POLICY PRIVACY
Given your interest in Bhakti Marga South Africa and more so our beloved Guruji, Paramahamsa Sri Swami Vishwananda, Bhakti Marga South Africa NPC (“BMSA”, “we” or “us”) endeavors to provide you with all the information needed on your path.In order to facilitate sharing of information relating to Sri Swami Vishwananda, His teachings, devotee testimonials, courses and sadhana, we need to collect your personal data.
This notice explains how BMSA will obtain, use and disclose your personal information, in accordance with the requirements of the Protection of Personal Information Act (“POPIA”).
At BMSA (including this website) we are committed to protecting your privacy and to ensure that your personal information is collected and used properly, lawfully and transparently.
- Who is responsible for your personal data?
BMSA, NPO, Bhakti Marga SA (NPO NO: 122-945), 13 Centenary Road, Kwadukuza, KwaZulu Natal, South Africa, Email: krishna.jagarnath@gmail.com +27 72 522 2249, is responsible under the POPIA for the collection and processing of personal data of the users and for the safety thereof as elaborated upon hereunder.
- What will your data be used for?
The personal data collected from you registering with us at events or the like or upon request from you, received by any means, will be used for the purpose of providing services to you as per the General Terms & Conditions. Your data may be used for the purpose of contacting you to inform you of events or change to event details related to the aforesaid services or deemed to be essential for the provision of such services, as required by us. Without this information, we may not be able to provide the requested services.
In case of registration with us for any services, the data collected will be used for processing of the request, providing the services within the statutory provisions and for statistical or reporting purposes or any other purpose according to the laws of the Republic of South Africa.
We also use the personal data stored by us for customer care e.g. information on change of any Government Policy, information on sadhana and spiritual/religious services, execution of advertising and marketing measures within the legally permissible framework, and order processing.
- What information will be collected by us?
The personal information that you provide us when you register with us and that you provide when you use our registration portal to register, or in any other manner or form, including the information that you provide us with by email such as:
• Title, first name, last name,
• date of birth,
• mail address
• address
• telephone number (landline and / or mobile)
• Email address
• Copies of passport with relevant personal details as mentioned on the passport including photo, serial number, address, nationality
• A photocopy of an identity card including personal data such as name, photo, serial number, signature, address, nationality
• Specific categories of personal information, such as information about your state of health or your religious orientation, which you voluntarily indicate at the time of booking by entering a box in the health status, or enter it in any other field, such as by telephone at our customer service, in the telegram chat or during the booking process by email.
• Financial details including but not limited to bank account information, credit card information, insurance etc.
All personally identifiable information you give us when registering and making the booking must be accurate. This includes, for example, that we always have your correct contact information (including e-mail address).
In addition, we may collect certain information automatically including through cookies (including but not limited to web beacons and other technologies that collect information in a similar way to cookies), including, but not limited to, the type of device used to access the Website, the IP address of your device and other information that may be required for the smooth and efficient functioning of the Website. We may also use certain information to provide customer care services related to the provision of services.
The data we collect using cookies helps us understand our users better so that we can provide a more focused user experience. Using the knowledge of your previous visits to our website, we can enhance subsequent visits by tailoring our content to match your requirements.
We use cookies principally because we want to make our websites and mobile applications user-friendly, and we are interested in anonymous user behaviour. Generally, our cookies don’t store sensitive or personally identifiable information such as your name and address or credit card details.
Our cookies principally contain: (i) a unique name set by the site that generated it; (ii) a value – the information within it that recalls your previous activities; and (iii) an expiration date, which determines how long the cookie will remain active in your browser before being automatically deleted.
Please note that we only collect the data of children if they have been provided by the parents or guardians or with their consent. If we become aware that we have collected the information of a child without the consent of a parent or guardian, we reserve the right to delete it.
- Sharing or Transfer of Information
We may exchange, transfer, share, part with all or any of your Information to service providers and authorities (tour operators, hotels, tour guides, bus transfer companies, local agencies, restaurants and other parties who cannot provide the requested services without providing your personal data). In addition, we also work with third party service providers / partners / banks and financial institutions to provide the requested services and fulfil our obligations. Please note that privacy policies of these persons/authorities/third party service providers may differ from us. We reserve the right to share any Information collected with any Court or Governmental Authority as mandated by any applicable law and/or in compliance with any order of a court of competent jurisdiction.
