This policy explains what personal and health information Vedanjana Yoga & Ayurveda collects, how we use it, who we share it with, and what your rights are as a data subject.
Vedanjana Yoga & Ayurveda Private Limited ("Vedanjana", "we", "us", "our") operates a residential Ayurvedic healing retreat and online yoga platform at Tapovan, Laxman Jhula, Rishikesh, Uttarakhand 249201, India.
For the purposes of applicable data protection law — including the Information Technology (Amendment) Act 2008 (India), the Digital Personal Data Protection Act 2023 (India), and the EU General Data Protection Regulation (GDPR) where applicable to European residents — Vedanjana Yoga & Ayurveda Pvt. Ltd. is the data controller responsible for your personal information.
Our commitment: We handle all personal and health information with the utmost confidentiality and discretion. Health records collected during your programme are treated as medically confidential and are never shared without your explicit written consent.
We collect personal information in the following categories:
Special category data: Health information is classified as "special category" data under GDPR and equivalent regulations. We treat this information with heightened protection and collect it only with your explicit consent, which you provide when completing our health intake form and agreeing to our terms.
We collect health information necessary to provide safe, personalised Ayurvedic care, including:
Your health records are accessible only to the Vedanjana clinical team directly involved in your care. They are never shared with third parties without your written consent, except where required by Indian law (e.g., public health emergencies) or to prevent immediate risk to life.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Providing your Ayurvedic programme and clinical care | Identity, health, booking data | Contract + Explicit Consent |
| Processing your booking and payment | Identity, contact, payment data | Contract performance |
| Sending confirmation emails and Zoom links | Name, email address | Contract performance |
| Pre-arrival physician consultation | Health history, contact data | Explicit consent |
| Post-programme follow-up and home protocol | Health, contact data | Explicit consent |
| Sending wellness newsletters (if opted in) | Name, email address | Legitimate interest / Consent |
| Improving our programmes and website | Anonymised usage data | Legitimate interest |
| Legal and regulatory compliance | As required | Legal obligation |
We do not use your personal or health data for advertising, profiling or automated decision-making that produces legal or similarly significant effects.
Under GDPR and equivalent regulations, we process your data on the following legal bases:
We share personal data only as follows, and never sell data to third parties:
We may disclose information to government authorities or law enforcement where required by Indian law, court order, or where necessary to prevent serious harm to a person's life or safety.
In the event of a merger, acquisition or sale of Vedanjana, personal data may transfer to the acquiring entity, subject to the same privacy protections described here.
Health data: Your medical and health records are never shared with any third party — including family members not designated by you as your emergency contact — without your explicit written consent.
We retain your data for the following periods:
You may request early deletion of personal data (subject to our legal retention obligations) by contacting us at privacy@vedanjanayoga.com.
Depending on your location, you have the following rights regarding your personal data:
To exercise any of these rights, email privacy@vedanjanayoga.com with "Data Rights Request" in the subject line. We will respond within 30 days. Identity verification may be required before processing requests relating to health data.
Our website uses the following types of cookies:
We do not use advertising cookies, retargeting cookies, or social media tracking pixels on our main site. You can manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect your ability to book a programme.
We implement technical and organisational measures to protect your personal data, including:
Despite our measures, no system is completely immune from breach. In the event of a data breach affecting your rights, we will notify you within 72 hours as required by applicable law.
Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from anyone under 16 without verifiable parental or guardian consent. Guests under 18 must be accompanied by a parent or guardian who consents to data collection on their behalf. If you believe we hold data for a child without proper consent, please contact us immediately at privacy@vedanjanayoga.com.
For any privacy-related enquiry, request or complaint:
If you are located in the European Economic Area and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. A list of EU data protection authorities is available at edpb.europa.eu.
We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered guests and by a prominent notice on our website for at least 30 days before they take effect.