Privacy Notice of Bhakti Event GmbH

and its affiliated companies

Bhakti Marga Yoga gGmbH, Bhakti Marga Stiftung as revised on 20 February 2024

Summary

 

We are very delighted that you have shown interest in our enterprise. With this summary, we intend to provide you with a brief overview on what we do with your personal data for an easily understanding. For more detailed information on each of the sections below, we recommend reading the full version of this privacy notice.

 

I.                              Scope: This privacy notice applies to the use of your personal data in the context of using our websites and order products and services.

 

II.                          Responsibility: Bhakti Event GmbH is generally responsible for the collection and processing of your personal data. However, in some cases, we may jointly process your personal data with third parties, in particular other Bhakti Marga entities. You can find contact detail in section 2.

 

III.                      Data Collected and Purposes of Use: The types of data that we process personal data such as your names, contact details, contract- and registration-related data, communication data, user and usage data and IP address, but also more sensitive data that reveal information on your religious or philosophical beliefs, such as your spiritual name or initiation status. We use your personal data to fulfil contracts with you (by fulfilling your orders and support you in your spiritual path etc.) or to pursue our legitimate interest that are not overridden by your fundamental rights and freedoms, such as promoting our cause by providing news on what may be of interest to you (such as events and courses), improving our services and ensuring the confidentiality and integrity our services, or simply to communicate with you. Where we process data on your religious or philosophical belief, we will ask for your consent. For detailed information on the types of date and the purposes of use as well as the legal basis we rely on when processing your personal data, please see section 3.

 

IV.                      Where we obtain data: We process personal data about you that you mostly directly provide to us, for example when you register for a Bhakti ID account, order products and services or communicate with us. We may also automatically collect personal data when you use our services, for example by using cookies. In addition, we may receive information from third-parties, such as family members or friends who may mention you in connection with an event (for example a prayer) or a donation.

 

V.                          How we share data: We may share certain personal data with other Bhakti Marga entities, service providers who support us in providing our services to you, who are either processors acting on our behalf (such as, for example, to support our marketing activities and maintain our website) or controllers themselves (such as , for example, payment service providers and donation and accounting service providers and shipping and distribution companies) or the public if you comment on our blog. You can learn more about how we share your personal data in section 5.

 

VI.                      International transfer: We may transfer your personal data to other countries that are located outside the European Economic Area, which means that in these countries, less protective privacy laws and regulations apply. However, we will ensure that to put appropriate legal safeguards in place for such transfers.

 

VII.                  Storage of Data: We process and store your personal data only as long as necessary for our processing purposes. However, sometimes the law requires us to keep such data for longer. To learn more about storage periods, please see section 7.

 

VIII.              Your Rights: You have certain rights under the General Data Protection Regulation concerning your personal data. The types rights you have and further information in this regard can be found in section 8.

IX.                      Obligation to provide data? You do not have to provide personal data to us, but we may not be able to provide our services if we do not have your personal data.

 

X.                          No automate decision making: Bhakti does not use automated decision-making procedures.

 

XI.                      Tracking technology: We use cookies and other tracking technology, for example to improve our services, offer news and content that may be of interest to you and remember your preferred settings. Information on how tracking technologiy works, what types of cookies we use, and how log they are valid can be found in section 11, detailed information on the used cookies can be found in our Cookie Policy.

 

XII.                  Third Party Online Services: We use third-party plug-ins and other online services to provide you a convenient and interesting website and enable to easily access content from social media platforms. These third parties are (joint) controllers and they may decide on what types of personal data they collect. However, to honor your privacy, we selected an implementation of the various plug-ins that ensures that personal data will not be shared with these third-party services providers, if you activate or interact with these services. To learn more about these services, please see section 14.

 

XIII.              Security. We take the security of your data very seriously. We have implemented various technical and organisational measures to protect your personal data. Details can be found in section 18.

 

XIV.               Updates: We may update this Privacy Notice from time to time, the date of the last update is indicated at the beginning of this privacy notice.

 

1.       Scope of application

 

We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the Bhakti Event GmbH (herewith "Bhakti Event" or "we") and we are committed to protecting your privacy and personal data. With this Privacy Notice we would like to inform you in detail about how we use your personal data and what rights you have.

 

This Privacy Notice applies to the use of your personal data when you visit our websites available at:

 

http://www.bhaktimarga.org/ www.shreepeethanilaya.org https://justlovefestival.org/ https://paramahamsavishwananda.com/ https://bhaktishop.com/ https:/events.bhaktimarga.org

 

by e-mail or telephone, when you order products or services, or when you create a personal account on the website.

 

2.       Who is responsible and to whom can I reach out?

 

Bhakti Event GmbH, Am Geisberg 4, 65321 Heidenrod, is responsible for the processing of personal data described in this Privacy Notice.

 

You can contact the following office for all inquiries related to data protection:

 

Bhakti Event GmbH

Am Geisberg 4

 

65321 Heidenrod Germany

Tel.                  06124/609 1125

E-mail              dataprotection@bhaktimarga.org

 

You can contact our data protection officer, lawyer Mrs Anna Aman via following emails:

 

dataprotection@bhaktimarga.org or

anna.aman@bhaktimarga.org

 

Any data subject may, at any time, contact our data protection officer directly with all questions and suggestions concerning data protection.

 

Affiliated companies

 

Bhakti Event GmbH operates together with the following companies, which also declare this Privacy Notice as theirs:

 

Bhakti Marga Stiftung

 

Am Geisberg 1-8

65321 Heidenrod Germany

Tel. 06124/609 1125

 

Bhakti Marga Yoga gGmbH

 

Am Geisberg 1-8

65321 Heidenrod Germany

Tel. 06124/609 1125

 

 

You can contact our data protection officer, lawyer Mrs Anna Aman via following emails:

 

 

dataprotection@bhaktimarga.org or

anna.aman@bhaktimarga.org

 

Please note that we act as joint controllers with our umbrella Organisation subsidiary Bhakti Marga Stiftung (with regard to the Bhakti Marga Academy App provided by the 360Learning collaboration platform and to donations and endowments, with the exception of the "Serve a deity" donation programme, free temple events and applications for short voluntary activities organised by Bhakti Marga Yoga gGmbH). For further details in this respect, please see section 5.3. We have a contractual agreement with the tour operator Inner Journey GmbH regarding the video accompaniment of Inner Journey GmbH trips with Swami Vishwananda and other BM Swamis for the purpose of offering our virtual pilgrimage and a video production as a video-on-demand service on the media platform "Guru Connect".

