Privacy policy
of
Bhakti Event GmbH
Bhakti Event GmbH
and its affiliated companies
Bhakti Marga Yoga gGmbH, Bhakti Marga Stiftung
as revised on 20 February 2024
We are very delighted that you have shown interest in our enterprise. With this summary, we intend to provide you with a brief overview on what we do with your personal data for an easily understanding. For more detailed information on each of the sections below, we recommend reading the full version of this privacy notice.
I. Scope: This privacy notice applies to the use of your personal data in the context of using our websites and order products and services.
II. Responsibility: Bhakti Event GmbH is generally responsible for the collection and processing of your personal data. However, in some cases, we may jointly process your personal data with third parties, in particular other Bhakti Marga entities. You can find contact detail in section 2.
III. Data Collected and Purposes of Use: The types of data that we process personal data such as your names, contact details, contract- and registration-related data, communication data, user and usage data and IP address, but also more sensitive data that reveal information on your religious or philosophical beliefs, such as your spiritual name or initiation status. We use your personal data to fulfil contracts with you (by fulfilling your orders and support you in your spiritual path etc.) or to pursue our legitimate interest that are not overridden by your fundamental rights and freedoms, such as promoting our cause by providing news on what may be of interest to you (such as events and courses), improving our services and ensuring the confidentiality and integrity our services, or simply to communicate with you. Where we process data on your religious or philosophical belief, we will ask for your consent. For detailed information on the types of date and the purposes of use as well as the legal basis we rely on when processing your personal data, please see section 3.
IV. Where we obtain data: We process personal data about you that you mostly directly provide to us, for example when you register for a Bhakti ID account, order products and services or communicate with us. We may also automatically collect personal data when you use our services, for example by using cookies. In addition, we may receive information from third-parties, such as family members or friends who may mention you in connection with an event (for example a prayer) or a donation.
V. How we share data: We may share certain personal data with other Bhakti Marga entities, service providers who support us in providing our services to you, who are either processors acting on our behalf (such as, for example, to support our marketing activities and maintain our website) or controllers themselves (such as , for example, payment service providers and donation and accounting service providers and shipping and distribution companies) or the public if you comment on our blog. You can learn more about how we share your personal data in section 5.
VI. International transfer: We may transfer your personal data to other countries that are located outside the European Economic Area, which means that in these countries, less protective privacy laws and regulations apply. However, we will ensure that to put appropriate legal safeguards in place for such transfers.
VII. Storage of Data: We process and store your personal data only as long as necessary for our processing purposes. However, sometimes the law requires us to keep such data for longer. To learn more about storage periods, please see section 7.
VIII. Your Rights: You have certain rights under the General Data Protection Regulation concerning your personal data. The types rights you have and further information in this regard can be found in section 8.
IX. Obligation to provide data? You do not have to provide personal data to us, but we may not be able to provide our services if we do not have your personal data.
X. No automate decision making: Bhakti does not use automated decision-making procedures.
XI. Tracking technology: We use cookies and other tracking technology, for example to improve our services, offer news and content that may be of interest to you and remember your preferred settings. Information on how tracking technologiy works, what types of cookies we use, and how log they are valid can be found in section 11, detailed information on the used cookies can be found in our Cookie Policy.
XII. Third Party Online Services: We use third-party plug-ins and other online services to provide you a convenient and interesting website and enable to easily access content from social media platforms. These third parties are (joint) controllers and they may decide on what types of personal data they collect. However, to honor your privacy, we selected an implementation of the various plug-ins that ensures that personal data will not be shared with these third-party services providers, if you activate or interact with these services. To learn more about these services, please see section 12.
XIII. Security: We take the security of your data very seriously. We have implemented various technical and organisational
measures to protect your personal data. Details can be found in section 13.
XIV. Updates: We may update this Privacy Notice from time to time, the date of the last update is indicated at the beginning of this privacy notice.
1. Scope of application
We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the Bhakti Event GmbH (herewith "Bhakti Event" or "we") and we are committed to protecting your privacy and personal data. With this Privacy Notice we would like to inform you in detail about how we use your personal data and what rights you have.
This Privacy Notice applies to the use of your personal data when you visit our websites available at
www.bhaktimarga.org
www.events.bhaktimarga.org
www.bhaktishop.org
www.onlineevents.bhaktimarga.org
www.shreepeethanilaya.org
https://justlovefestival.org/
https://paramahamsavishwananda.com
by e-mail or telephone, when you order products or services, or when you create a personal account on the website.
2. Who is responsible and to whom can I reach out?
Bhakti Event GmbH, Am Geisberg 4, 65321 Heidenrod, is responsible for the processing of personal data described in this Privacy Notice.
You can contact the following office for all inquiries related to data protection:
Bhakti Event GmbH
Am Geisberg 4
65321 Heidenrod
Germany
Tel. 06124/609 1125
E-mail dataprotection@bhaktimarga.org
You can contact our external corporate data protection officer:
Lawyer
Anna Aman
Fasanenweg 16
65321 Heidenrod
Germany
E-mail info@kanzlei-anna-aman.de
Tel. 06124/ 7233897
Fax. 06124/7233898
Any data subject may, at any time, contact our external data protection officer directly with all questions and suggestions concerning data protection.
Note that we act as joint controllers with our umbrella Organisation subsidiary Bhakti Marga Stiftung (with regard to the Bhakti Marga Academy App provided by 360Learning collaborative platform and to donations and endowments, except for “Serve a deity” donation program, and free temple events which is handled by Bhakti Marga Yoga gGmbH). For further details in this respect, please see section 5.3.
3. Which data do we process from you, for what purposes and on what legal basis do we process your data?
We collect and process various personal data from you depending on the specific processing situation. Below you will find a list of the data related to the respective processing situations.
We process your personal data exclusively in accordance with the provisions of the General Data Protection Regulation ("GDPR") and the Federal Data Protection Act (Bundesdatenschutzgesetz) ("BDSG"). In certain situations, we also process your personal data to fulfill other legal obligations or based on your explicit consent.
In general, we process your personal data:
• For the performance of a contract
We process your personal data to fulfill contractual or quasi-contractual obligations, to enter into an agreement, e.g. to provide services in our role as an investor, to support current customers, or to answer questions in relation to our services.
• To be in compliance with legal obligations
To the extent that we are subject to legal obligations, for the compliance of which the processing of your personal data is necessary, we process your personal data on the basis of these legal obligations.
• Based on our legitimate interests
We also process your personal data to protect our legitimate interests, except where your interests or fundamental rights and freedoms, which require the protection of your personal data prevail.
Subject to a decision to be made in individual cases, we usually assume that our legitimate interests prevail within the context of, in particular, the following processing situations:
• Based on your consent
If you have given us separate consent to process your personal data, we will process your personal data within and on the basis of this consent. Consents may, for example, relate to the transfer of data to associated companies or third persons, the evaluation of your data for targeted advertising activities or sending of newsletters.
Consent is always freely given. Refusing or revoking your consent will not have any negative consequences for you.
3.1 Visiting our websites
3.1.1 What data do we process when you visit our websites?
If you use the services provided by Bhakti Event on the websites without registering, we will process, inter alia, the following personal data from you:
• Data about the usage of the provided websites (e.g., used browser, used operating system, internet service provider of the accessing system, referrer URL, sub-websites, date and time of server request, requested contents, duration of usage);
• IP address.
3.1.2 For what purposes and on what legal basis do we process this data?
When using these data, Bhakti Event does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary, e.g., for criminal prosecution in case of a cyber-attack.
Bhakti Event analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by you.
The processing is necessary for the purposes of protecting our legitimate interests, except where your interests or fundamental rights and freedoms, which require the protection of your personal data prevail (Art. 6 (1) lit. f GDPR).
