Privacy Policy
We are very pleased that you have shown interest in our company. Data protection is a particularly high priority for the management of Bhakti Marga Italy. The use of the Internet pages of Bhakti Marga Italy is possible without any indication of personal data; however, if a data subject wishes to use special business services through our website, it may be necessary to process the personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject must always be in line with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to Bhakti Marga Italy. Through this data protection statement, our company wishes to inform the general public about the nature, scope and purpose of the personal data we collect, use and process. In addition, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
As a controller, Bhakti Marga Italy has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this site. However, Internet-based data transmissions may, in principle, have security gaps, so absolute protection may not be guaranteed. For this reason, each data subject is free to transfer their personal data by alternative means, e.g. by telephone.
1. Definitions
Bhakti Marga Italy’s data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection statement should be readable and understandable to the general public, as well as our customers and business partners. To ensure this, we would first like to explain the terminology used.
In this data protection statement, we use, inter alia, the following terms:
a) Personal data
Personal Data: any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by referring to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Subject of the data
The data subject is an identified or identifiable natural person, whose personal data are processed by the controller for processing.
c) Processing
Processing is any operation or set of operations performed on personal data or on sets of personal data, including by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their processing in the future.
e) Profiling
Profiling: any form of automated processing of personal data consisting of the use of personal data to assess certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to the natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for processing
The controller or processor is the natural or legal person, public authority, agency or other body which, alone or in cooperation with others, determines the purposes and means of the processing of personal data; if the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for his appointment may be provided for by Union or Member State law.
h) Processor
Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
i) Recipient
The beneficiary is a natural or legal person, public authority, agency or other body, to whom personal data are disclosed, whether it is a third party or not. However, public authorities that may receive personal data in the context of a particular investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by those public authorities must comply with the data protection rules applicable according to the purposes of the processing.
j) Third parties
The third party is a natural or legal person, public authority, agency or body other than the data subject, processor, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent
The consent of the data subject is a free, specific, informed and unambiguous indication of the wishes of the data subject with which he or she, by means of a statement or a clear affirmative action, means consent to the processing of personal data concerning him or her.
2. Collection of data and general information
The Bhakti Marga Italy website collects a series of general data and information when a data subject or automated system calls up the website. This general data and information is stored in the log files of the server. It can be collected (1) the browser types and versions used, (2) the operating system used by the access system, (3) the website from which an access system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the access system, and (8) any other similar data and information that can be used in the event of attacks to our IT systems.
When using this general data and information, Bhakti Marga Italy does not draw any conclusions on the subject. Rather, this information is necessary to (1) correctly provide the content of our website, (2) optimize the content of our website and its advertising, (3) ensure the long-term viability of our IT systems and website technology, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. Therefore, Bhakti Marga Italy statistically analyzes anonymously collected data and information, with the aim of increasing the data protection and data security of our company and ensuring an optimal level of protection of the personal data processed. Anonymous data from the server log files is stored separately from any personal data provided by a data subject.
3. Legal basis for processing
Art. 6 (1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, such as when processing operations are necessary for the supply of goods or for the provision of any other service, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations necessary for the execution of pre-contractual measures, for example in the case of requests relating to our products or services. Our company is subject to the legal obligation that provides for the processing of personal data, for example for the fulfillment of tax obligations, the processing is based on Art. 6 (1) lit. c GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor was injured in our company and his or her name, age, health insurance data or other vital information were to be passed on to a doctor, hospital or other third party. So the processing would be based on Art. 6 (1) lit. d GDPR.
Finally, the processing operations could be based on Article 6(1)(f) GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal grounds, if the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where those interests are outweighed by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data. Such processing operations are particularly permissible as they have been expressly mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2, GDPR).