 

3.       Which data do we process from you, for what purposes and on what legal basis do we process your data?

We collect and process various personal data from you depending on the specific processing situation. Below you will find a list of the data related to the respective processing situations.

We process your personal data exclusively in accordance with the provisions of the General Data Protection Regulation ("GDPR") and the Federal Data Protection Act (Bundesdatenschutzgesetz) ("BDSG"). In certain situations, we also process your personal data to fulfill other legal obligations or based on your explicit consent.

 

In general, we process your personal data:

 

·       For the performance of a contract

We process your personal data to fulfill contractual or quasi-contractual obligations, to enter into an agreement, e.g. to provide services in our role as an investor, to support current customers, or to answer questions in relation to our services.

 

·       To be in compliance with legal obligations

To the extent that we are subject to legal obligations, for the compliance of which the processing of your personal data is necessary, we process your personal data on the basis of these legal obligations.

 

·       Based on our legitimate interests

We also process your personal data to protect our legitimate interests, except where your interests or fundamental rights and freedoms, which require the protection of your personal data prevail.

 

Subject to a decision to be made in individual cases, we usually assume that our legitimate interests prevail within the context of, in particular, the following processing situations:

 

§  Improving our offers and services;

§  Analysis of the usage of our websites;

§  Ensuring the confidentiality and integrity of our IT systems;

§  General communication with you;

§  Cooperation with public authorities;

§  Activities to make us and our services known;

§  Eventually, we may also pursue or defend ourselves against legal claims

 

·       Based on your consent

If you have given us separate consent to process your personal data, we will process your personal data within and on the basis of this consent. Consents may, for example, relate to the transfer of data to associated companies or third persons, the evaluation of your data for targeted advertising activities or sending of newsletters.

Consent is always freely given. Refusing or revoking your consent will not have any negative consequences for you.

 

 

3.1            Visiting our websites

 

3.1.1        What data do we process when you visit our websites?

 

If you use the services provided by Bhakti Event on the websites without registering, we will process, inter alia, the following personal data from you:

·       Data about the usage of the provided websites (e.g., used browser, used operating system, internet service provider of the accessing system, referrer URL, sub-websites, date and time of server request, requested contents, duration of usage);

·       IP address.

 

3.1.2        For what purposes and on what legal basis do we process this data?

 

When using these data, Bhakti Event does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary, e.g., for criminal prosecution in case of a cyber-attack.

 

Bhakti Event analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by you.

 

The processing is necessary for the purposes of protecting our legitimate interests, except where your interests or fundamental rights and freedoms, which require the protection of your personal data prevail (Art. 6 (1) lit. f GDPR).

 

3.1.3  Further information on processing operations, procedures and services:

 

-    Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called "web host"); legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

 

-    Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". The server log files may include the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used for security purposes, e.g. to avoid overloading the servers (especially in the event of abusive attacks, so-called DDoS attacks) and to ensure the utilisation of the servers and their stability; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further retention is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

 

3.1.4  Website Hosting

 

·       Mediactive: Mediactive SAS, situé 3-4-10, 3 Cité Paradis - 75010 Paris (RCS PARIS B 487 724 536 00015), responsible Alexandre Lafond, https://www.groupe-mediactive.fr/.

 

·       WordPress.com: Hosting and software for the creation, provision and operation of websites, blogs and other online offerings; service provider: Aut O'Mattic A8C Ireland Ltd, Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://wordpress.com; Privacy Policy; Data Processing Agreement. Basis for transfer to third countries: EU-US Data Privacy Framework (DPF).

3.2            Registration on the website, Bhakti ID and personal profile

 

3.2.1        Which data do we process when you register on our website?

 

If you take the possibility to register on our website, we will process, inter alia, the following data:

 

·       IP address,

·       Date and time of the registration,

·       Username and password,

·       E-mail address.

 

In addition, you can provide us with further personal data, inter alia, your first and last name as well as your shipping and billing address. You can insert such further information as part of the registration process on a voluntary basis. You can decide yourself whether you want to provide such data which is marked as "optional".

 

After creating your account, you will have your own personal profile on our website (Bhakti-ID). In the further process, you can enter into your profile further information about you (such as your country, phone number, date of birth, a photo of you, language preference) on a voluntary basis.

In addition, you can provide information about your Devotee or Brahmachari status (inter alia, date of initiation, your initiating person, related Swamis or Rishis, Ishtadev), information on your experience with Atam Kriya Yoga (such as your level and your teacher and/or initiating person) and courses already taken with us (for example, attended in Atma Kriya Yoga) and whether you are a Bhakti Marga Teacher (all together referred to as “My Data”).

 

The information you provide may contain personal data relating to your religious or philosophical beliefs (i.e., special categories of personal data pursuant to Art. 9 (1) GDPR), such as your spiritual name, your Devotee or Brahmachari status and related initiation information, information about your initiations and Ishtadev.

 

3.2.2        For what purposes and on what legal basis do we process this data?

 

The data is collected, processed and stored for internal use by us, and for the purpose to provide you with a personal user profile (Bhakti ID). In addition, Bhakti Event will provide you with a personalized dashboard where you can, for example, make donations and see your donation history.

 

The registration data is intended to enable Bhakti Event to offer you content or services that may only be offered to registered users due to the nature of the matter in question. In addition, we use your registration and profile data to provide you with special offers based on your specific and individual interests. Finally, we use your profile data to support your Journey at Bhakti Event and to help you achieving your goals, for example the Devotee status. In this regard we use your data, inter alia, to contact you directly via email.

 

To be in a position to offer you events or courses that are only open with a certain status (such as Devotee or Brahmachari) we need to send your personal status information (such as your Devotee or Brahmachari status) to your initiating Swami/Rishi. The Swami/Rishi uses the information about your status, in particular, to verify your current initiation status. Without your consent to share such data for such verification, we cannot provide certain offers to you. In addition, with your consent, we may send “My Data” to your initiating Swami/Rishi/ or the Bhakti Marga Country Coordinator responsible for you (“BMCC”). The Swami/Rishi/BMCC may use this data to contact you directly in order to help you on your spiritual path, to

support you and provide information with news and updates on Bhakti, our events, courses, offers and fundraising.