3.2 Registration on the website, Bhakti ID and personal profile
3.2.1 Which data do we process when you register on our website?
If you take the possibility to register on our website, we will process, inter alia, the following data:
• IP address,
• Date and time of the registration,
• Username and password,
• E-mail address.
In addition, you can provide us with further personal data, inter alia, your first and last name as well as your shipping and billing address. You can insert such further information as part of the registration process on a voluntary basis. You can decide yourself whether you want to provide such data which is marked as "optional".
After creating your account, you will have your own personal profile on our website (Bhakti-ID). In the further process, you can enter into your profile further information about you (such as your country, phone number, date of birth, a photo of you, language preference) on a voluntary basis.
In addition, you can provide information about your Devotee or Brahmachari status (inter alia, date of initiation, your initiating person, related Swamis or Rishis, Ishtadev), information on your experience with Atam Kriya Yoga (such as your level and your teacher and/or initiating person) and courses already taken with us (for example, attended in Atma Kriya Yoga) and whether you are a Bhakti Marga Teacher (all together referred to as “My Data”).
The information you provide may contain personal data relating to your religious or philosophical beliefs (i.e., special categories of personal data pursuant to Art. 9 (1) GDPR), such as your spiritual name, your Devotee or Brahmachari status and related initiation information, information about your initiations and Ishtadev.
3.2.2 For what purposes and on what legal basis do we process this data?
The data is collected, processed and stored for internal use by us, and for the purpose to provide you with a personal user profile (Bhakti ID). In addition, Bhakti Event will provide you with a personalized dashboard where you can, for example, make donations and see your donation history.
The registration data is intended to enable Bhakti Event to offer you content or services that may only be offered to registered users due to the nature of the matter in question. In addition, we use your registration and profile data to provide you with special offers based on your specific and individual interests. Finally, we use your profile data to support your Journey at Bhakti Event and to help you achieving your goals, for example the Devotee status. In this regard we use your data, inter alia, to contact you directly via email.
To be in a position to offer you events or courses that are only open with a certain status (such as Devotee or Brahmachari) we need to send your personal status information (such as your Devotee or Brahmachari status) to your initiating Swami/Rishi. The Swami/Rishi uses the information about your status, in particular, to verify your current initiation status. Without your consent to share such data for such verification, we cannot provide certain offers to you. In addition, with your consent, we may send “My Data” to your initiating Swami/Rishi/ or the Bhakti Marga Country Coordinator responsible for you (“BMCC”). The Swami/Rishi/BMCC may use this data to contact you directly in order to help you on your spiritual path, to support you and provide information with news and updates on Bhakti, our events, courses, offers and fundraising.
Registered persons are free to change the personal data specified during the registration process and profile update at any time, or to have them completely deleted from our database.
The processing is necessary to fulfil contractual or quasi-contractual obligations (Art. 6 (1) lit. b GDPR) or for the purposes of protecting our legitimate interests, except where your interests or fundamental rights and freedoms, which require the protection of your personal data prevail (Art. 6 (1) lit. f GDPR).
If required by applicable law, we will seek your explicit consent (Art. 6 (1) lit. a GDPR) (such as where we share your data with the Swami/Rishi//BMCC) to process and transfer personal data collected on our websites or volunteered by you. Consent will be entirely voluntary. However, if the requested consent to process your personal data has not been granted by you, the use of this website may not be entirely possible.
We only collect and process data relating to your religious or philosophical beliefs (special categories of personal data according to Art. 9 (1) GDPR), such as your spiritual name or, with your explicit consent.
3.3. Subscription to the Bhakti Membership (Guru Connect)
3.3.1 Which data do we process when you subscribe to our membership?
On our website, users are given the opportunity to subscribe to our exclusive membership. In order to subscribe to our membership, you need to buy a subscription in Bhakti Event´s online shop. If you subscribe to our membership, we will process, inter alia, the following data:
• IP address,
• Date and time of the registration,
• Title (optional),
• Your first and last name,
• E-mail address,
• Phone number,
• Company name,
• Country,
• Address,
• Payment information such as credit card number or other bank information.
3.3.2 For what purposes and on what legal basis do we process this data?
With the exclusive membership you can access the members dashboard, exclusive member content on the website and you can book special events and courses and get special offers.
Registered members are free to change the personal data specified during the subscription process and profile update at any time, or to have them completely deleted from the database of Bhakti Event.
The processing is necessary to fulfil contractual or quasi-contractual obligations (Art. 6 (1) lit. b GDPR) or for the purposes of protecting our legitimate interests, except where your interests or fundamental rights and freedoms, which require the protection of your personal data prevail (Art. 6 (1) lit. f GDPR).
If required by applicable law, we will seek your explicit consent to process personal data collected on our websites or volunteered by you. Consent will be entirely voluntary. However, if the requested consent to process your personal data has not been granted by you, the use of this website may not be entirely possible.
We only collect and process data relating to your religious or philosophical beliefs (special categories of personal data according to Art. 9 (1) GDPR), such as your spiritual name or, with your explicit consent.
3.4 Subscription to our newsletter
3.4.1 Which data do we process when you subscribe to our newsletter?
On our website, users are given the opportunity to subscribe to our newsletter. If you subscribe to our newsletter, in addition to your first and last name, your e-mail address and your country (optional), we may – depending on the newsletter you are subscribing for – also process “My Data” which you have voluntarily provided to us during the process to create an Bhakti ID account. In particular, we process all information that is necessary to prove that you have registered for the newsletter. In this regard, we use the so-called double opt-in procedure to confirm your subscription and e-mail address. In this process, an e-mail is sent to the provided e-mail address with a message asking you to confirm your consent. In connection with the double opt-in process, we document the IP address, date and time of submission of the web form as well as the IP address, date and time of confirmation of the double opt-in e-mail.
3.4.2 Newsletter-Tracking
We would like to point out that our newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we may see if and when an e-mail was opened by you, and which links in the e-mail were called up by you.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analysed by us in order to optimize the sending of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties.
3.4.3 For what purposes and on what legal basis do we process this data?
The personal data collected as part of the registration for the newsletter will only be used to send our newsletter. Our newsletters keep you posted about what is new and upcoming. While the content varies from one to the next, they all include a message from Paramahamsa Vishwananda along with any important information you need to know. If English is a challenge for you, no problem: the newsletter is always translated into more than a dozen languages. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties.
We will process your personal data in connection with the newsletter sending and tracking within and on the basis of your consent (Art. 6 (1) lit. a GDPR respectively Art. 9 (2) lit. a GDPR). Consent is always freely given. Refusing and revoking your consent will not have any negative consequences for you.
You can withdraw your consent against Bhakti Event and unsubscribe from our newsletter at any time. For the purpose of withdrawal of consent, a corresponding link is included in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of Bhakti Event https://www.bhaktimarga.org/newsletter/unsubscribe or by contacting us at dataprotection@bhaktimarga.org
After the withdrawal, your personal data will be deleted.
3.5 Contact possibility via the website
3.5.1 Which data do we process when you contact us?
Our website contains information that enables a quick electronic contact to us. Depending on your request, you can contact us via our website (including via our live-chat channel), via e-mail or outside the Internet, either by telephone or in writing. We process the data you send with your request, inter alia, your first name, last name, organization (if applicable), department (if applicable), e-mail address, telephone number, and other information that you have provided to us. In the case of the use of the live-chat channel, we also need to process you IP address.
