Your privacy is important to Behold Retreats (“Behold Retreats
Behold Retreats Limited
9F Amtel Building
148 Des Voeux Road Central
Central, Hong Kong
What information do we collect?
You may visit our site anonymously.
If you choose to register on our website, the following categories of data will be processed:
When you register for an account on our site, place an order or respond to a survey, basic contact details are collected such as your e-mail address, postal, address, phone number and other identifiable information.
“Medical History and Relevant Data”
As part of the onboarding process and to support any Services rendered to you, we shall ask you to submit confidential information about your past medical history so that we may properly coach you and recommend, or preclude, certain treatments in the future.
What do we use your information for?
Any of the information we collect from you may be used for one or more of the following purposes:
1. To personalize your experience (the information will help Behold Retreats better respond to your individual needs);
2. To improve our website (Behold Retreats continually strives to improve our website offerings based on the information and feedback we receive from our customers);
3. To identify you as a contracting party;
4. To enable secure login for you on our website;
5. To establish a primary channel of communication with you; and
6. To send periodic e-mails (The e-mail address you provide for order processing, may be used to send you information and updates pertaining to your engagement with Behold Retreats.
EU General Data Protection Regulation (GDPR)
The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b).
If the processing is based on your consent, you may at any time withdraw your consent by contacting us using the contact information in the contact clause above.
In order to enter into a contract regarding the purchase of Behold Retreat’s Service, you must provide us with the required personal data. If you do not to provide us with all the required information, it will not be possible to deliver the Service.
California Online Privacy Protection Act Compliance
Because Behold Retreats values your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute any personal information to outside parties without your consent except as stated in clause 7.
As part of the California Online Privacy Protection Act, all users of our website may make any changes to their information at any time by logging into their account and navigating to the “profile page”.
How do we protect your information?
Behold Retreats implements the following technical, physical and organizational measures to maintain the safety of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized modification, disclosure or access and against all other unlawful forms of processing.
Our website utilizes the extensive features of the cloud environment to ensure high availability with a traffic manager for automatic geographical failover on data center level disasters.
No personal data is stored permanently outside Behold Retreats’s cloud platforms. The physical security is thereby maintained by Behold Retreats’s subcontractors.
To ensure integrity, all data transits are encrypted to align with best practices for protecting confidentiality and data integrity. E.g. all supplied credit card information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway provider’s database only to be accessible by those who are authorized to access such systems and who are required to keep the information confidential.
All personnel are subject to full confidentiality and any subcontractors and subprocessors are required to sign a confidentiality agreement if not full confidentiality is part of the main agreement between the parties.
Whenever personal data is accessed by authorized personnel the access is only possible over an encrypted connection. When accessing the data in a database, the IP number of the person accessing the data must also be pre-authorized to obtain access.
Behold Retreats will at all times keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used. Behold Retreats will also provide the summaries of any independent audits of the Service.
All access to personal data is blocked by default, using a zero privileges policy. Access to personal data is restricted to individually authorized personnel.
Behold Retreats uses security reports to monitor access patterns and to proactively identify and mitigate potential threats. Administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made.
7. Personal Data breach notification
In the event that your data is compromised, Behold Retreats will notify you and competent Supervisory Authority(ies) within 72 hours by e-mail with information about the extent of the breach, affected data, and Behold Retreat's action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.
"Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with your enrolment on this website.8. Do we disclose any information to outside parties?
Behold Retreats does not sell, trade or otherwise transfer to outside parties any personally identifiable information except to those licensed healthcare professionals who will be involved in any and all Services rendered to you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety. 9. Legally required disclosure
Behold Retreats will not disclose the customer’s data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for customer data from Behold Retreats, Behold Retreats strives to limit the disclosure. Behold Retreats will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, Behold Retreats will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.10. Request for rectification, restriction or erasure of the personal data
You may at any time obtain without undue delay rectification of inaccurate personal data concerning you.
Restriction of processing personal data
You may at any time request Behold Retreats to restrict the processing of personal data when one of the following applies:
a.if you contest the accuracy of the personal data, for a period enabling Behold Retreats to verify the accuracy of the personal data;
b.if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
c.if Behold Retreats no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.
You may without undue delay request the erasure of personal data concerning you, and Behold Retreats shall erase the personal data without undue delay when one of the following applies:
a. if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b. if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
c. if you object to the processing in case the processing is for direct marketing purposes;
d. if the personal data have been unlawfully processed; or
e. if the personal data have to be erased for compliance with a legal obligation in EU or national law.11. Data retention
Data retention policy
Your data shall be retained for up to five full fiscal years from completion of Services rendered to you.
Data retention for compliance with legal requirements
You cannot require Behold Retreats to change any of the default retention periods.
Behold Retreats will cooperate with you in order to ensure compliance with applicable data protection provisions, e.g. to enable you to effectively guarantee the exercise of data subjects’ rights (right of access, rectification, erasure, blocking, opposition), to manage incidents including forensic analysis in case of security breach.13. Your consent