 

Registered persons are free to change the personal data specified during the registration process and profile update at any time, or to have them completely deleted from our database.

 

The processing is necessary to fulfil contractual or quasi-contractual obligations (Art. 6 (1) lit. b GDPR) or for the purposes of protecting our legitimate interests, except where your interests or fundamental rights and freedoms, which require the protection of your personal data prevail (Art. 6 (1) lit. f GDPR).

 

If required by applicable law, we will seek your explicit consent (Art. 6 (1) lit. a GDPR) (such as where we share your data with the Swami/Rishi//BMCC) to process and transfer personal data collected on our websites or volunteered by you. Consent will be entirely voluntary. However, if the requested consent to process your personal data has not been granted by you, the use of this website may not be entirely possible.

 

We only collect and process data relating to your religious or philosophical beliefs (special categories of personal data according to Art. 9 (1) GDPR), such as your spiritual name or, with your explicit consent.

 

 

 

3.3.          Subscription to the Bhakti Membership (Guru Connect)

 

3.3.1        Which data do we process when you subscribe to our membership?

 

On our website, users are given the opportunity to subscribe to our exclusive membership. In order to subscribe to our membership, you need to buy a subscription in Bhakti Event´s online shop. If you subscribe to our membership, we will process, inter alia, the following data:

 

·       IP address,

·       Date and time of the registration,

·       Title (optional),

·       Your first and last name,

·       E-mail address,

·       Phone number,

·       Company name,

·       Country,

·       Address,

·       Payment information such as credit card number or other bank information.

 

3.3.2        For what purposes and on what legal basis do we process this data?

 

With the exclusive membership you can access the members dashboard, exclusive member content on the website and you can book special events and courses and get special offers and access to special video-on- demand services.

 

Registered members are free to change the personal data specified during the subscription process and profile update at any time, or to have them completely deleted from the database of Bhakti Event.

 

The processing is necessary to fulfil contractual or quasi-contractual obligations (Art. 6 (1) lit. b GDPR) or for the purposes of protecting our legitimate interests, except where your interests or fundamental rights and freedoms, which require the protection of your personal data prevail (Art. 6 (1) lit. f GDPR).

If required by applicable law, we will seek your explicit consent to process personal data collected on our websites or volunteered by you. Consent will be entirely voluntary. However, if the requested consent to process your personal data has not been granted by you, the use of this website may not be entirely possible.

 

We only collect and process data relating to your religious or philosophical beliefs (special categories of personal data according to Art. 9 (1) GDPR), such as your spiritual name or, with your explicit consent.

 

3.4            Subscription to our newsletter

 

3.4.1        Which data do we process when you subscribe to our newsletter?

 

On our website, users are given the opportunity to subscribe to our newsletter. If you subscribe to our newsletter, in addition to your first and last name, your e-mail address and your country (optional), we may, depending on the newsletter you are subscribing for, also process “My Data” which you have voluntarily provided to us during the process to create an Bhakti ID account. In particular, we process all information that is necessary to prove that you have registered for the newsletter. In this regard, we use the so-called double opt-in procedure to confirm your subscription and e-mail address. In this process, an e-mail is sent to the provided e-mail address with a message asking you to confirm your consent. In connection with the double opt-in process, we document the IP address, date and time of submission of the web form as well as the IP address, date and time of confirmation of the double opt-in e-mail.

 

3.4.2        Newsletter-Tracking

 

We would like to point out that our newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from their server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we may see if and when an e-mail was opened by you, and which links in the e-mail were called up by you.

 

Such personal data collected in the tracking pixels contained in the newsletters are stored and analysed by us in order to optimise the sending of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties.

 

The tracking of opening statistics and click rates as well as the storage of the tracking results in the user profiles and their further processing are based on the user's consent.

 

In this context, we collect your personal data such as IP address, browser type and device as well as the time. This data can be used to create user profiles under a pseudonym. The data collected will not be used to identify you personally. The data collected is only used for statistical analysis to improve newsletter campaigns.

 

The measurement of opening rates and click rates and the storage of the measurement results in the user profiles and their further processing are carried out on the basis of the user's consent.

 

Unfortunately, it is not possible to revoke the performance measurement separately; in this case, the entire newsletter subscription must be cancelled or objected to. In this case, the stored profile information will be deleted.

3.4.3        For what purposes and on what legal basis do we process this data?

 

The personal data collected as part of the registration for the newsletter will only be used to send our newsletter. Our newsletters keep you posted about what is new and upcoming. While the content varies from one to the next, they all include a message from Paramahamsa Vishwananda along with any important information you need to know. If English is a challenge for you, no problem: the newsletter is always translated into more than a dozen languages. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties.

 

We will process your personal data in connection with the newsletter sending and tracking within and on the basis of your consent (Art. 6 (1) lit. a GDPR respectively Art. 9 (2) lit. a GDPR). Consent is always freely given. Refusing and revoking your consent will not have any negative consequences for you.

 

Your personal data is also processed on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in a targeted, effective advertising and user-friendly newsletter system. You have the right to object to this processing of your personal data at any time on grounds relating to your particular situation.

 

Your data may be transmitted to HubSpot servers in the USA and stored there. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). HubSpot has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.

 

You can withdraw your consent from Bhakti Event GmbH and unsubscribe from our newsletter at any time. For the purpose of withdrawal of consent, a corresponding link is included in each newsletter. It is also possible to unsubscribe from the newsletter at any time by contacting us at unsubscribe@bhaktimarga.org.

 

3.4.4  Processor Hubspot

 

We use the service of HubSpot Ireland Ltd (Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland; "HubSpot") for the newsletter dispatch within the framework of order processing. HubSpot is a company affiliated with HubSpot, Inc. (25 First Street, Cambridge, MA 02141 USA). We pass on the information you provide when registering for the newsletter (e-mail address, first and last name if applicable) to HubSpot. The data processing serves the purpose of sending the newsletter and its statistical analysis.

 

Further information can be found in HubSpot's privacy policy. Order processing contract: https://legal.hubspot.com/de/dpa; Basis for third country transfer: EU-US Data Privacy Framework (DPF), standard contractual clauses (provided by the service provider). Further information: special security measures.

