Finding Retreats — Privacy Policy
Last updated: 20 May 2026 Effective: 20 May 2026 Document version: 1.0
1. About this Privacy Policy
1.1 Who we are
This Privacy Policy describes how Finding Retreats — operated by PT Next Step Projects ("Finding Retreats", "we", "us", or "our"), a limited liability company incorporated under the laws of the Republic of Indonesia — collects, uses, shares, and protects your personal data when you use findingretreats.com, related subdomains, our mobile applications, and email communications from our domains (collectively, the "Platform").
This Privacy Policy applies whether you are a Guest, a Vendor, or a visitor browsing the Platform.
1.2 Our role under data protection law
For the personal data we process, Finding Retreats acts as the Data Controller (in Indonesian: Pengendali Data Pribadi). This means we determine the purposes and the means of processing your personal data.
In some cases, we share data with Vendors who then process that data for their own purposes (for example, delivering a Retreat you booked). When Vendors process your data for their own purposes, they act as independent Data Controllers and are responsible for their own handling of your data under their own privacy policies.
1.3 Legal framework
We comply with applicable data protection laws, including:
Indonesia — Law No. 27 of 2022 on Personal Data Protection (the "PDP Law" or "UU PDP"), Government Regulation No. 71 of 2019, and Minister of Communication and Informatics Regulation No. 20 of 2016.
European Economic Area, United Kingdom, and Switzerland — the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") and equivalent national laws.
Australia — the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
Other jurisdictions — applicable laws where you reside.
1.4 Plain-language commitment
Privacy policies are often written for lawyers. We have tried to write this one to be understood. Where we use a technical term, we define it the first time it appears. If anything is unclear, please contact us at [email protected]
2. Quick Summary
If you have time for only one paragraph, read this:
We collect personal data that you give us (such as your name and email when you sign up or book), data we collect automatically when you use the Platform (such as IP address and device information), and data we receive from third parties (such as payment confirmation from Stripe). We use this data to provide and improve the Platform, process Bookings, communicate with you, comply with the law, and keep the Platform safe. We share data with Vendors you book with, with service providers who help us run the Platform (such as Stripe, Supabase, Resend, Vercel, and others), and where required by law. Most of these service providers are located outside Indonesia, so your data is transferred internationally. You have rights to access, correct, delete, and restrict our use of your data — see Section 9. To exercise your rights or to ask any question about your privacy, email [email protected]
The rest of this document is the detail.
3. Personal Data We Collect
We collect personal data in three ways: data you provide directly, data we collect automatically, and data we receive from third parties.
3.1 Data you provide directly
When you create an account (Guest or Vendor), we collect:
Your name (first and last);
Your email address;
A password (stored as a one-way hash; we never see your plain-text password);
Your phone number (where you choose to provide it);
Your country and (where required) city of residence;
Your profile photo (where you choose to upload one);
Your communication and language preferences.
When you make a Booking as a Guest, we additionally collect:
The names of all members of your group attending (where required by the Vendor);
Travel dates and accommodation preferences;
Dietary requirements, allergies, and other special requests you choose to share;
Health, medical, mental health, pregnancy, or accessibility information only where you choose to share it with the Vendor through the Platform — this is special category (sensitive) personal data and we handle it with additional care (see Section 3.4);
Emergency contact details, where requested;
Your billing address.
When you list as a Vendor, we additionally collect:
Your business name, legal entity name, registered address, and business registration numbers;
Your tax identification numbers (such as NPWP in Indonesia);
Your bank account details, routing information, and Stripe Connect account details (see Section 3.5);
Identity verification documents (such as KTP, passport, business licences, or equivalents);
Information about your venue, programming, instructors, and personnel;
Insurance certificates and professional credentials.
When you contact us or use messaging on the Platform, we collect:
The content of your messages with us, with Vendors, and with other users;
Files, photos, or documents you attach;
Feedback, reviews, and ratings you submit.
When you participate in promotions, surveys, or referrals, we collect:
Information you provide as part of the activity;
Contact details of people you refer (with your representation that you have permission to share them).
3.2 Data we collect automatically
When you use the Platform, we automatically collect:
Device data — device type, operating system, browser type and version, screen size, language settings, and unique device or advertising identifiers.
Log data — IP address, access times, pages viewed, referring and exit URLs, clickstream data, and crash reports.
