PRIVACY POLICY
Bhakti Marga México AC Trust
Summary
We are pleased with your interest in Bhakti Marga Mexica. To help you understand, this summary provides you with a brief overview of what we do with your personal data. Unless otherwise stated below, the provision of your personal data is neither required by law nor by contract for the conclusion of a contract. You are not obliged to provide the data. Failure to provide will have no consequences. This only applies if no other information is provided during further processing.
“Personal data” means any information relating to an identified or identifiable natural person.
For detailed information, we recommend that you read the full version of the Privacy Statement.
I . Scope
This privacy statement applies to the handling of your personal data in the context of the use of our website and the ordering of products and services.
II . Liability
Bhakti Marga México AC, hereinafter referred to as BHAKTI MARGA MÉXICO AC, is responsible for the collection and processing of your personal data. In some cases, we use your personal data together with third parties, in particular with other organisations affiliated with BHAKTI MARGA MÉXICO AC. You can find our contact details in section 2.
III. Data Collected and Purposes of Use
The types of data we process are personal data such as your names, contact details, contract details, registration-related data, communication data, user and IP address and data containing information about your religious, philosophical or philosophical beliefs, such as your spiritual name or initiation status within our organisation.
In order to infringe your fundamental rights and freedoms, we will use your personal data in the context of, for example:
- Entering into contracts
- Handling requests for orders
- courses
- (group) travel
- The pursuit of our legitimate interests
- Promoting our mission by, for example, providing you with news about events and courses, for example
- communicate with you in general.
When we process data about your religious, philosophical or philosophical beliefs, we will ask for your consent. Detailed information on the type of data and the purposes of use, as well as the legal basis, on which we process your personal data can be found in Section 3.
IV. Processing data
We process personal data that you provide to us directly, for example when you:
- register for a course or event
- products and services
- communicate with us.
We may also collect personal data automatically when you use our services, for example through the use of cookies.
V. Data Sharing
We may share certain personal data with, for example, BHAKTI MARGA MÉXICO AC affiliates and service providers that support us, such as processors of marketing activities and organizations that maintain our website. This includes data controllers, such as payment service providers and providers of donation and accounting services, as well as shipping and distribution companies. Your data may also be shared when you comment via a website or social network. You can find out more about how we share your personal information in Section 5.
VI. International TransfersWe may transfer your personal data to other countries outside the European Union, where less protective privacy laws and regulations may apply. However, we ensure that legal safeguards are put in place for these transfers.
VII. Data storage
We only process and store your personal data for as long as it is necessary for
our processing purposes. Sometimes, however, the law requires such data to be kept for a longer period of time. See section 6. for more information on retention periods.
VIII. Your rights
You have certain rights under the General Data Protection Regulation in relation to your personal data. The types of rights you have and further information about them can be found in Section 7.
IX. Obligation to provide data
You do not need to provide us with any personal data. This may mean that we will not be able to provide you with our services, as we do not have your personal data.
X. No automated decision-making
BHAKTI MARGA MÉXICO AC does not use automated decision-making procedures.
XI. Tracking Technology
We use cookies and other tracking technologies, for example, to:
- improve our services
- Provide you with information
- Remember your favorite settings
Information on how tracking technology works, what types of cookies we use and how valid they are can be found in 4. on how they work. Our Cookie Policy incl. Detailed information about the cookies used you will find in the cookie policy on our website.
XII. Third-Party Online Services
We use third-party plug-ins and other online services to provide you with an accessible website and to enable easy access to the content of social media platforms. These third parties are data controllers and decide what personal data they collect. However, in order to respect your privacy, we have selected an implementation of the different plugins. This ensures that personal data is not shared with these third-party service providers when you activate or interact with these services. For more information on these services, see section 4.
XIII. Security
We take the security of your data seriously. We implement various technical and organizational measures to protect your personal data. Details can be found in section 8.
XIV. Updates
We update this Privacy Policy from time to time; the date for the last update is stated at the beginning of this Privacy Policy.
1. Responsible contact details
Bhakti Marga México AC Bhakti Marga México AC
Naciones Unidaa 6178-17
Parque de la Castellana
Zapopan . Jalisco, México
CP 45117
is responsible for the processing of your personal data, as described in this Privacy Statement. If you have any questions or suggestions regarding your data protection, please contact us at info@bhaktimarga.org.mx.
2. Data Processing: Which/Purposes/ Legal Basis
Depending on the specific processing situation, we collect and process different types of personal data. Below you will find a list of data and the relevant processing situations. We process your personal data exclusively in accordance with the provisions of the General Data Protection Regulation (GDPR). In certain situations, we also process your personal data to comply with other legal obligations, or on the basis of your explicit consent. In general, we process your personal data:
- For the performance of a contract
- to fulfil contractual obligations
- to enter into an agreement
- to support customers
- to answer questions relating to our services.
- to comply with legal obligations
We also process your personal data to protect our legitimate interests, except where your interests or fundamental rights and freedoms prevail, which require the protection of your personal data. Except in individual cases, we generally assume that our legitimate interests prevail in the following processing situations in particular:
- Improving our offers and services
- are view of the use of our websites
- ensuring the confidentiality and integrity of our IT systems
- General communications with you
- cooperation with public authorities
- activities make us and our services known
We also protect ourselves from legal action. If you separately consent us to process your personal data, we will process your personal data within – and on the basis of – your consent. Your consent relates, for example, to:
- the transfer of data to affiliated companies or third parties
- the evaluation of your data for specific advertising activities
- sending newsletters.
Consent is always freely given. Refusing or withdrawing your consent will not have any negative consequences for you and you can do so at any time.
2.1 Visiting our website
2.1.1. Visit website – Data processing
When using the services of BHAKTI MARGA MÉXICO AC on our website, we process, among other things, the following personal data of the user:
- data about the use of the websites offered (e.g. browser)
- Operating system used
- Internet Service Provider Access System
- Referrer URL
- Sub-websites
- Date and time of server request
- Requested content
- Duration of use)
- IP address
2.1.2 Data processing – purposes and legal basis
When using the data, BHAKTI MARGA MÉXICO AC does not draw any conclusions about the data subject. On the other hand, this information is necessary to:
- display the content of our website correctly
- Optimize the content of our website
- Ensuring the long-term viability of our information technology systems and website technology
- providing information to the authorities/law enforcement officers if this is necessary for e.g. criminal prosecution in the case of e.g. attacks on the website.
