Privacy Policy

Last Updated: 03.01.2025

Welcome to [Aerials In The Wild] (“we,” “us,” or “our”). We respect your privacy and are committed to protecting your personal data in compliance with the applicable laws in Bulgaria and the EU, including the General Data Protection Regulation (“GDPR”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://aerialsinthewild.com/ (the “Website”).

1. Who We Are

• Website Name: Aerials In The Wild
• Email: [email protected]

We operate our Website through a virtual machine server hosted by Digital Ocean and managed by Luminous Ltd. We do not have a designated Data Protection Officer (“DPO”), as it is not required for our current scale of data processing.

2. Personal Data We Collect and Process

2.1. Retreat Application Forms

When you apply for participation in our “Aerial in the Wild” retreat, we collect the following personal data:

• Name (first and last)
• Email Address
• Phone Number
• Instagram or Portfolio Link

We use this information to review and respond to your application, communicate logistics, and process your participation in the retreat. If applicants are under 18 years of age, we require parental consent in written form (e.g., via a signed statement sent to us by email).

2.2. Newsletter Sign-Up

We offer a newsletter sign-up form in our footer. Currently, we do not have an explicit checkbox for obtaining consent. By entering your email address in the newsletter sign-up, you consent to receive occasional updates and promotional materials from us. You may unsubscribe at any time by contacting us or using the “unsubscribe” link in the emails (if available).

2.3. E-Commerce / Payment Data

We accept payments for retreats via bank transfer only. We do not collect or store credit card or other financial details on our servers. You may be asked to provide essential billing or payment information for accounting purposes. Any data you share with your bank (e.g., account numbers) is processed by them under their own privacy policies.

2.4. User-Generated Content

When you provide or link to content (e.g., uploading a link to your Instagram portfolio), we may collect and store any personal data contained in that content. It is your responsibility to ensure you have the right to share any data or content you provide.

2.5. Communications

If you contact us by email or through any direct message on social media (Instagram or Facebook), we collect whatever personal data you provide in your message (e.g., name, email address, phone number).

3. Legal Bases for Processing

We rely on various legal bases under the GDPR for processing personal data, including:

• Consent: For certain activities such as sending newsletters, we rely on your consent.
• Contractual Necessity: For processing retreat applications, booking confirmations, and related communications.
• Legitimate Interest: For improving our services, analytics, security, and fraud prevention, provided these interests are not overridden by your rights and interests.

4. Third-Party Services and Data Sharing

4.1. Hosting Provider

Our Website is hosted on a Digital Ocean virtual machine server managed by Luminous Ltd. Hosting services may process data such as IP addresses to enable proper functioning and security of the Website. All data is stored in the EU/EEA, to our best knowledge.

4.2. Analytics Tools

We use:

1. Google Analytics
2. Microsoft Clarity

These services use cookies or similar technologies to collect information (e.g., IP address, browsing behavior) to help us understand how visitors use our Website and to improve user experience. These providers may process your data outside the EU/EEA, but they typically do so under Standard Contractual Clauses or other recognized legal mechanisms. Please refer to their respective privacy policies for more details.

4.3. Email Service Providers

We use a standard Gmail (non-business) address to communicate with users. Please note that while Gmail is a service provided by Google, which is headquartered in the U.S., Google has measures such as Standard Contractual Clauses in place to protect personal data of EU citizens.

4.4. Payment Processors

We do not currently use electronic payment gateways (e.g., Stripe, PayPal). All payments are processed via bank transfer under the respective bank’s privacy policies.

4.5. Social Media

If you choose to engage with us on social media platforms (like Instagram or Facebook), please be aware that any information you share there is subject to that platform’s own privacy policy. We do not control, and are not responsible for, their data processing activities.

5. International Data Transfers

We do not intentionally transfer personal data outside the EU/EEA. If any third-party service provider (e.g., Google Analytics, Microsoft Clarity) transfers data, such transfers should be governed by appropriate safeguards like Standard Contractual Clauses to ensure GDPR-level protections.

6. Data Retention

We generally retain your personal data for up to 5 years, unless a longer retention period is required or permitted by law (e.g., accounting rules or regulatory compliance). After the retention period expires, or upon your verified request for deletion, we will securely erase or anonymize your data.

7. Your Rights Under the GDPR

Under the GDPR, you have certain rights regarding your personal data:

• Access: You can request access to personal data we hold about you.
• Rectification: You can request correction of any inaccurate or incomplete personal data.
• Erasure (“Right to be Forgotten”): You can request the deletion of your personal data, subject to certain exceptions.
• Restriction: You can request we restrict processing of your personal data.
• Objection: You can object to certain processing activities based on our legitimate interests.
• Data Portability: You can request a copy of your personal data in a commonly used format.

To exercise any of these rights, or to withdraw your consent where we rely on consent, please contact us at [email protected].

8. Children’s Privacy

We do not knowingly collect personal data from users under the age of 18 without parental consent. If you are under 18, you must provide written parental consent (e.g., a signed statement submitted via email). If we discover we have inadvertently collected data from a child without proper consent, we will promptly delete it.

9. Cookies and Tracking Technologies

9.1. Use of Cookies

Our Website uses a cookie consent banner (via a WordPress plugin) and may set cookies to enhance the user experience. Third-party services such as Google Analytics and Microsoft Clarity place cookies on your device to analyze your usage of the Website. Full information on used cookies can be found here.

9.2. Types of Cookies

• Strictly Necessary Cookies: Essential for Website functionality.
• Analytics/Performance Cookies: Collect information about how you use the Website (e.g., which pages you visited, the time you visited).
• Functionality Cookies: We currently do not set any custom functionality cookies.
• Advertising Cookies: We do not use advertising cookies at this time.

9.3. Managing Cookie Preferences

You can modify your browser settings to block or delete cookies. Note that blocking all cookies may affect your user experience on our Website. By continuing to browse our Website, you consent to the use of cookies and tracking technologies unless you disable them.

10. Data Security

We implement appropriate technical and organizational measures to safeguard your data, including:

• SSL Encryption: Securing communication between your browser and our servers.
• Firewall: Protecting our servers and databases from unauthorized access.
• Access Controls: Role-based access to limit who can view and process personal data.
• Encryption at Rest: We encrypt data stored in our databases when feasible.

Despite our security measures, no method of data transmission or storage is completely secure. We cannot guarantee absolute security of your personal data.

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we update, we will post the revised version on our Website with a new “Last Updated” date. Your continued use of the Website after any changes indicates your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or our data processing practices, please contact us at:

• Email: [email protected]

We will respond to your inquiry within a reasonable timeframe, in accordance with applicable laws and regulations.