3.5.2 For what purposes and on what legal basis do we process this data?
The personal data collected as part of the contacting will only be used to answer your inquiry. Therefore, the processing is necessary to fulfil contractual or quasi-contractual obligations (Art 6 (1) lit. b GDPR) or for the purposes of protecting our legitimate interests (Art. 6 (1) lit. f GDPR).
3.6 Comments function in the blog on the website
3.6.1 Which data do we process when you use the comments function in the blog on the website?
Bhakti offers you the possibility to leave individual comments on individual blog contributions on a blog, which is on our website.
If you leave a comment on the blog published on our website, the comments made by you and the personal data contained are processed, stored and published, as well as information on the date of the commentary and your pseudonym. In addition, your IP address is also processed and logged.
3.6.2 For what purposes and on what legal basis do we process this data?
This processing is necessary for the purposes of protecting our legitimate interests (Art. 6 (1) lit. f GDPR) or to fulfil contractual or quasi-contractual obligations (Art. 6 (1) lit. b GDPR). For example, the storage of the IP address takes place for security reasons, and in case you violate the rights of third parties or posts illegal content through a given comment. The storage of the personal data is, therefore, in our legitimate interests.
3.7 Live pilgrimages
3.7.1 Affiliated company for live pilgrimages:
Inner Journey Ltd., Glärnischstrasse 15, 8712 Stäfa, Switzerland, Telephone +41 79 918 80 88, E-Mail: info@innerjourney.ch, www.innerjourney.ch, Commercial Register Switzerland (Zefix); Registration number: UID: CHE-413.724.090.
3.8 Booking a virtual pilgrimage
3.8.1 Which data do we process when you book a virtual pilgrimage?
If you book a virtual pilgrimage via our website, we process from you, inter alia, first and last name, e-mail address, language of interpretation, spiritual name (optional), information about the pilgrimage you have registered for, your IP address and payment information such as credit card number or other bank information.
We may also process videos recordings of you while you participate in the virtual pilgrimage to share the common experience with the whole participating (online and offline) community during a livestream and a certain period then after. In this process, the username by which you participate in the virtual pilgrimage will also be displayed.
Moreover, we may use your photos and videos taken during the pilgrimage for the purpose of commercial use. This means your photos and videos may be used on our websites, in (print) publications and our Facebook, Flikr, Instagram page as well as our You Tube channel.
3.8.2 For what purposes and on what legal basis do we process this data?
The personal data will be collected as part of the virtual pilgrimage booking and to fulfil the services, for contract communication and the IP address for verification and documentation purposes.
We may also analyse the data we have on business transactions, contracts, booked travel services in conjunction with usage data to increase the user-friendliness of our services, optimise our portfolio and to provide you with offers tailored to your interests. The analyses serve us alone and are not disclosed externally unless they are anonymous analyses with aggregated values.
The processing is based on the legal basis of Art. 6 (1) lit. b GDPR (performance of contract. Furthermore, the processing of the data available to us relating to business transactions, contracts, booked travel services in conjunction with usage data as well as the e-mail address and address of the travel applicant for the purpose of direct advertising is based on the legal basis of legitimate interest (Art. 6 (1) lit. f GDPR in conjunction with § 7 (3) UWG) or consent, Art. 6 (1) lit. a GDPR). We may also process your spiritual name in the context of the pilgrimage to the extent you agree to such use (Art. 9 (2) lit. a GDPR). After complete processing of the contract, we continue to store the aforementioned data for verification purposes as well as for the purpose of defending legal claims on the basis of legitimate interest (Art. 6 (1) lit. f GDPR) as well as for the fulfilment of legal retention periods (Art. 6 (1) lit. c GDPR).
To the extent you consent, we may also process your personal data for commercial use as set out above as well as to participate in the common experience during the pilgrimage (Art. 9 (2) lit. a GDPR).
To provide a virtual pilgrimage, for video production and editing, we use Hexaglobe. Hexaglobe specialises in providing information and telecommunications technologies to the audiovisual industry. Its services include multiscreen delivery solutions for streaming either live or on-demand video to any device (PC, smartphone, tablet, connected TV), and all technical services associated with broadcasting, storing, and monetising the video content. For more information, please see Hexaglobe Privacy Policy.
3.9 Registration for events
3.9.1 Which data do we process in the context of booking and managing events?
If you register for our paid events in the event calendar on our website (you do not need a Bhakti ID account for an event booking), we process from you, inter alia, title, first and last name, country, address, e-mail address, telephone number, spiritual name (optional), information about the event you have registered for, payment information such as credit card number or other bank information.
If you register for our free events in the event calendar on our website, we process from you, inter alia, username, e-mail address, spiritual name (optional), information about the event you have registered for.
3.9.2 For what purposes and on what legal basis do we process this data?
The personal data collected as part of the event booking and managing will particularly be used to fulfil your inquiry. In addition, we may use the collected data to contact you directly and offer you similar offers and events based on your booking history and personal interests.
The processing is necessary to fulfil contractual or quasi-contractual obligations (Art. 6 (1) lit. b GDPR). We may also seek your explicit consent to process personal data collected in connection with the event booking and managing (Art. 6 (1) lit. a GDPR). Consent will be entirely voluntary.
We only collect and process data relating to your religious or philosophical beliefs (special categories of personal data according to Art. 9 (1) GDPR), such as your spiritual name or, with your explicit consent.
3.10 Fundraising
3.10.1 Which data do we process in the context of the fundraising function?
You can use a fundraising function on our website. If you fundraise, we process from you, inter alia, name, surname, email, and payment information such as credit card number or other payment information.
The processing of donations is handled by the third-party providers Raisenext of Buildnext GmbH, located at Bremer Heerstr. 117, 26135 Oldenburg, Germany.
For more information in relation to the data processing by Raisenext see the imprint information: https://www.raisenext.de/impressum and Raisenext's Privacy Policy: https://www.raisenext.de/datenschutz.
3.10.2 For what purposes and on what legal basis do we process this data?
The personal data collected as part of the fundraising will only be used to fulfil your donation and to ensure that your donation is used in accordance with your fundraising intention. Therefore, the processing is necessary to fulfil contractual or quasi-contractual obligations (Art. 6 (1) lit. b GDPR).
3.11 Booking and managing accommodations on the http://www.shreepeethanilaya.org/ website
3.11.1 Which data do we process in the context of booking and managing accommodations?
You can book and manage accommodations on our shreepeethanilaya.org - website. If you book an accommodation, we process from you, inter alia, salutation, title, first and last name, spiritual name (optional), address, date of birth, country, phone, email address, username, date of arrival and expected departure, number of persons and estimated time of arrival and departure.
In the course of our accommodation offer we are subject to the reporting obligation pursuant to § 29 ff. BMG and collect the necessary data in this regard. These include the date of arrival and expected departure, surnames, first names, date of birth, nationality, address, number of passengers and their nationality.
3.11.2 For what purposes and on what legal basis do we process this data?
The personal data collected as part of booking and managing accommodations will only be used to fulfil your booking. Therefore, the processing is necessary to fulfil contractual obligations (Art. 6 (1) lit. b GDPR), or consent (Art. 6 (1) lit. a GDPR respectively Art. 9 (2) lit. a GDPR), where the provision of your data is optional. To the extent we comply with § 29 et.sec. BMG, the legal basis for the processing is Art. 6 (1) lit. c GDPR.
3.12 Online shop
3.12.1 Which data do we process in the context of the online shop?
In the course of an order in our online shop, we process, inter alia, title, first and last name, company name, country, billing and shipping address, e-mail address, telephone number, spiritual name (optional), notes about the order (optional), information about the products or services you have ordered, including the order status, and payment information such as credit card number or other bank information. Our
3.12.2 For what purposes and on what legal basis do we process this data?
The personal data collected as part of the online shop will only be used to fulfil your order. Therefore, the processing is necessary to fulfil contractual or quasi-contractual obligations (Art. 6 (1) lit. b GDPR), respectively consent (Art. 6 (1) lit. a GDPR respectively Art. 9 (2) lit. a GDPR), where the provision of your data is optional.
