Contact us to discover the world of luxury, tranquility, and well-being that awaits you.
At The Retreat, your privacy is of utmost importance to us. We are committed to complying with data protection laws and best practices and ensuring the protection of your personal data. By using any of our websites and online platforms, you agree to be bound by this policy. If you do not agree with any term of this policy, you must refrain from using Heaven Rwanda or The Retreat websites.
If you enquire or transact with our business on behalf of others, you are responsible for ensuring that they are aware of the content of this Privacy Policy and agree with you supplying their personal data. By submitting data to us, you agree to the transfer, storage and processing of this data as required. We will take reasonable steps to ensure your data is secure and in accordance with this Privacy Policy and global data protection and privacy laws, however, if you do not agree with this policy, we cannot accept your transactions and you should not make use of our website.
The personal data we collect from you will include information such as your name, country of residence, email address, telephone number, the company you work for, your job title, and date of birth. This information is used to contact you and provide you with initial information and quotations.
We process your personal data so that we can meet legal, compliance and regulatory obligations. We also process your personal data for crime prevention and detection purposes, including the prevention of fraud for online payments, identity verification, and accounting or audit purposes.
We collect personal data from third parties who have been authorised to provide your personal data. We also collect personal data from individuals who may refer you as someone who may be interested in our products or services. We ask these individuals to confirm that you would like to hear from us.
We collect different personal data depending on your payment method. For example, for credit card payments we may collect the credit cardholder name, address, card number, expiry date and CVC code.
We may post client testimonials and comments on our websites, which may contain personal information.
We use external service providers to assist us to process personal data for the specified purposes, and they may hold this personal data on their own servers for these purposes. For example, we may use analytics, advertising and remarketing service providers such as Google Analytics, Google AdWords, Google Tag Manager, Facebook Business Manager, LinkedIn Ads, Hotjar and Hubspot. We are not responsible for the privacy practices of these external third parties.
For Marketing
We may use personal data to communicate with you about our products and services. This may be based on your preferences, derived from Cookies or inferred from your interactions with us.
We also use social media and other digital websites to provide you with advertisements within those websites. We may provide them with your name and contact details (such as your email address or phone number). If these social media and digital websites match profile information provided by us with your profile information held by them then they will serve you our advertisements. The social media websites will not identify you or share other personal data in your social media account with us.
We will only send you direct marketing in accordance with your marketing preferences. We may contact you via email, SMS/text, social media, or through other communication channels that we think you may find helpful. If at any time you would like us to stop sending you marketing material, contact us or choose the available “unsubscribe” options.
For Profiling
We use personal data such as your date of birth, gender, country of residence, transactions, information derived from Cookies and your preferences and behaviours for profiling. Some of the legitimate purposes we profile personal data include:
To better understand what you would like to see from us and how we can improve our services;
To provide you with customised online content and to optimise your experience with our website;
To provide you with customised advertisements on other websites you visit;
To share marketing material we believe may be of interest to you;
To help us deliver our services more efficiently.
We will take steps to ensure that prior to profiling your personal data for a legitimate interest that your own interests or fundamental rights and freedoms do not override our legitimate interests.
For Data Analysis
We aggregate personal data and remove any identifying elements to analyse patterns and improve our marketing and promotional efforts, and to analyse website use, to improve our content, products and services, to customise website content, products and services, and to support our business operations.
We collect certain usage information like the number and frequency of visitors to our website. This information includes which website you were redirected from, which web pages you visit during your session, what browser you are using, your device ID and your IP address. This collective data helps us to determine how our customers use parts of our website and do research on our users’ demographics, interests, and behaviour to better understand them.
To Improve Service Quality
In our efforts to improve the quality of service we offer you, we may use your personal data to:
Improve the products and services we offer or help us to create new ones;
Conduct customer satisfaction surveys so that we can obtain a better understanding of how we can continue to improve the products and services we offer or help us to create new ones. During these surveys we may collect personal data from you relating to your thoughts/comments about your experiences;
Improve our internal systems, for systems testing, IT maintenance or development training, benchmarking and performance measurement.
Legal Basis for Using Your Information
We will only collect, process, use, share and store your personal data where we are satisfied that we have an appropriate legal basis to do this. This may be because:
How We Share Your Information
We do not share your personal data with companies, organisations or individuals outside of The Retreat except in the following cases:
– With Your Consent
– We may share your personal data when you have provided consent as described at the time of consent.
We may share your personal data with third parties, who help us manage our business and deliver our products and services. These third parties have agreed to confidentiality obligations. Any personal data we share with them or which they collect on our behalf is used solely for the purposes of providing the contracted service to us.
