Your trust is part of the invitation.

1. Introduction

At The Secret Reading Retreat, we take privacy seriously. As curators of a quiet, intentional space, we honour the confidentiality of your personal information just as we honour the sanctity of a silent page.

This policy outlines how we collect, use, and protect your personal data in line with the General Data Protection Regulation (GDPR) and applicable laws.

By accepting an invitation to attend, you acknowledge and consent to the careful handling of your data as described below.

2. What We Collect

We only collect what is necessary, and we keep it minimal:

• General Personal Data: Your name, email, phone number, address, and payment/booking details.
• Sensitive Personal Data (collected only with your explicit consent): Dietary requirements, health-related notes (for comfort and safety), and emergency contacts.

3. Why We Collect It

We use your information solely for retreat-related purposes, such as:

• Managing bookings and processing payments.
• Sharing essential pre-retreat information with you.
• Accommodating personal needs (e.g. dietary or accessibility).
• Meeting legal obligations (e.g. tax, safety regulations).
• Communicating updates about future events, only if you’ve opted in.

We never use your data for any reason outside of these quiet bounds.

4. Legal Basis for Processing

We process your data under the following lawful grounds:

• Contractual Necessity: To deliver the experience you’ve confirmed.
• Legitimate Interest: To maintain quality and consistency across our offerings.
• Explicit Consent: Required for sensitive personal data and marketing communications.

Consent can be withdrawn at any time, without explanation.

5. How We Protect Your Data

We use secure digital platforms, encrypted storage, and limited-access systems to protect your information. Only trusted organisers can access your data—and only for the purposes outlined above.

6. Who We Share It With

We share data only with essential, discreet third parties:

• Payment processors (e.g. Wise).
• Accommodation and catering teams, for health and dietary needs.
• Email services, if you’ve asked to stay in touch.

We never sell, trade, or release your personal information beyond what is strictly necessary.

7. Data Retention

We retain:

• General personal data for up to 5 years, for legal and archival purposes.
• Sensitive data only until the retreat concludes, unless you explicitly request otherwise.

8. Your Rights Under GDPR

You have full control over your data, including:

• Access – You may request a copy of the information we hold.
• Correction – Let us know if anything needs updating.
• Erasure – You may ask us to delete your data at any time.
• Restriction – You can limit how we use your data.
• Portability – We’ll provide your data in a portable format, if requested.
• Objection – You can object to how we’re using your data, including for marketing.

To exercise any of these rights, please contact us at imag

9. Consent for Sensitive Data

If you share dietary, accessibility, or health information, we will only use it to ensure your comfort and wellbeing during the retreat. This is handled with utmost confidentiality, and you can withdraw consent at any time—though this may affect how we’re able to accommodate certain needs.

10. Questions or Concerns

For any privacy-related questions or to exercise your rights, contact: imagine.travel.bg@gmail.com

If you feel your data has not been handled appropriately, you may also raise a concern with your national data protection authority.