Location data — approximate location derived from your IP address. We do not collect precise GPS location unless you explicitly enable it on a mobile device.
Cookies and similar technologies — see Section 7 for details.
Behavioural data — how you navigate the Platform, which Listings you view, your searches, your saved items, and your interaction with emails we send.
3.3 Data we receive from third parties
We receive personal data about you from:
Payment processors — Stripe (and where applicable, other payment providers) confirm payment outcomes and share limited transaction details with us. We do not store your full payment card number or CVV — Stripe stores those.
Identity verification providers — where we use third parties to verify a Vendor's identity, business registration, or licences.
Login providers — if you sign in using Google, Apple, Facebook, or another third-party login service ("SSO" — Single Sign-On), we receive the information you have authorised that service to share, typically your name, email, and profile photo.
Vendors — Vendors may share information about your Booking, your conduct during a Retreat, or other relevant matters where this is necessary to deliver the Booking or to resolve a dispute.
Other users — other Guests or Vendors may include you in messages, group bookings, or reviews.
Publicly available sources — for the scrape-and-claim Listings described in our Terms and Conditions, we collect publicly available business information from Vendor websites, business directories, and social media. Unclaimed Listings can be amended or removed on request (see Section 9).
Marketing partners and analytics providers — see Section 7.
3.4 Sensitive (special category) personal data
We treat the following as sensitive personal data:
Health information, including allergies, dietary restrictions, medical conditions, mental health information, pregnancy, and accessibility needs;
Religious or philosophical beliefs (which may be implied by your participation in certain Retreats);
Sexual orientation or gender identity (which may be implied by your participation in identity-specific Retreats);
Biometric data (where used for identity verification);
Government-issued identification numbers.
Under the PDP Law, Article 4(2), this kind of data is "Specific Personal Data" and requires stronger protections. Under GDPR, Article 9, this is "special category" data. We process this kind of data only:
With your explicit consent; or
Where strictly necessary to deliver a service you have requested (for example, sharing dietary requirements with a Vendor); or
Where legally required.
You are never required to share sensitive personal data with us. If you choose not to, some Vendors may be unable to provide certain services safely.
3.5 Payment data
When you make a payment, your full card number, CVV, and similar sensitive financial data are entered into a form hosted by Stripe, our payment processor. Finding Retreats never sees and never stores this data. Stripe handles it as a PCI-DSS Level 1 service provider, under their own privacy policy.
We do receive and store:
The fact that a payment was attempted, succeeded, or failed;
The amount, currency, and time of payment;
The last four digits of the card used (for your reference);
The country of the card issuer;
A Stripe transaction reference.
3.6 Data about children
The Platform is not intended for children under the age of 18. We do not knowingly collect personal data from children. If a Guest is bringing a child as part of a group Booking, the booking adult is responsible for providing the relevant information about that child and for ensuring they have the legal right to do so. If you believe we have collected data about a child in error, please contact us at [email protected]
4. How We Use Your Personal Data
We use your personal data only for the purposes described below. The PDP Law and GDPR both require us to have a legal basis for each use. We have set out our purposes and the corresponding legal bases below.
4.1 To provide the Platform and process Bookings
What this includes:
Creating and managing your account;
Showing you Listings and search results;
Processing your inquiries, Bookings, payments, refunds, and reviews;
Communicating Booking confirmations, reminders, and updates;
Facilitating messaging between you and other users;
Providing customer support.
Legal basis:
PDP Law (Indonesia): performance of a contract (Art. 20(2)(b)); legitimate interest (Art. 20(2)(f)); your consent (Art. 20(2)(a)) for optional features.
GDPR: performance of a contract (Art. 6(1)(b)); legitimate interest (Art. 6(1)(f)).
Australian Privacy Principles: primary purpose of collection (APP 6).
4.2 To keep the Platform safe and trustworthy
What this includes:
Verifying your identity and the identity of Vendors;
Detecting and preventing fraud, money laundering, harassment, abuse, illegal activity, and breaches of our Terms;
Investigating suspicious activity;
Maintaining content moderation and review integrity;
Securing the Platform against unauthorised access, malware, and other threats.
Legal basis:
PDP Law: legitimate interest (Art. 20(2)(f)); legal obligation (Art. 20(2)(c)).
GDPR: legitimate interest (Art. 6(1)(f)); legal obligation (Art. 6(1)(c)).