- Opt-out Rights
Subject to the General Terms & Conditions agreed by you for the provision of services by us thereunder, you may opt-out of providing any information to us. You may further request that information so collected from you may not be disclosed to any third-party unless required by law or by a court of competent jurisdiction. You may inform us if such eventuality arises at info@bhaktimarga.co.za. However, on receiving such request from you, it may become impossible for us to deliver services as requested by you and in that case, you completely indemnify us from all losses and damages resulting from exercise of such ópt-out rights by you.
- Data Retention Policy
We will retain your information for as long as it is deemed necessary for the provision of services under the General Terms & Conditions and any purpose reasonably incidental thereto in our opinion. If you would like us to delete your data that you have provided, please contact us at info@bhaktimarga.co.za, we will respond within reasonable time. Please note that such information provided by you may be necessary for the provision of services under the General Terms & Conditions. We, therefore reserve our right to refuse provision of the services to you upon request for deletion of data prior to the fulfilment of contractual obligations between you and Bhakti Marga South Africa unless you decide to opt out of the services being availed. However, once you have registered with us and availed the facility being provided or transferred any funds for the same, some data needs to be retained mandatorily under the Indian Statues and Laws (particularly the taxation laws). Should you exercise your opt-out rights, we reserve our right to retain your data limited to the extent required for such statutory compliance and for such period as is required under law, for fulfilment of legal obligation, public interest and legal claims.
- Confidentiality & Security
Safeguarding the confidentiality of your information is of paramount importance to us. To this extent we have physical, electronic, and procedural safeguards to protect the personal information in our possession from loss, misuse and unauthorised access, disclosure, alteration and destruction. We restrict access to your Personal Information to our and our affiliates’ employees, agents, third party service providers, partners, and agencies who need to know such Personal Information in relation to the Purposes as specified above in this Privacy Policy. Please be aware that, although we endeavour to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal information remains secure.
- Affiliated company for the service of a lifestream and video recordings:
Bhakti Event GmbH, Am Geisberg 1-8, 65321 Heidenrod Germany, Tel. 06124/609-1125, E-mail dataprotection@bhaktimarga.org, commercial registration number: 23765, / E-mail: info@bhaktimarga.org. For more information, please see their privacy policy https://bhaktimarga.org/privacy. https://www.bhaktimarga.org/impressum/impressum-de
You can contact their data protection officer at: Anna Aman lawyer, E-mail info@kanzlei-anna-aman.de. We have concluded an order processing agreement with Bhakti Event GmbH that complies with the requirements of Art. 28 GDPR.
8.1 Participating in an event
Which data do we process when you consent to a participate in an event?
If you give us a consent via our website, we process from you, inter alia, first and last name, e-mail address, pictures, videos and testimonials, language of interpretation, spiritual name (optional), information about the event you have registered for. We also process videos recordings of you while you participate in the event to share the common experience with the whole participating (online and offline) community during a livestream and a period then after. Moreover, we may use your photos and videos taken during the event for the purpose of commercial use. This means your photos and videos may be used on our websites, in (print) publications and our Facebook, Flickr, Instagram page as well as our YouTube channel.
8.2 For what purposes and on what legal basis do we process this data?
The processing of photos and/or videos collection, storage and transfer to third parties is based on the explicit consent of the person(s) entitled or the person(s) concerned, therefore in accordance with Art. 6 para. 1 letter a GDPR, Art. 9 Abs.2 lit.a GDPR. The processing is based on the legal basis of Art. 6 (1) lit. a GDPR (your consent, you have given. Consent is always freely given. Refusing or revoking your consent will not have any negative consequences for you). If you have signed a contract with Bhakti Event GmbH, with you as a participant regarding the event documentation production, then the contract is the legal basis Art. 6 (1) b GDPR.
8.3 Categories of possible recipients of the personal data:
The photos and/or videos can be shared with Facebook, Instagram , YouTube. For purposes of public relations, as well as commercial use and sales work, they may be posted on the homepage of bhaktimarga.org and used for the facebook fanpage, twitter page, you-tube channel of Bhakti Event GmbH. The content is also going to be livestreamed on YouTube. YouTube is an American company and, as with all American companies that analyse user behaviour, there is a risk that we do not know exactly, how your data is analysed and we cannot influence this. The content is also going to be livestreamed on YouTube. YouTube is an American company and, as with all American companies that analyse user behaviour, there is a risk that we do not know exactly, how your data is analysed and we cannot influence this.
