Privacy policy for Yoga Mountain Run

Last updated: 1st December 2025

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, make an enquiry, or participate in any retreat, event, or guided experience offered by us. We are committed to protecting your personal data and respecting your privacy, following standards comparable to those upheld by leading adventure and retreat organisations.

1. Who We Are
Yoga Mountain Run is a France-based business offering yoga, trail running, and mountain-based retreats and experiences. While established in France, the business operates across Europe and internationally. For the purposes of the General Data Protection Regulation (GDPR), Yoga Mountain Run is the data controller responsible for your personal information.

2. Information We Collect

We may collect the following categories of information:

2.1 Personal Information

  • Full name

  • Email address

  • Phone number

  • Postal address

  • Emergency contact details

  • Passport information (where required for travel logistics)

  • Dietary requirements

  • Relevant medical information needed for safety during athletic or mountain-based activities

2.2 Technical and Usage Information

  • IP address

  • Browser type and version

  • Device information

  • Pages visited and actions taken on the website

  • Referral sources

2.3 Payment Information
Payment and deposit processing may be handled by a third-party provider. We do not store credit card details.

3. How We Use Your Information
We use your data to:

  • Manage retreat bookings and communications

  • Provide customer service and respond to enquiries

  • Deliver our retreats, guiding services, yoga classes, and travel logistics

  • Ensure your safety during mountain or physical activities

  • Process payments, deposits, and refunds

  • Send confirmation emails, itineraries, updates, or essential pre-trip information

  • Improve our website and services

  • Send marketing emails (only with your consent)

4. Legal Basis for Processing (GDPR Compliant)
We process your personal data under the following GDPR legal bases:

  • Contractual necessity — to fulfil retreat bookings and deliver guiding, yoga, and travel services.

  • Legitimate interests — to improve our services, ensure safety during physical and mountain activities, and manage operational logistics.

  • Consent — for non-essential communications such as newsletters or marketing emails.

  • Legal obligation — where required by French or EU law (e.g., accounting, insurance, or safety regulations).

5. How We Share Your Information
We may share your personal data with:

  • Accommodation providers involved in your retreat

  • Transport providers (shuttles, transfers, lift operators)

  • Mountain guiding partners, yoga instructors, or co-leaders

  • Catering teams or chefs (for dietary requirements)

  • Payment processors (e.g., Stripe, PayPal)

  • Email marketing providers (e.g., Mailchimp)

  • Travel insurance verifiers (if applicable)

We do not sell or lease your data to third parties.

6. International Transfers (GDPR Compliance)
As the business operates in France and across Europe and internationally, your data may be transferred within the EU/EEA and outside. Where data is transferred outside the EU, we ensure appropriate safeguards such as adequacy decisions or Standard Contractual Clauses (SCCs), in line with GDPR requirements.

7. Data Security
We implement appropriate technical and organisational measures to protect your personal data from accidental loss, misuse, or unauthorised access. While we take these precautions, no online transmission can be completely secure.

8. Data Retention
We retain your information only for as long as necessary to:

  • Provide our services;

  • Meet legal, accounting, or reporting requirements.

Specifically:

  • Booking and participation information: retained for 7 years after the retreat for accounting and safety purposes.

  • Marketing and newsletter data: retained until you withdraw consent.

  • Technical website data: retained for 12 months for analytics and security.

9. Your GDPR Rights
Under the GDPR, individuals based in the EU have the following rights:

  • Right of access — to request copies of your personal data.

  • Right to rectification — to correct inaccurate or incomplete data.

  • Right to erasure — to request deletion where legally permissible.

  • Right to restrict processing — in certain circumstances.

  • Right to object — including to marketing communications.

  • Right to data portability — to receive your data in a structured, machine-readable format.

  • Right to withdraw consent — at any time, where consent is the basis for processing.

  • Right to lodge a complaint with a supervisory authority (CNIL in France).

10. Data Breach Notification
In the event of a personal data breach, we will notify affected individuals and the CNIL where required by GDPR, without undue delay.

11. Cookies
Our website may use cookies to improve user experience, analyse website traffic, and support essential functionality. You may disable cookies in your browser settings, although some site features may not function properly.

12. Third-Party Links
Our website may contain links to third-party sites. We are not responsible for their content or privacy practices.

13. Children’s Privacy
We do not knowingly collect personal data from individuals under 18 unless part of a specific family or youth programme, with consent from a parent or guardian.

14. Marketing Consent
If you opt-in to receive marketing communications, you may withdraw consent at any time by using the unsubscribe link in emails or contacting us directly.

15. Updates to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

16. Contact Us
For any questions regarding this Privacy Policy, your data, or GDPR rights, contact:

Business Name: Yoga Mountain Run
Email: info@yogamountainrun.com
Phone: +33 (0)6 52 54 69 93
Website: www.yogamountainrun.com
Business Location: France
Supervisory Authority: Commission Nationale de l’Informatique et des Libertés (CNIL)

This Privacy Policy reflects standards comparable to major outdoor and retreat organisations and complies with GDPR for businesses operating in France and internationally.