Privacy Policy

Last updated: 1 January 2026

1. Introduction

Coravira ("Coravira", "we", "our", "us") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, store, and safeguard your information when you visit coravira.cfd, contact our team, or use our wellness spa and retreat services.

We aim to handle personal data responsibly and transparently, in line with applicable privacy and data protection laws, including the General Data Protection Regulation (GDPR), where it applies.

2. Data Controller

The data controller responsible for your personal data is:
Coravira Wellness Spa & Retreat
Ubud Sacred Valley, Bali
Email: [email protected]
Phone: +62 361 987 6543

3. Information We Collect

3.1 Information You Provide

We may collect personal information that you voluntarily provide when you:

• Submit an enquiry through our contact form or retreat booking wizard
• Book or request information about spa treatments, retreats, or wellness programs
• Subscribe to wellness updates, offers, or retreat announcements
• Communicate with us by email, phone, WhatsApp, or social media
• Attend Coravira events, workshops, retreats, or wellness sessions

This may include your name, email address, phone number, organisation or group name, preferred retreat type, preferred location, budget range, wellness goals, booking details, and any other information you choose to share with us.

3.2 Information Collected Automatically

When you visit our website, we may automatically collect technical information such as IP address, browser type, device type, operating system, referring URL, pages viewed, time and date of visit, and general usage patterns. This information may be collected through cookies and similar technologies as explained in our Cookie Policy.

3.3 Wellness and Booking Information

When you book or enquire about a Coravira experience, we may process information needed to plan and deliver your service. This may include treatment preferences, retreat goals, dietary preferences, schedule details, accommodation needs, group information, and relevant notes you choose to provide so we can personalise your experience.

4. How We Use Your Data

We use your personal data for the following purposes:

• To respond to your enquiries and provide information about our services
• To arrange spa treatments, wellness retreats, consultations, and bookings
• To personalise retreat plans, treatment schedules, and guest experiences
• To communicate with you about your booking, preferences, or service requests
• To improve our website, services, content, and guest experience
• To send wellness updates, retreat news, or marketing communications where you have consented
• To manage administration, record keeping, safety, and legal compliance

5. Legal Basis for Processing

Where GDPR applies, we process your personal data on the following legal bases:

• Contract: Processing needed to provide requested spa, retreat, booking, or wellness services
• Legitimate interests: Responding to enquiries, improving our services, operating our website, and managing guest relationships
• Legal obligation: Processing required for accounting, tax, safety, or other legal responsibilities
• Consent: Marketing communications, optional wellness updates, and non-essential cookies where required

6. Data Retention

We keep personal data only for as long as necessary for the purposes described in this policy. Booking and guest records may be retained for as long as needed to manage services, resolve enquiries, comply with legal duties, and maintain business records. General enquiry information from non-guests is normally retained for up to 3 years, while analytics information may be retained for up to 26 months.

7. Your Rights

Depending on your location and applicable law, you may have the following rights:

• Right to access the personal data we hold about you
• Right to request correction of inaccurate or incomplete data
• Right to request deletion of your personal data where applicable
• Right to restrict or object to certain processing activities
• Right to data portability where applicable
• Right to withdraw consent at any time where processing is based on consent
• Right to lodge a complaint with a relevant data protection authority

To exercise your rights, contact us at [email protected]. We will respond within a reasonable period and in accordance with applicable law.

8. Data Sharing

We do not sell your personal data. We may share information with trusted service providers who help us operate our website, manage bookings, process communications, deliver wellness experiences, provide IT support, or meet legal and accounting requirements. Where required, these providers are bound by appropriate confidentiality and data protection obligations.

9. International Transfers

If personal data is transferred outside your country or region, we take reasonable steps to ensure it remains protected. This may include using recognised contractual safeguards, working with trusted providers, or relying on approved transfer mechanisms where applicable.

10. Security

We use appropriate technical and organisational measures to help protect your personal data from unauthorised access, loss, misuse, alteration, or disclosure. These measures may include secure systems, access controls, staff confidentiality practices, encryption where appropriate, and regular review of our data handling procedures.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, website, privacy practices, or legal requirements. Any updates will be posted on this page with a revised “Last updated” date.

12. Contact

For privacy-related questions or requests, contact us at [email protected] or write to: Coravira Wellness Spa & Retreat, Ubud Sacred Valley, Bali.