BHAKTI MARGA MÉXICO AC statistically analyzes anonymously collected data and information, with the aim of increasing the protection and security of the data and ensuring an optimal level of protection of the personal data that we process. Anonymous data from the server’s log files is stored separately from all personal data provided by you. Processing is necessary for the protection of our legitimate interests, except where your interests or fundamental rights and freedoms prevail, in relation to the protection of your interests and personal data (Art. 6 GDPR).
2.2 Subscribing to our newsletter
2.2.1 Data processing newsletter subscription
Through our website you have the opportunity to subscribe to our newsletter. If you subscribe, we will ask you for your email address. Immediately after your registration, you will receive a confirmation on the screen of the device you used to log in. It is also possible to enter your first and last name. This allows Bhakti Marga México AC Trust to approach you in a personal way, if you would like to do so and to respond personally to any comments and/or questions you may have regarding the newsletter, for example. We would like to point out that our newsletter contains tracking pixels. A tracking pixel is a thumbnail image embedded in an email. These are sent in HTML format to enable the recording and analysis of log files, such as a statistical analysis of the success or failure of our online marketing campaigns. Based on the built-in tracking pixel, we can see if and when an email has been opened and which links have been opened. Such data is stored and analyzed by us in order to optimise the sending of the newsletter and to adapt its content for future newsletters, tailored to the interests of the data subjects. This personal data will not be shared with third parties. We will only use your e-mail address to send newsletters for our own advertising purposes, regardless of the performance of the contract, insofar as you have expressly consented to this. The processing takes place with your consent on the basis of Article 6 (1) (a) GDPR. You may withdraw consent at any time without affecting the lawfulness of any processing carried out on the basis of consent until to the withdrawal.
You can unsubscribe from the newsletter at any time by using the relevant link in the newsletter or by notifying us . Your email address will then be removed from the mailing list.
Deletion and restriction of processing: We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe contradictions, we reserve the right to store the e-mail address in a blacklist (so-called “blocklist”) solely for this purpose.
The registration process is logged on the basis of our legitimate interests for the purpose of proving that it has been carried out properly. Insofar as we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure dispatch system.
Contents:
Information about us, our services, promotions and offers.
- Types of data processed: inventory data (e.g. names, addresses); contact details (e.g. email, phone numbers); meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Usage data (e.g. websites visited, interest in content, access times).
- Data subjects: Communication partners.
- Purposes of processing: Direct marketing (e.g. by e-mail or post).
- Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
- Opt-out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the contact options given above, preferably e-mail.
Further information on processing processes, procedures and services:
- Measurement of opening and click-through rates: The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server or, if we use a mailing service provider, from its server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of access, is first collected. This information is used for the technical improvement of our newsletter on the basis of the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until they are deleted. The evaluations are used by us to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.The measurement of the opening rates and the click rates as well as the storage of the measurement results in the profiles of the users as well as their further processing are carried out on the basis of the user’s consent. Unfortunately, it is not possible to revoke the performance measurement separately, in which case the entire newsletter subscription must be cancelled or objected to. In this case, the stored profile information will be deleted; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
2.2.2 Promotional communication via e-mail, post, fax or telephone
We process personal data for the purposes of promotional communication, which can be carried out via various channels, such as e-mail, telephone, post or fax, in accordance with legal requirements.
Recipients have the right to revoke their consent at any time or to object to promotional communication at any time.
After revocation or objection, we store the data required to prove the previous authorization for contacting or sending you for up to three years after the end of the year of the revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defence against claims. On the basis of the legitimate interest in permanently observing the revocation or objection of the users, we also store the data necessary to avoid re-contact (e.g. e-mail address, telephone number, name, depending on the communication channel).
- Types of data processed: inventory data (e.g. names, addresses); Contact details (e.g. e-mail, telephone numbers).
- Data subjects: Communication partners.
- Purposes of processing: Direct marketing (e.g. by e-mail or post).
- Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);
- Basis for third-country transfer: EU-US Data Privacy Framework (DPF).
- In the event of revocation, your personal data will be deleted.
2.3 Events
2.3.1 What data do we process in the context of booking and managing events?
If you register for our events or paid courses in the events calendar on our website, we will process your title, first and last name, country, address, email address, telephone number, spiritual name (optional), information about the event for which you have registered, payment data such as credit card number or other bank details, among other things. If you register for our free events in the event calendar on our website, we will process your username, email address, spiritual name (optional), information about the event for which you have registered, among other things.
2.3.2 For what purposes and on what legal basis do we process this data?
The personal data collected in the context of booking and managing the event will be used in particular to respond to your request. In addition, we may use the data collected to contact you directly and offer you similar offers and events based on your booking history and personal interests. The processing is necessary for the fulfilment of contractual or pre contractual obligations (Art. 6 GDPR). We may also ask for your explicit consent to the processing of personal data collected in connection with the booking and management of the event. Consent will be entirely voluntary
2.4 Events like Darshan with Paramahamsa Sri Swami Vishwananda and photo and video recordings
During the events with Paramahamsa Sri Swami Vishwananda photo and Video recordings of the event will be taken. As a live broadcast and as video-on-demand on the Bhakti Marga channels, such as the Bhakti Marga You-Tube channel, on the Bhakti Marga website https://www.bhaktimarga.org/livestream and our Bhakti Marga México AC Trust website https://bhaktimarga.in, on the bhaktimarga.org website, on our Bhakti Marga México AC Trust Facebook page, as well as on the Bhakti Marga Facebook page, on Bhakti Marga’s Instagram page, on Bhakti Marga’s Flickr, and also as video on-demand on Bhakti Marga’s media platform. The contents of these video recordings are used for this purpose and will be stored for that purpose. Above all, Guruji, Paramahamsa Sri Swami Vishwananda is filmed. Recordings of guests are avoided as far as possible, but this cannot be ruled out. Livestream-free zones will be offered in certain areas mentioned.
2.4.1 For what purposes and on what legal basis do we process this data?
The legal basis for this is Article 6 (f) GDPR, as well as the voluntary consent of the participants in accordance with Art. 6 para. 1 lit.a GDPR. The legitimate interest Art. 6 lit. f GDPR, of Bhakti Marga is the public relations work of Bhakti Marga, so these video and photo recordings are made for the purpose of publicity.
When registering for events with us, etc., participants can decide whether may be filmed or not. We respect your privacy. On the spot we have Livestream-free zones, where no recordings are taken. If you don’t want to be filmed, you will receive on the day of the event a black bracelet, so the video team can recognise you and will know, that you don’t want to be filmed during our event and our event team will show you our “Livestream-free zone”.