 

3.5            Contact possibility via the website

 

3.5.1        Which data do we process when you contact us?

 

Our website contains information that enables a quick electronic contact to us. Depending on your request, you can contact us via our website (including via our live-chat channel), via e-mail or outside the Internet, either by telephone or in writing. We process the data you send with your request, inter alia, your first name, last name, organization (if applicable), department (if applicable), e-mail address, telephone number, and

other information that you have provided to us. In the case of the use of the live-chat channel, we also need to process you IP address.

3.5.2        For what purposes and on what legal basis do we process this data?

 

The personal data collected as part of the contacting will only be used to answer your inquiry. Therefore, the processing is necessary to fulfil contractual or quasi-contractual obligations (Art 6 (1) lit. b GDPR) or for the purposes of protecting our legitimate interests (Art. 6 (1) lit. f GDPR).

 

3.5.3  Collection and processing when using the contact form

 

When you use the contact form, we only collect your personal data (name, e-mail address, message text) to the extent that you provide it. The data processing serves the purpose of establishing contact.

 

If the purpose of the contact is to carry out pre-contractual measures (e.g. advice on an interest in purchasing, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

 

If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in processing and responding to your enquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Article 6(1)(f) GDPR.

 

We will only use your email address to process your enquiry. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

 

3.5.4  Collection and processing when using the application form

 

When you use the application form, we only collect your personal data to the extent that you provide it. This includes your contact details (e.g. name, e-mail address, telephone number), details of your professional qualifications and training, details of further professional training and performance-related evidence.

 

The data processing serves the purpose of establishing contact and deciding on the establishment of an employment relationship with you. The provision of the data is necessary in order to carry out the application process. Your personal data is processed on the basis of Art. 6 para. 1 lit. b GDPR in conjunction with Art. 26 para. 1 BDSG. § 26 para. 1 BDSG for the implementation of pre-contractual measures (going through the application procedure as an employment contract initiation).

 

If you have given us your consent to the processing of personal data for inclusion in our applicant pool, e.g. by ticking a checkbox, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

 

If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants as part of the application process, such as information on the degree of severe disability, this is done on the basis of Art. 9 para. 2 lit. b. GDPR.

 

GDPR, so that we can exercise the rights arising from labour law and social security and social protection law and fulfil our obligations in this regard.

We store your personal data for as long as this is necessary for the decision on your application. Your data will then be deleted after six months at the latest, unless you have consented to further processing and use. If an employment relationship is established following the application process, the data provided will be further processed on the basis of Art. 6 para. 1 lit. b GDPR in conjunction with Section 26 para. 1 BDSG for the purposes of implementing the employment relationship and then transferred to the personnel file.

 

3.6  Customer account orders

 

3.6.1  Customer account

 

When you open a customer account, we collect your personal data to the extent specified there. The purpose of data processing is to improve your shopping experience and simplify order processing. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can revoke your consent at any time by notifying us without affecting the legality of the processing carried out on the basis of the consent until revocation. Your customer account will then be deleted.

 

3.6.2  Collection, processing and forwarding of personal data for orders

 

When you place an order, we collect and process your personal data only to the extent necessary to fulfil and process your order and to process your enquiries. The provision of the data is necessary for the conclusion of the contract. Failure to provide the data means that no contract can be concluded. The processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR and is necessary for the fulfilment of a contract with you.

 

Your data will be passed on, for example, to the shipping companies and dropshipping providers you have selected, payment service providers, service providers for order processing and IT service providers. In all cases, we strictly observe the legal requirements. The scope of data transfer is limited to a minimum.

 

Your data may be transferred to third countries outside the European Union for which an adequacy decision has been issued

 

3.7  Virtual pilgrimages

 

3.7.1  Affiliated company for pilgrimages

 

·      Tour operator is Inner Journey GmbH, Glärnischstrasse 15, 8712 Stäfa, Switzerland,

phone +41 79 918 80 88, e-mail: info@innerjourney.ch, www.innerjourney.ch, https://innerjourney.ch/about/#privacy-policy, commercial register Switzerland (Zefix); registration number: UID: CHE-413.724.090.

 

Bhakti Bharat Bhakti Bharat, a registered partnership firm,, GST: 09AAVFB5794R1Z2, PAN: AAVFB5794R, IEC: AAVFB5794R, Address:Ground floor, 383 Sheetal Chaya,Raman Reti road,Vrindavan 281121 E-mail: PVindiaadventures@bhaktib.in, privacy policy.

 

3.7.2  What data do we process when you register for a pilgrimage

 

We only process data in the case of a subsequent virtual pilgrimage: name, surname, e-mail address, language of interpretation, spiritual name (optional), information about the pilgrimage, photo and video recordings of the pilgrimage for which you have registered in the case of a parallel virtual pilgrimage.

3.7.3  Purpose

 

If you sign a video production contract with us, we will use your photo and video footage of the pilgrimage you took part in to offer the digital product of a live virtual pilgrimage and to offer the digital product of a video-on-demand as a subscription within the media platform "Guru Connect". We use Hexaglobe platform for video production and editing. There is an order processing agreement with Hexaglobe in accordance with Art. 28 GDPR.

 

We have concluded a contractual agreement with the tour operator Inner Journey GmbH, regarding the video accompaniment of Inner Journey GmbH trips with Swami Vishwananda and other BM Swamis, for the purpose of offering our virtual pilgrimage and a video production as a video-on-demand service on the media platform "Guru Connect".

 

In addition, we may use your photos and videos taken during the pilgrimage for commercial purposes. This means that your photos and videos may be used on our websites, in (print) publications and on our Facebook, Instagram page and YouTube channel. The same applies to Bhakti Bharat.

 

3.7.1.3 On what legal basis do we process the data?

 

The processing takes place on the legal basis of Art. 6 para. 1 lit. b GDPR (fulfilment of contract / video production contract) and on your consent in accordance with Art. 6 para. 1 lit. a GDPR. Furthermore, the processing of the data available to us in connection with business transactions, contracts, booked travel services in connection with usage data as well as the e-mail address and address of the travel applicant for the purpose of direct advertising is carried out on the legal basis of legitimate interest (Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG) or consent, Art. 6 para. 1 lit. a GDPR). We may also process your spiritual name as part of the pilgrimage if you request such use (Art. 9 para. 2 lit. a GDPR). After the contract has been fully processed, we will continue to store the aforementioned data for verification purposes and for the purpose of defence against legal claims on the basis of legitimate interest (Art. 6 para. 1 lit. f GDPR) and for the fulfilment of statutory retention periods (Art. 6 para. 1 lit. c GDPR). If you consent, we may also process your personal data for commercial purposes as described above and for participation in the shared experience during the pilgrimage (Art. 9 para. 2 lit. a GDPR).