4. Name and address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union and other data protection provisions is:
Fondazione BhaktiMarga
Via Campana, 3
02040 TARANO (RI)
C.F.: 94174390545
P.IVA: 03769240544
Phone: 3426819179
Email: italy@bhaktimarga.it
Website: www.bhaktimarga.it
5. Webhosting
Sebastian Gates Web Development, Address: 1 Park Place, Grange Rath, Drogheda, Ireland, sebastian.gates@dkit.ie
Pac Webhosting: is a webhosting platform , Pac Web Hosting LTD, International House, 61 Mosley street, Manchester, M2 3HZ, UK| , UK Limited Company Number 6221654, website: https://pacwebhosting.uk, Privacy Policy: https://pacwebhosting.uk/privacy-policy/, Legal basis: Legitimate interest, Art. 6 para 1 sentence 1 lit. f
WordPress.com: is the software for the creation, provision and operation of websites, blogs and other online offerings; service provider: Aut O’Mattic A8C Ireland Ltd, Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://wordpress.com; Privacy Policy; Data Processing Agreement. Basis for transfer to third countries: EU-US Data Privacy Framework (DPF).
6. Affiliated companies
Bhakti Marga Italy operates together with the following companies:
Transfer and disclosure of personal data
Depending on the purposes for which we collect your personal data, we may transfer or disclose it to recipients in the following categories who will then process your personal data solely for those purposes:
a) Within our Bhakti Marga Italy organisation and our Bhakti Marga partner companies and the Bhakti Marga network for events with Paramahamsa Vishwananda:
– our authorised employees,
– our affiliated and authorised Bhakti Marga companies,
– members of our Bhakti Marga Network authorised Bhakti Marga contractors that you have designated as preferred authorised contractors, or that are located in your area (based on your postcode and address), or with whom you have had contact,
– Bhakti Event GmbH, Am Geisberg 1-8, 65321 Heidenrod, Germany, https://www.bhaktimarga.org/privacy for marketing and promotion, please note that we are jointly responsible under Art. 26 GDPR, with Bhakti Event GmbH for the processing of data in relation to the collection of registration data via the website www.bhaktimarga.it for events like Darshan and Satsangs with Paramahamsa Vishwananda, to be able to give you future news and updates with upcoming events with Paramahamsa Vishwananda.
b) External business partners:
– Advertising, marketing and promotion agencies: to help us organise our advertising campaigns and promotions and analyse their effectiveness,
– Business partners: for example, trusted organisations who may use your personal data to provide you with the services and/or products you have asked for and/or to provide you with marketing materials (provided you have consented to receiving such marketing materials).
– Fondazione BhaktiMarga service providers: companies that provide services to or on behalf of Fondazione BhaktiMarga in order to provide such services (for example, Fondazione BhaktiMarga may share your personal data with external providers of IT-related services).
c) Other third parties:
– Where required by law or lawfully necessary to protect Bhakti Marga Italy:
- to comply with laws, government requests, court orders, legal process, obligations relating to reporting and filing information with authorities, etc,
- to verify or enforce compliance with Fondazione BhaktiMarga policies and contracts; and
- to protect the rights, property or safety of Fondazione BhaktiMarga and/or its customers, in connection with corporate transactions: in the context of a transfer or sale of all or part of Fondazione BhaktiMarga business or otherwise in connection with a merger, amalgamation, change of control, reorganisation or liquidation of all or part of Fondazione BhaktiMarga business.
Please note that the recipients referred to in points b) and c) above – in particular service providers who may offer you products or services through Fondazione BhaktiMarga services or applications or through their own channels – may separately collect personal data from you. In this case, such third parties will be solely responsible for the processing of such personal data and your transactions with them will be subject to their terms and conditions.
7. Who is the recipient of your personal data?
Service providers used may receive your data to fulfil the purposes described if they fulfil the confidentiality requirements under data protection law. These may be companies in the following categories, for example Geodata providers, IT service providers. These service providers are so-called Digital service providers (processors) who are contractually obliged to fulfil special legal requirements.
Public bodies, e.g. tax offices, only receive your personal data if there are legal obligations to do so.
