This is the privacy statement of awakebliss.com
In this privacy statement, we explain how we collect and use your personal data.
Last updated: January 2020
When is this privacy statement applicable?
Who is responsible for your data?
What data do we collect and how?
How do we use your data?
What third parties have access to your data?
How do we secure your data and how long do we retain them?
How can you exercise your statutory rights?
1. When is this privacy statement applicable?
This privacy statement is applicable to any and all personal data that we collect, use, share and store about you when you book a retreat or tour with us, when you visit our website or when you are in contact with us.
This privacy statement was most recently amended on May 2018 and replaces earlier versions. We may amend this privacy statement from time to time and will notify you of any changes by posting the revised statement on this website and inform you by email, prior to these changes taking effect.
2. Who is responsible for your data?
awakebliss.com are websites belonging to Awake Bliss, owned by Miralva Melo and Ana Cecilia Rocha Established in 2018 and operating from the USA.
We are responsible for the collection and use of your personal data as described further in this privacy statement. If you have questions, comments or complaints about the use of your personal data by Awake Bliss then contact our customer service – at
3. What data do we collect and how?
We collect five categories of personal data about you: (1) name and contact details, (2) booking details,
(3) data that we collect when you contact our customer service, (4) data that we collect when you visit our website or read our newsletter, and (5) social media details.
1. Name and contact details
These are the data that you enter when you book a tour or retreat e.g. your given names and surname, date of birth, place of residence and your telephone number and email address.
When you create a booking, we may request some of the details as needed for the given tour or retreat as well as other information that you enter or change in your account. If you travel with somebody else then we also collect a part of the data outlined in this section about your fellow travelers.
2. Booking details
Booking details are the data about the tour/retreat that you purchased from us. For instance, tour/retreat information (tour/retreat name, destination, price, etc.), data about any specific medical conditions we need to consider, additional hotel/flight bookings made on your behalf (number of nights, type of room, price, etc.).
To book an airline ticket we need your passport number for certain destinations. You can also enter customer numbers of third parties (e.g. your frequent flyer number) if you want to qualify for the relevant privileges or other benefits. With your consent, we save these numbers and your travel preferences (e.g. whether you travel for personal or business purposes and what your favorite airport is) in your AwakeBliss account.
When you purchase a retreat/tour, you are forwarded to the payment page (within AwakeBliss) to complete your order. To complete this payment, you must enter your payment details, e.g. a bank account or credit card number. We do not keep any of this data (nor are the details visible to us), the payment processor offers a secure payment gateway which makes this information invisible from us.
Via our website, you can indicate if you want to bring along special luggage on your flight, e.g. medical luggage or a wheelchair. In pursuance of privacy legislation, this data is qualified as sensitive as they refer to your health.
3. Data that we collect when you contact us
When you contact our customer service by email, WhatsApp, social media or telephone then we establish these contact moments in our systems.
4. Data that we collect when you use our website or read our newsletter
When you visit our website, we register, inter alia, your IP address, type of browser and web browsing behavior. We register, for instance, which tour you have downloaded information for. We also collect some information via cookies, scripts, pixel tags and similar technologies. If you receive a newsletter from us, we register when you open this newsletter or when you click on a link via our email marketing software.
5. Social media details
We collect the aforementioned data in three ways: (1) we record the data that you enter when you book a tour/retreat or contact our customer service, (2) we automatically record data when you open a newsletter or communicate with us via social media, and (3) we receive anonymized data about you from our social media network ex. Facebook..
4. How do we use your data?
We use your data for four objectives: (1) for the supply of our services and for maintaining contact with you, (2) for research to improve our services, (3) for direct marketing based on your preferences and behavior, and (4) for our administration and for compliance with legislation and regulations.
1. For the supply of our services and for maintaining contact with you
When you book a tour/retreat, we use the data as described in section 3 for this. We use your name, passport number (if booking air travel) and other personal data to, for instance, to make reservations on your behalf.
We only supply your medical data in order to assess risk in participation of our retreat and tours. We do not use these data for other objectives.
We use your contact details to communicate with you. Think about, for instance, sending your booking confirmation or warning you by email that there may be actions you need to take prior to travel. We also use your contact details to answer your questions when you contact our customer service.