2.4.2 Affiliated company for the service of a lifestream and video recordings:
Bhakti Event GmbH, Am Geisberg 1-8, 65321 Heidenrod Germany, Tel. 06124/609-1125E-mail dataprotection@bhaktimarga.org, commercial registration number: 23765, / E-mail: info@bhaktimarga.org. For more information, please see their privacy policy https://bhaktimarga.org/privacy. https://www.bhaktimarga.org/impressum/impressum-de
You can contact their data protection officer at: Anna Aman lawyer, E-mail info@kanzlei-anna-aman.de. We have concluded an order processing agreement with Bhakti Event GmbH that complies with the requirements of Art. 28 GDPR.
2.5. Participating in an event
2.5.1 Which data do we process when you consent to a participate in an event?
If you give us a consent via our website, we process from you, inter alia, first and last name, e-mail address, pictures, videos and testimonials, language of interpretation, spiritual name (optional), information about the event you have registered for. We also process videos recordings of you while you participate in the event to share the common experience with the whole participating (online and offline) community during a livestream and a period then after. Moreover, we may use your photos and videos taken during the event for the purpose of commercial use. This means your photos and videos may be used on our websites, in (print) publications and our Facebook, Flickr, Instagram page as well as our YouTube channel.
2.5.2 For what purposes and on what legal basis do we process this data?
The processing of photos and/or videos collection, storage and transfer to third parties is based on the explicit consent of the person(s) entitled or the person(s) concerned, therefore in accordance with Art. 6 para. 1 letter a GDPR, Art. 9 Abs.2 lit.a GDPR. The processing is based on the legal basis of Art. 6 (1) lit. a GDPR (your consent, you have given. Consent is always freely given. Refusing or revoking your consent will not have any negative consequences for you). If you have signed a contract with Bhakti Event GmbH, with you as a participant regarding the event documentation production, then the contract is the legal basis Art. 6 (1) b GDPR.
2.5.3 Categories of possible recipients of the personal data:
The photos and/or videos can be shared with Facebook, Instagram , YouTube. For purposes of public relations, as well as commercial use and sales work, they may be posted on the homepage of bhaktimarga.org and used for the facebook fanpage, twitter page, you-tube channel of Bhakti Event GmbH. The content is also going to be livestreamed on YouTube. YouTube is an American company and, as with all American companies that analyse user behaviour, there is a risk that we do not know exactly, how your data is analysed and we cannot influence this. The content is also going to be livestreamed on YouTube. YouTube is an American company and, as with all American companies that analyse user behaviour, there is a risk that we do not know exactly, how your data is analysed and we can not influence this.
Facebook Inc., 1601 Willow Road Menlo Park, CA 94025, USA. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. To learn more about Facebooks data collection and use, please read their Privacy Notice. Together with Facebook Ireland, Bhakti Event GmbH is jointly responsible in the meaning of Art. 26 GDPR for the processing of so-called pages insights in the course of operating their Facebook fan page. Facebook Ireland uses these page insights to analyse the activity on our Facebook page and provides us this information in a form which does not relate to the specific person. We have concluded for this purpose an agreement with Facebook Ireland about joint responsibility under data protection law which you can access using the following the link. Facebook Ireland undertakes in this agreement, among other points, to assume the primary responsibility under the GDPR for the processing of page insights and to fulfil all duties under GDPR with regard to the processing of the page insights.
- Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland. For more information please see the Privacy Notice of Twitter.
- Instagram, operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. To learn more about Facebook Ireland’s data collection and use with respect to Instagram, please read their Privacy Notice.
- Flickr, operated by Flickr, Inc., Flickr c/o Yahoo! Inc., 701 First Avenue, Sunnyvale, CA 94089, USA. For more information please see the Privacy Notice of Flickr.
- YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, (“YouTube https://support.google.com/youtube/answer/10364219?hl=de )
2.6 Collection and processing when using the contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent. When using the contact form, we collect your personal data (name, e-mail address, message text) only to the extent that you have provided it. The purpose of the data processing is to establish contact. If the purpose of contacting us is to carry out pre-contractual measures (e.g. advice in the event of interest in a purchase, the preparation of quotations) or an already In the case of a contract concluded between you and us, this data processing is carried out on the basis of Art. 6(1)(b) GDPR. If contact is made for other reasons, this data is processed on the basis of Art. 6 para. 1 lit. f GDPR is based on our overriding legitimate interest in answering your question. In this case, you have the right to object at any time, on grounds arising from your particular situation, to the processing of your personal data on the basis of Article 6(1)(f) of the GDPR. The processing of this data is based on Art. 6 (1) lit. b GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. Your email address will only be used to process your request. Your data will then be deleted if you have not consented to further processing and use.In all other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.
2.6.1 Subscription forms
If you use Bhakti Marga México AC a subscription form on our site you will be opting in for us to save your name, email address and other relevant information.
These subscriptions are used to notify you about related content, discounts & other special offers.
You can opt our or unsubscribe at any time in the future by clicking link in the bottom of any email.
2.7 Server Log Files
You can visit our website without providing any personal information .
Every time you visit our website, usage data is transmitted to us or our web host/IT service provider via your internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the page visited, the date and time of access, the IP address, the amount of data transmitted and the requesting provider. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR is in the legitimate interest of ensuring the uninterrupted operation of our website and for the improvement of our offer. Your data may be transferred to a third country outside the European Union, for which an adequacy decision has been issued by the EU Commission.
2.8 Proactive contact of customers by e-mail
If you contact us for business purposes via e-mail, we will only collect your personal data (name, e-mail address, message text) to the extent provided by you. The purpose of the data processing is to process and respond to your contact request.
If the purpose of contacting us is to carry out pre-contractual measures (e.g. advice in the event of interest in a purchase, the preparation of quotations) or an already In the case of a contract concluded between you and us, this data processing is carried out on the basis of Art. 6(1)(b) GDPR.
If contact is made for other reasons, this data is processed on the basis of Art. 6 para. 1 lit. f GDPR is based on our overriding legitimate interest in answering your question. In this case, you have the right to object at any time, on grounds arising from your particular situation, to the processing of your personal data on the basis of Article 6(1)(f) of the GDPR. personal data.
Your email address will only be used to process your request. Your data will then be deleted in accordance with statutory retention periods if you have not consented to further processing and use.