3.13 Zoom
We use the tool Zoom to conduct online events, online courses, video conferences and/or webinars (hereinafter: "online meetings"). Zoom is a service of Zoom Video Communications, Inc. which is based in the USA.
3.13.1 Zoom data protection notice
We would like to inform you below about the processing of personal data in connection with the use of Zoom.
Zoom is a service of Zoom Video Communications Inc. which has its registered office in the USA. On 16.07.2020, the European Court of Justice declared the EU US Privacy Shield invalid in the "Schremms II" case (Cß311-18). As a result, the transfer of personal data via servers not operated within the EU is declared insecure. We have sought alternatives with providers whose servers are operated solely in the EU. Unfortunately, it has turned out that a technically problem-free and trouble-free connection of the participants to each other and to us is currently not possible.
3.13.2 Data processing outside the European Union
Zoom is a service provided by a provider from the USA, personal data is therefore also processed in a third country. We have concluded an order processing agreement with the provider of Zoom that complies with the requirements of Art. 28 GDPR. An adequate level of data protection is guaranteed by the conclusion of the EU standard contractual clauses.
As a supplementary protective measure, we have configured our Zoom so that only data centers in the EU, the EEA or secure third countries such as Canada or Japan are used for online meetings. However, we cannot exclude the possibility that data may be routed via internet servers located outside the EU. This may be the case in particular if participants in online meetings are located in a third country. However, the data is encrypted during transport over the internet and thus protected from unauthorised access by third parties.
In order to be able to offer the webinar and meeting services technically and, above all, to provide support for participants, so-called operation data is also processed by "Zoom" in the USA. An overview of which types of data are included in the operational data can be found in the data protection information of "Zoom".
Link to the Zoom data protection notice: https://explore.zoom.us/de/privacy/
3.13.1 Which data do we process in the context of Zoom online meetings?
When using Zoom, various types of personal is processed. The amount of data also depends on the information you provide before or during participation in an online meeting. Inter alia, the following data is processed:
• User details: first name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional), department (optional);
• Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information;
• For recordings: MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat; any video recording that may take place using the video conference function will be indicated by a recording mark and a respective notification before you enter a recorded session / before the recording function is turned on so that you can decide whether you would like to participate in the recorded session or not or would like to limit the data sharing with other participants to the username you have used to enter the session by turning off the video function;
• For dial-in via phone: information on the incoming and outgoing phone number, country, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
• Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting and, if necessary, to record them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the online meeting. You can switch off or mute the camera or microphone yourself at any time via the Zoom applications.
To participate in an online meeting or to enter the meeting room, you must at least enter a name.
You can use Zoom by entering the respective meeting ID and, if necessary, further access data for the meeting directly in the Zoom app. If you do not want to or cannot use the Zoom app, the basic functions can also be used via a browser version, which you can also find on the Zoom website. Please note that if you access the Zoom website, Zoom is the controller for the data processing in relation to the website. For further information, please see Zoom's Privacy Notice.
3.13.2 For what purposes and on what legal basis do we process this data
We use Zoom to conduct Bhakti Event´s online meetings. If we intend to record the online meetings, we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording will be displayed to you in the Zoom app.
If it is necessary for the purposes of recording the results of an online meeting, we will record the chat content. However, this will not usually be the case.
In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up webinars.
If you are a registered user of Zoom, reports of online meetings (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored on Zoom for up to one month.
The personal data processes as part of the online meetings via Zoom will only be used to enable you participating in an event or online course offered by Bhakti Event. Thus, the processing is necessary to fulfil contractual or quasi-contractual obligations (Art. 6 (1) lit. b GDPR). If no contractual relationship exists, the processing is based on our legitimate interests to enable online meetings for users (Art. 6 (1) lit. f GDPR.
3.14 Processing of special categories of personal data
The information you provide in context of using the services of our website may contain personal data relating to your religious or philosophical beliefs (special categories of personal data pursuant to Art. 9 (1) GDPR), such as your spiritual name, your Devotee or Brahmachari status and related initiation information, information about Swamis/Rishis and Ishtadev.
We only collect and process such sensitive data relating to your religious or philosophical beliefs with your explicit consent.
Please note that also the information which will be transferred to third parties may contain personal data relating to your religious or philosophical beliefs (i.e., special categories of personal data pursuant to Art. 9 (1) GDPR). The mere fact that you are registered with us or book or purchase something may be enough to disclose your religious or philosophical beliefs or faith.
However, we only transfer data relating to your religious or philosophical beliefs (special categories of personal data according to Art. 9 (1) GDPR) with your explicit consent.
4. From whom do we collect your personal data?
Personal data is collected directly from you, e.g., by visiting our websites or using the services offered.
In addition, family members or friends may mention you in connection with an event (for example a prayer) or a donation, in this case we may receive your personal data from your family or friends.
5. To whom do we transfer your data?
Bhakti Event only shares your personal data if this is permitted pursuant to European data protection law, for example, because the data transfer is necessary for the performance of a contract or because you have given us your consent to share the data. We work with some service providers, such as technical service providers (e.g., hosting services, maintaining the website, support our marketing activities, provide communication tools) or logistics companies (e.g. postal companies such as DHL). If you book an offer or event on our website, we pass on certain data from you to Bhakti Event partners (e.g. your name and address) so that the partner can offer you the service or deliver the ordered goods.
In addition, we transfer your personal data to the extent necessary to provide our services or because you have given us your consent to third persons (e.g., Swamis and Rishis) or companies affiliated with us.
Please note that the information which will be transferred to third parties may contain personal data relating to your religious or philosophical beliefs (i.e., special categories of personal data pursuant to Art. 9 (1) GDPR). However, we only transfer data relating to your religious or philosophical beliefs (special categories of personal data according to Art. 9 (1) GDPR) with your explicit consent.
5.1 Transfer to processors
For the processing of your data we use external service providers to whom we transfer your personal data, with who we enter into an appropriate data processing agreements and who may only process the data on our behalf and only in a contractually agreed upon manner and according to our instructions (“Processors”), unless such service providers act as their own controllers (such as payment service providers, tour operators when you book pilgrimages, legal and tax consultants and shipping and distribution services to deliver goods you ordered). Processors are also contractually obliged, for example, to either delete or return the personal data upon termination of the engagement. Our main processor are Hubspot (for marketing), WordPress (for the operation of our Website, Shopify platform for our online shops www.bhaktishop.org for physical products, www.events.bhaktimarga.org (for inhouse events and courses)
www.onlineevents.bhaktimarga.org (for online events ) and Amazon Web Services, Inc. for hosting services (with servers in Frankfurt, Germany), Mediactive for hosting services, as well as 1&1 IONOS SE and Zoom Video Communications Inc for communication.
5.2 Transfer based on legal obligations or for the protection of legitimate interests
To the extent we are obliged to do so by law, court order, or by an enforceable official order, we will transfer your personal data to bodies entitled to receive information.
5.3 Affiliated companies
Bhakti Event GmbH operates together with the following companies, which also declare this Privacy Notice as theirs:
Bhakti Marga Stiftung
Am Geisberg 1-8
65321 Heidenrod
Germany
Tel. 06124/609 1125
Bhakti Marga Yoga gGmbH
Am Geisberg 1-8
65321 Heidenrod
Germany
Tel. 06124/609 1125
You can contact their external corporate data protection officer:
Lawyer
Anna Aman
Fasanenweg 16
65321 Heidenrod
Germany
E-mail info@kanzlei-anna-aman.de
Tel. 06124/ 7233897
Fax. 06124/7233898
5.4 Payment and accounting service provider
Bhakti Event offers various payment options. For this purpose, payment data may be transferred to payment service providers with whom we cooperate. For more information on the processing of personal data by payment service providers, please see their privacy notices:
THE USE OF PAYPAL CHECK-OUT
• We use the PayPal Check-Out payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. The data processing serves the purpose of being able to offer you payment via the payment service. With the selection and use of payment via PayPal, credit card via PayPal, direct debit via PayPal or "Pay Later" via PayPal, the data required for payment processing is transmitted to PayPal in order to be able to fulfill the contract with you with the selected payment method. This processing is based on Art. 6 para. 1 lit. b GDPR. For more information please see the Privacy Notice of PayPal.
CREDIT CARD VIA PAYPAL, DIRECT DEBIT VIA PAYPAL & "PAY LATER" VIA PAYPAL
• For individual payment methods such as credit card via PayPal, direct debit via PayPal or "Pay later" via PayPal, PayPal reserves the right, if necessary, to obtain credit information on the basis of mathematical-statistical methods using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a weighed decision on the establishment, implementation or termination of the contractual relationship. The credit information may include probability values (score values), which are calculated on the basis of scientifically recognized mathematical- statistical methods and in the calculation of which, among other things, address data are included. Your interests worthy of protection are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit assessment for a contract initiation. The processing is carried out on the basis of Art. 6 (1) lit. f DSGVO for our overriding legitimate interest in protecting against payment default when PayPal makes advance payments.
You have the right to object at any time to this processing of personal data relating to you based on Art. 6 (1) (f) GDPR for reasons arising from your particular situation by notifying PayPal. The provision of the data is necessary for the conclusion of the contract with the payment method requested by you. Failure to provide it will result in the contract not being concluded with the payment method you have chosen.
LOCAL THIRD-PARTY PROVIDERS
• When paying via the payment method of a local third-party provider, the data required for payment processing is transmitted to PayPal. This processing takes place on the basis of Art. 6 para. 1 lit. b DSGVO. For the execution of this payment method, the data may then be forwarded by PayPal to the respective provider. This processing takes place on the basis of Art. 6 para. 1 lit. b DSGVO. Local third-party providers may be, for example:
- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany).
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany)
Purchase on account via PayPal
• When paying via the payment method purchase on account, the data required to process the payment is first transmitted to PayPal. For the execution of this payment method, the data is then transmitted by PayPal to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") in order to be able to fulfill the contract with you with the selected payment method. This processing is based on Art. 6 para. 1 lit. b DSGVO. Ratepay may conduct a credit check on the basis of mathematical-statistical methods using credit agencies according to the procedure already described above. The data processing serves the purpose of credit assessment for contract initiation. The processing is carried out on the basis of Art. 6 (1) lit. f DSGVO from our overriding legitimate interest in protecting against payment default when Ratepay makes advance payments. For more information on data protection and which credit agencies Ratpay uses, please visit https://www.ratepay.com/legal-payment-creditagencies/ .
USE OF KLARNA PAYMENT OPTIONS (GERMANY)
• On our website we use the payment service of Klarna Bank AB (publ) (Sveavägen 46, 111 34 Stockholm, Sweden; "Klarna"). By selecting and using payment via Klarna, the data required for payment processing is transmitted to Klarna in order to be able to fulfil the contract with you with the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
"Pay Later" (invoice), "Pay Now" (payment by direct debit), "Financing" (hire purchase)
For individual payment methods such as "Pay Later" (invoice), "Pay Now" (payment by direct debit), "Financing" (hire purchase), Klarna reserves the right, if necessary, to obtain a credit report on the basis of mathematical-statistical procedures using credit reference agencies. For this purpose, Klarna transmits the personal data required for a credit assessment, such as first and last name, address, gender, email address, IP address and data related to the order to a credit agency for the purpose of checking the identity and creditworthiness and uses the obtained information on the statistical probability of a payment default in order to reach a well-considered decision on the establishment, performance or termination of the contractual relationship. The credit report may contain probability values (score values) which are calculated on the basis of scientifically recognised mathematical-statistical methods and include, among other things, address data. Your legitimate interests will be taken into account in accordance with the legal requirements. The data processing serves the purpose of a credit asessment for contract initiation. The processing is carried out on the basis of art. 6 Par. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default if Klarna pays in advance. For reasons that arise from your particular situation, you have the right to object to the processing of your personal data carried out on the basis of Art. 6 para. 1 lit. f GDPR by notifying Klarna. The provision of the data is necessary for the conclusion of the contract by means of the payment method of your choice. Failure to provide such data shall mean that the contract cannot be concluded with the payment method of your choice.
Further information, in particular on the credit agencies to which Klarna passes on your personal data, can be found at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies.
For general information about Klarna, please visit: https://www.klarna.com/de/. Your personal information will be handled by Klarna in accordance with applicable data protection regulations and as specified in Klarna's Privacy Policy which is available at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.
USE OF SOFORT
• On our website we use the payment service provider SOFORT GmbH, (Theresienhöhe 12, 80339 Munich, Germany; "SOFORT") for payment processing. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The data processing serves the purpose of allowing us to offer you various payment methods by processing payments via the payment service provider SOFORT. Once you have chosen the payment option, the data required to process the payment will be transmitted to SOFORT. This data processing is carried out on the basis of Article 6 para. 1 lit. b GDPR. For more information on data processing in connection with the use of the payment service provider SOFORT, please visit https://www.sofort.com/1.0/shared/content/legal/terms/de-DE/SOFORT/ and https://www.klarna.com/sofort/.
USE OF THE PAYMENT SERVICE PROVIDER STRIPE
• On our website we use the Stripe payment service of Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland). The data processing serves the purpose of offering you payment via the payment service. By selecting and using Stripe, the data required for payment processing is transmitted to Stripe in order to be able to fulfil the contract with you with of the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
If required, Stripe reserves the right to obtain a credit report on the basis of mathematical-statistical procedures using credit rating agencies. For this purpose, Stripe transmits the personal data required for credit assessment to a credit rating agency and uses the obtained information on the statistical probability of payment default in order to reach a reasonable decision on the establishment, implementation or termination of the contractual relationship. The credit report may contain probability values (score values) which are calculated on the basis of scientifically recognised mathematical-statistical methods and include, among other things, address data. Your legitimate interests will be taken into account in accordance with the legal requirements. The data processing serves the purpose of a credit check for contract initiation. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default if Stripe pays in advance.
For reasons that arise from your particular situation, you have the right to object to the processing of your personal data carried out on the basis of Art. 6 para. 1 lit. f GDPR at any time by notifying Stripe. The provision of the data is necessary for the conclusion of the contract with the payment method of your choice. Failure to provide such data shall mean that the contract cannot be concluded with the payment method you have selected.
All Stripe transactions are subject to Stripe Privacy Policy. You can find these at https://stripe.com/at/privacy
• AccountOne GmbH, Fördepromenade 4d, 24944 Flensburg, Germany. For more information please see the Privacy Notice of AccountOne.
• DATEV, Paumgartnerstr. 6 - 14, 90429 Nuremberg, technical information services provider for tax, accountant and attorneys. For more information, please see DATEV Imprint and Privacy Policy.
• Moss Services, Nufin GmbH Ziegelstraße 16 10117 Berlin, virtual cards and spend management software. For more information, please see Nufin GmbH Privacy Policy.
5.5 Shipping and distribution companies
For the delivery of our products and other orders we cooperate with the following shipping companies:
• DHL Paket International, DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany. For more information please see their privacy note https://www.dpdhl.com/de/datenschutz.html .
• Forwarding of e-mail address to shipping company for information on shipping status
We pass on your e-mail address to the shipping company as part of the contract processing, provided you have expressly agreed to this during the ordering process. The purpose of passing on your e-mail address is to inform you about the shipping status by e-mail. The processing is based on Art. 6 Para. 1 lit. a DSGVO with your consent. You can revoke your consent at any time by notifying us or the transport company without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation.
• Books on Demand GmbH, In de Tarpen 42, 22848 Norderstedt, Germany.
5.6 Social Media plug-ins and other embedded content
We also use social media channels and tools, for which the service providers of these channels remain the controller of the data. Please see section 12 for further information.
5.7 Public
If you post comments of our blog, your comments, and the name under which you post your comment can be viewed by the public.
5.8 Transfer to the Swamis/Rishis, Bhakti Marga Country Coordinators
Additionally, to the extent you have consented according Art. 6 para. 1 lit. a GDPR thereto, we may share certain personal data (including information on Devotee or Brahmachari status) with the Swami/Rishi who initiated you as well as the BMCC to verify your current initiation status respectively to offer you further insights, events and courses which may be of special interest to you and which may only be open to persons with a certain initiation status.
5.9 Other transfers
If you have given us a separate consent to use and transfer your personal data, your personal data may be passed on to the recipients named therein. As part of the provision of third-party services on our websites, personal data may be passed on to third parties. Please also refer to section 11 as 12 for more detailed information.
6. Do we transfer your data to third countries?
For some types of processing, we may transfer your personal data to countries outside the European Union or the European Economic Area, to so-called third countries. This may mean that your personal data may be processed in a jurisdiction that offers a level of protection that may, in certain instances, be less protective of your personal data than the jurisdiction you are typically a resident in. In the course of a transfer of personal data to a third country, we will regularly provide appropriate guarantees, for example, by concluding the Standard Contractual Clauses of the European Commission to ensure that the transfer of data takes place with the same level of data protection that corresponds to the GDPR. If you would like to obtain further information on the safeguards we have in place, please contact us using the contact details listed in section 2.
7. How long do we store your personal data?
We process and store your personal data only as long as necessary for our processing purposes. If we process and store your personal data based on your consent, we delete such data immediately after you withdraw your consent.
Upon request, we will regularly delete the data collected and stored for our websites’ usage at any time. We will do this ourselves and within a few days, unless we have a particular interest in continuing storage for individual cases, e.g., cyberattacks.
Regarding your contact requests, we only store your data for the time period necessary to answer your request.
Insofar as you have registered for our newsletter, we process your data in this context for the duration of the registration to our newsletter and delete it at any time, should you unsubscribe from our newsletter or withdraw your consent.
The same apply in relation to the registration on our website and the data in connection with your personal user profile.
In the context of product or service orders and fundraising, we retain your data only as long as necessary to fulfill your booking, order or other request. In the context of event, course, accommodation, virtual pilgrimage registrations, we store your personal data collected during the booking for two years, starting at the end of the calendar year of the customer’s last visit to ensure a better customer care. Moreover, in the case you participate in virtual pilgrimages, your name and information on the pilgrimage you attended may be stored for additional 2 years so that we can support your path. Personal data that is necessary to establish or defend against claims may be stored until limitation periods have expired.
However, insofar as a longer retention period is required by statutory retention and documentation obligations or to protect our legitimate interests, e.g., in the event of possible legal disputes, your personal data will be stored and processed even after the above-mentioned period has expired. With complete execution of a contract or quasi-contractual relationship, we will, as far as possible, immediately restrict your personal data from further processing.
A final deletion takes place after the legal retention and documentation obligation periods expire, which are between two and ten years and result, inter alia, from the Fiscal Code of Germany (Abgabenordnung) or German Commercial Code (Handelsgesetzbuch).
8. Your rights
In the following, you will find a summary of your rights regarding the processing of your personal data:
8.1 Rights to access, delete, correct, restrict processing, and portability of your data
According to Article 15 GDPR, you have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed by us. Where that is the case, you have a right to access the personal data and obtain further information.
According to Article 16 GDPR, you may have the right to obtain the rectification of inaccurate personal data concerning you without undue delay.
According to Article 17 GDPR, you may have the right to obtain erasure of personal data concerning you if (i) it is no longer necessary in relation to the purpose for which it is collected, (ii) you have withdrawn your consent on which the processing is based, (iii) you have objected to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR, (iv) your personal data has been unlawfully processed; (v) the personal data has to be erased for compliance with a legal obligation to which Bhakti is subject , or (vi) the personal data has been collected in relation to the offer of information society services pursuant to Article 8 (1) GDPR.
According to Article 18 GDPR, you may have the right to obtain the restriction of processing. Such right shall exist if (i) you contested the accuracy of the personal data, (ii) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead, (iii) the personal data is no longer needed for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims, or (iv) you have objected to processing pursuant to Article 21(1) GDPR pending the verification of whether our grounds legitimately override yours.
According to Article 19 GDPR, you have the right to obtain information about the recipients of data to whom the rectification, erasure, or restriction of processing has been communicated.
According to Article 20 GDPR, you have the right to obtain personal data concerning you in a structured, commonly used and machine-readable format and to transmit the data to another controller.
If the processing or transfer of your personal data is based on a consent given by you, you can withdraw your consent at any time with effect for the future.
You have the right to lodge a complaint against the processing of your data or any decision of Bhakti in relation to one of your rights you have exercised, to the Hessische Commissioner for Data Protection and Freedom of Information (Der Hessische Beauftragte für Datenschutz und Informationsfreiheit), Gustav-Stresemann-Ring 1, 65189 Wiesbaden]. However, we encourage you to first reach out to us so that you we can find a solution together.
8.2 Contact
To exercise your rights under section 8. and 8.1 you can contact us without any formality by post, fax or e- mail at the points of contact listed in section 2.
8.3 RIGHT TO OBJECT PURSUANT TO ARTICLE 21 GDPR
8.3.1 OBJECTION ON GROUNDS OF YOUR PARTICULAR SITUATION
ACCORDING TO ARTICLE 21 (1) GDPR, YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME, TO PROCESSING OF PERSONAL DATA CONCERNING YOU WHICH IS BASED ON OUR LEGITIMATE INTERESTS, INCLUDING PROFILING (E.G., CREDIT RATING). WE SHALL NO LONGER PROCESS THE PERSONAL DATA UNLESS WE DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE THE INTERESTS, RIGHTS, AND FREEDOMS OF YOU, OR FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
8.3.2 OBJECTION AGAINST DIRECT MARKETING
ACCORDING TO ARTICLE 21 (2) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU FOR PURPOSES OF DIRECT MARKETING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT TO THE PROCESSING FOR DIRECT MARKETING PURPOSES, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR SUCH PURPOSES.
9. Is there any obligation on your side to provide personal data?
There is neither a contractual nor a legal obligation to provide us with your personal data for the use of our websites. However, if you wish to contact us or to use one of our services, certain information may be required to enable us to process your request and provide our services to you.
10. Is the processing based on automated decision-making or profiling?
You have a right not to be subject to a decision based solely on automated processing, including profiling, if the decision is not necessary for the conclusion or performance of a contract, is not required by mandatory law, or is not based on your explicit consent.
Bhakti does not use automated decision-making procedures, including profiling, unless we have explicitly informed you of them.