4.3 To comply with the law
What this includes:
Tax and accounting compliance, including issuing invoices and tax records;
Responding to lawful requests from courts, regulators, and law enforcement;
Anti-money-laundering and counter-terrorism financing checks;
Record-keeping required by Indonesian e-commerce, financial, and consumer protection law.
Legal basis:
PDP Law: legal obligation (Art. 20(2)(c)).
GDPR: legal obligation (Art. 6(1)(c)).
4.4 To improve the Platform
What this includes:
Understanding how the Platform is used;
Diagnosing technical issues;
Researching and developing new features;
Testing changes and improvements (A/B testing);
Producing aggregated and anonymised statistics for internal use and, in some cases, for external reporting (always in a form that cannot identify you).
Legal basis:
PDP Law: legitimate interest (Art. 20(2)(f)).
GDPR: legitimate interest (Art. 6(1)(f)).
4.5 To communicate with you (transactional)
What this includes:
Sending you Booking confirmations, reminders, receipts, and updates;
Notifying you about important changes to your account, this Privacy Policy, or our Terms;
Responding to your support enquiries and requests;
Sending administrative messages about the Platform.
Legal basis:
PDP Law: performance of a contract (Art. 20(2)(b)); legal obligation (Art. 20(2)(c)).
GDPR: performance of a contract (Art. 6(1)(b)); legitimate interest (Art. 6(1)(f)).
You cannot opt out of transactional messages while you have an active account or active Booking, because they are necessary to deliver the service.
4.6 To communicate with you (marketing)
What this includes:
Sending newsletters and updates about new Retreats, Experiences, and features;
Promotional offers from Finding Retreats;
Personalised recommendations based on your interests and previous activity.
Legal basis:
PDP Law: your consent (Art. 20(2)(a)).
GDPR: your consent (Art. 6(1)(a)); in limited cases, legitimate interest (Art. 6(1)(f)) for existing customers under the "soft opt-in" rules of certain jurisdictions.
You can opt out of marketing at any time by clicking the unsubscribe link in any marketing email, or by updating your communication preferences in your account.
We do not share your data with third-party advertisers for their own direct marketing, and we do not "sell" your personal data within the meaning of any applicable privacy law.
4.7 To facilitate the scrape-and-claim process
What this includes:
Creating Unclaimed Listings based on publicly available business information about retreat providers;
Sending outreach emails to retreat providers inviting them to claim their Listing;
Responding to inquiries on Unclaimed Listings.
Legal basis:
PDP Law: legitimate interest (Art. 20(2)(f)) in building a comprehensive marketplace and connecting Guests with providers; we conduct a legitimate-interest assessment for this activity.
GDPR (where Vendor is EU-based): legitimate interest (Art. 6(1)(f)).
Vendors can opt out of being listed at any time by contacting [email protected]. Where requested, we remove the Listing.
4.8 For dispute resolution and legal claims
What this includes:
Investigating and resolving disputes between Guests and Vendors;
Responding to chargebacks and refund disputes;
Defending Finding Retreats against legal claims;
Cooperating with insurers, brokers, and lawyers.
Legal basis:
PDP Law: legitimate interest (Art. 20(2)(f)); legal obligation (Art. 20(2)(c)).
GDPR: legitimate interest (Art. 6(1)(f)); legal claims (Art. 9(2)(f) for sensitive data).
5. Who We Share Your Personal Data With
We share personal data only when necessary, and only with the categories of recipient below.
5.1 With Vendors
When you make a Booking or send an inquiry, we share with the Vendor:
Your name and (where required) the names of others in your group;
Your email address and phone number;
The dates and details of the Booking;
Any special requests, dietary requirements, or accessibility needs you choose to share;
Health or medical information you choose to share with the Vendor;
Your messages exchanged with the Vendor through the Platform.
The Vendor uses this information as an independent Data Controller for delivering the Retreat and complying with their own legal obligations. Vendors are required under our Vendor agreement to comply with applicable data protection laws.
5.2 With our service providers
We share personal data with the third parties who help us run the Platform. The main ones are listed below. This list may change as our operations evolve; an up-to-date list is available on request.