7.1 Events with Paramahamsa Sri Swami Vishwananda and photo and video recordings
During the events with Paramahamsa Sri Swami Vishwananda photo and video recordings of the event will be taken. As a live broadcast and as video-on-demand on the Bhakti Marga channels, such as the Bhakti Marga You-Tube channel @ParamahamsaVishwananda108,@BhaktiMarga1008, on the Bhakti Marga website https://www.bhaktimarga.org/livestream and our Bhakti Marga Italy www.bhaktimarga.it website, on the bhaktimarga.org website, on our Bhakti Marga Italy Facebook page, as well as on the Bhakti Marga Facebook page, on Bhakti Marga’s Instagram page, on Bhakti Marga’s Flickr, and also as video on-demand on Bhakti Marga’s media platform. The contents of these video recordings are used for this purpose and will be stored for that purpose.
Above all, Guruji, Paramahamsa Sri Swami Vishwananda is filmed. Recordings of guests are avoided as far as possible, but this cannot be ruled out. Livestream-free zones will be offered in certain areas mentioned.
The legal basis for this is Article 6 (f) GDPR, as well as the voluntary consent of the participants in accordance with Art. 6 para. 1 lit.a GDPR. The legitimate interest Art. 6 lit. f GDPR, of Bhakti Marga is the public relations work of Bhakti Marga, so these video and photo recordings are made for the purpose of publicity.
When registering for events with us, etc., participants can decide whether they may be filmed or not. We respect your privacy. On the spot we have Livestream-free zones, where no recordings are taken. If you don’t want to be filmed, you will receive on the day of the event a black bracelet, so the video team can recognise you and will know that you don’t want to be filmed during our event and our event team will show you our “Livestream-free zone”.
7.2 Affiliated company for the service of a livestream and video recordings:
Bhakti Event GmbH, Am Geisberg 1-8, 65321 Heidenrod Germany, Tel. 06124/609-1125
E-mail dataprotection@bhaktimarga.org, commercial registration number: 23765, / E-mail: info@bhaktimarga.org. For more information, please see their privacy policy https://bhaktimarga.org/privacy. https://www.bhaktimarga.org/impressum/impressum-de
In that sense we are joint controllers with Bhakti Event GmbH according to Art. 26 GDPR.
7.3 Participating in an event
- Which data do we process when you consent to participate in an event?
If you give us a consent via our website, we process from you, inter alia, first and last name, e-mail address, pictures, videos and testimonials, language of interpretation, spiritual name (optional), information about the event you have registered for. We also process videos recordings of you while you participate in the event to share the common experience with the whole participating (online and offline) community during a livestream and a period then after. Moreover, we may use your photos and videos taken during the event for the purpose of commercial use. This means your photos and videos may be used on our websites, in (print) publications and our Facebook, Flickr, Instagram page as well as our YouTube channel.
- For what purposes and on what legal basis do we process this data?
The processing of photos and/or videos collection, storage and transfer to third parties is based on the explicit consent of the person(s) entitled or the person(s) concerned, therefore in accordance with Art. 6 para. 1 letter a GDPR, Art. 9 Abs.2 lit.a GDPR. The processing is based on the legal basis of Art. 6 (1) lit. a GDPR (your consent, you have given. Consent is always freely given. Refusing or revoking your consent will not have any negative consequences for you). If you have signed a contract with Bhakti Event GmbH, with you as a participant regarding the event documentation production, then the contract is the legal basis Art. 6 (1) b GDPR.
- Categories of possible recipients of the personal data:
The photos and/or videos can be shared with Facebook, Instagram , YouTube. For purposes of public relations, as well as commercial use and sales work, they may be posted on the homepage of bhaktimarga.org and used for the facebook fanpage, twitter page, official Bhakti Marga you-tube channels such as @ParamahamsaVishwananda108, @BhaktiMarga1008, @Bhakti Marga Music. The content is also going to be livestreamed on YouTube. YouTube is an American company and, as with all American companies that analyze user behavior, there is a risk that we do not know exactly, how your data is analyzed and we cannot influence this. The content is also going to be livestreamed on YouTube. YouTube is an American company and, as with all American companies that analyze user behavior, there is a risk that we do not know exactly, how your data is analyzed and we cannot influence this.