11. What kind of cookies and tracking technology do we use?
For the provision, maintenance, and analysis of our websites and their usage, we use various software tools from third parties and ourselves, which are regularly based on the use of cookies, Flash cookies (also called Flash Local Shared Objects), web beacons or similar technologies (collectively as "Tracking Technologies"). Tracking Technologies can help us understand how you use our services (e.g., the pages you display or the links you click and other actions you perform with the services), give us information about your browser and online usage patterns (e.g., IP address, log data, browser type, browser language, referring/exiting pages and URLs, pages viewed, whether you have opened an e-mail, clicked links, etc.) as well as information about the devices with which you access our services. Tracking Technologies allow us to link the devices you use to access our services so that we can identify and contact you on the various devices you use. It also helps us and our advertising partners to determine products and services that may be of interest to you, in order to serve you targeted advertisements.
You can limit the use of Tracking Technologies by changing the settings of your browser. You can determine what access you grant us and whether and for how long cookies can be stored on your device. You can also delete cookies that have already been stored at any time. Please note that the functionality of our websites may be affected after deactivating all cookies. Similar functions (such as Flash cookies), which are used by so-called browser add-ons, can be switched off or deleted by changing the settings of the browser add-on or via the website of the browser add-on provider.
11.1 What are cookies?
A cookie is a small file that is transferred during the use of a website from the host server of the website and stored on the user's device (desktop computer, laptop, tablet, smartphone, other Internet-enabled devices) by the browser used. Cookies are used to store information about the user and to retrieve it when the website is called up again.
11.2 What are cookies used for?
Cookies help us understand the use of our websites, analyze trends, administer the websites, track a user's steps on our websites, collect demographic information about our user base as a whole, allow you to navigate efficiently between the pages, remember your preferences and settings on our websites, and generally improve your browsing experience. We process the data collected using Tracking Technologies to (i) remember information so that you do not have to re-enter them during your visit or a new visit, (ii) recognize you across multiple devices, (iii) control the functionality and performance of our websites, (iv) collect aggregated metrics regarding the total number of visitors, total traffic, usage and demographic patterns on our websites, (v) diagnose and resolve technical issues, (vi) determine products and services that may be of interest to you, in order to serve you targeted advertisements and (vii) otherwise plan and improve our website.
11.3 What types of cookies are used on our websites?
The cookies used on our website can usually be categorized as follows: mandatory cookies, analytical / performance cookies, function-related cookies, and marketing cookies.
11.3.1 Mandatory cookies
These cookies are essential for the functioning of our websites and enable you to move around our websites and to use their functions. Without these cookies, certain services that are required for the full functioning of our websites cannot be provided.
11.3.2 Analytical / performance cookies
With the help of these cookies, we collect information about how our users use our websites, e.g., which pages are accessed and read most frequently, or how users move from one link to the next. All information collected by this type of cookie does not relate to a single user but is aggregated and processed with the information of other users. Cookies provide us with analytical data on how our websites work and how we can improve them.
11.3.3 Function-related cookies
These cookies allow us to save a specific selection you have made and to adapt our website in such a way that it offers you extended functions and content. These cookies can be used, for example, to save your language selection or country selection.
11.3.4 Marketing cookies
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it, and the marketing messages we send to you more relevant to your interests. We may also share this information with third parties who provide a service to us for this purpose.
11.4 How long are cookies stored on your device?
The retention period depends essentially on whether the cookie is "persistent" or "session-based.” Session-based cookies are deleted after you leave the websites that set the cookie. Persistent cookies remain on your device even after you have finished browsing until they are deleted or until they have expired.
11.5 Cookie Policy
If you would like to obtain further information on the specific cookies we use, please see our Cookie Policy.
12. Third Party Online Services
To offer you a convenient website, we use, inter alia, Hubspot, Google Analytics, Google Maps, and YouTube (Google Maps and YouTube are together referred to as “ content plug-ins”), and so-called social media plugins of the social networks.
12.1 HubSpot
On our websites, we use the services of the CRM platform HubSpot, which is operated by HubSpot, Inc. The European subsidiary is HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin 2.
The processed data may include, personal data as necessary to provide the CRM services by HubSpot, in particular, IP addresses and email addresses, which, however, are not collected and processed without your consent (Art. 6 (1) lit. a GDPR) (usually as part of the settings of your desktop or mobile devices). The data may be processed in the USA.
We pass on the information you provide during newsletter registration (e-mail address, first and last name, if applicable) to HubSpot. The data processing serves the purpose of sending the newsletter and its statistical evaluation.
In order to evaluate newsletter campaigns, the newsletters sent contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This enables us to determine whether you have opened the newsletter and whether you have clicked on any integrated links. In this context, we collect your personal data such as IP address, browser type and device as well as the time. These data can be used to create usage profiles under a pseudonym. The data collected will not be used to identify you personally. The collected data is only used for statistical evaluation to improve newsletter campaigns.
Your data may be transmitted to HubSpot servers in the USA and stored there. For the USA, no adequacy decision of the EU-Commission exists for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate safeguards for the protection of personal data, available https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de .Your personal data is processed on the basis of Art. 6 (1) lit. f DSGVO for our overriding legitimate interest in a targeted, effective advertising and user-friendly newsletter system. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation.
You can find more information in HubSpot's privacy notice, which you can access here.
12.2 Social media plug-ins
We use so-called social media plug-ins of the following social media networks:
• Facebook Inc., 1601 Willow Road Menlo Park, CA 94025, USA. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. To learn more about Facebooks data collection and use, please read their Privacy Notice. Together with Facebook Ireland we are jointly responsible in the meaning of Art. 26 GDPR for the processing of so-called pages insights in the course of operating our Facebook page. Facebook Ireland uses these page insights to analyze the activity on our Facebook page and provides us this information in a form which does not relate to the specific person. We have concluded for this purpose an agreement with Facebook Ireland about joint responsibility under data protection law which you can access using the following the link. Facebook Ireland undertakes in this agreement, among other points, to assume the primary responsibility under the GDPR for the processing of page insights and to fulfill all duties under GDPR with regard to the processing of the page insights.
• Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland. For more information please see the Privacy Notice of Twitter.
• Instagram, operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. To learn more about Facebook Ireland's data collection and use with respect to Instagram, please read their Privacy Notice.
• Flickr, operated by Flickr, Inc., Flickr c/o Yahoo! Inc., 701 First Avenue, Sunnyvale, CA 94089, USA. For more information please see the Privacy Notice of Flickr.
(Hereinafter together referred to as "social networks".)
To ensure the most extensive protection of your personal data, Bhakti Event uses technical solutions that ensure that a data transfer via social media plugins to the respective operator of the social media service does not take place without prior activation of the social plug-ins by you – by way of activating the respective button (so that the button is no longer grey).
Thus, only deactivated social media plugins are integrated on our websites in the initial state, which do not establish contact with the servers of Facebook or other social network operators and social media plugins without corresponding activation. If you activate these deactivated social media plugins by clicking the "Activate social media" button, you thereby declare your consent to the transfer of your data to the social network operator. After activation, the social media plugins establish a connection to the respective social network. With a further click, you can then transmit a recommendation within the respective social network (such as your IP address and which websites you have visited is transmitted).
Please note that we have no influence on the scope of the personal data that the respective social network collects with the help of the social media plugin. Each activated social media plugin sets a cookie with a unique identifier each time the relevant website is accessed. This may enable the social network to create a profile of your usage behavior. It cannot be ruled out that such a profile can also be assigned to you in the event of a subsequent first-time registration with the social network. For further specifics, please see the applicable privacy notice of the social media network.
If you are already logged into a social network during your visit to our websites, no further login dialog may be displayed. Clicking on the "Activate social media" button thus means that you give your consent to the transfer of your data to the respective operator of the social network.
