Privacy Policy

Last updated: 18.06.2026

We take your privacy seriously. We process personal data carefully, securely and in accordance with the General Data Protection Regulation, known in the Netherlands as the AVG, and other applicable Dutch privacy legislation.

This privacy policy explains how we collect, use, store and protect your personal data when you visit acsauhaya.org, contact us or use our services.

1. Who we are

This privacy policy applies to the website acsauhaya.org and the services provided by:

ACSAUHAYA

Email: info@acsauhaya.org

For the purposes of privacy legislation, ACSAUHAYA is the controller of your personal data.

2. What personal data we collect

Depending on how you use our website and services, we may process the following personal data:

  • your name;
  • your email address;
  • your telephone number;
  • your address, where needed for bookings, invoices or administration;
  • the content of messages you send to us;
  • booking, customer and service information;
  • payment and invoice details;
  • communication records, including emails, SMS messages, WhatsApp messages and chat messages;
  • call recordings, where we have informed you that a call may be recorded;
  • technical data, such as IP address, browser type, device information, pages visited and cookie identifiers.

If you take part in a retreat, intake process or suitability assessment, we may also ask you to provide sensitive information, such as information about your physical or mental health, medication, allergies, previous experiences, emergency contacts or other information relevant to your safety. We only process this type of information where it is necessary for the safe and responsible preparation or provision of our services and where we have a valid legal basis to do so.

3. Why we use your personal data

We use your personal data for the following purposes:

Purpose Personal data used Legal basis
To respond to contact requests Name, email address, telephone number, message content Legitimate interest or steps prior to entering into a contract
To prepare and provide our services Contact details, booking details, communication records and relevant service information Performance of a contract
To assess whether our services are suitable and safe for you Intake information and, where applicable, health-related information Explicit consent and, where applicable, performance of a contract or vital interests
To communicate with you Emails, SMS, WhatsApp messages, chat messages and call notes or recordings Legitimate interest and/or performance of a contract
To keep financial records Invoice, payment and administration details Legal obligation
To improve and secure our website Technical data, analytics data and security logs Legitimate interest or consent, depending on the type of cookie or technology used
To comply with legal obligations or handle disputes Relevant customer, communication and administration data Legal obligation or legitimate interest

We do not sell your personal data to third parties for commercial gain.

We do not send unsolicited advertising. If we send newsletters or marketing messages in the future, we will only do so where we have a valid legal basis, such as your consent, and you will be able to unsubscribe.

4. Contact form and email

When you complete our contact form or send us an email, we use the information you provide to respond to your request and to handle any follow-up communication.

We keep contact requests for up to 48 months after the last contact, unless a longer retention period is necessary because you become a customer, because we need the information for legal or administrative purposes, or because there is an ongoing dispute.

5. Communication

We may store emails and other electronic messages, such as SMS, WhatsApp messages and chat messages, so that we can keep a record of our communication with you and provide our services properly.

Telephone conversations may be recorded where this is necessary for reference purposes, quality, safety or to record verbal agreements. We will inform you when a call may be recorded.

Communication records are kept for as long as reasonably necessary for the purpose for which they were collected. Call recordings are kept for 12 months, unless a longer period is necessary for a complaint, dispute or legal obligation.

6. Health and safety information

Where our services involve retreats, ceremonies, intake calls or preparation processes, we may need to ask for information that is relevant to your physical and emotional safety.

This may include information about your health, medication, allergies, medical history, psychological history, previous psychedelic experiences, emergency contact details or other relevant circumstances.

We process this information only for the purposes of assessing suitability, preparing the service, supporting your safety and providing appropriate care during the service. We treat this information as confidential and restrict access to people who need it for these purposes.

We keep health and safety intake information for 48 months, unless a longer period is necessary for legal, insurance, complaint or safety reasons. You may withdraw your consent at any time, but this does not affect processing that took place before your withdrawal. In some cases, withdrawing consent may mean that we can no longer provide the service safely.

7. Google Analytics

We use Google Analytics to understand how visitors use our website and to improve the website.

Where possible, we configure Google Analytics in a privacy-friendly way. This may include limiting data sharing with Google, disabling advertising features, using IP anonymisation where available and setting appropriate retention periods.

If our use of Google Analytics or similar analytics tools requires consent, we will ask for your consent before placing or reading those cookies.

8. Cookies

Our website uses cookies. A cookie is a small text file that we send to your computer when you visit our website.

These cookies help ensure, among other things, that you do not repeatedly see or have to enter the same information on our website.

Almost all browsers can be set to refuse cookies or to notify you when you receive a cookie. However, most websites, including ours, do not work properly if you disable cookies.

You can only delete cookies yourself, as they are stored on your computer. Please consult your browser’s help function and/or settings for instructions.

We do not use cookies to bother you, but to make our website easier to use and to view website statistics so that we can improve the user experience.

By using this website, we assume that you consent to the placement of cookies.

9. Who we share your personal data with

We only share personal data where this is necessary for the purposes described in this privacy policy, where we are legally required to do so, or where you have given consent.

We may share personal data with the following categories of recipients:

  • website hosting providers;
  • IT and security service providers;
  • email and communication providers;
  • booking, payment or administration providers;
  • analytics providers, such as Google;
  • accounting or bookkeeping providers;
  • professional advisers, such as legal or tax advisers;
  • government authorities, regulators or courts, where required by law.

Where third parties process personal data on our behalf, we make appropriate arrangements with them to protect your personal data.

10. Transfers outside the European Economic Area

Some service providers may process personal data outside the European Economic Area. Where this happens, we only transfer personal data where permitted under privacy legislation and where appropriate safeguards are in place, such as an adequacy decision, standard contractual clauses or another legally recognised transfer mechanism.

11. Security

We take appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access and unlawful disclosure.

These measures include:

  • secure connections, such as SSL or TLS encryption;
  • keeping our website, server and software up to date;
  • using security software to help prevent and detect malware and unauthorised access;
  • restricting access to personal data to people who need it for their work;
  • using confidentiality arrangements where appropriate;
  • making backups where necessary.

12. Your rights

You have the following privacy rights:

  • the right to access the personal data we hold about you;
  • the right to correct inaccurate or incomplete personal data;
  • the right to have personal data deleted in certain circumstances;
  • the right to restrict the processing of your personal data;
  • the right to object to certain processing;
  • the right to withdraw consent, where processing is based on consent;

If you would like to exercise your rights, please contact us at info@acsauhaya.org.

We may ask you to provide information to confirm your identity before responding to your request. We aim to respond to privacy requests within one month, unless the request is complex or we are legally allowed to extend the response period.

13. Complaints

If you believe that we have not handled your personal data properly, please contact us first so that we can try to resolve the issue.

You also have the right to lodge a complaint with the Autoriteit Persoonsgegevens, the Dutch Data Protection Authority.

14. Changes to this privacy policy

We may update this privacy policy from time to time. The latest version will always be available on our website. We recommend that you review this policy regularly.