Facebook Inc., 1601 Willow Road Menlo Park, CA 94025, USA. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. To learn more about Facebooks data collection and use, please read their Privacy Notice. Together with Facebook Ireland, Bhakti Event GmbH is jointly responsible in the meaning of Art. 26 GDPR for the processing of so-called pages insights in the course of operating their Facebook fan page. Facebook Ireland uses these page insights to analyze the activity on our Facebook page and provides us this information in a form which does not relate to the specific person. We have concluded for this purpose an agreement with Facebook Ireland about joint responsibility under data protection law which you can access using the following the link. Facebook Ireland undertakes in this agreement, among other points, to assume the primary responsibility under the GDPR for the processing of page insights and to fulfil all duties under GDPR with regard to the processing of the page insights.
- X (ex-Twitter) International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland. For more information please see the Privacy Noticeof Twitter.
- Instagram, operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. To learn more about Facebook Ireland’s data collection and use with respect to Instagram, please read their Privacy Notice.
- Flickr, operated by Flickr, Inc., Flickr c/o Yahoo! Inc., 701 First Avenue, Sunnyvale, CA 94089, USA. For more information please see the Privacy Noticeof Flickr.
- YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, (“YouTube https://support.google.com/youtube/answer/10364219?hl=de)
8. Donations via Give WP plugin
Which data do we process in the context of a donation?
GiveWP and Stripe: You can use a donation function on our website. We use Givewp as our donation portal with Stripe as payment gateway and processor to handle and manage all financial transactions. Donations are processed by the third-party provider Stripe Ltd. Further information on data processing by Stripe Ltd. can be found in the legal notice: Stripe Inc. 354 Oyster Point Boulevard, South San Francisco California 94080, USA. To find out more about the security measures of these organizations, please click on the following links: https://stripe.com/de/privacy . Privacy policy of Give WP: https://givewp.com/privacy-policy/
9. Payment service providers
- Use of Stripe
On our website we use the Stripe payment service of Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland). The data processing serves the purpose of offering you payment via the payment service. By selecting and using Stripe, the data required for payment processing is transmitted to Stripe in order to be able to fulfil the contract with you with of the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
If required, Stripe reserves the right to obtain a credit report on the basis of mathematical-statistical procedures using credit rating agencies. For this purpose, Stripe transmits the personal data required for credit assessment to a credit rating agency and uses the obtained information on the statistical probability of payment default in order to reach a reasonable decision on the establishment, implementation or termination of the contractual relationship. The credit report may contain probability values (score values) which are calculated on the basis of scientifically recognised mathematical-statistical methods and include, among other things, address data. Your legitimate interests will be taken into account in accordance with the legal requirements. The data processing serves the purpose of a credit check for contract initiation. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default if Stripe pays in advance. For reasons that arise from your particular situation, you have the right to object to the processing of your personal data carried out on the basis of Art. 6 para. 1 lit. f GDPR at any time by notifying Stripe. The provision of the data is necessary for the conclusion of the contract with the payment method of your choice. Failure to provide such data shall mean that the contract cannot be concluded with the payment method you have selected.
All Stripe transactions are subject to Stripe Privacy Policy. You can find these at https://stripe.com/de/privacy.
- Use of PayPal Express
Our website uses the payment service PayPal Express from PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg; “PayPal”).The processing of data enables us to offer you the option of paying via the PayPal Express payment service.To integrate this payment service it is essential that PayPal collects, stores, and analyses data when you access the website (e.g. IP address, device type, operating system, browser type, device location). Cookies may be used for this purpose. Cookies allow your internet browser to be recognized.
