Privacy Policy
We respect your privacy and are committed to protecting your personal information. This document explains how we collect, use, and share your data across all Oasis experiences.
Last updated: 23 September 2025
Who We Are & Scope
This Privacy Policy applies to the Oasis website, booking platform, retreat and experience bookings, online shop, newsletter, and related services (collectively, the "Services").
When we say "we", "us" or "Oasis", we refer to the operators of this website and the experiences offered through it, based in Greece. For the purposes of applicable data protection laws (such as the EU General Data Protection Regulation – GDPR), Oasis acts as the "data controller" for the personal data described in this Policy.
By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please refrain from using the Services.
Data We Collect
The data we collect depends on how you interact with us. We may collect the following categories of personal data:
- Identity & contact data: name, surname, email address, phone number, country, and date of birth.
- Booking & experience data: selected experience or retreat, dates, number of guests, composition of your group, preferences, notes, and check-in information.
- Account & authentication data: login email, encrypted password, and account activity.
- Payment, billing & invoice data: payment method details processed via our providers, billing details, invoice data, and transaction references.
- Corporate & B2B data: company name, VAT number, contact person, budgets, purchase order numbers, and booking details.
- Technical & usage data: IP address, browser type, device information, and interactions with the website collected via cookies.
We do not intentionally collect sensitive categories of personal data unless you voluntarily share it (e.g., dietary restrictions or accessibility needs) to help us tailor your experience safely.
How We Collect
We collect personal data in several ways:
- Directly from you when you make a booking, purchase a product, create an account, subscribe to the newsletter, or schedule a call.
- Automatically when you use our website, via cookies, server logs and similar technologies.
- From third-party services we use (for example, payment processors or email delivery platforms), but only to the extent necessary to provide the Services.
Purposes & Legal Bases
We process your personal data only where we have a valid legal basis under applicable law, such as:
To perform a contract with you. For example: processing bookings, issuing invoices, and communicating regarding availability or changes.
Improving the website, managing our relationship with you, preventing fraud, and running internal analytics.
Keeping invoices, payment records and booking data for tax and accounting requirements, or responding to lawful requests from authorities.
Sending newsletters, marketing communications, or using analytics cookies. You may withdraw consent at any time.
Cookies & Technologies
We use cookies and similar technologies to operate and improve our website. Cookies are small text files stored on your device that help us recognize your browser and remember certain information.
- Strictly necessary: for basic site functionality and security.
- Performance & analytics: to understand how the site is used.
- Functional: to remember your preferences.
You can control cookies through your browser settings. Disabling them may affect website functionality.
Booking & Payments
When you make a booking or purchase, we process the necessary data to reserve places for you, apply correct pricing, process payments securely, and issue receipts.
Card payments are processed by external payment providers. We do not store your full card details on our own servers. Tokens or references may be stored solely to link payments to bookings or refunds.
Gift Cards & Vouchers
If you purchase or redeem a gift card, discount code, or voucher, we process data such as the code, value, currency, and associated email addresses. This prevents misuse and ensures tax compliance.
Corporate & Groups
For corporate or group bookings, we may process additional data about your organization (VAT number, billing address, contact person) to prepare proposals, manage bookings, and issue invoices.
Newsletter & Marketing
When you subscribe to our journal, we process your email address to send updates about new experiences. We may track general engagement (opens or clicks) to ensure our content is relevant.
You can unsubscribe at any time via the link in our emails. Note that essential service communications regarding your bookings will still be sent.
Sharing Data
We do not sell or rent your personal data. We may share your data with:
- Service providers: hosting providers, payment processors, email delivery services, and accountants.
- Professional advisors: lawyers or tax consultants for compliance.
- Authorities: where legally required to protect rights.
International Transfers
Our servers and some service providers may be located outside your country, including outside the European Economic Area (EEA). We ensure adequate protection is in place, such as standard contractual clauses, for any international transfers.
Data Retention
We retain personal data only for as long as necessary. Booking and invoice data may be kept for several years for tax requirements. Newsletter data is kept until you unsubscribe. When no longer needed, data is securely deleted or anonymized.
Security
We implement appropriate technical and organizational measures to protect your personal data against unlawful destruction, loss, or unauthorized access. This includes secure hosting, encryption, and access controls. However, no internet transmission is completely secure.
Your Rights
Depending on where you live, you may have the right to access, rectify, erase, or restrict the processing of your data. You may also request data portability or withdraw your consent.
To exercise these rights, please contact us. You also have the right to lodge a complaint with your local data protection authority.
Children's Privacy
Our Services are primarily intended for adults. We do not knowingly collect personal data from children without appropriate consent from a parent or legal guardian.
Policy Changes
We may update this Privacy Policy from time to time. When we do, we will adjust the "Last updated" date. We encourage you to review this page periodically.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please reach out to us: