Last Updated: 29 January 2026

Background

  1. Thryve Pro Academy operates as an online platform providing day retreats for practitioners of Transcendental Meditation (TM) through digital delivery methods, including video conferencing platforms and online educational resources. TM itself is not taught by Thryve or through our retreats.
  2. The retreats are led by certified TM teachers who teach TM under the auspices of Maharishi Foundation UK or equivalent organisations internationally. These retreats are offered as part of Thryve3, a coaching and wellbeing programme operated by the Company, and are also available to anyone who has learned TM in the UK.
  3. Our online retreat services are delivered via video conferencing platforms to participants located primarily within the United Kingdom and European Economic Area, requiring the processing of personal data for service delivery, communication, and administrative purposes.
  4. The Company processes both standard personal data (including contact details, payment information, and booking history) and special category personal data (including health conditions and physical limitations voluntarily provided by participants).
  5. All data processing activities are conducted in compliance with the UK General Data Protection Regulation, the Data Protection Act 2018, and other applicable data protection legislation, with the Information Commissioner's Office serving as our lead supervisory authority.
  6. The Company maintains differentiated data retention periods based on data type and legal requirements, with general participant data retained for 2 years and financial records retained for 6 years to meet statutory obligations.
  7. Our data processing activities involve sharing personal data with essential service providers, including certified TM teachers engaged as independent contractors, third-party payment processing services, and video conferencing platform providers.
  8. The Company implements technical and organisational security measures including industry-standard encryption, secure data storage within the UK/EEA, and robust breach notification procedures to protect personal data against unauthorised access, loss, or misuse.
  9. This Privacy Policy operates alongside our website Terms and Conditions and Cookie Policy to provide comprehensive information about our data processing practices and your rights as a data subject under applicable data protection legislation.
  1. Definitions
  1. Account means the personal user account created by a data subject on our website or platform to access our services, containing personal information, booking history, and service preferences.
  2. Certified TM Teacher means an individual who has completed accredited training in Transcendental Meditation instruction and is authorised to teach TM (separately from our Retreat Services) and to lead our retreats.
  3. Data Processor means a natural or legal person who processes personal data on behalf of the data controller, including payment processors and video conferencing platform providers.
  4. Health Data means personal data concerning the physical or mental health of a data subject that is directly relevant to their safe participation in Retreat Services, voluntarily provided during booking or service delivery.
  5. ICO means the Information Commissioner's Office, being the supervisory authority responsible for data protection regulation in the United Kingdom.
  6. Marketing Communications means promotional emails, newsletters, and other communications about our services, products, or events, sent with separate consent from service-related communications.
  7. Online Platform means our website, mobile applications, and digital systems used to deliver TM retreat services and process bookings and payments.
  8. Payment Information means financial data including payment card details, billing addresses, and transaction records processed by third-party payment processors for service payments.
  9. Retreat Services means our online day retreats for TM practitioners, and related educational services delivered via video conferencing platforms and digital resources. TM instruction is not provided through our Retreat Services.
  10. Third Party Service Providers means external organisations that provide services to support our operations, including payment processors, video conferencing platforms, and technical service providers.
  11. TM means Transcendental Meditation, being the meditation technique practised by participants of our Retreat Services. TM is taught separately by certified teachers, not through our retreats.
  12. Video Conferencing Platforms means third-party software services used to deliver online retreat sessions, including platforms such as Zoom, Microsoft Teams, or similar services.
  13. Website means the Company's website located at thryve3.com/days and any related web pages, mobile applications, or online platforms operated by us.
  1. Data Controller Information
  1. Thryve Pro Academy (Company Number 16573922) is the primary Data Controller for all personal data collected through this Website and in connection with our Retreat Services.
  2. Our registered office address is 3rd Floor, 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE, and we can be contacted regarding data protection matters at hello@thryve3.com or by post at the registered office address.
  3. Thryve Pro Academy is the sole Data Controller for all personal data processed in connection with our Website and Retreat Services.
  1. Scope and Application
  1. This Privacy Policy applies to all personal data processing activities conducted by Thryve Pro Academy in connection with the provision of our Online Platform, Retreat Services, and related business operations.
  2. The scope of this Privacy Policy covers:
  1. all visitors to and users of our Website, regardless of whether they create an account or purchase services;
  2. individuals who register for, participate in, or inquire about our TM day retreats and related services;
  3. personal data collected through our booking systems, payment processes, and customer communications;
  4. data shared with Certified TM Teachers engaged as independent contractors for service delivery.
  1. This Privacy Policy applies to personal data processing where:
  1. you are located within the United Kingdom or European Economic Area when using our services;
  2. we process your personal data in the UK or EEA, regardless of your location;
  3. our processing activities are subject to UK GDPR or other applicable Data Protection Legislation.
  1. Where we process personal data of individuals located outside the UK and EEA, we will apply data protection standards equivalent to those required under UK GDPR, including appropriate safeguards for international data transfers.
  2. This Privacy Policy does not apply to:
  1. third-party websites, platforms, or services that may be linked from our Website but are not operated by us;
  2. data processing activities of Video Conferencing Platforms beyond those conducted on our behalf as Data Processors.
  1. Legal Basis for Processing
  1. We process your personal data on the basis of one or more lawful bases under Article 6 of the UK GDPR, and where applicable, Article 9 for special category personal data.
  2. Contract Performance (Article 6(1)(b)): We process personal data where necessary for the performance of our contract with you to provide Retreat Services, including:
  1. Processing contact details and booking information to deliver your booked retreat sessions.
  2. Processing payment information to complete financial transactions for services purchased.
  3. Providing access credentials and technical support for our Online Platform and Video Conferencing Platforms.
  1. Legitimate Interests (Article 6(1)(f)): We process personal data where necessary for our legitimate interests or those of third parties, provided your fundamental rights and freedoms do not override these interests:
  1. Maintaining account records and booking history to support ongoing customer relationships and service delivery.
  2. Improving our services and developing new offerings based on user feedback and service usage patterns.
  3. Protecting our business interests through fraud prevention, security monitoring, and legal compliance activities.
  4. Facilitating communication with Certified TM Teachers for service coordination and quality assurance.
  1. Legal Obligation (Article 6(1)(c)): We process personal data where required to comply with legal obligations, including:
  1. Maintaining financial records and transaction data for tax and accounting purposes.
  2. Responding to lawful requests from regulatory authorities and law enforcement agencies.
  1. Explicit Consent (Article 9(2)(a)): For Special Category Personal Data, including Health Data, we rely on your explicit consent which you provide when:
  1. Voluntarily submitting health conditions or physical limitations during the booking process or at any time before or during Retreat Services.
  2. Agreeing to our processing of such data through clear affirmative action and unambiguous indication of your wishes.
  1. Marketing Communications require separate consent under Article 6(1)(a), which you can provide or withdraw independently of service delivery consent.
  1. Categories of Personal Data
  1. We process the following categories of standard Personal Data in connection with our Website and Retreat Services:
  1. Contact information, including full name, email address, telephone number, and postal address.
  2. Account data, including username, encrypted password, account preferences, booking history, and service usage records.
  3. Payment information, including billing address, payment method details (processed by Third Party Service Providers), transaction history, and refund records.
  4. Communication records, including correspondence via email, telephone, or through our Online Platform, including support requests and feedback.
  5. Technical data, including IP address, browser type and version, device information, operating system, and Website usage analytics.
  1. We may process the following categories of Special Category Personal Data where you provide explicit consent:
  1. Health information, limited to medical conditions, physical limitations, or accessibility needs that you voluntarily disclose and that are directly relevant to your safe participation in Retreat Services.
  2. We do not actively solicit Health Data and will only process such information where you choose to provide it.
  1. All Health Data is processed solely on the basis of your explicit consent and is used only to:
  1. Ensure appropriate modifications or accommodations are made to Retreat Services to meet your individual needs.
  2. Enable Certified TM Teachers to provide safe and suitable meditation instruction.
  3. Comply with our duty of care obligations to retreat participants.
  1. You may withdraw your consent for processing Health Data at any time by contacting us using the details in Section 17, without affecting the lawfulness of processing based on consent before its withdrawal. Withdrawal of consent will not affect your ability to access basic Retreat Services, though we may be unable to provide specific accommodations or modifications.
  1. Data Collection Methods
  1. We collect Personal Data through the following methods in accordance with Data Protection Legislation and this Privacy Policy.
  2. Direct provision by you, including when you:
  1. Complete online booking forms for Retreat Services;
  2. Create an Account on our Online Platform;
  3. Contact us via email, telephone, or contact forms;
  4. Voluntarily provide Health Data during the booking process or at any time thereafter;
  5. Subscribe to Marketing Communications;
  6. Participate in surveys, feedback requests, or customer service interactions.
  1. Automatic collection through Website interaction, including:
  1. Technical information collected via Cookies and similar tracking technologies;
  2. Usage data, browsing patterns, and website analytics;
  3. Device information, IP addresses, and connection details;
  4. Session recordings and heatmap data for website optimisation purposes.
  1. Third Party Service Providers who collect data on our behalf, including:
  1. Payment processors who collect Payment Information during transactions;
  2. Video Conferencing Platforms that gather technical data during retreat participation;
  3. Email service providers who track engagement with our communications;
  4. Website hosting and analytics providers who collect usage statistics.
  5. We only collect Personal Data that is necessary for the purposes outlined in Section 7 of this Privacy Policy and in accordance with the principle of data minimisation.
  1. Where Special Category Personal Data is collected, we will always seek your explicit consent and clearly explain the purposes for which such data will be used.
  1. Purposes of Processing
  1. We process your Personal Data for the following primary purposes in connection with our Retreat Services:
  1. delivering Online Platform services including day retreats for TM practitioners and related educational content;
  2. managing participant bookings, scheduling, and attendance records;
  3. facilitating access to Video Conferencing Platforms and digital retreat materials;
  4. coordinating with Certified TM Teachers for service delivery.
  1. We process Personal Data for communication purposes including:
  1. sending service-related notifications, booking confirmations, and retreat instructions;
  2. providing customer support and responding to enquiries;
  3. sharing essential information about retreat schedules, changes, or cancellations;
  4. facilitating communication between participants and Certified TM Teachers where necessary for service delivery.
  1. We process Payment Information and related data for:
  1. processing retreat fees and related charges;
  2. managing refunds, cancellations, and payment disputes;
  3. maintaining financial records and transaction history;
  4. preventing fraud and ensuring payment security.
  1. We process Health Data that you voluntarily provide for:
  1. ensuring retreat content and delivery methods are appropriate for your circumstances;
  2. allowing Certified TM Teachers to provide suitable guidance and modifications;
  3. maintaining participant safety during online retreat activities;
  4. complying with our duty of care obligations.
  1. We process Personal Data for legal compliance purposes including:
  1. fulfilling obligations under Data Protection Legislation and other applicable laws;
  2. responding to lawful requests from regulatory authorities including the ICO;
  3. maintaining records required for tax, accounting, and corporate compliance;
  4. protecting our legal rights and defending against legal claims.
  1. We process Personal Data for legitimate business interests including:
  1. analysing Website usage and retreat participation to improve our services;
  2. conducting internal research and development for new retreat offerings;
  3. managing our relationships with Certified TM Teachers and service providers;
  4. ensuring network security and preventing unauthorised access to our systems.
  1. Where we process Personal Data for Marketing Communications, this is done only with your separate explicit consent and you may withdraw such consent at any time without affecting our ability to provide Retreat Services.
  1. Data Sharing and Recipients
  1. We share your Personal Data with third parties only where necessary for service delivery, legal compliance, or legitimate business operations, and in accordance with applicable Data Protection Legislation.
  2. Certified TM Teachers
  1. We share participant names with Certified TM Teachers who lead Retreat Services. These teachers are engaged under contractor agreements that include confidentiality obligations.
  1. Payment Processing Services
  1. We share Payment Information with third-party payment processors to facilitate transaction processing and refund management.
  2. Payment processors act as independent Data Controllers for payment card data and fraud prevention activities, operating under their own privacy policies and PCI DSS compliance obligations.
  3. We retain transaction records but do not store complete payment card details on our systems.
  1. Video Conferencing Platforms
  1. We share participant names, email addresses, and meeting access requirements with Video Conferencing Platform providers to enable retreat delivery.
  2. Platform providers may collect additional data directly from participants during sessions, including IP addresses, device information, and session recordings where enabled.
  3. Each platform operates under its own privacy policy, and we recommend reviewing these policies before participating in online sessions.
  1. Service Providers and Contractors
  1. We may share Personal Data with IT service providers, customer support services, and professional advisors where necessary for business operations.
  2. All service providers are bound by confidentiality obligations and data processing agreements that restrict their use of Personal Data to specified purposes.
  1. Legal and Regulatory Disclosure
  1. We may disclose Personal Data where required by law, court order, or regulatory authority, including disclosure to the ICO for investigation purposes.
  2. We may share data to protect our legal rights, prevent fraud, or ensure participant safety where we have legitimate grounds to do so.
  1. Business Transfers
  1. In the event of a merger, acquisition, or sale of business assets, Personal Data may be transferred to the acquiring entity subject to equivalent privacy protections.
  2. We will provide advance notice of any such transfer and your options regarding your Personal Data.
  1. International Data Transfers
  1. Primary Data Storage Location: All personal data collected through our Website and Retreat Services is primarily stored and processed within the United Kingdom and European Economic Area, ensuring adequate protection under UK GDPR and equivalent data protection standards.
  2. Third Country Transfers: Where personal data must be transferred to countries outside the UK and EEA for essential service delivery purposes, we ensure such transfers are protected by appropriate safeguards as required under Data Protection Legislation.
  3. Adequacy Decisions: We may transfer personal data to third countries that have received adequacy decisions from UK or EU authorities, recognising that such jurisdictions provide essentially equivalent protection to UK GDPR standards.
  4. Standard Contractual Clauses: For transfers to third countries without adequacy decisions, we implement Standard Contractual Clauses approved by UK authorities, ensuring contractual obligations that replicate the protections afforded under UK GDPR.
  5. Video Conferencing Platforms: We only use Video Conferencing Platform providers that maintain appropriate transfer mechanisms for any data processed outside the UK/EEA, including adequacy decisions or Standard Contractual Clauses.
  6. Payment Processing: We only use payment processors that maintain compliance with UK GDPR transfer requirements and implement appropriate technical and organisational security measures for any international transfers.
  7. Data Subject Rights: Your rights as a Data Subject remain enforceable regardless of where your personal data is processed internationally, and we maintain procedures to facilitate the exercise of these rights across all processing locations.
  1. Data Retention Periods
  1. General Retention Period: The Company retains standard Personal Data for a period of two (2) years from the date of last interaction with the Data Subject or completion of Retreat Services, whichever is later.
  2. Justification for Retention Period: The two-year general retention period balances our legitimate interests in maintaining participant records with data minimisation principles. This period allows for:
  1. service continuity and re-engagement with participants for future Retreat Services;
  2. resolution of any service queries or complaints that may arise after participation;
  3. analysis of service usage patterns to improve our offerings.
  1. Health Data: Health Data is retained only for the duration necessary to deliver the relevant Retreat Services, plus twelve (12) months thereafter to address any follow-up queries. Health Data will be deleted promptly upon withdrawal of consent.
  2. Financial Records: Transaction records and Payment Information are retained for six (6) years from the date of transaction to comply with tax, accounting, and consumer protection requirements under English law.
  3. Marketing Communications: Personal Data used solely for Marketing Communications purposes is retained until consent is withdrawn or the Data Subject opts out, at which point such data is deleted within thirty (30) days.
  4. Account Data: Where Data Subjects maintain active Accounts on the Online Platform, Personal Data is retained for the duration of account activity plus the general retention period specified in clause 9.1.
  5. Automatic Deletion: The Company implements automated processes to delete Personal Data at the expiry of applicable retention periods, subject to any legal holds or ongoing disputes.
  6. Early Deletion Criteria: Personal Data may be deleted before the expiry of the retention period where:
  1. the Data Subject exercises their right to erasure under Data Protection Legislation and no overriding legitimate grounds exist for continued Processing;
  2. the Personal Data is no longer necessary for the original purposes for which it was collected;
  3. the Personal Data has been unlawfully processed.
  1. Data Subject Rights
  1. You have the following rights regarding your Personal Data under Data Protection Legislation, which you may exercise by contacting us using the details provided in Section 18.
  2. Right of Access: You have the right to obtain confirmation whether we are Processing your Personal Data and, where we are, access to your Personal Data together with information about the purposes of Processing, categories of data, recipients, retention periods, and your other rights.
  3. Right to Rectification: You have the right to obtain rectification of inaccurate Personal Data concerning you and to have incomplete Personal Data completed, including by providing a supplementary statement.
  4. Right to Erasure: You have the right to obtain erasure of your Personal Data where one of the following grounds applies:
  1. the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise Processed;
  2. you withdraw consent on which Processing is based and there is no other Lawful Basis for Processing;
  3. you object to Processing based on Legitimate Interests and there are no overriding legitimate grounds for Processing;
  4. the Personal Data has been unlawfully Processed;
  5. erasure is required for compliance with a legal obligation.
  1. Right to Restriction of Processing: You have the right to obtain restriction of Processing where you contest the accuracy of Personal Data, Processing is unlawful but you oppose erasure, we no longer need the data but you require it for legal claims, or you have objected to Processing pending verification of overriding legitimate grounds.
  2. Right to Data Portability: Where Processing is based on consent or contract performance and is carried out by automated means, you have the right to receive your Personal Data in a structured, commonly used, machine-readable format and to transmit that data to another Data Controller.
  3. Right to Object: You have the right to object to Processing based on Legitimate Interests, including profiling, unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms or for establishment, exercise or defence of legal claims.
  4. Right to Object to Marketing: You have the right to object to Processing for Marketing Communications purposes at any time, which we will honour without charge and usually within two business days of receipt.
  5. Right to Withdraw Consent: Where Processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of Processing based on consent before its withdrawal.
  6. Health Data Consent Withdrawal: For Special Category Personal Data relating to health conditions, you may withdraw your explicit consent at any time, though this will not affect our ability to provide basic Retreat Services that do not require Health Data.
  7. Response Timeframes: We will respond to requests to exercise rights without undue delay and in any event within one month of receipt, which may be extended by two months for complex requests with notification and explanation of the delay.
  8. Identity Verification: We may require additional information to verify your identity before responding to requests, particularly for access requests or requests that could affect the rights and freedoms of others.
  9. Charges: We will not charge for exercising your rights unless requests are manifestly unfounded or excessive, particularly if repetitive, in which case we may charge a reasonable fee or refuse to act on the request.
  10. Complaints: You have the right to lodge a complaint with the ICO if you believe our Processing of your Personal Data violates Data Protection Legislation, without prejudice to any other administrative or judicial remedy.
  1. Security Measures
  1. We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of our Processing activities, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of Processing.
  2. Our technical security measures include:
  1. Industry-standard encryption for Personal Data both in transit and at rest using AES-256 encryption or equivalent standards.
  2. Secure data storage within the UK and European Economic Area with access controls and authentication protocols.
  3. Regular security updates and patch management for all systems Processing Personal Data.
  4. Network security measures including firewalls, intrusion detection systems, and secure communication protocols.
  5. Backup and disaster recovery procedures to ensure data availability and integrity.
  1. Our organisational security measures include:
  1. Staff training on data protection principles and security procedures for all personnel with access to Personal Data.
  2. Access controls ensuring Personal Data is accessible only to authorised personnel on a need-to-know basis.
  3. Regular review and assessment of security measures and Processing activities.
  4. Contractual data protection obligations for all Third Party Service Providers and Data Processors.
  1. In the event of a Personal Data breach, we will:
  1. Assess the risk to Data Subjects and take immediate steps to contain and remedy the breach.
  2. Notify the ICO within 72 hours of becoming aware of a breach that poses a risk to Data Subjects' rights and freedoms.
  3. Communicate with affected Data Subjects without undue delay where the breach is likely to result in high risk to their rights and freedoms.
  4. Maintain records of all Personal Data breaches including the facts, effects, and remedial action taken.
  1. We regularly monitor, review and update our security measures to ensure their continued effectiveness and compliance with applicable Data Protection Legislation.
  2. You acknowledge that no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security of your Personal Data.
  1. Cookies and Tracking Technologies
  1. Cookies Overview
  • We use cookies and similar tracking technologies on our Website to enhance user experience, analyse website performance, and support the delivery of our Retreat Services.
  1. Types of Cookies Used
  1. Essential Cookies: Required for basic website functionality, account authentication, and secure access to our Online Platform.
  2. Performance Cookies: Collect anonymous information about website usage patterns, page load times, and technical performance metrics.
  3. Functional Cookies: Remember user preferences, language settings, and customisation options to improve user experience across sessions.
  4. Analytics Cookies: Enable us to understand visitor behaviour, popular content areas, and website navigation patterns for service improvement purposes.
  1. Cookie Purposes
  1. Website functionality and security, including session management and fraud prevention measures.
  2. Performance monitoring and technical optimisation of our Online Platform and Retreat Services delivery systems.
  3. User experience personalisation and preference retention across multiple website visits.
  4. Statistical analysis of website usage to support business planning and service development under our Legitimate Interests.
  1. Third Party Cookies
  1. Video Conferencing Platforms may place cookies when accessing retreat content or participating in online sessions.
  2. Payment Information processors may use cookies during transaction processing and payment verification procedures.
  3. Analytics service providers may place cookies to measure website performance and user engagement metrics.
  1. Cookie Duration
  1. Session Cookies: Automatically deleted when you close your browser or end your website session.
  2. Persistent Cookies: Remain on your device for predetermined periods ranging from 24 hours to 2 years depending on functionality requirements.
  1. User Control Options
  1. You may accept, reject, or manage cookie preferences through our cookie consent banner displayed upon first website visit.
  2. Browser settings allow you to disable, delete, or restrict cookies, though this may affect website functionality and access to certain Retreat Services.
  3. Most browsers provide cookie management tools accessible through privacy or security settings menus.
  4. Cookie Policy Updates
  • We may update our cookie usage practices to reflect changes in technology, legal requirements, or business operations, with notification provided through website notices or direct communication methods.
  1. Marketing and Communications
  1. We will only send you Marketing Communications where you have provided your explicit consent or where we have another valid legal basis under Data Protection Legislation.
  2. Marketing consent is collected separately from consent required for the provision of Retreat Services and you may withdraw marketing consent without affecting your ability to access our core services.
  3. Marketing Communications may include information about:
  1. new Retreat Services and programmes;
  2. special offers and promotional pricing;
  3. educational content related to TM practice;
  4. events and workshops;
  5. surveys and feedback requests to improve our services.
  1. You can opt-out of receiving Marketing Communications at any time by:
  1. clicking the unsubscribe link in any marketing email;
  2. logging into your Account and updating your communication preferences;
  3. contacting us using the details provided in section 18 of this Privacy Policy;
  4. replying "STOP" to any marketing text message.
  1. We will process your opt-out request within 5 working days and you will not receive further Marketing Communications after this period, except where required for legal compliance or service delivery purposes.
  2. If you opt-out of Marketing Communications, you will continue to receive essential service communications including booking confirmations, retreat joining instructions, and important account or service updates.
  3. We do not sell, rent, or otherwise provide your personal data to third parties for their own marketing purposes without your explicit consent.
  1. Age Restrictions and Verification
  1. Our Retreat Services are intended exclusively for individuals aged 18 years and over, and we do not knowingly collect Personal Data from individuals under the age of 18.
  2. If we become aware that we have collected Personal Data from an individual under the age of 18, we will take immediate steps to delete such information from our systems. Parents, guardians, or the individual concerned should contact us using the details provided in Section 17.
  3. Policy Updates and Review
  4. We may update this Privacy Policy to reflect changes in our data processing practices, legal requirements, or business operations. Material changes will be notified via prominent website notice or direct email to registered users.
  5. The "Last Updated" date at the top of this Privacy Policy indicates when changes were last made. Continued use of our services following notification of changes constitutes acceptance, except where explicit consent is required for new processing activities.
  1. Contact Information
  1. Data Protection Contact Details: For all data protection enquiries, requests to exercise your rights, or concerns about our processing of your personal data, please contact us using the following details:
  1. Email: hello@thryve3.com
  2. Postal Address: Thryve Pro Academy, 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE
  1. Response Timeframes: We will acknowledge receipt of your data protection request within 72 hours and provide a substantive response within one month of receiving your request, unless the request is complex or we receive multiple requests from you, in which case we may extend this period by a further two months.
  2. Identity Verification: To protect your personal data, we may require you to provide proof of identity before processing certain requests, particularly those relating to access, rectification, or erasure of your personal data.
  3. Request Processing: When contacting us about data protection matters, please provide the following information to help us process your request efficiently:
  1. Your full name and contact details
  2. A clear description of your request or concern
  3. Any relevant account information or booking references
  4. Proof of identity if requested
  1. Free of Charge: Exercising your data subject rights is generally free of charge, though we may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests.
  2. Complaints: If you are not satisfied with our response to your data protection enquiry, you have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk or by calling their helpline on 0303 123 1113.