Therefore, you can only prevent this assignment by logging yourself out before visiting our website and before activating the button for your social media accounts.
If you are not a member of a social network, it is still possible that the social networks receive and store your IP address and information about the browser and operating system you use after activating the social plugins.
The same applies when you use the content plug- ins. In this case, you enable a connection to the provider of the embedded content to establish a connection by once clicking on the icon of the service provider or the embedded content.
12.2.1 c’t Shariff
On our website offer so-called social media buttons for sharing the content of our online offers via social networks. For this purpose, we use the "c't Shariff" solution developed by c't magazine, which provides social media buttons in compliance with data protection regulations.
The buttons offered directly by the operators of social networks, inadmissibly transmit personal data such as the IP address or entire cookies already when loading a website on which they are integrated, and thus pass on precise information about your surfing behavior to the social services without being asked. To do this, you do not have to be logged in or a member of the respective network.
In contrast, a Shariff button establishes direct contact between the social network and the visitor only when the visitor actively clicks on the Share button. Shariff thus prevents you from leaving a digital trail on every page you visit and improves data protection. By using Shariff, we can protect your personal data and still integrate social sharing buttons. For more information on c't Shariff, please see the description of Shariff social media buttons with data protection.
The following provides additional information about third parties we use for embedded content and on Google Analytics:
12.3 Google Analytics
We use Google Analytics to track traffic and usage trends on the websites and to learn more about the age and demographics of our users. Google Analytics is a web analytics service. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising. With the help of Google Analytics, we create pseudonymous usage profiles for the needs-based design of our websites. Google Analytics uses targeting cookies that are stored on your terminal device and can be read by us. In this way, we are able to recognize and count returning users and to learn how often our website have been accessed by different users.
The data processing is based on your consent (Art. 6 (1) lit. a GDPR. You can revoke your consent at any time.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
The information generated by the cookie about your use of our website is usually transmitted to a Google server in the USA and stored there. However, since we have activated IP anonymization on our website (We use the application “_gat. _anonymizeIp), your IP address will be shortened by Google beforehand within member states of the European Union. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only shortened there (for more information on the purpose and scope of data collection, see e.g. https://policies.google.com/privacy/embedded?hl=en-US). We have also concluded a joint controller agreement with Google LLC (USA) in accordance with Art. 26 GDPR.
You can also prevent the collection of data generated by the cookie and related to your use of our websites (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (https://tools.google.com/dlpage/gaoptout?hl=de).
12.4 Google Maps
We integrate the maps of the service "Google Maps" from Google. The processed data may include, in particular, IP addresses and location data, which, however, are not collected and processed without your consent (Art. 6 (1) lit. a GDPR) (usually as part of the settings of your desktop or mobile devices). The data may be processed in the USA. You can find more information in Google's Privacy Notice, which you can access here.
12.5 YouTube
On our websites, we use the services of the video portal YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, ("YouTube") to integrate videos. In connection with the provision of YouTube, we use the "Enhanced Privacy Mode", which is intended to ensure that data is only transmitted to YouTube when the videos are accessed.
Thus, only if you interact with the video, a connection to YouTube will be established to be able to call up and display the video. In this context, YouTube stores at least the IP address, the date and time as well as the website you visited. In addition, a connection to Google's advertising network "DoubleClick" is established.
If you are logged into YouTube at the time you visit our website, YouTube may establish a connection to your YouTube account. To prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.
For the purpose of ensuring improved usability and analyzing usage behavior, YouTube permanently stores cookies on your end device via your Internet browser. If you do not agree with this processing, you have the option to prevent the storage of cookies by a setting in your Internet browser. You can find more information on this above under "Cookies".
Google provides further information on the collection and use of data as well as your rights and protection options in this regard in the Privacy Notice.
12.6 Photo, filming, livestream in the temple and our events
During our events in the temple and in the event tent, photo and/or film recordings (including sound) and a live broadcast are made and broadcast live in real time. The essential information can be found below. If you do not want to be photographed or filmed, you can go to the photo/video/livestream -free area.
• Purpose: The recordings may be published or broadcast live on the Internet, the online portal of social media channels, or on the Bhakti Marga YouTube channel or on other Internet-based networks, platforms or mobile apps, live streaming (real-time streaming) on the Bhakti Marga website or on the Bhakti Marga Facebook page, the responsible entity as well as in TV and print media (including books). Possible further recipients can be found in this data protection declaration of the person responsible.
• Duration of processing: The recordings are stored for 3 years and then deleted.
• Legal basis and legitimate interest: The processing is carried out on the basis of the legitimate interest of the controller to document the event organised visually, and to report positively to a larger public (Art. 6 para. 1 lit. f GDPR) as well as on your consent in accordance with Art. 6 lit. a GDPR.
12.7 Bhakti Marga Academy App
360 Learning Collaborative Learning platform
To provide online courses, we use 360Learning Collaborative Learning platform as an App, that relies on peer learning where anyone can elevate and respond to requests for knowledge, closing skills gaps faster. 360Learning involves learners in online courses on a day-to-day basis and helps increase engagement rates using gamification methods. Feedback and data from interactions within the course are pushed to coaches on the platform, who facilitate peer learning by ensuring that courses are easily accessible, actionable and impactful. For more information, please see 360Learning Privacy Policy. If you have a Bhakti ID account with us and have consented there to us, that we may contact you to offer you courses to support you on your spiritual path, you will receive an email from us with a link to the Bhakti Marga Academy app hosted by 360Learning Platform. Upon logging in, you will be redirected to the Bhakti ID login-in page. The processed data may include, personal data as necessary to provide the learning Collaborative platform services by 360Learning, in particular, IP addresses and email addresses, username, which, however, are not collected and processed without your consent (Art. 6 (1) lit. a GDPR) (usually as part of the settings of your desktop or mobile devices in the Bhakti ID Account). We have concluded an order processing agreement with the provider of 360Learning platform that complies with the requirements of Art. 28 GDPR.
12.8 Friendly Captcha
Friendly Captcha is a proof-of-work based solution in which the user’s device does all the work. Friendly Captcha respects the user’s privacy and works automatically, it generates a unique crypto puzzle for each visitor. As soon as the user starts filling a form it starts getting solved automatically. Solving it will usually take a few seconds. By the time the user is ready to submit, the puzzle is probably already solved. Captcha help us to protect our website and online services from spam and abuse. For more information, please see Friendly Captcha Privacy Policy.
13. Technical security measures
We implement a variety of security measures designed to maintain the safety of your personal data we store and process. For example, to protect the transmission of confidential information that you send to us as the website provider, we use SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any personal data under our control is compromised as a result of a security breach, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose personal data may have been compromised and or the competent data protection authority.
14. Your rights
You have the right to information, correction, deletion, restriction, objection and data portability. You also have the right to lodge a complaint with the data protection authority (Hessische Aufsichtsbehörde Postfach 3163, Hessischer Beauftragter für Datenschutz und Informationsfreiheit
65021 Wiesbaden, Tel.: +49 611 14080, Fax: +49 611 1408900, E-Mail:
poststelle@datenschutz.hessen.de).
With regard to the processing of the recordings and a possible objection, please contact us directly via the following e-mail address: dataprotection@bhaktimarga.org
15. Status of the Privacy Notice and Updates
Please note, this privacy notice may be amended by us at any time to the extent necessary to provide you with adequate information about the processing of your personal data. Therefore, please check this privacy notice at regular intervals, insofar as you regularly visit our website or regularly use our products and services. The date of the last update of this privacy notice is indicated at the beginning of this privacy notice.
Hessische Aufsichtsbehörde Postfach 3163, 65021 Wiesbaden Poststelle@datenschutz.hessen.de.