Service provider | Purpose | Location of processing |
|---|---|---|
Stripe Payments | Payment processing, Vendor payouts (Stripe Connect), fraud detection | Ireland, United States |
Supabase | Database hosting, authentication | United States |
Vercel | Web hosting and content delivery | United States (with global edge) |
Resend | Transactional and marketing email delivery | United States |
Google (Workspace, Maps, Analytics) | Business email, mapping, analytics | United States and global |
[Identity verification provider] | Vendor and identity verification | Ireland, United States |
[Customer support tool, if used] | Support ticketing | Indonesia |
[Analytics tools, if any] | Product analytics | Indonesia |
These providers are bound by contract to process data only on our instructions, for the purposes we specify, and to apply appropriate security measures.
5.3 With other users
Some of your data is visible to other users of the Platform:
Your profile photo and first name may be visible on reviews you submit;
Reviews you write are publicly visible (linked to your first name and the first letter of your surname, or a username if you have set one);
Messages you send are visible to the recipient.
You can control some of these settings in your account preferences.
5.4 With our professional advisers
We share data with our lawyers, accountants, auditors, insurers, and other professional advisers where reasonably necessary, and always under confidentiality obligations.
5.5 With courts, regulators, and law enforcement
We disclose personal data where required to comply with a court order, subpoena, regulatory request, or other lawful demand. We may also disclose data where we believe in good faith that disclosure is necessary to:
Protect the rights, property, or safety of Finding Retreats, our users, or the public;
Investigate and prevent fraud or other illegal activity;
Enforce our Terms or other agreements.
Where the disclosure is to Indonesian law enforcement under the PDP Law and the Electronic Information and Transactions Law, we comply with the requirements set out in those laws.
We do not voluntarily provide data in response to informal requests. We require lawful process unless an emergency threatens life or serious bodily harm.
5.6 In a business transfer
If Finding Retreats is involved in a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of that transaction. We will notify you and (where required) seek your consent before any such transfer that would materially change how your data is handled.
5.7 With your consent
We share data with other parties where you give us your specific consent to do so.
6. International Data Transfers
6.1 Why your data leaves Indonesia
The Platform uses several service providers whose data centres are outside Indonesia, primarily in the United States, Ireland, and other locations. As a result, your personal data is transferred internationally as a normal part of using the Platform.
6.2 Our compliance with Indonesian cross-border transfer rules
Under Article 56 of the PDP Law, we may transfer personal data outside Indonesia only where:
The destination jurisdiction provides personal data protection at least equivalent to that under the PDP Law (as recognised by the Indonesian PDP Agency); or
There are adequate and binding personal data protection safeguards in place between us and the recipient; or
You have given your consent to the transfer.
We currently rely on a combination of:
Contractual safeguards — data processing agreements with our service providers, incorporating commitments equivalent to the PDP Law's protections (similar to the EU's Standard Contractual Clauses);
Recipient-specific protections — many of our providers (e.g., Stripe, Vercel) maintain GDPR-aligned global privacy programs;
Your explicit consent, given when you sign up to the Platform, where consent is the appropriate legal basis.
We notify the Indonesian Ministry of Communication and Digital Affairs (MOCDA / Kominfo) of cross-border transfers as required.
6.3 GDPR-compliant transfers (for EEA/UK/Switzerland users)
Where personal data is transferred from the EEA, the UK, or Switzerland to a country that has not received an adequacy decision from the European Commission (or the UK or Swiss equivalents), we rely on:
The European Commission's Standard Contractual Clauses (Module 2: controller to processor; Module 4: processor to controller, as relevant);
The UK International Data Transfer Addendum (where applicable);
The Swiss Federal Data Protection and Information Commissioner's recognition of the SCCs;
Supplementary measures where required by the Schrems II ruling.
You can request a copy of the relevant transfer mechanism by contacting [email protected].
6.4 Australian users
For data transferred from Australia, we comply with Australian Privacy Principle 8 (cross-border disclosure). We take reasonable steps to ensure the overseas recipient handles your data consistently with the Australian Privacy Principles.
7. Cookies and Similar Technologies
7.1 What cookies are
Cookies are small text files stored on your device when you visit a website. They allow the website to remember information about your visit, which can make subsequent visits easier and the website more useful to you. Similar technologies include local storage, pixels, beacons, and SDKs.
7.2 What we use cookies for
We use cookies and similar technologies for:
Strictly necessary — to make the Platform work (for example, keeping you logged in, remembering items in your cart). These cannot be turned off.
Functional — to remember your preferences and improve your experience (for example, your language and currency).
Analytics — to understand how the Platform is used in aggregate, so we can improve it.
Marketing and personalisation — to show you relevant content and (where you have consented) targeted communications.
