Legal

Privacy Policy

Last Updated: January 2026 · Effective Date: January 1, 2026

Information We Collect
How We Use Your Information
Legal Basis for Processing
Information Sharing
Data Retention
Security & Protection
Your Rights
Cookies & Tracking
Children's Privacy
International Transfers
Policy Changes
Contact Us

1. Information We Collect

Harbor Fog Retreat collects information to provide, improve, and protect our services. We collect data in three main ways: information you provide directly, information collected automatically when you use our site or services, and information from third parties.

Information You Provide

When you book a retreat, create an account, or contact us, we collect information such as your name, email address, phone number, billing address, payment information, travel preferences, wellness interests, dietary restrictions, accessibility needs, and any other information you voluntarily share with us. If you subscribe to our newsletter, we collect your email address and communication preferences.

Automatically Collected Information

When you visit our website, we automatically collect technical information including your IP address, browser type, operating system, pages visited, time spent on pages, referring URLs, and device information. We use cookies, web beacons, and similar tracking technologies to recognize you across visits and to understand how you interact with our services.

Information from Third Parties

We may receive information from payment processors, accommodation partners, travel guides, and other service providers who assist us in delivering your retreats. We may also receive feedback and reviews from you about your experience with our services.

2. How We Use Your Information

We use the information we collect to:

Process and fulfill your booking requests, including confirming reservations, processing payments, and managing your itinerary
Communicate with you about your retreat, including pre-travel information, updates, and post-travel follow-up
Personalize your experience by remembering your preferences and tailoring recommendations
Provide customer support and respond to inquiries or complaints
Send you newsletters, promotional offers, and marketing communications (only with your consent)
Analyze usage patterns to improve our website, services, and user experience
Conduct research and develop new features or retreats
Comply with legal obligations, enforce our terms, and protect our legal rights
Detect, prevent, and address fraud, security issues, and other harmful activities
Create aggregated, anonymized data for internal business purposes

3. Legal Basis for Processing

Our legal basis for processing your personal data includes: (a) performance of our contract with you to provide retreat services; (b) your explicit consent for marketing communications; (c) compliance with legal obligations under Japanese data protection law and international standards; and (d) legitimate interests in improving our services, preventing fraud, and maintaining security. You have the right to withdraw consent at any time by unsubscribing from communications or adjusting your privacy settings.

We do not sell your personal information. We share information only with trusted partners necessary to deliver your retreat, including accommodation providers, transportation companies, wellness practitioners, and payment processors. We require all partners to maintain strict confidentiality and use your information only as needed to provide our services. We may also share information when legally required by law enforcement, court order, or government authority, and when necessary to protect our rights, privacy, safety, or property.

5. Data Retention

We retain your personal information for as long as necessary to provide our services, comply with legal obligations, and resolve disputes. Typically, we retain booking information for six years for accounting and tax purposes. Contact information and communication preferences are retained until you request deletion or unsubscribe. Automatically collected data (IP addresses, cookies, analytics) is retained for up to two years for performance and security analysis. If you request account deletion, we remove your personal data within thirty days, except where retention is required by law.

6. Security & Protection

We implement comprehensive security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include SSL encryption for all data transmissions, secure payment processing through PCI-DSS compliant third parties, access controls limiting who can view your information, regular security audits, and employee training on data protection. However, no security system is completely secure. We cannot guarantee absolute security of your information, and you transmit information to us at your own risk. If we discover a security breach affecting your personal data, we will notify you in accordance with applicable law.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data: the right to access the information we hold about you; the right to correct or update inaccurate information; the right to delete your information (subject to legal retention requirements); the right to restrict how we process your data; the right to object to processing; the right to data portability (receive your data in machine-readable format); and the right to withdraw consent for marketing communications. To exercise any of these rights, contact us at the address provided below. We will respond to requests within thirty days or as required by law.

8. Cookies & Tracking Technologies

We use cookies to enhance your browsing experience, remember your preferences, analyze website traffic, and personalize content. Cookies are small files stored on your device. We use essential cookies for site functionality, analytics cookies to understand user behavior, preference cookies to store your settings, and marketing cookies for targeted content. You can control cookies through your browser settings, though disabling cookies may limit site functionality. We also use web beacons and pixel tags to track engagement with our communications and to measure marketing effectiveness.

9. Children's Privacy

Our services are intended for travelers eighteen years or older. We do not knowingly collect personal information from children under thirteen. If we become aware that we have collected information from a child under thirteen, we will delete such information immediately and terminate the child's account. Parents or guardians who believe their child has provided information to us should contact us immediately. For travelers thirteen to seventeen, parental consent is required for booking and communication.

10. International Data Transfers

Harbor Fog Retreat is based in Japan. Your information may be transferred to, stored in, and processed in Japan or other countries where we operate. These countries may have data protection laws different from your home country. By providing your information, you consent to such transfers. We take appropriate safeguards to ensure your information receives adequate protection in accordance with international data protection standards.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the "Last Updated" date and posting the revised policy on our website. Continued use of our services after changes constitutes your acceptance of the updated policy. We encourage you to review this policy regularly to stay informed of how we protect your information.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or need to report a privacy concern, please contact us:

Harbor Fog Retreat
Data Protection & Privacy
2514-3 Toyoteru, Chuo Ward
Niigata 951-8033, Japan
Phone: +81-25-228-7453
Email: privacy@harborfogretreat.com