 

Processor: Hexagobe, 171 - 173 rue Saint-Martin 75003, Paris, France, +33 1 42 86 67 68 contact@hexaglobe.com

 

Further information can be found in Hexaglobe's privacy policy. We have concluded an order processing contract with Hexaglobe in accordance with Art. 28 GDPR.

 

3.7.2        Booking a virtual pilgrimage

 

3.7.2.1    Which data do we process when you book a virtual pilgrimage?

 

If you book a virtual pilgrimage via our website, we process from you, inter alia, first and last name, e-mail address, language of interpretation, spiritual name (optional), information about the pilgrimage you have registered for, your IP address and payment information such as credit card number or other bank information.

We may also process videos recordings of you while you participate in the virtual pilgrimage to share the common experience with the whole participating (online and offline) community during a livestream and a certain period then after. In this process, the username by which you participate in the virtual pilgrimage will also be displayed.

Moreover, we may use your photos and videos taken during the pilgrimage for the purpose of commercial use. This means your photos and videos may be used on our websites, in (print) publications and our Facebook, Flickr, Instagram page as well as our You Tube channel.

 

3.7.2.2   For what purposes and on what legal basis do we process this data?

 

The personal data will be collected as part of the virtual pilgrimage booking and to fulfil the services, for contract communication and the IP address for verification and documentation purposes.

We may also analyse the data we have on business transactions, contracts, booked travel services in conjunction with usage data to increase the user-friendliness of our services, optimise our portfolio and to provide you with offers tailored to your interests. The analyses serve us alone and are not disclosed externally unless they are anonymous analyses with aggregated values.

The processing is based on the legal basis of Art. 6 (1) lit. b GDPR (performance of contract. Furthermore, the processing of the data available to us relating to business transactions, contracts, booked travel services in conjunction with usage data as well as the e-mail address and address of the travel applicant for the purpose of direct advertising is based on the legal basis of legitimate interest (Art. 6 (1) lit. f GDPR in conjunction with § 7 (3) UWG) or consent, Art. 6 (1) lit. a GDPR). We may also process your spiritual name in the context of the pilgrimage to the extent you agree to such use (Art. 9 (2) lit. a GDPR). After complete processing of the contract, we continue to store the aforementioned data for verification purposes as well as for the purpose of defending legal claims on the basis of legitimate interest (Art. 6 (1) lit. f GDPR) as well as for the fulfilment of legal retention periods (Art. 6 (1) lit. c GDPR).

 

To the extent you consent, we may also process your personal data for commercial use as set out above as well as to participate in the common experience during the pilgrimage (Art. 9 (2) lit. a GDPR).

 

To provide a virtual pilgrimage, for video production and editing, we use Hexaglobe.

 

Processor: Hexagobe, 171 - 173 rue Saint-Martin 75003, Paris, France, +33 1 42 86 67 68 contact@hexaglobe.com

 

Further information can be found in Hexaglobe's privacy policy. We have concluded an order processing contract with Hexaglobe in accordance with Art. 28 GDPR.

 

3.8            Registration for events

 

3.8.1        Which data do we process in the context of booking and managing events?

 

If you register for our paid events in the event calendar on our website (you do not need a Bhakti ID account for an event booking), we process from you, inter alia, title, first and last name, country, address, e-mail address, telephone number, spiritual name (optional), information about the event you have registered for, payment information such as credit card number or other bank information.

If you register for our free events in the event calendar on our website, we process from you, inter alia, username, e-mail address, spiritual name (optional), information about the event you have registered for.

 

3.8.2        For what purposes and on what legal basis do we process this data?

 

The personal data collected as part of the event booking and managing will particularly be used to fulfil your inquiry. In addition, we may use the collected data to contact you directly and offer you similar offers and events based on your booking history and personal interests.

 

The processing is necessary to fulfil contractual or quasi-contractual obligations (Art. 6 (1) lit. b GDPR). The processing of your data for the free events is based on the legitimate interest Art. 6 lit f GDPR to be able to offer you the booked service. We may also seek your explicit consent to process personal data collected in connection with the event booking and managing (Art. 6 (1) lit. a GDPR). Consent will be entirely voluntary.

 

We only collect and process data relating to your religious or philosophical beliefs (special categories of personal data according to Art. 9 (1) GDPR), such as your spiritual name or, with your explicit consent.

 

3.8.3   Photo, filming, livestream in the temple and our events

 

During our events in the temple and in the event tent, photo and/or film recordings (including sound) and a live broadcast are made and broadcast live in real time.

Your religious beliefs may become recognisable in this process.

 

In addition, we may use your photos and videos recorded during the event for commercial purposes. This means that your photos and videos may be used on our websites, in (print) publications and on our Facebook, Flickr, Instagram page and YouTube channel. At the beginning and end of the darshan, when Paramahamsa Vishwananda enters and leaves the venue, video and audio recordings for a livestream take place, especially of Paramahamsa Vishwananda, so it may happen that participants are also captured by the livestream recordings. It is mainly the rituals, the priests, swamis and swaminis and Paramahamsa Vishwananda that are filmed. Recordings of guests will be avoided as far as possible, but cannot be ruled out.

If you do not want to be photographed or filmed, you can go to the photo/video/livestream -free area.

 

3.8.4  For what purposes and on what legal basis do we process this data?

 

·       Purpose: The recordings may be published or broadcast live on the Internet, the online portal of social media channels, or on the Bhakti Marga YouTube channel or on other Internet-based networks, platforms or mobile apps, live streaming (real-time streaming) on the Bhakti Marga website or on the Bhakti Marga Facebook page, the responsible entity as well as in TV and print media (including books). To share the common experience with the entire participating (online and offline) community during a livestream and a certain period of time afterwards. Possible further recipients can be found in this privacy policy.

·       Duration of processing: The recordings are stored for 3 years and then deleted.

·       Legal basis and legitimate interest: The processing is carried out on the basis of the legitimate interest of the controller to document the event organised visually, and to report positively to a larger public (Art. 6 para. 1 lit. f GDPR) as well as on your voluntary consent in accordance with Art. 6 para.