- Facebook Inc., 1601 Willow Road Menlo Park, CA 94025, USA. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. To learn more about Facebooks data collection and use, please read their Privacy Notice. Together with Facebook Ireland, Bhakti Event GmbH is jointly responsible in the meaning of Art. 26 GDPR for the processing of so-called pages insights in the course of operating their Facebook fan page. Facebook Ireland uses these page insights to analyse the activity on our Facebook page and provides us this information in a form which does not relate to the specific person. We have concluded for this purpose an agreement with Facebook Ireland about joint responsibility under data protection law which you can access using the following the link. Facebook Ireland undertakes in this agreement, among other points, to assume the primary responsibility under the GDPR for the processing of page insights and to fulfil all duties under GDPR with regard to the processing of the page insights.
- Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland. For more information please see the Privacy Notice of Twitter.
- Instagram, operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. To learn more about Facebook Ireland’s data collection and use with respect to Instagram, please read their Privacy Notice.
- Flickr, operated by Flickr, Inc., Flickr c/o Yahoo! Inc., 701 First Avenue, Sunnyvale, CA 94089, USA. For more information please see the Privacy Notice of Flickr. Basis for the transfer to third countries: Standard contractual clauses. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: https://www.flickr.com, Privacy Policy: https://www.flickr.com/help/privacy
- YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy Policy: https://policies.google.com/privacy ; Basis for third country transfer: EU-US Data Privacy Framework (DPF). Option to object (opt-out): https://adssettings.google.com/authenticated.
8.4 Duration of storage of personal data:
Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
- Rights of the data subject
Right of revocation in case of consent:
The consent to the processing of the photos and/or videos can be revoked at any time for the future with future effect. The data subject can exercise their withdrawal right BM South Africa SA, Tel :+ E-Mail: info@bhaktimarga.co.za, https://bhaktimarga.co.za/privacy-policy//. The legality of the data processing carried out on the basis of the consent until the revocation is not affected by this. In case of a contract with you as a participant is signed, regarding the production of the documentation an event, than a contract is the legal basis for the processing of your data according to Art. 6 I b GDPR.
9.1 Rights of data subjects
Rights of data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
- Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is carried out on the basis of Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
- Right to withdraw consent: You have the right to withdraw your consent at any time.
- Right of access: You have the right to request confirmation as to whether the data in question is being processed and to request access to this data, as well as further information and a copy of the data in accordance with the legal requirements.
- Right to rectification: In accordance with the law, you have the right to request the completion of the data concerning you or the correction of the inaccurate data concerning you.
- Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be erased without undue delay or, alternatively, to demand that the processing of the data be restricted in accordance with the legal requirements.
- Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with the legal requirements, or to request that it be transmitted to another controller.
- Complaint to a supervisory authority: In accordance with the legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State in which you habitually reside, the supervisory authority of your place of work or the place of the alleged infringement, if you consider that the processing of your personal data violates the GDPR.
- Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.
11. Plugins and embedded functions as well as content
We integrate functional and content elements into our online offering, which are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). This may include, for example, graphics, videos or city maps (hereinafter referred to collectively as “Content”).
The integration always presupposes that the third-party providers of this content process the IP address of the users, as without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the display of this content or functions. We make every effort to only use content whose respective providers only use the IP address to deliver the content. Third parties may also use pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information on the browser and operating system, referring websites, time of visit and other information on the use of our online offering, as well as be combined with such information from other sources.
- Types of data processed: usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Inventory data (e.g. names, addresses); contact details (e.g. email, phone numbers); Content data (e.g. submissions in online forms). Location data (information about the geographic location of a device or person).
- Data subjects: Users (e.g. website visitors, users of online services).
- Purposes of processing: Provision of our online offer and user-friendliness; Marketing. Profiles with user-related information (creating user profiles).
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- X, before twitter plugins and content: plugins and buttons of the “X” platform – This may include, for example, content such as images, videos or texts and buttons that allow users to share content from this online offering within X; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://twitter.com/de; Privacy Policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization); Data processing agreement: https://privacy.twitter.com/en/for-our-partners/global-dpa. Basis for third-country transfers: Standard Contractual Clauses (https://privacy.twitter.com/en/for-our-partners/global-dpa).
- YouTube videos: video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfer: EU-US Data Privacy Framework (DPF). Possibility of objection (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated.
- Flickr, operated by Flickr, Inc., Flickr c/o Yahoo! Inc., 701 First Avenue, Sunnyvale, CA 94089, USA. For more information, please see Flickr’s privacy policy. Basis for transfer to third countries: standard contractual clauses. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.flickr.com, Privacy Policy: https://www.flickr.com/help/privacy
- Shariff Wrapper: On our website, we offer you the opportunity to use so-called “social media buttons”. To protect your data, we use a solution called “Shariff”. Here, the share buttons are implemented as static images that contain a link to the corresponding social network page. If you click on such a button, you will be redirected to the corresponding page of the social network, just as normal links would do. It is only at this moment that the provider of the social network receives information about you, such as your IP address. If you do not click on such a share button, no data will be transferred. Information about the collection and use of your data by the social networks can be found in the respective terms of use of the respective providers. More information about the plugin and the Shariff solution can be found here: https://wordpress.org/plugins/shariff/
- Facebook pages: Profiles within the social network Facebook – Together with Meta Platforms Ireland Limited, we are responsible for the collection (but not the further processing) of data of visitors to our Facebook page (so-called Facebook pages). “Fanpage”). This data includes information about the types of content that users view or interact with, or the actions they take (see “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in Facebook’s Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, known as “Page Insights”, for Page operators to gain insights into how people interact with their Pages and with the content associated with them. We have entered into a special agreement with Facebook (“Page Insights Information”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfil the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “About Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Basis for third-country transfers: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum). For more information, see: Joint Responsibility Agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data. Joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular with regard to the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the Standard Contractual Clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
- Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interest (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com. Privacy Policy: https://instagram.com/about/legal/privacy. Your data may be transferred to third countries such as the USA. For the US, there is an adequacy decision from the EU Commission: the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and is therefore obliged to follow European data protection principles.
- Google Maps: We integrate the maps of the “Google Maps” service of the provider Google. The data processed may include, in particular, IP addresses and location data of users; Service Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Basis for third-country transfer: EU-US Data Privacy Framework (DPF).
12. API Keys
We make use of certain APIs, in order to provide specific features.
These APIs may include the following third party services: Google Maps (API key), Meetup (OAuth token), PayPal (email, Client ID, Client Secret), Eventbrite (API key, auth URL, Client Secret), and Zoom (email, Client ID, Client Secret).
- Communication via messenger
We use messengers for communication purposes and therefore ask you to observe the following information on the functionality of the messengers, encryption, the use of the metadata of the communication and your options for objecting.
You can also contact us in alternative ways, such as by phone or email. Please use the contact options provided to you or the contact options provided within our online offer.
In the case of end-to-end encryption of content (i.e., the content of your message and attachments), please note that the content of the communication (i.e., the content of the message and attached images) is end-to-end encrypted. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use an up-to-date version of Messenger with encryption enabled to ensure that message content is encrypted.
However, we would also like to point out to our communication partners that although the providers of the messengers do not view the content, they can find out that and when communication partners communicate with us, as well as technical information about the device used by the communication partners and, depending on the settings of their device, location information (so-called metadata) is processed.
Notes on legal bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for our processing of their data is their consent. In addition, if we do not ask for consent and you contact us, for example, on your own initiative, we use Messenger in relation to our contractual partners as well as in the context of the initiation of the contract as a contractual measure and, in the case of other interested parties and communication partners, on the basis of our legitimate interests in fast and efficient communication and in fulfilling the needs of our communication partners in communication via Messenger. Furthermore, we would like to point out that we will not transmit the contact details provided to us to the messengers for the first time without your consent.
Revocation, objection and deletion: You can revoke your consent at any time and object to communication with us via Messenger at any time. In the case of communication via messenger, we delete the messages in accordance with our general deletion guidelines (i.e., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information provided by the communication partners, if no reference to a previous conversation is to be expected and there are no legal retention obligations to prevent the deletion.
Reservation of reference to other means of communication: Finally, we would like to point out that for reasons of your security, we reserve the right not to answer inquiries via Messenger. This is the case, for example, if internal contractual information requires special secrecy or if a response via messenger does not meet the formal requirements. In such cases, we will refer you to more appropriate means of communication.
- Types of data processed: contact details (e.g. e-mail, telephone numbers); Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Content data (e.g. . submissions in online forms).
- Data subjects: Communication partners.
- Purposes of processing: contact requests and communication; Direct marketing (e.g. by e-mail or post).
- Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- Whatsapp: Messenger with end-to-end encryption, Service provider: WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.whatsapp.com/ Privacy Policy: https://www.whatsapp.com/legal/privacy-policy
- Telegram: messenger with end-to-end encryption; Service Providers: Representative in the European Union: European Data Protection Office (EDPO), Avenue Huart Hamoir 71, 1030 Brussels, Belgium; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://telegram.org/. Privacy Policy: https://telegram.org/privacy.
14. Provision of the online offer and web hosting
We process users’ data in order to be able to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.
- Types of data processed: usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Content data (e.g. . submissions in online forms).
- Data subjects: Users (e.g. website visitors, users of online services).
- Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.). Security Measures.
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- Provision of our online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also known as a “web host”); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
- Collection of access data and log files: Access to our online services is logged in the form of so-called “server log files”. The server log files may include the address and name of the websites and files accessed, date and time of access, data volumes transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. On the one hand, the server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.
- E-mail sending and hosting: The web hosting services we use also include the sending, receiving and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as further information regarding the sending of e-mails (e.g. the providers involved) as well as the content of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of detecting SPAM. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot assume any responsibility for the transmission path of the e-mails between the sender and the receipt on our server; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
- WordPress.com: hosting and software for creating, delivering, and operating websites, blogs, and other online offerings; Service Provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://wordpress.com; Privacy Policy: https://automattic.com/de/privacy/; Data processing agreement: https://wordpress.com/support/data-processing-agreements/. Basis for third-country transfer: EU-US Data Privacy Framework (DPF).
15. Video conferencing, online meetings, webinars and online lectures and online courses and screen sharing
We use third-party platforms and applications (hereinafter referred to as “Conference Platforms”) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as “Conference”). When selecting conference platforms and their services, we take into account the legal requirements.
Data processed by conference platforms: In the context of participation in a conference, the conference platforms process the personal data of the participants mentioned below. The scope of the processing depends, on the one hand, on which data is requested in the context of a specific conference (e.g. provision of access data or real names) and which optional information is provided by the participants. In addition to processing for the implementation of the conference, the data of the participants may also be processed by the conference platforms for security purposes or service optimization. The processed data includes personal data (first name, last name), contact information (e-mail address, telephone number), access data (access codes or passwords), profile pictures, details of professional position/function, the IP address of the Internet access, details of the participants’ end devices, their operating system, the browser and its technical and linguistic settings, information on the content of the communication processes, i.e. entries in chats, as well as audio and video data, as well as the use of other available features (e.g. surveys). The content of the communications is encrypted to the extent technically provided by the conference providers. If the participants are registered as users with the conference platforms, then further data may be processed in accordance with the agreement with the respective conference provider.
Logging and recordings: If text entries, participation results (e.g. of surveys) as well as video or audio recordings are logged, this will be communicated transparently to the participants in advance and they will be asked for consent if necessary.
Data protection measures of the participants: For the details of the processing of your data by the conference platforms , please note their data protection notices and select the optimal security and data protection settings for you within the settings of the conference platforms. Please also ensure that data and privacy are protected in the background of your recording for the duration of a video conference (e.g. by notifying roommates, locking doors and, as far as technically possible, using the function to make the background unrecognizable). Links to the conference rooms as well as access data may not be passed on to unauthorized third parties.
Notes on legal bases: If, in addition to the conference platforms , we also process the data of the users and the users ask for their consent to the use of the conference platforms or certain functions (e.g. consent to a recording of conferences), the legal basis for the processing is this consent. Furthermore, our processing may be necessary for the fulfilment of our contractual obligations (e.g. in participant lists, in the case of processing of interview results, etc.). In addition, users’ data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.
- Types of data processed: inventory data (e.g. names, addresses); contact details (e.g. email, phone numbers); Content data (e.g. submissions in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, timings, identification numbers, consent status).
- Data subjects: communication partners; Users (e.g. website visitors, users of online services). People depicted.
- Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; Contact requests and communication. Office and organizational procedures.
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- Zoom: conferencing and communication software; Service Provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://zoom.us; Privacy Policy: https://zoom.us/docs/de-de/privacy-and-legal.html; Data processing agreement: https://zoom.us/docs/de-de/privacy-and-legal.html (referred to as Global DPA). Basis for third-country transfers: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://zoom.us/docs/de-de/privacy-and-legal.html (referred to as Global DPA)).
16. Subscribing to our newsletter
16.1 Data processing newsletter subscription
Through our website you have the opportunity to subscribe to our newsletter. If you subscribe, we will ask you for your email address. Immediately after your registration, you will receive a confirmation on the screen of the device you used to log in. It is also possible to enter your first and last name. This allows Bhakti Marga India Trust to approach you in a personal way, if you would like to do so and to respond personally to any comments and/or questions you may have regarding the newsletter, for example. We would like to point out that our newsletter contains tracking pixels. A tracking pixel is a thumbnail image embedded in an email. These are sent in HTML format to enable the recording and analysis of log files, such as a statistical analysis of the success or failure of our online marketing campaigns. Based on the built-in tracking pixel, we can see if and when an email has been opened and which links have been opened. Such data is stored and analyzed by us in order to optimise the sending of the newsletter and to adapt its content for future newsletters, tailored to the interests of the data subjects. This personal data will not be shared with third parties. We will only use your e-mail address to send newsletters for our own advertising purposes, regardless of the performance of the contract, insofar as you have expressly consented to this. The processing takes place with your consent on the basis of Article 6 (1) (a) GDPR. You may withdraw consent at any time without affecting the lawfulness of any processing carried out on the basis of consent until to the withdrawal.
You can unsubscribe from the newsletter at any time by using the relevant link in the newsletter or by notifying us . Your email address will then be removed from the mailing list.
16.2 Deletion and restriction of processing: We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe contradictions, we reserve the right to store the e-mail address in a blacklist (so-called “blocklist”) solely for this purpose.
The registration process is logged on the basis of our legitimate interests for the purpose of proving that it has been carried out properly. Insofar as we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure dispatch system.
Contents:
Information about us, our services, promotions and offers.
- Types of data processed: inventory data (e.g. names, addresses); contact details (e.g. email, phone numbers); meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Usage data (e.g. websites visited, interest in content, access times).
- Data subjects: Communication partners.
- Purposes of processing: Direct marketing (e.g. by e-mail or post).
- Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
- Opt-out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the contact options given above, preferably e-mail.
Further information on processing processes, procedures and services:
- Measurement of opening and click-through rates: The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server or, if we use a mailing service provider, from its server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of access, is first collected. This information is used for the technical improvement of our newsletter on the basis of the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until they are deleted. The evaluations are used by us to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.The measurement of the opening rates and the click rates as well as the storage of the measurement results in the profiles of the users as well as their further processing are carried out on the basis of the user’s consent. Unfortunately, it is not possible to revoke the performance measurement separately, in which case the entire newsletter subscription must be cancelled or objected to. In this case, the stored profile information will be deleted;
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). - Mailchimp: email sending and email sending and automation services; Service Provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://mailchimp.com; Privacy Policy: https://mailchimp.com/legal/; Data processing agreement: https://mailchimp.com/legal/; Basis for third-country transfers: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (provided by the Service Provider). Further information: Special security measures: https://mailchimp.com/help/Mailchimp-european-data-transfers/.
17. Which data do we process in the context of a donation?
● Donations and payment services
● Givewp and Stripe: You can use a donation function on our website. We use Givewp as our donation portal with Stripe as payment gateway and processor to handle and manage all financial transactions. Donations are processed by the third-party provider Stripe Ltd. Further information on data processing by Stripe Ltd. can be found in the legal notice: Stripe Inc. 354 Oyster Point Boulevard, South San Francisco California 94080, USA. To find out more about the security measures of these organisations, please click on the following links: . https://stripe.com/de/privacy
18. Technical security measures
We implement a variety of security measures designed to maintain the safety of your personal data we store and process. For example, to protect the transmission of confidential information that you send to us as the website provider, we use SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any personal data under our control is compromised as a result of a security breach, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose personal data may have been compromised and or the competent data protection authority
19. Changes and updates to the Privacy Policy
Our privacy policy is subject to revision. Any changes/amendments made to our privacy policy will be posted on this page and notified to our customers/users by e-mail and/or text message to the primary e-mail address and/or phone number specified in the customer’s account. You are advised to review this Privacy Policy periodically for any changes. If you object to any of the changes to our terms, and you no longer wish to use the Services, you may contact us at info@bhaktimarga.co.za; . If you use the Services or access the Website after a notice of changes has been sent to you or published on the Website, you are deemed to have provided your consent to the changed terms.
Should you have any questions about this Privacy Policy or information collection, use and disclosure practices, you may contact us at info@bhaktimarga.co.za, +27725222249. We will use reasonable efforts to respond promptly to any requests, questions or concerns, which you may have regarding our use of your personal information.