We use your payment details to handle your payment. Our fraud department checks, in association with our payment provider, if there is question of a fraudulent booking that uses, for instance, a stolen or blocked credit card.
2. For research to improve our services
We research trends regarding the manner that visitors and customers use our services, website, customer services and social media. We do this to gain insight into the behavior and the preferences of our visitors and customers in order that we can thus improve our services, the content on our website and our customer service. We also use the said insight to develop new services.
For this research, we use automatic tools with which we analyze the data outlined in section 3, including your booking details, additional services you purchased and information about you (such as gender and your residence). Names, email addresses or other information that can be traced back to specific persons are not analyzed, as we are only interested in general trends. We never use sensitive data. We may also combine the analyzed data with data that we collect with cookies and similar technologies when you visit our website or information that we receive from group companies or from other sources.
3. For direct marketing based on your preferences and behavior.
We use your data to send you newsletters, offers or other promotional messages. We do this via email and other digital channels, e.g. social media.
To adapt these messages to your preferences and behavior we analyze and combine your data with automated systems. For this purpose, we use your booking details, information about additional services you purchased and information about you (such as gender, residence and your booking preferences). We do not only analyze and combine the data that you entered but also data that we collect via pixel tags and similar technologies, social media and when you contact our customer service.
In our emails, we include personalized offers from Awake Bliss relating to our services and products. For example, we may include offers for additional services (ex. Additional tours). We tailor these offers to your interests.
We process your personal data as described in this paragraph for our legitimate interest and the interests of third parties in order to provide you with relevant updates and offers. You can unsubscribe from receiving newsletters, offers or other promotional messages at any time by clicking the unsubscribe link in the email.
When you unsubscribe, you will still receive our service emails (such as your booking confirmation and any itinerary changes). You may object to the use of your personal data for direct marketing purposes anytime (please see section 7).
4. For our administration and for compliance with legislation and regulations
We use your personal data for internal administration purposes, such as record keeping and to comply with our legal and fiscal obligations.
We collect and use your personal data to provide our services to you, to comply with our statutory obligations, for our legitimate interests or the interests of a third party or with your consent, for example in situations where we require your medical data.
If you revoke your consent or if you do not supply the data that we need for the performance of the contract with you or to comply with our statutory obligations then you may not be able to use our services or only to a limited extent.
If we process your personal data for our legitimate interests or the interests of a third party, we have balanced these interests against your privacy interests. We will take measures to safeguard your privacy interests and to prevent unwarranted harm to you, as appropriate. Our legitimate interests may for example include security and safety purposes or to provide better services and offerings to you. For more information on these interests, please see the purposes for which we process your personal data above. These balancing tests are primarily based around tour and retreat safety for you and other participants.
5. What third parties have access to your data?
We may exchange your data with or make your data available to third parties within the framework of the following three objectives: (1) with partners to implement your bookings, (2) with our group companies and brands for support services, statistical research and direct marketing, and (3) with our suppliers who provide supporting services. Only if Awake Bliss is by law held to do so, shall we supply your data to supervisory authorities, tax authorities and investigate authorities.
1. Implement Bookings & Reservations
We supply your data to partners who are directly involved in your booking. We supply your data to, for instance, airlines/hotels and other service providers who are involved in the implementation of your flight or reservation. We supply your data to the relevant providers, usually this will be limited to name, gender and in some cases passport info (for flights/visa/border related issues).
2. Group support services, research and direct marketing
For the supply of our services we rely on support services provided by Awake Bliss. We have, for instance, customer support operating in different time zones in different parts of the world so we can provide you customer service. These groups have access to your data as required for their business function. Your data is available to Awake Bliss and is used within our framework. Your data may be used within these brands for research and direct marketing (see section 4).
3. Reliance on supporting services
For the supply of our services we rely on third parties, e.g. IT suppliers, marketing agencies, online advertising companies, credit card companies, payment providers, service providers in the area of fraud prevention and online bookings. We conclude agreements with these third parties in which it is determined that they shall handle your data confidentially and shall secure this data adequately.
