1. Data Controller
Elite Retreats is registered in Greece and subject to Regulation (EU) 2016/679 (GDPR) and Law 4624/2019. For all data matters, contact: info@elitewellnessretreats.com

2. Data We Collect
– Full name, email, phone number
– Booking and participation details
– Medical or dietary information (upon explicit consent)
– Payment and invoicing details
– IP address and usage data (via cookies and analytics)
– Any communication submitted by you (forms, email, messaging)

3. Purpose of Processing
– Booking and delivering retreat services
– Payment processing and legal compliance
– Pre-retreat communications and support
– Tailoring services based on disclosed preferences
– Marketing only with express consent
– Internal analytics for quality improvement

4. Legal Basis for Processing
– Performance of contract
– Legal obligations (e.g. invoicing)
– Your consent (e.g. health info or newsletter opt-in)
– Legitimate interests (security, performance)

5. Your Rights
– Right of access, rectification, or deletion
– Restriction or objection to processing
– Data portability
– Withdrawal of consent
– Lodging a complaint with the Hellenic Data Protection Authority (www.dpa.gr)

6. Data Sharing
Your data may be shared only with:
– Certified partners, instructors, or venue providers under NDAs
– Legal or tax authorities when required
– Travel agents or payment processors, all GDPR-compliant

7. Data Security
We use encrypted SSL transmission, secure servers, and strict access control policies. Internal staff and collaborators are trained in confidentiality protocols.

8. Retention Period
Personal data is retained for up to 6 years for legal reasons. Non-essential communications are purged after 12 months of inactivity unless consent is renewed.