Privacy Policy

1. Introduction

ENSŌ ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share and protect your data when you use the ENSŌ platform.

We process personal data in accordance with the General Data Protection Regulation (GDPR/AVG) and other applicable European and national privacy laws.

2. Data Controller

The data controller for the processing of your personal data in connection with the ENSŌ platform is:

Enso B.V.
Ceintuurbaan 243, 1074 CX Amsterdam
KvK: 80768830
Contact: info@ensobooking.com

3. Personal Data We Collect

We may collect and process the following categories of personal data:

• Account data: name, email address, password (hashed), language preference.
• Profile data (SO/FA): business name, address, contact details, biography, photos, links.
• Booking data: information about sessions, events, room rentals and retreats you book, including date/time, Location, Room, Provider.
• Payment-related data: partial payment information, transaction IDs, payment status (note: full card data is handled by our payment providers).
• Communication data: messages sent via the platform, support requests, feedback.
• Usage data: IP address, device information, browser type, log data, approximate location, pages visited, actions taken on the platform.
• Marketing preferences: your choices for receiving newsletters or promotional emails.

We do not intentionally collect sensitive health data. If you choose to share health-related information with a Provider, you do so at your own discretion and under your own responsibility.

4. Purposes and Legal Bases

We process your data for the following purposes and on the following legal bases:

4.1 To create and manage your account

Purpose: to allow you to register, log in and manage your profile.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

4.2 To enable bookings and room rentals

Purpose: to allow Guests to book sessions/events and Facilitators to rent Rooms.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

4.3 To process payments and fees

Purpose: to handle payments via payment providers, distribute payouts to Providers and collect platform fees.
Legal basis: performance of a contract; compliance with legal obligations (e.g. accounting).

4.4 To communicate with you

Purpose: to send booking confirmations, updates, support responses, important service notifications.
Legal basis: performance of a contract; legitimate interest (Art. 6(1)(f) GDPR).

4.5 To improve and secure the platform

Purpose: to analyse usage, detect fraud or abuse, improve performance and user experience.
Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

4.6 Marketing communications (optional)

Purpose: to send newsletters and updates about ENSŌ.
Legal basis: your consent (Art. 6(1)(a) GDPR).

You can withdraw consent at any time via the unsubscribe link or by contacting us.

4.7 Legal obligations

Purpose: to comply with tax, accounting, anti-fraud and other legal obligations.
Legal basis: compliance with legal obligations (Art. 6(1)(c) GDPR).

5. Data Sharing

We may share your personal data with:

• Providers (Studio Owners and Facilitators) to the extent necessary for the execution of a booking or room rental.
• Payment providers (e.g. Stripe) for processing payments and refunds.
• Service providers who support us in hosting, email delivery, analytics, or security (under data processing agreements).
• Authorities or regulators, where required by law or court order.

We do not sell your personal data to third parties.

6. International Transfers

Where service providers are located outside the European Economic Area (EEA), we ensure an adequate level of data protection, for example by using:

• countries with an adequacy decision, or
• EU Standard Contractual Clauses, or
• other appropriate safeguards as required by law.

7. Data Retention

We retain personal data only for as long as necessary for:

• providing our services and fulfilling contracts,
• complying with legal obligations (e.g. tax and accounting),
• resolving disputes and enforcing agreements.

In practice:

• basic account and booking data may be kept for the duration of your account and for the statutory retention period thereafter,
• communication and support data are kept as long as reasonably necessary,
• data processed on the basis of consent (e.g. newsletter) is kept until you withdraw consent.

8. Your Rights

Under the GDPR, you have the following rights:

• Right of access - to obtain confirmation whether we process your data and receive a copy.
• Right to rectification - to correct inaccurate or incomplete data.
• Right to erasure - to request deletion of your data in certain circumstances.
• Right to restriction - to request restriction of processing under certain conditions.
• Right to data portability - to receive your data in a structured, commonly used format.
• Right to object - to object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent - where processing is based on consent.

You can exercise these rights by contacting info@ensobooking.com. We may ask you to verify your identity before fulfilling your request.

You also have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.

9. Security

We take appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, alteration or destruction. However, no system can be guaranteed 100% secure. We encourage you to use strong passwords and keep your login details confidential.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes in an appropriate way (e.g. via the platform or by email). The updated version will be effective as of its publication date.

11. Contact

For privacy-related questions or requests regarding your data, please contact:

info@ensobooking.com