Our group, partners and service providers are not all based in the USA but also beyond. If this kind of party has access to your data, this constitutes an international transfer of personal data. For example, a South American airline receives your data from us within the framework of a booked tour. Awake Bliss supplies data to group companies, partners and service providers in Peru, India, Egypt, Cambodia and the United States. The regulations in these countries do not always provide the same level of protection of personal data as the regulations covered by the GDPR. Where required, Awake Bliss took appropriate measures to comply with the requirements that the applicable privacy regulations impose on the international transfer of personal data.
We conclude, for instance, so-called European Model Agreements for the transfer of personal data with our group companies and service providers (see article 46 GDPR). We may also supply personal data to recipients established in the US if they have a valid EU-US Privacy Shield certification (article 45 GDPR). In some cases, we may ask your explicit consent to transfer personal data outside the European Union (article 49 GDPR).
6. How do we secure your data and how long do we retain them?
Awake Bliss took technical and organizational security measures to protect your data against loss or unlawful use, e.g. unauthorized insight into data. In this respect, we take the state of the art and the cost of the implementation into account in order that we guarantee an appropriate level of security regarding the risks that the processing and the nature of the data to be protected bring about.
We retain your data as long as required to realize the objectives as described in this privacy statement but generally no longer than 4 years after your last interaction with us, unless in so far as such is necessary for compliance with our statutory obligations or for the benefit of potential disputes. If we no longer require data, we destroy the data or make in anonymous it so it can no longer be linked to you.
7. How can I exercise my statutory rights?
You may contact our customer service to exercise any of the rights you are granted under applicable data protection laws, which includes (1) the right to access your data, (2) to rectify them, (3) to erase them, (4) to restrict the processing of your data, (5) the right to data portability and (6) the right to object to processing. Please note that we may require you to provide additional information to verify your identity.
1. Right to access
You may ask us whether we process any of your personal data and, if so, receive access to that data in the form of a copy. When complying with an access request, we will also provide you with additional information, such as the purposes of the processing, the categories of personal data concerned as well as any other information necessary for you to exercise the essence of this right.
2. Right to rectification
You have the right to have your data rectified in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate personal data about you and, considering the purposes of the processing, complete incomplete personal data.
3. Right to erasure
You also have the right to have your personal data erased, which means the deletion of your data by us and, where possible, any other controller to whom your data has previously been shared with by us. Erasure of your personal data only finds place in certain cases, prescribed by law and listed under article 17 of the GDPR. This includes situations where your personal data are no longer necessary in relation to the initial purposes for which they were processed as well as situations where they were processed unlawfully. Due to the way we maintain certain services, it may take some time before backup copies are erased.
4. Right to restriction of processing
You have the right to obtain the restriction of the processing of your personal data, which means that we suspend the processing of your data for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your personal data was contested but some time is needed for us to verify their (in)accuracy. This right does not prevent us from continuing to store your personal data. We will inform you before the restriction is lifted.
5. Right to data portability
Your right to data portability entails that you may request us to provide you with your personal data in a structured, commonly used and machine-readable format and to have such data transmitted directly to another controller, where technically feasible. Upon request and where this is technically feasible, we will transmit your personal data directly to the other controller.
6. Right to object
You also have the right to object to the processing of your personal data, which means you may request us to no longer process your personal data. This only applies in case the ‘legitimate interests’ ground (including profiling) constitutes the legal basis for processing (see paragraph 4).
At any time and free of charge you can object to direct marketing purposes in case your personal data are processed for such purposes, which includes profiling purposes to the extent that it is related to such direct marketing. You can always exercise this right by revoking your previously given consent by following the instructions in the relevant marketing communication. In case you exercise this right, we will no longer process your personal data for such purposes.
There may be situations where we are entitled to deny or restrict your rights described in this paragraph. In any case, we will carefully assess whether such an exemption applies and inform you accordingly.
We may, for example, deny your request for access when necessary to protect the rights and freedoms of other individuals or refuse to delete your personal data in case the processing of such data is necessary for compliance with legal obligations. The right to data portability, for example, does not apply in case the personal data was not provided by you or if we process the data not based on your consent or for the performance of a contract.
You can also contact us at if you have any questions, remarks or complaints in relation to this privacy statement. If you have any unresolved concerns, you also have the right to lodge a complaint with your Data Protection Authority.