1 lit. a GDPR. We only collect and process data relating to your religious or philosophical beliefs (special categories of personal data pursuant to Art. 9 (1) GDPR), e.g. only with your express consent.

 

Order processors:

-    Hexagobe, 171 - 173 rue Saint-Martin 75003, Paris, France, +33 1 42 86 67 68 contact@hexaglobe.com Further information can be found in Hexaglobe's privacy policy. We have concluded an order processing contract with Hexaglobe in accordance with Art. 28 GDPR.

 

-     Flickr, operated by Flickr, Inc, Flickr c/o Yahoo! Inc, 701 First Avenue, Sunnyvale, CA 94089, USA. Further information can be found in Flickr's privacy policy. Basis for the transfer to third countries: Standard contractual clauses. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.flickr.com, Privacy Policy: https://www.flickr.com/help/privacy. Data processing agreement: https://www.flickr.com/help/dpa.

 

-    YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy Policy: https://policies.google.com/privacy; Basis for third country transfer: EU-US Data Privacy Framework (DPF). Option to object (opt-out): https://adssettings.google.com/authenticated. DPA: https://www.youtube.com/t/terms_dataprocessing.

 

3.9            Fundraising and endowments

 

3.9.1        Which data do we process in the context of the fundraising function?

 

You can use a fundraising function on our website. If you fundraise, we process from you, inter alia, name, surname, email, and payment information such as credit card number or other payment information.

 

The processing of donations is handled by the third-party providers Raisenext of Buildnext GmbH, located at Bremer Heerstr. 117, 26135 Oldenburg, Germany.

 

For more information in relation to the data processing by Raisenext see the imprint information: https://www.raisenext.de/impressum and Raisenext's Privacy Policy: https://www.raisenext.de/datenschutz. We have concluded an order processing contract with Buildnext in accordance with Art. 28 GDPR.

 

3.9.2  Donations are processed via the Shopify software

 

We use the e-commerce software Shopify for the online donation management on our website https://donate.bhaktimarga.org and on the website https://donate.shreepeethanilaya.org. Shopify International Limited, address: Victoria Buildings, 2nd floor

 

1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, e-mail: hilfe@shopify.de, Privacy Policy of Shopify https://www.shopify.com/legal/privacy.

 

Shopify processes this data primarily on European servers. Shopify sends some data to its Canadian servers. Data transfers to Canada are legitimised by an adequacy decision. Occasionally, Shopify sends data to sub-

processors in the USA. However, Shopify obliges them to comply with strict data protection obligations. We have concluded an order processing contract with Shopify in accordance with Art. 28 GDPR.

 

Shopify Data Processing Addendum. For more information, please visit the page of our online shop Privacy Policy.

 

We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, the payment will be processed by the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. You can find more information on Shopify Payments' data protection at the following Internet address: https://www.shopify.com/legal/privacy.

 

Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy.

 

Bhakti Marga Stiftung (Foundation) accepts endowments and is therefore responsible for endowments under data protection law. Bhakti Marga Yoga gGmbH accepts donations and sponsorship of spiritual events and processes this data accordingly. With regard to data processing, there is a joint responsibility with Bhakti Event GmbH in accordance with Art. 26 b GDPR.

 

3.9.2     For what purposes and on what legal basis do we process this data?

 

The personal data collected as part of the fundraising will only be used to fulfil your donation and to ensure that your donation is used in accordance with your fundraising intention. Therefore, the processing is necessary to fulfil contractual or quasi-contractual obligations (Art. 6 (1) lit. b GDPR).

 

3.10         Booking and managing accommodations on the http://www.shreepeethanilaya.org/ website

 

3.10.1     Which data do we process in the context of booking and managing accommodations?

 

You can book and manage accommodations on our shreepeethanilaya.org - website. If you book an accommodation, we process from you, inter alia, salutation, title, first and last name, spiritual name (optional), address, date of birth, country, phone, email address, username, date of arrival and expected departure, number of persons and estimated time of arrival and departure.

 

In the course of our accommodation offer we are subject to the reporting obligation pursuant to § 29 ff. BMG and collect the necessary data in this regard. These include the date of arrival and expected departure, surnames, first names, date of birth, nationality, address, number of passengers and their nationality.

 

3.10.2     For what purposes and on what legal basis do we process this data?

 

The personal data collected as part of booking and managing accommodations will only be used to fulfil your booking. Therefore, the processing is necessary to fulfil contractual obligations (Art. 6 (1) lit. b GDPR), or consent (Art. 6 (1) lit. a GDPR respectively Art. 9 (2) lit. a GDPR), where the provision of your data is optional. To the extent we comply with § 29 et.sec. BMG, the legal basis for the processing is Art. 6 (1) lit. c GDPR.

Processor: Wubook, ITALY (HEAD OFFICE), via Mura Malatestiane 1/A, 61032 - Fano (PU) italy@wubook.net, https://en.wubook.net/page/privacy-policy-17.html, We have concluded an order processing contract with Wubook in accordance with Art. 28 GDPR.

 

3.11         Online shop

 

3.11.1     Which data do we process in the context of the online shop?

 

In the course of an order in our Online Shop on the website www.bhaktishop.com, we process, inter alia, title, first and last name, company name, country, billing and shipping address, e-mail address, telephone number, spiritual name (optional), notes about the order (optional), information about the products or services you have ordered, including the order status, and payment information such as credit card number or other bank information.

 

3.11.2     For what purposes and on what legal basis do we process this data?

 

The personal data collected as part of the online shop will only be used to fulfil your order. Therefore, the processing is necessary to fulfil contractual or quasi-contractual obligations (Art. 6 (1) lit. b GDPR), respectively consent (Art. 6 (1) lit. a GDPR respectively Art. 9 (2) lit. a GDPR), where the provision of your data is optional.

 

For our online shop on the website https://bhaktishop.com we use the e-commerce software Shopify. Privacy policy of Shopify: Shopify International Limited, address: Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, e-mail: hilfe@shopify.de , Privacy Policy of Shopify https://www.shopify.com/legal/privacy.

 

Shopify processes this data primarily on European servers. Shopify sends some data to its Canadian servers. Data transfers to Canada are legitimised by an adequacy decision. Occasionally, Shopify sends data to sub- processors in the USA. However, Shopify obliges them to comply with strict data protection obligations. We have concluded an order processing contract with Shopify in accordance with Art. 28 GDPR.

 

DPA from Shopify: https://www.shopify.com/legal/dpa#3-european-union-and-united-kingdom.