These third parties:
We may share aggregated data (combined data of our website users or clients that no longer identifies or references an individual website user or client) and non-personally identifiable information for analysis, demographic profiling, marketing and advertising, and other business purposes.
To facilitate our operations, we might transfer information to companies or entities that are located in other countries that help us deliver or fulfil our service offerings. The purpose of this transfer will only be for the purposes described in this policy.
This Privacy Policy shall apply even if we transfer Personal Information to other countries. We have taken appropriate safeguards to require that your Personal Information will remain protected. When we share information about you within and among third parties, we make use of standard contractual data protection clauses.
We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to protect the personal data that you share with us and safeguard the privacy of such information. For example, the measures we take include:
Placing confidentiality requirements on our staff members and service providers;
In some circumstances, we may store your personal data for longer periods of time, for example, where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements. In specific circumstances, we may store your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
We undertake to process your personal data in a reasonable manner and take appropriate, reasonable security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of your personal data. All data processing shall be carried out by employees, consultants or third-party service providers using computers and/or IT enabled tools, following standard organizational procedures and modes.
In some cases, personal and non-personal data may be accessible to certain types of persons involved with the operation of the websites (administration, sales, marketing, finance, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies to name a few) appointed, if necessary, by us as data processors.
How long we keep information we collect about you depends on the type of information. After such time, we will either delete or anonymize your information or, if this is not possible, then we will securely store your information and isolate it from any further use until deletion is possible.
We retain Personal Information that you provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations, resolve disputes and enforce our agreements).
When we have no ongoing legitimate business need to process your Personal Information, we securely delete the information or anonymise it or, if this is not possible, securely store your Personal Information and isolate it from any further processing until deletion is possible. We will delete this information at an earlier date if you so request.
If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services. We retain information derived from Cookies and other tracking technologies for a reasonable period of time from the date such information was created.
How We Treat Personal Data About Children
For children younger than 16 years old, the use of our services is only permitted with the lawful consent of a parent or a guardian.
Our website is not intended for or targeted at children under 16, and we do not knowingly or intentionally collect personal information about children under 16. If you believe we have collected information about a child under 16, please contact us, so that we may delete the information.
We reserve the right to erase all personal data of any child under 16 years old if we become aware that the data was provided to us without the lawful consent of a parent or a guardian.
How We Use Cookies
A “Cookie” is a small computer file that is downloaded to your device. It collects information as to how you navigate our websites. Cookies cannot harm your computer in any way and are an industry standard. They are small text files that contain only information provided by you, the visitor, to the website. Furthermore, our users may configure their browsers to not accept our cookies.
Cookies may collect personal data about you. Cookies help us remember information about your visit to our website and other settings and searches. Cookies enable us to understand who has seen which web pages and how frequently, and to determine which are the most popular areas of our website. They can also help us to operate our website more efficiently and customise your view of the website to reflect your preferences and activities. They also help us tailor our marketing and advertisements to you on our website, other websites you visit, social media websites and other devices.
Your Rights
You have certain rights in relation to your personal data. In order to exercise your rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal data to you.
You can exercise your rights by emailing us at info@heavenrwanda.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request within the amount of time prescribed by the applicable data protection laws and regulations or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Access Your Personal Data
You have the right to be given reasonable access to your personal data. You may also have the right to request copies of personal data that you have provided to us in a structured, commonly used, and machine-readable format.
Rectify Inaccurate or Incomplete Personal Data
You have a right to request that we rectify inaccurate personal data. We may seek to verify the accuracy of the personal data before rectifying it.
Erase Your Personal Data
If you no longer want us to use your information, you can also request that we erase your personal data in limited circumstances where:
Due to maintenance reasons and protection from accidental or malicious loss and destruction, residual copies of your personal data may not be removed from our backup systems for a limited period of time.
You can object to any processing of your personal data, which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you think that we have not complied with data protection laws, you have the right to lodge a complaint with your local supervisory authority.
We reserve the right to modify this Privacy Policy at any time in accordance with this provision and at our sole discretion. If we make changes to this Privacy Policy, we will post the revised Privacy Policy on our websites and update the “Last Updated” date at the end of this Privacy Policy. Once made available on our website, your continued access or use of our services will constitute your acceptance of the revised Privacy Policy.
You can contact us with any questions relating to this Privacy Policy, or with any data access, data correction, data objection or data deletion requests by emailing us at info@heavenrwanda.com.