Shambho Journeys SRL
Last updated: 17 January 2026

1. Data Controller

The entity responsible for processing your personal data is: Shambho Journeys SRL

Registered office: Str. Sg. Alexandru Cutieru 25 A Bl. 3 Sc. 3 Ap. B183, sector 6, Bucharest

Phone: +40 722 777 487

Email: explore@shambhojourneys.com

Website: www.shambhojourneys.com

Legal Representative: Robert-Andrei Gheorghiu, Administrator

2. Personal Data Collected

Shambho Journeys SRL collects only the personal information strictly necessary for communication, registration, and billing, as applicable:

• Full name
• City of residence
• Country of residence
• Email address
• Phone number (including WhatsApp)
• Date of birth (optional)
• Other information voluntarily provided through forms or messages

3. Purposes of Data Processing

Your personal data may be processed for the following purposes:

• Communication via email, WhatsApp, or phone (call/SMS) regarding programs, events, courses, and retreats;
• Registration for Yoga Retreats, pilgrimages, events, online/offline programs;
• Sending newsletters, educational content, and updates about Shambho Journeys’ activities;
• Issuing invoices, receipts, and fulfilling legal accounting obligations;
• Managing online payments made through the integrated website platforms;
• Complying with applicable legal and fiscal requirements.

4. Legal Basis for Processing

Data processing is carried out in accordance with Article 6 of Regulation (EU) 2016/679 (GDPR) on one or more of the following legal grounds:

• Explicit consent of the data subject (for newsletters, WhatsApp communication, event registration, or contact forms);
• Performance of a contract or pre-contractual steps (for participation in paid events, retreats, or courses);
• Legitimate interest of Shambho Journeys SRL (for administrative communication and protection of its legal rights);
• Legal obligation (for accounting and fiscal documentation).

Note: For short-term journeys where no written contract is signed, the consent provided through registration (form submission or online payment) constitutes a valid legal basis under GDPR.

5. Data Retention Period

• Data collected for communication, newsletters, or event registration: retained until the data subject withdraws consent.
• Accounting and fiscal documents: retained for five (5) years, in accordance with Romanian law.

After these periods expire or upon request for deletion, the data will be safely erased or anonymised.

6. Data Disclosure to Third Parties

Shambho Journeys SRL does not sell, rent, or disclose personal data to third parties, except in the following cases:

• To service providers supporting Shambho Journeys’ operations, all of whom are GDPR-compliant:
  
  • Mailerlite (newsletter management)
  • WhatsApp Business / Meta Platforms (communications)
  • Google Workspace (Gmail, Drive) (storage and email services)
  • WordPress and Elementor (website hosting and online forms)
  • Online payment processors (for transactions made through the website)

All these partners provide adequate safeguards and operate under the European Commission’s Standard Contractual Clauses.

7. Your Rights

Under GDPR, you have the following rights:

• Right of access to your personal data;
• Right to rectification or update;
• Right to erasure (“right to be forgotten”);
• Right to restriction of processing;
• Right to data portability;
• Right to object to processing;
• Right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;
• Right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) – www.dataprotection.ro.

To exercise any of these rights, you can contact us at explore@shambhojourneys.com.

Shambho Journeys SRL will respond to your request within 30 calendar days.

8. Data Security

Shambho Journeys SRL implements appropriate technical and organizational measures to safeguard your data, including:

• Secure HTTPS/SSL connections;
• Strong passwords and two-factor authentication;
• Restricted access to stored information;
• Regular backups and encrypted communication;
• Deletion of data upon request or withdrawal of consent.

9. Cookies

The Shambho Journeys website uses cookies to ensure optimal functionality and analyze site traffic (Google Analytics).

By continuing to browse the website, you consent to the use of cookies in accordance with applicable regulations.

10. Processing of Minors’ Data

The Shambho Journeys website and programs are intended for individuals aged 14 and above.

For minors under 14 years old, personal data may be collected only with the explicit consent of a parent or legal guardian, who must complete the registration on the minor’s behalf.

Individuals aged 14 to 18 years may provide their own consent for registration in classes or online activities, provided that the programs do not impose contractual obligations or travel requirements.

For participation in retreats or in-person events, written consent from a parent or legal guardian is required.

If Shambho Journeys SRL discovers that personal data from a minor under 14 has been collected without parental authorization, such data will be immediately deleted.

11. Changes to This Policy

Shambho Journeys SRL reserves the right to update this Privacy Policy to reflect legal or operational changes.

The new version will be published on the website and will take effect on the date indicated above.

12. Contact

For questions, clarifications, or to exercise your rights, please contact us at:
 explore@shambhoJourneys.com
 +40 722 777 487