 

For more information, please visit the page of our online shop: https://bhaktishop.com/policies/privacy- policy.html?locale=en-DE.

 

 

 

3.12         Zoom

 

We use the tool Zoom to conduct online events, online courses, video conferences and/or webinars (hereinafter: "online meetings"). Zoom is a service of Zoom Video Communications, Inc. which is based in the USA.

 

3.12.1  Which data do we process in the context of Zoom online meetings?

 

When using Zoom, various types of personal is processed. The amount of data also depends on the information you provide before or during participation in an online meeting. Inter alia, the following data is processed:

·       User details: first name, last name, telephone (optional), e-mail address, password (if "single sign- on" is not used), profile picture (optional), department (optional);

·       Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information;

·       For recordings: MP4 file of all video, audio and presentation recordings, M4A file of all audio

recordings, text file of the online meeting chat; any video recording that may take place using the video conference function will be indicated by a recording mark and a respective notification before you enter a recorded session / before the recording function is turned on so that you can decide whether you would like to participate in the recorded session or not or would like to limit the data sharing with other participants to the username you have used to enter the session by turning off the video function;

·       For dial-in via phone: information on the incoming and outgoing phone number, country, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

·       Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting and, if necessary, to record them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the online meeting. You can switch off or mute the camera or microphone yourself at any time via the Zoom applications.

 

To participate in an online meeting or to enter the meeting room, you must at least enter a name.

 

You can use Zoom by entering the respective meeting ID and, if necessary, further access data for the meeting directly in the Zoom app. If you do not want to or cannot use the Zoom app, the basic functions can also be used via a browser version, which you can also find on the Zoom website. Please note that if you access the Zoom website, Zoom is the controller for the data processing in relation to the website. For further information, please see Zoom's Privacy Notice.

 

3.12.2  For what purposes and on what legal basis do we process this data

 

We use Zoom to conduct Bhakti Event´s online meetings. If we intend to record the online meetings, we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording will be displayed to you in the Zoom app.

 

If it is necessary for the purposes of recording the results of an online meeting, we will record the chat content. However, this will not usually be the case.

 

In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up webinars.

 

If you are a registered user of Zoom, reports of online meetings (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored on Zoom for up to one month.

 

The personal data processes as part of the online meetings via Zoom will only be used to enable you participating in an event or online course offered by Bhakti Event. Thus, the processing is necessary to fulfil contractual or quasi-contractual obligations (Art. 6 (1) lit. b GDPR). If no contractual relationship exists, the processing is based on our legitimate interests to enable online meetings for users (Art. 6 (1) lit. f GDPR.

 

Zoom is a service of Zoom Video Communications, Inc. based in the USA.

3.12.3  Processor Zoom

 

Website: https://zoom.us; Privacy Policy: https://zoom.us/docs/de-de/privacy-and-legal.html; Data Processing Agreement: https://zoom.us/docs/de-de/privacy-and-legal.html (referred to as Global DPA). Basis for third country transfers: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://zoom.us/docs/de-de/privacy-and-legal.html (referred to as Global DPA)).

 

3.13  Proactive contact by the customer by e-mail

 

If you contact us by e-mail on your own initiative, we will only collect your personal data (name, e-mail address, message text) to the extent provided by you. The data processing serves to process and respond to your contact enquiry.

 

If the purpose of the contact is to carry out pre-contractual measures (e.g. advice on an interest in purchasing, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

 

If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in processing and responding to your enquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(f) GDPR.

 

We will only use your email address to process your enquiry. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

 

3.14  Data processing as part of the whistleblower protection system

 

If you submit information to the internal reporting centre as part of the whistleblower protection system that has been set up, we will only collect your personal data (name, electronic contact details, address, message text, information on violations within the meaning of Section 3 (3) HinSchG, information on the identity of persons protected under the HinSchG) to the extent provided by you. The data processing serves the purpose of fulfilling the tasks, obligations and rights of the internal reporting office, which are assigned to the internal reporting office by the HinSchG.

 

The data processing is carried out to fulfil a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR in conjunction with § 10 HinSchG. Your data will then be deleted in compliance with statutory retention periods (3 years after completion of the procedure within the meaning of Section 18 HinSchG).

 

4.  Processing of special categories of personal data

 

The information you provide in context of using the services of our website may contain personal data relating to your religious or philosophical beliefs (special categories of personal data pursuant to Art. 9 (1) GDPR), such as your spiritual name, your Devotee or Brahmachari status and related initiation information, information about Swamis/Rishis and Ishtadev.

We only collect and process such sensitive data relating to your religious or philosophical beliefs with your explicit consent.

 

Please note that also the information which will be transferred to third parties may contain personal data relating to your religious or philosophical beliefs (i.e., special categories of personal data pursuant to Art. 9

(1) GDPR). The mere fact that you are registered with us or book or purchase something may be enough to disclose your religious or philosophical beliefs or faith.

However, we only transfer data relating to your religious or philosophical beliefs (special categories of personal data according to Art. 9 (1) GDPR) with your explicit consent.

 

 

5.  From whom do we collect your personal data?

 

Personal data is collected directly from you, e.g., by visiting our websites or using the services offered.

 

In addition, family members or friends may mention you in connection with an event (for example a prayer) or a donation, in this case we may receive your personal data from your family or friends.

 

6.  To whom do we transfer your data?

 

Bhakti Event only shares your personal data if this is permitted pursuant to European data protection law, for example, because the data transfer is necessary for the performance of a contract or because you have given us your consent to share the data. We work with some service providers, such as technical service providers (e.g., hosting services, maintaining the website, support our marketing activities, provide communication tools) or logistics companies (e.g. postal companies such as DHL). If you book an offer or event on our website, we pass on certain data from you to Bhakti Event partners (e.g. your name and address) so that the partner can offer you the service or deliver the ordered goods.

 

In addition, we transfer your personal data to the extent necessary to provide our services or because you have given us your consent to third persons (e.g., Swamis and Rishis) or companies affiliated with us.

Please note that the information which will be transferred to third parties may contain personal data relating to your religious or philosophical beliefs (i.e., special categories of personal data pursuant to Art. 9 (1) GDPR). However, we only transfer data relating to your religious or philosophical beliefs (special categories of personal data according to Art. 9 (1) GDPR) with your explicit consent.

