PRIVACY POLICY

Sunrise Senegal
Version: February 2026

Sunrise Senegal is an initiative of Maureen van de Lustgraaf (Dutch sole proprietorship), established in the Netherlands (The Hague) and registered with the Dutch Chamber of Commerce under number 09164812.

We respect the privacy of all visitors and participants and process personal data in accordance with the General Data Protection Regulation (GDPR). In this Privacy Policy, we explain which data we collect, why we collect it, and how we carefully handle your personal data.

1. Who are we?

Name: Maureen van de Lustgraaf
Email: info@maureenvandelustgraaf.nl
Chamber of Commerce registration: 09164812
Location: The Hague, the Netherlands

Sunrise Senegal is the data controller within the meaning of the GDPR.

2. What personal data do we process?

We process only personal data that is necessary for our services, including:

  • First and last name

  • Email address

  • Telephone number

  • Address details

  • Payment information

  • Information you share via intake forms, email or WhatsApp

  • Information about your visit to our website (via cookies and Google Analytics)

When registering for a retreat or group trip, (special categories of) personal data may be processed if you share information about health, dietary requirements, medication, or other personal circumstances relevant to participation.

Such data will only be processed with your explicit consent and will be deleted no later than one month after completion of the retreat or group trip, unless a longer retention period is required by law.

We do not process personal data of individuals under the age of 16 without parental or legal guardian consent.

3. How do we collect your data?

We collect your personal data through:

  • Contact and registration forms on our website

  • Email and WhatsApp

  • Intake conversations (by phone or online)

  • Visits to our website (via cookies and analytics)

We process this data only when you actively provide it to us, when it is necessary for the performance of a contract, or when you visit our website and have given consent (for example, for non-essential cookies).

4. Why do we process your data?

We process your personal data for the following purposes:

  • To process your registration and participation in a retreat or group trip

  • To communicate about practical matters, preparation or changes

  • To issue invoices and handle administrative matters

  • To send newsletters (if you have explicitly consented)

  • To analyze website usage in order to improve our website and services

The processing of personal data is based on one or more of the following legal grounds under the GDPR:

  • Performance of a contract

  • Legal obligation

  • Consent

  • Legitimate interest (such as improving our services)

5. Do we share your data with third parties?

Your personal data will only be shared with third parties when necessary for our services or to comply with a legal obligation, such as:

  • Our accountant (for financial administration)

  • Our hosting provider (for website and email services)

  • Local partners or facilitators, where necessary for the execution of the retreat or group trip

Where required by law, we enter into data processing agreements with parties that process personal data on our behalf.

We never sell your data to third parties and do not share it for commercial purposes.

6. How long do we keep your data?

We do not retain personal data longer than necessary for the purpose for which it was collected, unless a statutory retention period applies.

  • Registration and intake data: up to one month after completion of the retreat or group trip, unless a longer retention period is necessary due to legal obligations or potential liability

  • Administrative data (such as invoices): 7 years, in accordance with Dutch tax regulations

  • Newsletter data: until you unsubscribe

After the retention period, your personal data will be securely deleted or anonymized.

7. Your rights

Under the GDPR, you have the right to:

  • Access your personal data

  • Rectify or supplement your data

  • Request erasure of your data (“right to be forgotten”)

  • Object to processing

  • Restrict processing

  • Withdraw your consent (where processing is based on consent)

  • Data portability

  • Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

You can submit requests regarding your personal data via info@maureenvandelustgraaf.nl.
We will respond within the legally required period of up to 30 days.

8. Cookies

Our website uses cookies to improve user experience and to collect visitor statistics (including via Google Analytics).

When you first visit our website, we request consent for non-essential cookies. Functional cookies necessary for the proper functioning of the website are placed without prior consent.

Where possible, data is anonymized and used solely to improve our website and services. IP addresses are not used to personally identify visitors. You can adjust your cookie settings at any time via your browser settings.

9. Security

We take appropriate technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, or unlawful processing. These measures include:

  • SSL security for our website

  • Secure data storage

  • Restricted access to personal data

  • Careful handling of digital and administrative information

No system can guarantee absolute security. We continuously evaluate and improve our security measures where necessary.

10. Changes to this policy

This Privacy Policy may be updated if our services change or if legislation requires it.

We recommend that you consult this page regularly. In the event of significant changes, we will inform you via our website or by email (if applicable).

Last update: 11 February 2026