2.9 Education and training services
We process the data of the participants of our education and training courses (uniformly referred to as “education and training providers”) in order to be able to provide our training services to them. The data processed in this context, the type, scope, purpose and necessity of their processing are determined by the underlying contractual and training relationship. The forms of processing also include the performance evaluation and evaluation of our performance as well as that of the teachers. In the course of our activities, we may also process special categories of data, in particular information on the health of the trainees and data revealing ethnic origin, political opinions, religious or philosophical beliefs. To this end, if necessary, we obtain the explicit consent of the trainees and otherwise process the special categories of data only if it is necessary for the provision of the training services, for the purposes of health care, social protection or the protection of the vital interests of the trainers and further education trainees; Legal basis: Performance of a contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
2.10 Accommodation in the Ashram
We process the data of our guests, visitors and interested parties (uniformly referred to as “guests”) in order to provide our accommodation and related services of a tourist or gastronomic nature as well as to bill for the services provided. As part of our assignment, it may be necessary for us to process special categories of data within the meaning of Art. 9 (1) GDPR, in particular information on a person’s health or information relating to their religious beliefs. The processing is carried out in order to protect the health interests of visitors (e.g. in the case of information on allergies) or otherwise to meet their physical or mental needs at their request and with their consent. If required for the fulfilment of the contract or by law, or if the consent of guests or on the basis of our legitimate interests, we disclose or transmit the data of the guests, e.g. to the service providers involved in the performance of our services or to authorities, billing offices as well as in the field of IT, office or comparable services; Legal basis: Performance of contract and pre-contractual enquiries.
2.11 Online Courses and Online Training
We process the data of the participants of our online courses and online training courses (collectively referred to as “Participants”) in order to be able to provide our course and training services to them. The data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual relationship. The data generally includes information on the courses and services used and, if part of our range of services, personal specifications and results of the participants. The forms of processing also include the performance evaluation and evaluation of our performance as well as that of the course and training instructors; Legal basis: Performance of contract and pre-contractual enquiries.
2.12 Advertising
2.12.1 Use of the e-mail address for the purpose of sending direct mail
We use your e-mail address, which we received in the context of the sale of a good or service, for the electronic transmission of advertising for our own goods or services, which comparable to those you have already purchased from us, provided that you have not objected to this use. The provision of the e-mail address is necessary for the conclusion of the contract. Failure to make it available will result in the conclusion of an agreement . The processing is carried out on the basis of Article 6
(1) (f) GDPR from the legitimate point of view of direct advertising. You can object to this use of your e-mail address at any time by notifying us. The contact details for the objection procedure can be found in the legal notice. You can also use the link provided for this purpose in the promotional email. There are no costs for this other than the shipping costs according to the basic rates.
2.13 Seva form
When using the seva contact form, we collect your personal data (name, e-mail address, address, nationality, spiritual name, telephone number, talents, message text, ) only to the extent that you have provided it. The purpose of the data processing is to establish contact. If the purpose of contacting us is to carry out pre-contractual measures (e.g. advice in the event of interest in a purchase, the preparation of quotations) or an already In the case of a contract concluded between you and us, this data processing is carried out on the basis of Art. 6(1)(b) GDPR. If contact is made for other reasons, this data is processed on the basis of Art. 6 para. 1 lit. f GDPR is based on our overriding legitimate interest in answering your question. In this case, you have the right to object at any time, on grounds arising from your particular situation, to the processing of your personal data on the basis of Article 6(1)(f) of the GDPR. The processing of this data is based on Art. 6 (1) lit. b GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. Your email address will only be used to process your request. Your data will then be deleted latest after 6 month, if you have not consented to further processing and use.In all other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.
3. What kind of cookies and tracking technology do we use?
For the provision, maintenance, and analysis of our websites and their usage, we use various software tools from third parties and ourselves, which are regularly based on the use of cookies, Flash cookies (also called Flash Local Shared Objects), web beacons or similar technologies (collectively as “Tracking Technologies”). Tracking Technologies can help us understand how you use our services (e.g., the pages you display or the links you click and other actions you perform with the services), give us information about your browser and online usage patterns (e.g., IP address, log data, browser type, browser language, referring/exiting pages and URLs, pages viewed, whether you have opened an e-mail, clicked links, etc.) as well as information about the devices with which you access our services. Tracking Technologies allow us to link the devices you use to access our services so that we can identify and contact you on the various devices you use. It also helps us and our advertising partners to determine products and services that may be of interest to you, in order to serve you targeted advertisements.
You can limit the use of Tracking Technologies by changing the settings of your browser. You can determine what access you grant us and whether and for how long cookies can be stored on your device. You can also delete cookies that have already been stored at any time. Please note that the functionality of our websites may be affected after deactivating all cookies. Similar functions (such as Flash cookies), which are used by so-called browser add-ons, can be switched off or deleted by changing the settings of the browser add-on or via the website of the browser add-on provider.
3.1 What are cookies?
A cookie is a small file that is transferred during the use of a website from the host server of the website and stored on the user’s device (desktop computer, laptop, tablet, smartphone, other Internet-enabled devices) by the browser used. Cookies are used to store information about the user and to retrieve it when the website is called up again.
3.2 What are cookies used for?
Cookies help us understand the use of our websites, analyze trends, administer the websites, track a user’s steps on our websites, collect demographic information about our user base as a whole, allow you to navigate efficiently between the pages, remember your preferences and settings on our websites, and generally improve your browsing experience. We process the data collected using Tracking Technologies to (i) remember information so that you do not have to re-enter them during your visit or a new visit, (ii) recognize you across multiple devices, (iii) control the functionality and performance of our websites, (iv) collect aggregated metrics regarding the total number of visitors, total traffic, usage and demographic patterns on our websites, (v) diagnose and resolve technical issues, (vi) determine products and services that may be of interest to you, in order to serve you targeted advertisements and (vii) otherwise plan and improve our website.
3.3 What types of cookies are used on our websites?
The cookies used on our website can usually be categorized as follows: mandatory cookies, analytical / performance cookies, function-related cookies, and marketing cookies.
3.3.1 Mandatory cookies
These cookies are essential for the functioning of our websites and enable you to move around our websites and to use their functions. Without these cookies, certain services that are required for the full functioning of our websites cannot be provided.
3.3.2 Analytical / performance cookies
With the help of these cookies, we collect information about how our users use our websites, e.g., which pages are accessed and read most frequently, or how users move from one link to the next. All information collected by this type of cookie does not relate to a single user but is aggregated and processed with the information of other users. Cookies provide us with analytical data on how our websites work and how we can improve them.
