Privacy policy

Effective Date: August 2025

BODY WIZE PTY LTD (ABN 56 688 340 043), trading as SOMA Retreats, of 221 Kennedys Lane, Ewingsdale, New South Wales 2481, Australia (‘SOMA’, ‘we’, ‘us’, ‘our’) respects your privacy and is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

SOMA operates a retreat and wellness centre located in Byron Bay, offering residential retreats, wellness programs, workshops, treatments, classes, and events. These services may include meditation and yoga retreats, wellness immersion programs, mindfulness coaching, corporate events, accommodation, dining services, and access to health and wellbeing activities and facilities. We also provide online courses, email communications, booking systems, and mobile applications to support guest experiences and engagement.

In the course of delivering these services, we collect personal information and sensitive information from guests, participants, staff, facilitators, contractors, and online users.

1. What Personal Information We Collect

We may collect the following types of personal information and sensitive information in connection with our services:

  • Identity details such as your name, date of birth, gender, occupation, and preferred pronouns
  • Contact details such as your postal address, email address, and telephone number
  • Booking and transaction details including payment information (processed securely by third-party providers), booking history, and attendance records
  • Sensitive information such as health and wellbeing information, including dietary requirements, allergies, medical conditions, injuries, mental health information, disability information, or other details relevant to your safe participation in retreats, classes, treatments, or wellness programs
  • Information relating to your lifestyle or preferences, such as accommodation choices, activity selections, or special requests
  • Online interactions including information you provide when using our website, subscribing to newsletters, downloading our app, or engaging with us on social media
  • Images and recordings such as photos, videos, or audio taken at SOMA retreats, events, or workshops, where you have provided consent for their use
  • Employment and contracting information for facilitators, contractors, and staff, including resumes, qualifications, references, Working With Children Checks, insurance documentation, and professional registrations

2. How We Collect Your Personal Information

We may collect your personal information and sensitive information in a variety of ways depending on how you interact with us. This may include:

  • Directly from you when you make a booking, register for a retreat, purchase services, complete online forms, subscribe to our communications, or contact us by phone, email, or in person.
  • When you attend our retreats, events, classes, workshops, or treatments, including information you provide during registration, participation, or in feedback forms.
  • When you provide health or sensitive information such as dietary requirements, allergies, medical conditions, or accessibility needs in connection with your participation in SOMA’s services.
  • Through our website and mobile applications, including automatic collection of technical information via cookies, analytics, tracking technologies, and log data when you visit or interact with our digital platforms.
  • From third parties such as facilitators, therapists, contractors, event organisers, booking platforms, or payment providers who are involved in delivering services on our behalf.
  • Through photographs, audio, or video recordings taken during SOMA retreats, events, or workshops, where you have provided consent for their use.
  • From staff, facilitators, and contractors during recruitment, contracting, or engagement processes, including resumes, references, Working With Children
  • Checks, qualifications, and insurance information.
  • From publicly available sources where relevant and lawful to do so, for example, professional directories or social media platforms.

You are not required to provide your personal information to us. However, if you choose not to provide certain information, including health or other sensitive information where reasonably necessary for your safe participation, we may not be able to provide you with some services or ensure that you can participate fully in our programs.

3. Why We Collect and Use Your Personal Information

We collect and use your personal information, including sensitive information where necessary, for the following purposes:

  • to process and manage bookings, reservations, payments, and attendance records for retreats, workshops, online courses, treatments, accommodation, and events.
  • to provide and administer our services, including wellness programs, meditation and yoga sessions, coaching, catering, accommodation, and access to facilities.
  • to communicate with you about your bookings, participation, cancellations, rescheduling, changes to services, or other updates relevant to your engagement with SOMA.
  • to manage health, safety, and wellbeing during retreats and events, including responding to dietary requirements, allergies, accessibility needs, medical conditions, emergencies, or other sensitive matters.
  • to send you marketing communications such as newsletters, updates, offers, promotions, surveys, and event information, where you have provided consent or as otherwise permitted by law.
  • to capture and use images, audio, or video recordings of retreats and events for promotional or archival purposes, where consent has been obtained.
  • to support guest engagement through digital platforms, including our website, mobile applications, booking systems, email communications, and social media channels.
  • to improve our services, programs, website, marketing, and customer experience through surveys, feedback, analytics, research, and service development.
  • to recruit, manage, and administer staff, facilitators, and contractors, including assessment of qualifications, insurance, Working With Children Checks, and compliance with professional and legal standards.
  • to meet our legal, regulatory, insurance, and risk management obligations, including those relating to taxation, workplace health and safety, privacy, and child safety requirements.
  • for internal business operations such as record-keeping, auditing, security, and maintaining the integrity of our property and systems.