 

6.1  Transfer to processors

 

For the processing of your data we use external service providers to whom we transfer your personal data, with who we enter into an appropriate data processing agreements and who may only process the data on our behalf and only in a contractually agreed framework and in accordance with our instructions (“Processors”), unless such service providers act as their own controllers (such as payment service providers, tour operators when you book pilgrimages, legal and tax consultants and shipping and distribution services to deliver goods you ordered). Processors are also contractually obliged, for example, to either delete or return the personal data upon termination of the engagement. Our main processor are Hubspot (for marketing), WordPress (for the operation of our Website, Shopify platform for our online shops www.bhaktishop.org for physical products, www.events.bhaktimarga.org (for in-house events and courses) www.onlineevents.bhaktimarga.org (for online events ) and Mediactive LLC for hosting services (with servers in France), as well as 1&1 IONOS SE and Zoom Video Communications Inc for communication.

 

6.2  Transfer to shipping service providers

 

Forwarding the e-mail address to shipping companies for information on the shipping status

We will pass on your e-mail address to the shipping company as part of the contract processing if you have expressly agreed to this during the ordering process. The purpose of this disclosure is to inform you of the dispatch status by e-mail. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time by notifying us or the transport company without affecting the lawfulness of processing based on consent before its withdrawal.

 

6.3  Transfer based on legal obligations or for the protection of legitimate interests

 

To the extent we are obliged to do so by law, court order, or by an enforceable official order, we will transfer your personal data to bodies entitled to receive information.

 

6.3.1  Affiliated companies

 

Bhakti Event GmbH operates together with the following companies, which also declare this Privacy Notice as theirs:

 

Bhakti Marga Stiftung

 

Am Geisberg 1-8

65321 Heidenrod Germany

Tel. 06124/609 1125

 

Bhakti Marga Yoga gGmbH

 

Am Geisberg 1-8

65321 Heidenrod Germany

Tel. 06124/609 1125

 

 

There is a joint responsibility in accordance with Art. 26 GDPR, with Bhakti Marga Stiftung (Foundation) in relation to the Bhakti Marga Academy App provided by the 360Learning collaboration platform and donations and endowments, with the exception of the "Serve a deity" donation program and free temple events, applications for short volunteer activities offered by Bhakti Marga Yoga gGmbH, here too there is a joint responsibility with Bhakti Marga Yoga gGmbH.

 

You can contact our data protection officer, lawyer Mrs Anna Aman via following emails:

 

 

dataprotection@bhaktimarga.org or

anna.aman@bhaktimarga.org

 

In addition, where you have consented to this, we may share certain personal data (including information about devotee or brahmachari status) with the swami/rishi who initiated you and with the BMCC in order to verify your current initiation status or to offer you further insights, events and courses that may be of particular interest to you and which may only be open to persons with a particular initiation status.

 

6.4  Payment service providers, credit information and accounting service providers

 

Bhakti Event offers various payment options. For this purpose, payment data may be transferred to payment service providers with whom we cooperate. For more information on the processing of personal data by payment service providers, please see their privacy notices:

6.4.1  Payment methods

 

Why do we use payment methods on our website?

 

Efficient and secure payment transactions are very important to us on our website. Payment procedures are used in the following situations:

 

·       Fulfilment of contractual and other legal relationships,

·       Fulfilment of legal obligations.

 

6.4.2  Who receives payment data about you?

 

In addition to banks and credit institutions, we use other service providers ("payment service providers") for payment procedures, who receive data about payment transactions. Credit agencies may also receive data from the payment service providers. This procedure serves to verify your identity and creditworthiness.

 

6.4.3  What data is usually collected for payment transactions?

 

The following data is processed by the payment service providers:

 

·       Name

·       Address

·       Bank details (account number, credit card number, credit card verification code, credit card expiry date)

·       Passwords

·       TANs

·       Contract details (subject matter of the contract, term, customer category)

·       Interest in content and website visited

·       Payment amount

·       Recipient-related data

·       IP address

·       Time data

·       identification number

·       Consent status

·       Any cookies

 

The data is necessary to carry out the transactions and is only processed or stored by the payment service providers. We do not receive any information about your account or your credit card, but only a confirmation or negative information about the payment made. Further details can be found in the respective terms and conditions and data protection notices of our payment service providers.

 

6.4.4  What is the basis for data processing in the context of payment transactions?

 

Consent (Article 6 paragraph 1 sentence 1 lit. a GDPR, Section 25 TTDSG): You have given your consent to the processing of your personal data for the purpose of a payment transaction. This consent can be revoked at any time.

 

Contract fulfilment or pre-contractual enquiries (Article 6 paragraph 1 sentence 1 lit. b GDPR): Processing is necessary for the fulfilment of a contract or for pre-contractual enquiries from the data subject or pre- contractual measures with you.

Legal obligation (Article 6 paragraph 1 sentence 1 lit. c GDPR): Processing is necessary for compliance with a legal obligation.

 

6.4.5  What rules apply in addition to our GTC?

 

Payment transactions are governed by the GTC and the privacy policies of the payment service providers we use, which you can access on the respective websites and transaction applications.

 

6.4.6  How long is the storage period?

 

The storage period depends on the respective provider.

 

6.4.7  What rights do you have in relation to your data with regard to payment transactions?

 

You are entitled to the rights under Articles 15 to 21 GDPR, such as information, erasure, rectification, cancellation and complaint. With regard to your rights vis-à-vis the payment service providers, please take note of their respective terms and conditions and contact the respective payment service provider.

 

6.4.8  Which payment service providers do we use?

 

We would like to offer you a professional payment process. For this reason, we offer you several payment providers so that you can choose your preferred payment provider. You can choose from the following:

 

Visa, Mastercard, Amex, Maestro, Union Pay, Eps, Ideal, Sofort, Shoppay, ApplePay, GooglePay, Paypal, Klarna

 

6.4.8.1  Use of Visa

 

What are the contact details of our provider?

 

Visa Inc (hereinafter: Visa) Global Privacy Office:

Visa Europe Limited 1 Sheldon Square London, W2 6TT United Kingdom https://www.visa.de

 

For what purposes do we use Visa?

 

We use VISA for professional payment processing and technical connection of online payment methods. What data does Visa collect?

Visa processes the following data:

 

·       First name/last name,

·       e-mail address,

·       Visa card number,

·       Transactions within the participation period (purchase date, time and amount).