3.3.3 Function-related cookies
These cookies allow us to save a specific selection you have made and to adapt our website in such a way that it offers you extended functions and content. These cookies can be used, for example, to save your language selection or country selection.
3.3.4 Marketing cookies
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it, and the marketing messages we send to you more relevant to your interests. We may also share this information with third parties who provide a service to us for this purpose.
3.3.5 Cookies
Our website uses cookies. Cookies are small text files that are stored in the Internet browser or by the Internet browser on a user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables a unique identification of the browser when the website is called up again.
Cookies are stored on your computer. You therefore have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be informed before the setting of cookies and individually decide whether to accept them and prevent the cookies from being stored and the data they contain from being sent. Cookies that have already been stored can be deleted at any time. However, we would like to point out that if you do so, you may not be able to use all the functions of this website to their full extent.
You can use the following links to find out how to manage (including how to deactivate) cookies on the main browsers: Chrome Browser:https://support.google.com/accounts/answer/61416?hl=nl
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
3.3.6 Technically necessary cookies
Unless otherwise provided in the data protection declaration below, we only use these technicallynecessary cookies to make our website more user-friendly, effective and secure. In addition, cookies allow our systems to recognize your browser, even after a page change, and to provide you with services. Some features of our website cannot be provided without the use of cookies. For this, it is necessary that the browser is recognized, even after a page change. The processing is carried out on the basis of Art. 6 (1) (f) GDPR on the basis of an overriding legitimate interest in the optimal functioning of our website as well as a user-friendly and effective design of our website. offer. For reasons relating to your particular situation, you have the right to object at any time to the processing of your personal data based on Article 6 (1) (f) GDPR.
3.3.7 Use of Web Toffee’s cookie consent plug-in
We use on our website the GDPR cookie consent plugin from WebToffee of Mozilor Limited (10 Paxton Crescent, Shenley Lodge, Milton Keynes MK5 7PY, United Kingdom; “WebToffee”).
The plug-in allows you to consent to the processing of data via the website, in particular the setting of cookies, and to exercise your right of revocation for previously given consent. The data processing must obtain the necessary consent for data processing for the purpose and thus comply with legal obligations.Cookies may be used for this purpose. Among other things, the following information may be collected and transmitted to WebToffee: anonymizedIP address, user ID, consent status, date and time of consent or refusal. This data will not be passed on to third parties.
The data is processed for the fulfilment of a legal obligation based on Art. 6 (1) (c) GDPR. You can find more information about data protection at WebToffee at: https:// www.webtoffee.com/privacy-policy/
3.4 How long are cookies stored on your device?
The retention period depends essentially on whether the cookie is “persistent” or “session-based.” Session- based cookies are deleted after you leave the websites that set the cookie. Persistent cookies remain on your device even after you have finished browsing until they are deleted or until they have expired.
3.5 Cookie Policy
If you would like to obtain further information on the specific cookies we use, please see our Cookie Policy .
4. Third Party Online Services (data sharing)
To offer you a convenient website, we use, inter alia, Instagram Google, Google Maps, and YouTube (Google Maps and YouTube are together referred to as “ content plug-ins”), and so-called social media plugins of the social networks.
4.1 Plug-ins
4.1.2 Use of Social Plug-ins
We integrate functional and content elements into our online offering, which are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). This may include, for example, graphics, videos or city maps (hereinafter referred to collectively as “Content”).The integration always presupposes that the third-party providers of this content process the IP address of the users, as without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the display of this content or functions. We make every effort to only use content whose respective providers only use the IP address to deliver the content. Third parties may also use pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information on the browser and operating system, referring websites, time of visit and other information on the use of our online offering, as well as be combined with such information from other sources. We use plug-ins from social networks on our website. The integration of social plug-ins and the data processing that takes place in this process serves to optimise the advertising of our products. When social plug-ins are integrated , a link is established between your computer and the servers of the social network provider and the plug-in is thereby message to your browser will be displayed on the page, provided that you have expressly consented. In this process, both your IP address and the information about which of our pages you have visited are transmitted to the provider’s server transferred. This applies regardless of whether you are registered with the social network or logged in. Even with unregistered or non-logged-in users, a transfer takes place. When you are connected to one or more of your social network accounts at the same time, the information collected may also be assigned to your respective profiles. When using the plug-in functions (e.g. by pressing the button), this information is also assigned to your user account. You can prevent this assignment by logging out of your social media accounts before visiting our website and activating the buttons. The use of cookies or similar technologies is carried out with your consent pursuant to Art. 6(1)(a) GDPR. The processing of your personal data is carried out with your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
The social networks listed below are integrated into our website by means of a social plug-in. You can find more information about the scope and purpose of the collection and use of the data as well as about your rights in this regard and options for protecting your privacy in the linked data protection information of the providers.
- Types of data processed: usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Inventory data (e.g. names, addresses); contact details (e.g. email, phone numbers); Content data (e.g. submissions in online forms). Location data (information about the geographic location of a device or person).
- Data subjects: Users (e.g. website visitors, users of online services).
- Purposes of processing: Provision of our online offer and user-friendliness; Marketing. Profiles with user-related information (creating user profiles).
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Consent Art. 6 para.1 sentence 1 lit. a GDPR
4.1.3 Further information on processing processes, procedures and services:
- Facebook pages: Profiles within the social network Facebook – Together with Meta Platforms Ireland Limited, we are responsible for the collection (but not the further processing) of data of visitors to our Facebook page (so-called Facebook pages). “Fanpage”). This data includes information about the types of content that users view or interact with, or the actions they take (see “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in Facebook’s Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, known as “Page Insights”, for Page operators to gain insights into how people interact with their Pages and with the content associated with them. We have entered into a special agreement with Facebook (“Page Insights Information”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfil the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “About Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Basis for third-country transfers: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum). For more information, see: Joint Responsibility Agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data. Joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular with regard to the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the Standard Contractual Clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
- Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interest (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com. Privacy Policy: https://instagram.com/about/legal/privacy. Your data may be transferred to third countries such as the USA. For the US, there is an adequacy decision from the EU Commission: the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and is therefore obliged to follow European data protection principles.
- Google Maps: We integrate the maps of the “Google Maps” service of the provider Google. The data processed may include, in particular, IP addresses and location data of users; Service Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Basisfor third-country transfer: EU-US Data Privacy Framework (DPF).