7.3 Managing cookies
When you first visit the Platform from certain jurisdictions, we ask for your consent to non-essential cookies. You can change your preferences at any time through our Cookie Settings link in the footer.
You can also control cookies through your browser settings, though disabling strictly necessary cookies will break parts of the Platform.
7.4 Do Not Track
Some browsers send a "Do Not Track" (DNT) signal. There is no universal standard for how to interpret DNT. We currently do not respond to DNT signals, but we honour the cookie preferences you set through our consent banner.
8. How Long We Keep Your Personal Data
We keep personal data only for as long as we need it for the purposes set out in this Privacy Policy, or as required by law.
8.1 Indicative retention periods
Category of data | Retention period |
|---|---|
Active account data | For as long as your account is active, plus a reasonable period after account closure for legal and accounting purposes |
Booking and transaction records | 10 years from the date of the Booking (Indonesian tax and accounting record-keeping requirements) |
Marketing data and email engagement | Until you withdraw consent or 3 years of inactivity, whichever is sooner |
Customer support correspondence | 3 years from the date of the last interaction |
Cookies and analytics | Per cookie expiry; typically 1 day to 24 months |
Identity verification records (Vendors) | For the term of the Vendor relationship plus 10 years |
Health and dietary information shared with a Vendor | Deleted from our active systems within 90 days after the Booking, subject to retention for dispute resolution and legal claims |
Records related to disputes or legal claims | For the period of the dispute plus the applicable statute of limitations |
8.2 After the retention period
When the retention period ends, we either:
Permanently delete the data;
Anonymise it (such that you can no longer be identified, even by combining it with other data); or
Where deletion is not technically possible (for example, encrypted backups), we put the data beyond use and delete it on the next backup cycle.
9. Your Rights
This section explains the rights you have over your personal data. Many of these rights apply to all users, regardless of where you live. Some additional rights are available to users in specific jurisdictions.
9.1 Rights available to all users
You have the right to:
Access — request a copy of the personal data we hold about you;
Correct — ask us to correct personal data that is inaccurate or incomplete;
Delete — ask us to delete personal data we hold about you, subject to our legal obligations to retain certain data;
Restrict processing — ask us to limit how we process your data in certain circumstances;
Object — object to our processing of your data where the legal basis is legitimate interest, including marketing;
Withdraw consent — withdraw any consent you have given us, at any time;
Lodge a complaint — with the relevant data protection authority (see Section 9.4).
9.2 Additional rights — Indonesia (PDP Law)
In addition to the rights above, if you are in Indonesia or your data is processed under the PDP Law, you have the right to:
Obtain personal data about you in a structured, commonly used, and machine-readable format (PDP Law Art. 9);
Receive information on the purpose of processing, the data being processed, and the period of retention (PDP Law Art. 5);
Delay or restrict processing in certain situations (PDP Law Art. 9(d));
Sue and obtain compensation for violations of the PDP Law (PDP Law Art. 12);
Withdraw consent at any time (PDP Law Art. 9(e));
End or delete personal data after the purpose is fulfilled (PDP Law Art. 8).
Response time: Under the PDP Law (Art. 30), we must respond to a request to update or correct your personal data within 3 × 24 hours (3 calendar days) of receiving the request. We aim to respond to all data subject requests within this same timeframe where reasonably practicable, and in all cases within the timelines required by applicable law.
9.3 Additional rights — EEA, UK, and Switzerland (GDPR)
If you are in the EEA, the UK, or Switzerland, you additionally have the right to:
Data portability — receive your data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible (GDPR Art. 20);
Not be subject to automated decision-making — including profiling that produces legal or similarly significant effects (GDPR Art. 22). We do not currently make significant decisions about you based solely on automated processing, but if this changes we will tell you and provide additional rights;
Lodge a complaint with your local supervisory authority.
9.4 How to exercise your rights
To exercise any of these rights:
Email us at [email protected] or
Use the account settings menu, where available.
We may ask you to verify your identity before acting on a request, to protect your data from being accessed by someone pretending to be you. This usually means confirming details we already hold about you.
Most requests are free of charge. If a request is manifestly unfounded or excessive (for example, the same request submitted repeatedly), we may charge a reasonable fee or decline to act, in which case we will tell you why.
