and improve our services.

When data is no longer needed, we will either delete it securely or anonymize it so that it can no longer be linked to you.

13. How We Protect Your Data

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. These measures may include:

• Use of secure hosting environments and encryption in transit.
• Access controls and authentication for internal systems.
• Regular updates and security patches to our software.
• Limiting access to your data to staff and service providers who need it for legitimate purposes.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

14. Your Rights

Depending on where you live and subject to certain conditions, you may have the following rights regarding your personal data:

• Right of access – to obtain confirmation as to whether we process your personal data and to receive a copy.
• Right to rectification – to request correction of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") – to request deletion of your data in certain circumstances.
• Right to restriction – to request that we restrict the processing of your data in certain cases.
• Right to data portability – to receive your data in a structured, commonly used and machine-readable format and to transmit it to another controller, where technically feasible.
• Right to object – to object to certain types of processing, such as direct marketing or processing based on legitimate interests.
• Right to withdraw consent – where processing is based on consent, you can withdraw your consent at any time.

To exercise any of these rights, please contact us using the details in the "Contact Us" section below. We may need to verify your identity before responding. You also have the right to lodge a complaint with your local data protection authority if you believe your data protection rights have been infringed.

15. Children's Privacy

Our Services are primarily intended for adults. We do not knowingly collect personal data from children without appropriate consent from a parent or legal guardian, where required by law. If you believe that a child has provided us with personal data without such consent, please contact us and we will take steps to delete it.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements or privacy practices. When we do, we will post the updated version on this page and adjust the "Last updated" date at the top.

We encourage you to review this page periodically to stay informed about how we protect your data. If we make material changes, we may also notify you by email or through the website.

17. How to Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or our handling of your personal data, you can contact us at:

• Email: info@youroasis.gr
• Or via our contact form at youroasis.gr/contact.