- X plugins and content: plugins and buttons of the “X” platform – This may include, for example, content such as images, videos or texts and buttons that allow users to share content from this online offering within X; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://twitter.com/de; Privacy Policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization); Data processing agreement: https://privacy.twitter.com/en/for-our-partners/global-dpa. Basis for third-country transfers: Standard Contractual Clauses (https://privacy.twitter.com/en/for-our-partners/global-dpa).
- YouTube videos: video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfer: EU-US Data Privacy Framework (DPF). Possibility of objection (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated.
- Flickr, operated by Flickr, Inc., Flickr c/o Yahoo! Inc., 701 First Avenue, Sunnyvale, CA 94089, USA. For more information please see the Privacy Notice of Flickr. Basis for third-country transfers: Standard Contractual Clauses
4.2 Use of Social Plug-ins using “Shariff Wrapper”
On our website we offer you the possibility to use so called “Social Media Buttons”. To protect your data, we use a solution called “Shariff”. Hereby the share buttons are implemented as static images, which contain a link to the corresponding social network site. If you click on such a button, you will be redirected to the respective social network site in the same way, as normal links would do as well. Only in that moment of time the provider of the social network site will get information about you, for example your IP address. If you do not click on such a share button, no data will be transmitted. Information about the collection and usage of your date on the social network sites can be found in the corresponding terms of use of the respective provider. More information about the plugin and the Shariff solution can be found here: https://wordpress.org/plugins/shariff/
4.3 Use of Google re CAPTCHA
On our website, we use the reCAPTCHA service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). The purpose of the question is to distinguish whether the input is carried out by a person or by automated, machine processing. For this purpose, your input will be transmitted to Google and further used there. In addition, the IP address and, if necessary, other data required by Google for the reCAPTCHA service will be transmitted to Google . This data is processed by Google in the European Union and, if necessary, also in the USA.
For the US, there is an adequacy decision from the EU Commission: the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and is therefore obliged to comply with European data protection principles.
The use of cookies or similar technologies is subject to your consent pursuant to § 25(1) S. 1 TTDSG i.c.w. Art. 6(1)(a) GDPR. The processing of your personal data is carried out with your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
You can find more information about Google reCAPTCHA and its privacy policyat: https:// www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy.
4.4 Use of Google invisible re CAPTCHA
We use the reCAPTCHA service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). This is used to differentiate between the input by a person or by automated, machine processing. In the background, Google collects and analyzes usage data, which is used by Invisible reCaptcha, to distinguish regular users from bots. For this purpose, your input will be transmitted to Google and further used there. In addition, the IP address and any other data required by Google for the Invisible reCAPTCHA service will be transmitted to Google. This data is processed by Google in the European Union and, if necessary, also in the USA.
For the US, there is an adequacy decision from the EU Commission: the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and is therefore obliged to comply with European data protection principles.
The use of cookies or similar technologies is carried out with your consent pursuant to § 25 para. 1 S. 1 TTDSG i.c.w. Art. 6(1)(a) GDPR. The processing ofyour personal data is carried out with your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
You can find more information about Google reCAPTCHA and its privacy policy at: https:// www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy.
4.5 Use of Google Maps
We use the GoogleMaps map embedding function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”).
The function enables the visual display of geographical information and interactive map. In addition, Google also collects, processes and uses data from visitors to the websites when visiting pages in which Google Maps maps are integrated.
If necessary, your data will also be transferred to the USA. For the US, there is an adequacy decision from the EU Commission: the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and is therefore obliged to comply with European data protection principles.
Cookies or similar technologies are used with your consent pursuant to § 25(1) S. 1 TTDSG i.c.w. Art. 6(1)(a) GDPR. The processing of your personal data is carried out with your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
More information about the collection and use of data by Google canbe found in Google’s information on privacy policy at https://www.google.com/privacypolicy.html. There, you can also change your settings in the Privacy Center so that you can manage and protect your data processed by Google.
4.6 Use of YouTube
We use the YouTube video embedding function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”). YouTube is a partnership with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; ‘Google’).
The feature displays videos that have been deposited with YouTube in an iFrame on the website. In doing so, the “Advanced Privacy Mode” option is activated. As a result, YouTube does not store any information about the visitors to the website. Only when you watch a video is the information about it transmitted to YouTube and stored there. If necessary, your data will be transferred to the USA. For the US, there is an adequacy decision from the EU Commission: the Trans-Atlantic Data Privacy Framework (TADPF). YouTube has certified itself in accordance with the TADPF and is therefore obliged to comply with European data protection principles. The use of cookies or similar technologies is carried out with your consent pursuant Art. 6(1)(a) GDPR. The processing of your personal data is carried out with your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
You can find more information about the collection and use of data by YouTube and Google as well as the associated rights and options for protecting your privacy in YouTube’s privacy policy (https:// www.youtube.com/t/privacy).
4.7 Google Translate
On our website, we use Google Ireland Limited (Gordon House, Barrow Street, Dublin, Ireland) to provide translation services via API integration. Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). The purpose of data processing is to display the information on the website in other languages . In order to display the translation automatically after you have selected a national language, the browser you are using establishes a connection to Google’s servers. Cookies may be used for this purpose. Among other things, the following information may be collected and processed: IP address, URL of the page visited, date and time. Your data may be transferred to the United States. For the US, there is an adequacy decision from the EU Commission: the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPFand is therefore obliged to follow European data protection principles. The use of cookies or similar technologies is subject to your consent pursuant to Article 6( 1)( a) of the GDPR. The processing of your personal data is carried out with your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal. For more information about Google’s collection and use of your data, please visit: https:// www.google.com/policies/privacy/.
4.8 Donations
4.8.1 Which data do we process in the context of a donation?
Donations and payment services
GiveWP and Stripe: You can use a donation function on our website. We use Givewp as our donation portal with Stripe as payment gateway and processor to handle and manage all financial transactions. Donations are processed by the third-party provider Stripe Ltd. Further information on data processing by Stripe Ltd. can be found in the legal notice: Stripe Inc. 354 Oyster Point Boulevard, South San Francisco California 94080, USA. To find out more about the security measures of these organisations, please click on the following links: . https://stripe.com/de/privacy . Privacy policy of Give WP: https://givewp.com/privacy-policy/
4.9 API Keys
We make use of certain APIs, in order to provide specific features.
These APIs may include the following third party services: Google Maps (API key), Meetup (OAuth token), PayPal (email, Client ID, Client Secret), Eventbrite (API key, auth URL, Client Secret), and Zoom (email, Client ID, Client Secret).