4. How We Disclose Your Information

We may share your personal information, including sensitive information where necessary, in the following circumstances:

  • with facilitators, teachers, therapists, wellness practitioners, and contractors who are engaged by SOMA to provide services at retreats, workshops, treatments, or events, but only to the extent necessary for them to deliver those services safely and effectively.
  • with third-party service providers who support our operations, including those who provide payment processing, secure booking and reservation platforms, catering and hospitality services, email and digital marketing systems, analytics and reporting tools, IT and website support, mobile application functionality, and secure cloud storage.
  • with professional advisors such as insurers, auditors, accountants, or legal representatives where required for business, compliance, or risk management purposes.
  • with regulators, government agencies, law enforcement, or other authorities where required or authorised by law, including workplace health and safety reporting, child safety requirements, privacy compliance obligations, or where disclosure is necessary to prevent or respond to a serious threat to life, health, or safety.
  • with your consent, for example, where you agree to participate in promotional or marketing activities, photography, video recordings, testimonials, or case studies.
  • with booking agents, corporate partners, or wellness program coordinators who arrange group retreats or corporate events at SOMA, to the extent required to manage attendance and services.
  • where information is collected or stored using international platforms (for example, cloud-based booking or email services), your personal information may be transferred to, or accessed from, overseas locations. In these cases, SOMA takes reasonable steps to ensure such providers comply with appropriate privacy and security standards.

We will never sell or trade your personal information to unrelated third parties for marketing purposes.

5. Sensitive Information

We recognise that certain personal information we collect is classified as sensitive information under Australian privacy law. This may include details about your health, medical conditions, injuries, disabilities, allergies, dietary requirements, or information you provide in relation to your wellbeing during retreats, treatments, workshops, or other SOMA activities. Sensitive information may also include details relating to religious or philosophical beliefs where they are connected to your dietary or wellness preferences, as well as information provided to us in an emergency or in connection with child safety obligations.

We only collect sensitive information where it is reasonably necessary for us to deliver our services and where you have given your informed consent, unless an exception under the Privacy Act applies (for example, where collection is required by law or is necessary to prevent a serious threat to your life, health, or safety, or the safety of another person).

Sensitive information is used strictly for the purpose for which it was collected, such as to:

  • provide safe and appropriate accommodation, meals, and treatments, including catering to dietary requirements or health needs
  • ensure your safety and wellbeing during retreat activities, classes, workshops, and therapies
  • respond to medical emergencies, health incidents, or other urgent situations
  • comply with legal, regulatory, or insurance requirements, including workplace health and safety and child protection obligations.

We take additional precautions to protect sensitive information, including limiting access to staff and facilitators on a need-to-know basis, using secure storage systems, and applying safeguards for information shared with third parties (for example, caterers, therapists, or emergency responders).

6. Direct Marketing

We may use your personal information, such as your name and email address, to send you information about SOMA’s services, retreats, events, offers, and updates. We will only send you direct marketing communications where you have provided your consent or where you would reasonably expect to receive them.

You can withdraw your consent or opt out of receiving marketing communications at any time by clicking the ‘unsubscribe’ link included in our emails, updating your preferences through our website or app (if applicable), or contacting us directly at info@SOMAbyron.com.au.

We will not use or disclose any sensitive information about you (such as health or wellbeing information) for the purposes of direct marketing without your explicit consent.

If we engage third-party service providers to distribute marketing communications on our behalf, we require them to comply with applicable privacy and spam laws, including the Spam Act 2003 (Cth), and to use your information only in accordance with our instructions.

7. Photography, Video, and Media

From time to time, SOMA may take photographs, video recordings, or audio recordings during retreats, events, or other activities for use in our marketing, promotional, or educational materials. We will always seek your informed consent before capturing and using your image or voice for these purposes.

Consent will generally be obtained through written collection notices (for example, in booking forms or consent forms provided at the start of an event) or by asking you directly. Providing consent is voluntary, and you may choose not to be photographed or recorded. If you give consent, you may withdraw it at any time by contacting us at info@SOMAbyron.com.au.

Where consent is withdrawn, SOMA will take reasonable steps to stop using your image or recordings in new materials. Please note that materials already published or distributed (such as on our website, social media platforms, or printed marketing materials) may not always be able to be recalled or removed.

We will not use or disclose images of children under the age of 18 for marketing purposes without the express written consent of a parent or legal guardian.

8. Storage and Security

We take the security of your personal information seriously and implement a range of physical, technical, and administrative safeguards to protect it from misuse, interference, loss, unauthorised access, modification, or disclosure.

Personal information is stored securely through measures including password-protected systems, encrypted databases, multi-factor authentication, secure servers, firewalls, and restricted access controls. Access to personal information is limited to staff, facilitators, and contractors who require it to perform their duties, and all such personnel are required to comply with confidentiality and privacy obligations.

