Roam & Restore Privacy Policy

Effective Date: 23 April 2026
Last Updated: 23 April 2026

At Roam & Restore, your privacy matters. We are committed to handling your personal data with care, respect, and transparency.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you visit our website, enquire about or book a retreat or service, join our mailing list, or otherwise interact with us.

Roam & Restore is built around intentional care, restorative experiences, and ethical practice, and that approach extends to how we handle your information.

1. Who We Are

Roam & Restore is a Cayman Islands wellness and retreat business offering thoughtfully curated restorative experiences in nature, including retreats, wellness offerings, and related services.

For the purposes of Cayman Islands data protection law (Cayman Islands Data Protection Act (2021 Revision) (“DPA”)), Roam & Restore is the data controller of your personal data.

Contact details
Roam & Restore
PO Box 11234
Grand Cayman, Cayman Islands, KY1-1008
Email: marilyn@roamandrestore.com

If you have any questions about this Privacy Policy or how we use your personal data, please contact us using the details above.

2. What Personal Data We Collect

We may collect the following types of personal data:

Information you give us directly

  • Your name

  • Email address

  • Phone number

  • Home or billing address

  • Emergency contact details

  • Booking and travel-related details

  • Preferences relevant to your retreat or service experience

  • Messages or enquiries you send to us

Wellness and support information

Where relevant to delivering a safe and appropriate experience, we may collect limited information such as:

  • dietary requirements

  • allergies

  • accessibility needs

  • mobility considerations

  • wellness information you choose to share with us

  • information relevant to Reiki or other wellness services

Under Cayman law, some health-related information may be treated as sensitive personal data, which requires additional care.

Payment and transaction information

  • Booking records

  • Payment status

  • Invoices and transaction history

We do not intend to store full payment card information ourselves where a third-party payment provider is used.

Website and technical information

If you use our website, we may collect:

  • IP address

  • browser type

  • device information

  • pages visited

  • referral source

  • cookie and analytics information

3. How We Collect Your Data

We collect personal data when you:

  • fill in a form on our website

  • fill in a health/wellness intake form to be used for retreats, Reiki, or other services.

  • contact us by email, phone, social media, or messaging platform

  • subscribe to our mailing list

  • enquire about or book a retreat, workshop, or wellness service

  • provide information relevant to your participation in an experience

  • use our website

We may also receive limited information from service providers involved in bookings, payments, communications, or retreat logistics.

4. How We Use Your Personal Data

We use your personal data to:

  • respond to your enquiries

  • process bookings and provide retreats and services

  • communicate with you before, during, and after your experience

  • personalise your retreat or wellness experience where appropriate

  • manage dietary, accessibility, health, or other disclosed needs

  • process payments and maintain business records

  • send updates, newsletters, and promotional communications where lawful

  • improve our services, website, and customer experience

  • comply with legal and regulatory obligations

Under the Cayman Islands Data Protection Act, personal data must be processed fairly, for lawful purposes, and only to the extent necessary.

5. Legal Basis for Using Your Data

We process personal data only where we have a lawful basis to do so under the Cayman Islands Data Protection Act. Depending on the circumstances, this may include:

  • your consent

  • taking steps at your request before entering into a contract

  • performing a contract with you

  • complying with a legal obligation

  • protecting vital interests

  • pursuing legitimate interests in operating and improving our business, provided your rights are not overridden

Where we process sensitive personal data, we do so only where an additional lawful condition applies.

6. Marketing Communications

We may send you updates about retreats, workshops, wellness offerings, and related news if you have asked to hear from us or if we are otherwise permitted to do so by law.

You may unsubscribe or opt out at any time by:

  • clicking the unsubscribe link in an email; or

  • contacting us directly

Under Cayman Islands law, you have the right to require a data controller to stop processing your personal data for direct marketing.

7. Sharing Your Personal Data

We may share your personal data where reasonably necessary with trusted third parties such as:

  • retreat venues and accommodation providers

  • guides, transport providers, and service partners

  • payment processors

  • email and marketing platforms

  • website hosts and IT service providers

  • professional advisers such as lawyers, accountants, and insurers

  • regulators, public authorities, or law enforcement where required by law

Because Roam & Restore delivers curated retreat experiences with partners and service providers, some sharing is necessary to provide the experience you book.

We only share personal data that is reasonably necessary for the relevant purpose.

8. International Transfers

Some of the providers we use, or some elements of retreat delivery, may involve transferring personal data outside the Cayman Islands.

Where this happens, we take reasonable steps to ensure that your personal data remains appropriately protected. Under Cayman law, personal data should not be transferred to another country or territory unless an adequate level of protection is in place.

9. How Long We Keep Your Data

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including to meet legal, accounting, insurance, operational, and dispute-resolution requirements.

This means, for example, that:

  • enquiry information may be kept for a reasonable follow-up period

  • booking and payment records may be retained longer for legal and accounting purposes

  • marketing records may be kept until you unsubscribe or withdraw consent

  • health or wellness information will usually be kept only as long as needed for the relevant service and any legitimate recordkeeping purpose

When personal data is no longer needed, we will securely delete, destroy, or anonymise it where appropriate. Cayman law requires that personal data not be kept longer than necessary.

10. How We Protect Your Data

We take reasonable technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

These measures may include:

  • secure systems and password protection

  • restricted access to personal data

  • careful use of reputable service providers

  • staff or contractor confidentiality expectations

  • secure storage and communication practices

Where third parties process data on our behalf, we seek to ensure that appropriate contractual safeguards are in place. Cayman law specifically requires written processor arrangements in relevant cases.

11. Your Rights

Under the Cayman Islands Data Protection Act, you have rights in relation to your personal data, including the right to:

  • know whether we are processing your personal data

  • request access to your personal data

  • request information about how your data is used

  • request that inaccurate data be corrected

  • request that certain processing stop

  • require us to stop using your data for direct marketing

  • complain to the Ombudsman

A subject access request must generally be dealt with within 30 days, subject to limited lawful extensions. The Regulations also provide that requests are generally free of charge unless they are manifestly unfounded or excessive.

To exercise your rights, please contact us using the contact details above. We may need to verify your identity before responding.

12. Data Breaches

If a personal data breach occurs, Cayman law requires notification to affected data subjects and the Ombudsman without undue delay, and no later than five days after the controller should, with reasonable diligence, have become aware of it.

If a breach occurs that affects your personal data, we will act in accordance with our legal obligations.

13. Cookies and Analytics

Our website may use cookies or similar technologies to support functionality, understand website traffic, improve performance, and help us communicate more effectively.

Where appropriate, you will be given options in relation to non-essential cookies.

14. Third-Party Websites

Our website or communications may contain links to third-party websites, booking tools, social media platforms, or partner websites. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy notices.

15. Children

Our services are generally intended for adults unless expressly stated otherwise. We do not knowingly collect personal data from children except where it is legitimately provided in connection with an enquiry or booking and may lawfully be processed.

16. Complaints

If you have a concern about how we handle your personal data, please contact us first so we can try to resolve it.

You also have the right to complain to the Office of the Ombudsman in the Cayman Islands, which is the supervisory authority for data protection matters under the Act.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data practices. Any updates will be posted on this page with a revised effective date.