4.10 Communication via messenger
We use messengers for communication purposes and therefore ask you to observe the following information on the functionality of the messengers, encryption, the use of the metadata of the communication and your options for objecting.
You can also contact us in alternative ways, such as by phone or email. Please use the contact options provided to you or the contact options provided within our online offer.
In the case of end-to-end encryption of content (i.e., the content of your message and attachments), please note that the content of the communication (i.e., the content of the message and attached images) is end-to-end encrypted. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use an up-to-date version of Messenger with encryption enabled to ensure that message content is encrypted.
However, we would also like to point out to our communication partners that although the providers of the messengers do not view the content, they can find out that and when communication partners communicate with us, as well as technical information about the device used by the communication partners and, depending on the settings of their device, location information (so-called metadata) is processed.
Notes on legal bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for our processing of their data is their consent. In addition, if we do not ask for consent and you contact us, for example, on your own initiative, we use Messenger in relation to our contractual partners as well as in the context of the initiation of the contract as a contractual measure and, in the case of other interested parties and communication partners, on the basis of our legitimate interests in fast and efficient communication and in fulfilling the needs of our communication partners in communication via Messenger. Furthermore, we would like to point out that we will not transmit the contact details provided to us to the messengers for the first time without your consent.
Revocation, objection and deletion: You can revoke your consent at any time and object to communication with us via Messenger at any time. In the case of communication via messenger, we delete the messages in accordance with our general deletion guidelines (i.e., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information provided by the communication partners, if no reference to a previous conversation is to be expected and there are no legal retention obligations to prevent the deletion.
Reservation of reference to other means of communication: Finally, we would like to point out that for reasons of your security, we reserve the right not to answer inquiries via Messenger. This is the case, for example, if internal contractual information requires special secrecy or if a response via messenger does not meet the formal requirements. In such cases, we will refer you to more appropriate means of communication.
- Types of data processed: contact details (e.g. e-mail, telephone numbers); Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Content data (e.g. . submissions in online forms).
- Data subjects: Communication partners.
- Purposes of processing: contact requests and communication; Direct marketing (e.g. by e-mail or post).
- Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- Whatsapp: Messenger with end-to-end encryption, Service provider: WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.whatsapp.com/ Privacy Policy: https://www.whatsapp.com/legal/privacy-policy
- Telegram: messenger with end-to-end encryption; Service Providers: Representative in the European Union: European Data Protection Office (EDPO), Avenue Huart Hamoir 71, 1030 Brussels, Belgium; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:https://telegram.org/. Privacy Policy: https://telegram.org/privacy.
4.11 Provision of the online offer and web hosting
We process users’ data in order to be able to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.
- Types of data processed: usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Content data (e.g. . submissions in online forms).
- Data subjects: Users (e.g. website visitors, users of online services).
- Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.). Security Measures.
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- Provision of our online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also known as a “web host”); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
- Collection of access data and log files: Access to our online services is logged in the form of so-called “server log files”. The server log files may include the address and name of the websites and files accessed, date and time of access, data volumes transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. On the one hand, the server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.
- E-mail sending and hosting: The web hosting services we use also include the sending, receiving and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as further information regarding the sending of e-mails (e.g. the providers involved) as well as the content of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of detecting SPAM. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot assume any responsibility for the transmission path of the e-mails between the sender and the receipt on our server; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
- com: hosting and software for creating, delivering, and operating websites, blogs, and other online offerings; Service Provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://wordpress.com; Privacy Policy: https://automattic.com/de/privacy/; Data processing agreement:https://wordpress.com/support/data-processing-agreements/. Basis for third-country transfer: EU-US Data Privacy Framework (DPF).
4.12 Video conferencing, online meetings, webinars and online lectures and online courses and screen sharing
We use third-party platforms and applications (hereinafter referred to as “Conference Platforms”) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as “Conference”). When selecting conference platforms and their services, we take into account the legal requirements.
Data processed by conference platforms: In the context of participation in a conference, the conference platforms process the personal data of the participants mentioned below. The scope of the processing depends, on the one hand, on which data is requested in the context of a specific conference (e.g. provision of access data or real names) and which optional information is provided by the participants. In addition to processing for the implementation of the conference, the data of the participants may also be processed by the conference platforms for security purposes or service optimization. The processed data includes personal data (first name, last name), contact information (e-mail address, telephone number), access data (access codes or passwords), profile pictures, details of professional position/function, the IP address of the Internet access, details of the participants’ end devices, their operating system, the browser and its technical and linguistic settings, information on the content of the communication processes, i.e. entries in chats, as well as audio and video data, as well as the use of other available features (e.g. surveys). The content of the communications is encrypted to the extent technically provided by the conference providers. If the participants are registered as users with the conference platforms, then further data may be processed in accordance with the agreement with the respective conference provider.
Logging and recordings: If text entries, participation results (e.g. of surveys) as well as video or audio recordings are logged, this will be communicated transparently to the participants in advance and they will be asked for consent if necessary.
Data protection measures of the participants: For the details of the processing of your data by the conference platforms , please note their data protection notices and select the optimal security and data protection settings for you within the settings of the conference platforms. Please also ensure that data and privacy are protected in the background of your recording for the duration of a video conference (e.g. by notifying roommates, locking doors and, as far as technically possible, using the function to make the background unrecognizable). Links to the conference rooms as well as access data may not be passed on to unauthorized third parties.
Notes on legal bases: If, in addition to the conference platforms , we also process the data of the users and the users ask for their consent to the use of the conference platforms or certain functions (e.g. consent to a recording of conferences), the legal basis for the processing is this consent. Furthermore, our processing may be necessary for the fulfilment of our contractual obligations (e.g. in participant lists, in the case of processing of interview results, etc.). In addition, users’ data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.
- Types of data processed: inventory data (e.g. names, addresses); contact details (e.g. email, phone numbers); Content data (e.g. submissions in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, timings, identification numbers, consent status).
- Data subjects: communication partners; Users (e.g. website visitors, users of online services). People depicted.
- Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; Contact requests and communication. Office and organizational procedures.
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- Zoom: conferencing and communication software; Service Provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://zoom.us; Privacy Policy:https://zoom.us/docs/de-de/privacy-and-legal.html; Data processing agreement: https://zoom.us/docs/de-de/privacy-and-legal.html (referred to as Global DPA). Basis for third-country transfers: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://zoom.us/docs/de-de/privacy-and-legal.html (referred to as Global DPA)).