Sensitive information, such as health and wellbeing information, is subject to additional protections and only accessible to authorised staff or facilitators where necessary for your participation in retreats, events, or treatments.

We do not retain full credit card details in hard copy or digital form. All payments are processed securely via accredited third-party payment providers that comply with industry standards such as PCI-DSS (Payment Card Industry Data Security Standard). SOMA does not directly store or retain your credit card numbers.

Where physical records are required (for example, signed consent forms), they are stored securely in locked facilities with restricted access. When records are no longer required, we take reasonable steps to securely destroy or de-identify them in accordance with legal requirements.

Despite our efforts, no method of storage or transmission over the internet can be guaranteed to be completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

9. Overseas Disclosure

Some of our third-party service providers, including providers of cloud storage, booking platforms, analytics, communications, or marketing services, may be located outside of Australia or may store data on servers located overseas. This means that your personal information may be transferred to, processed, or accessed in jurisdictions outside Australia.

When we disclose personal information overseas, we take reasonable steps to ensure that it is handled in a way that is consistent with Australian privacy standards. This may include contractual arrangements with service providers requiring them to safeguard your personal information, assessing the adequacy of privacy protections in the destination country, and limiting disclosures to what is necessary for the relevant service.

By engaging with SOMA, you acknowledge that your personal information may be stored or processed in countries where privacy protections differ from those in Australia. However, we will take all reasonable steps to ensure that any overseas recipients do not breach the Australian Privacy Principles in relation to your information.

We will never sell your personal information to any overseas party.

10. Access and Correction

You have the right to request access to the personal information we hold about you, and to request that it be corrected if you believe it is inaccurate, out of date, incomplete, irrelevant, or misleading.

To make a request, please contact us at info@SOMAbyron.com.au. We may ask you to verify your identity before providing access or making corrections, in order to protect the security of your personal information.

We will respond to your request within a reasonable timeframe, generally within 30 days. If we agree that the information requires correction, we will take reasonable steps to update it so that it is accurate, complete, and up to date. If we do not agree to correct your information, we will provide you with written reasons and information about how you can make a complaint.

In some circumstances, we may need to refuse access to personal information, for example where providing access would unreasonably impact the privacy of another individual, where the request is frivolous or vexatious, or where access is otherwise restricted by law. If this occurs, we will provide written reasons for our decision.

There is no fee for lodging a request to access or correct your personal information, although we may charge a reasonable administrative fee if providing access involves a significant amount of time or resources.

11. Cookies and Website Analytics

Our website uses cookies, log files, and analytics tools to enhance functionality, monitor site performance, and understand how visitors use our services. These technologies allow us to improve your browsing experience, deliver personalised content, measure the effectiveness of our marketing campaigns, and develop new services.

Cookies are small text files stored on your device when you visit our website. They may collect information such as your IP address, browser type, device information, pages visited, time spent on the site, and referral sources. Analytics tools may also generate aggregated, de-identified data about how users interact with our website.

We may use third-party service providers, such as Google Analytics or similar platforms, to assist us with collecting and analysing this information. These third parties may store data outside Australia.

You can disable or manage cookies through your browser settings, but some features of our website may not function as intended if cookies are turned off. If you wish to opt out of tracking by Google Analytics, you can install the Google Analytics Opt-out Browser Add-on or adjust your ad settings.

We do not attempt to re-identify anonymous browsing data unless required to do so by law or in connection with the investigation of a security or technical issue.

12. Complaints

If you have concerns about how we have handled your personal information, or if you believe we have breached your privacy rights under the Privacy Act 1988 (Cth) or the Australian Privacy Principles, you can contact us at info@SOMAbyron.com.au. Please include your name, contact details, and a description of your concern so that we can investigate the matter thoroughly.

We take privacy complaints seriously. Upon receiving your complaint, we will:
• Acknowledge receipt of your complaint within a reasonable timeframe.
• Investigate the circumstances and facts surrounding the issue.
• Provide you with a written response outlining the outcome of our investigation and any steps we will take to address your concerns.

We aim to resolve most complaints within 30 days, but if more time is required, we will let you know the expected timeframe.

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC), which is the independent regulator for privacy in Australia. The OAIC can be contacted through its website at www.oaic.gov.au, by email at enquiries@oaic.gov.au, or by telephone on 1300 363 992.

13. Changes to this Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

Contact Us

If you have any questions about this Privacy Policy or how we handle your personal information, please contact:

BODY WIZE PTY LTD
221 Kennedys Lane
Ewingsdale NSW 2481
Australia
Email: info@SOMAbyron.com.au