9.5 Right to complain
If you believe we have not handled your personal data properly, please contact us first — we want to put things right. You also have the right to complain to a regulator:
Indonesia — once the Indonesian PDP Agency (Lembaga Pelindungan Data Pribadi) is established, complaints may be made to it. Until then, complaints may be directed to the Ministry of Communication and Digital Affairs (MOCDA / Kominfo).
European Union — your local Data Protection Authority. A list is at edpb.europa.eu.
United Kingdom — the Information Commissioner's Office at ico.org.uk.
Australia — the Office of the Australian Information Commissioner at oaic.gov.au.
10. How We Protect Your Personal Data
10.1 Security measures
We apply technical and organisational measures appropriate to the risks of processing your data, including:
Encryption in transit — TLS 1.2 or higher for all connections to the Platform;
Encryption at rest — for sensitive data stored in our systems;
Access controls — role-based access, two-factor authentication for staff, principle of least privilege;
Secure password storage — passwords are stored as one-way hashes using industry-standard algorithms; we do not see or store plain-text passwords;
Payment data isolation — full card data is handled by Stripe, a PCI-DSS Level 1 service provider; we do not store it;
Regular security review — we review our security practices regularly and engage external assistance for testing where appropriate;
Vendor due diligence — we evaluate the security and privacy practices of our service providers.
10.2 What you can do
Security is a shared responsibility. You can help protect your account by:
Using a strong, unique password;
Enabling two-factor authentication when available;
Not sharing your account credentials;
Keeping your device and browser up to date;
Notifying us promptly if you suspect unauthorised access.
10.3 Data breach notification
In the event of a personal data breach that creates a risk to your rights and interests, we will notify:
The Indonesian supervisory authority (currently MOCDA / Kominfo, and the PDP Agency once established) within 3 × 24 hours (72 hours) of becoming aware of the breach, as required by Article 46 of the PDP Law;
Affected data subjects within 3 × 24 hours (72 hours) of becoming aware of the breach, with information about the data affected, when and how the breach occurred, and the actions we are taking;
Other regulators (such as the EU/UK supervisory authorities under GDPR, or the OAIC under the Australian Notifiable Data Breaches scheme) where required by their applicable laws.
Where a breach disrupts public services or has significant public impact, we will also issue a public notice, as required by the PDP Law.
11. Data Protection Officer
⚖️ LEGAL REVIEW (decision required before publication):
Under Article 53 of the PDP Law, a Data Protection Officer (DPO) must be appointed where:
The processing of personal data is for public service purposes; or
The core activities of the data controller involve regular and systematic monitoring of personal data on a large scale; or
The core activities involve large-scale processing of specific (sensitive) personal data, or data related to criminal acts.
A marketplace processing Booking, location, contact, and health/dietary data for thousands of Guests likely meets the second and third criteria as the Platform scales. The DPO does not need to be an employee — it can be a qualified external service provider.
Until a DPO is formally appointed, the following clause is a placeholder.
If you have any questions about this Privacy Policy or about how we handle your personal data, please contact:
Data Protection Contact — [email protected]
Postal address — Rama Gaia Villa, Bajar Sala Jalan Buung Said Pura Dalem, Ubud, Pejeng Kawan, Tampaksiring, Kabupaten Gianyar, Bali 80571
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do:
We will post the updated Privacy Policy on the Platform with a revised "Last updated" date.
For material changes that affect your rights, we will provide reasonable advance notice — typically by email and via a notice on the Platform — at least 30 days before the changes take effect.
Where required by law, we will obtain your consent to material changes.
Continued use of the Platform after the effective date of changes constitutes acceptance of the updated Privacy Policy.
13. Language
This Privacy Policy is issued in English. A Bahasa Indonesia translation is available at https://findingretreats.com/help/terms-of-service/kebijakan-privasi in accordance with Article 9(2) of Ministerial Regulation No. 5 of 2020.
In the event of conflict between language versions, the Bahasa Indonesia version prevails.
14. Contact Us
For questions about these Terms, please contact us at:
Email: [email protected]
Support: [email protected]
Postal address: Rama Gaia Villa, Bajar Sala Jalan Buung Said Pura Dalem, Ubud, Pejeng Kawan, Tampaksiring, Kabupaten Gianyar, Bali 80571
NIB: 1006220038831
NPWP: 065.745.459.1-905.000
Document control
Version | Date | Author | Changes |
|---|---|---|---|
1.0 | 20 May 2026 | Finding Retreats |