5. How long do we store your personal data?
Duration of storage of personal data:
At the end of the contract, the data will first be stored for the duration of the warranty period, then in compliance with the statutory retention periods, in particular tax and commercial law, and deleted at the end of this period, if you have not consented to further processing and use. Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
- We process and store your personal data only as long as necessary for our processing purposes. If we process and store your personal data based on your consent, we delete such data immediately after you withdraw your consent.
- Upon request, we will regularly delete the data collected and stored for our websites’ usage at any time. We will do this ourselves and within a few days, unless we have a particular interest in continuing storage for individual cases, e.g., cyberattacks. Regarding your contact requests, we only store your data for the time period necessary to answer your request.
- Insofar as you have registered for our newsletter, we process your data in this context for the duration of the registration to our newsletter and delete it at any time, should you unsubscribe from our newsletter or withdraw your consent.
- The same apply in relation to the registration on our website and the data in connection with your personal user profile.
- In the context of product or service orders and fundraising, we retain your data only as long as necessary to fulfill your booking, order or other request. In the context of event, course, accommodation, registrations, we store your personal data collected during the booking for two years, starting at the end of the calendar year of the customer’s last visit to ensure a better customer care. Personal data that is necessary to establish or defend against claims may be stored until limitation periods have expired.
- However, insofar as a longer retention period is required by statutory retention and documentation obligations or to protect our legitimate interests, e.g., in the event of possible legal disputes, your personal data will be stored and processed even after the above-mentioned period has expired. With complete execution of a contract or quasi-contractual relationship, we will, as far as possible, immediately restrict your personal data from further processing.
6. Rights of the data subjects and storage period
6.1 Right of revocation in case of consent:
The consent to the processing of the photos and/or videos can be revoked at any time for the future with future effect. The data subject can exercise their withdrawal rights with:
Bhakti Marga México AC Bhakti Marga México AC
Naciones Unidaa 6178-17
Parque de la Castellana
Zapopan . Jalisco, México
CP 45117
Responsible : Shanta
The legality of the data processing carried out on the basis of the consent until the revocation is not affected by this. In case of a contract with you as a participant is signed, regarding the production of the documentation an event, than a contract is the legal basis for the processing of your data according to Art. 6 I b GDPR.
6.2 Rights of the data subject
If the legal requirements are met, you have the following rights in accordance with Articles 15 to 20 of the GDPR: Right to information, correction, deletion, restriction of processing, data portability.
In addition, pursuant to Article 21 (1) GDPR, you have the right to object to processing based on Article 6 (1) f GDPR, as well as to processing for direct advertising purposes.
- If your personal data are processed, you have the right to receive information about the data stored about you. (Art. 15 GDPR)
- If incorrect personal data is processed, you have the right to rectification (Art. 16 GDPR).
- If the legal requirements are met, you may request erasure or restriction of processing, as well as object to processing (Art. 17, 18, 21 GDPR)
- If you have consented to the data processing or a contract for data processing exists and the data processing is carried out with the help of automated procedures, you may have a right to data portability. (Art. 20 GDPR)
If you make use of the aforementioned rights, the controller will check whether the legal requirements for this are met.
This takes place in the form of a negative or positive decision or a determination of identity. In the case of a positive decision in accordance with Art. 15 of the GDPR, the data subject will be provided with complete detailed information. An email confirmation will be sent by WordPress with the request for confirmation of the request for deletion as a security mechanism and serves the purpose of establishing identity. After confirmation of this deletion request, the data is first removed from the systems and then stored on local servers, depending on the deletion deadlines.
Even without a special request from our customers, the parties naturally comply with the obligations to delete personal data. Such obligations arise, for example, from Art. 17 GDPR. However, there are personal data that are exempt from this obligation to delete and for which we the parties even obliged by other laws to continue to store it. Deletion is exceptionally excluded in the cases described in Art. 17 (3) GDPR. This applies in particular if, pursuant to Art. 17 (3) (b) GDPR further storage is necessary for the fulfilment of a legal obligation of the obligation of the responsible party justified by law as well as when, pursuant to Art. 17 (3) lit. GDPR, further storage is indicated for the assertion, exercise or defence of legal claims. In accordance with Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is not lawful.
6.3 RIGHT TO OBJECT PURSUANT TO ARTICLE 21 GDPR
6.3.1 OBJECTION ON GROUNDS OF YOUR PARTICULAR SITUATION
According to article 21 (1) GDPR you have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you which is based on our legitimate interests, including profiling (e.g., credit rating). We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of you, or for the establishment, exercise, or defense of legal claims.
6.3.2 OBJECTION AGAINST DIRECT MARKETING
According to article 21 (2) GDPR you have the right to object at any time to processing of personal data concerning you for purposes of direct marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
6.4 Right to object
If the processing of personal data referred to here is based on our legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right, on grounds arising from your particular situation, to object at any time to this processing with future effects.
Upon successful objection, the processing of the data in question will be terminated, unless we can demonstrate that there is a compelling justifiable reason for the processing which outweighs your interests, rights and freedoms, or if the processing is for the purpose of to establish, exercise or defend legal claims.
If the personal data is processed for direct marketing purposes, you can object to this processing at any time by notifying us. Upon successful objection, we will terminate the processing of the data in question for direct marketing purposes.
7. Technical security measures
7.1 Security measures
We implement a variety of security measures designed to maintain the safety of your personal data we store and process.
We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, safeguarding availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and data protection-friendly default settings. TLS/SSL encryption (https): To protect user data transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting the data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL if a website is secured by an SSL/TLS certificate. For example, to protect the transmission of confidential information that you send to us as the website provider, we use SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any personal data under our control is compromised as a result of a security breach, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose personal data may have been compromised and or the competent data protection authority.
7.2 Transmission of personal data
As part of our processing of personal data, the data may be transferred to other bodies, companies, legally independent organisational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.
Data transfer within the organisation: We may transfer personal data to other departments within our organisation or grant them access to this data. If this transfer takes place for administrative purposes, the transfer of the data is based on our legitimate business and commercial interests or takes place if it is necessary to fulfil our contractual obligations or if the consent of the data subjects or legal permission has been obtained.
8. Status of the Privacy Notice and Updates
Please note, this privacy notice may be amended by us at any time to the extent necessary to provide you with adequate information about the processing of your personal data. Therefore, please check this privacy notice at regular intervals, insofar as you regularly visit our website or regularly use our products and services. The date of the last update of this privacy notice is indicated at the beginning of this privacy notice.
Last update: 01.01.2024