The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 15 para. 3 p. 1 TMG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.By selecting and using “PayPal Express”, the data required for payment processing will be submitted to PayPal to execute the agreement with you using the selected payment method. The data is processed on the basis of Article 6(1)(b) GDPR.Further information on data processing when using the Paypal Express payment service can be found here in the associated data privacy policy.
The use of PayPal Check-Out
We use the PayPal Check-Out payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; “PayPal”) on our website. The data processing serves the purpose of being able to offer you payment via the payment service. With the selection and use of payment via PayPal, credit card via PayPal, direct debit via PayPal or “Pay Later” via PayPal, the data required for payment processing is transmitted to PayPal in order to be able to fulfill the contract with you with the selected payment method. This processing is based on Art. 6 para. 1 lit. b DSGVO.
Cookies may be stored that enable your browser to be recognized. The resulting data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our legitimate interest in a customer-oriented range of varying payment methods. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.
Credit card via PayPal, direct debit via PayPal & “Pay later” via PayPal.For individual payment methods such as credit card via PayPal, direct debit via PayPal or “Pay later” via PayPal, PayPal reserves the right, if necessary, to obtain credit information on the basis of mathematical-statistical methods using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default for a weighed decision on the establishment, implementation or termination of the contractual relationship. The credit information may include probability values (score values), which are calculated on the basis of scientifically recognized mathematical- statistical methods and in the calculation of which, among other things, address data are included. Your interests worthy of protection are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit assessment for a contract initiation. The processing is carried out on the basis of Art. 6 (1) lit. f DSGVO for our overriding legitimate interest in protecting against payment default when PayPal makes advance payments.You have the right to object at any time to this processing of personal data relating to you based on Art. 6 (1) (f) DSGVO for reasons arising from your particular situation by notifying PayPal. The provision of the data is necessary for the conclusion of the contract with the payment method requested by you. Failure to provide it will result in the contract not being concluded with the payment method you have chosen.
Local third-party providers, when paying via the payment method of a local third-party provider, the data required for payment processing is transmitted to PayPal. This processing takes place on the basis of Art. 6 para. 1 lit. b DSGVO. For the execution of this payment method, the data may then be forwarded by PayPal to the respective provider. This processing takes place on the basis of Art. 6 para. 1 lit. b DSGVO.
10. Plug-ins
- Font Awesome
This site uses Font Awesome to display fonts and symbols uniformly. The provider is Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.
When you access a page, your browser loads the necessary fonts into your browser cache to display texts, fonts, and symbols correctly. For this purpose, the browser you use must connect to Font Awesome’s servers. This gives Font Awesome knowledge that this website was accessed via your IP address. The use of Font Awesome is based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in the uniform presentation of the typeface on our website. If appropriate consent has been requested, processing is carried out exclusively based on Art. 6 Para. 1 lit . B. Device fingerprinting). Consent can be revoked at any time.
If your browser does not support Font Awesome, your computer will use a standard font.
Further information about Font Awesome can be found in Font Awesome’s privacy policy at: https://fontawesome.com/privacy.
11. The cookies
The Internet pages of Bhakti Marga Italy use cookies. Cookies are text files that are stored in a computer system via an Internet browser.
Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which you can assign Internet pages and servers to the specific Internet browser in which the cookie was stored. This allows the Internet sites and servers visited to differentiate the individual browser of the test subjects from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.
Through the use of cookies, Bhakti Marga Italy can provide users of this website with more user-friendly services that would not be possible without the setting of cookies.
By means of a cookie, the information and offers on our website can be optimized taking into account the user. Cookies allow us, as mentioned above, to recognize users of our site. The purpose of this recognition is to make it easier for users to use our website. The user of the website who uses cookies, e.g. it is not necessary to enter the login data every time the website is accessed, as this is taken care of by the website and the cookie is then stored on the user’s computer system. Another example is a shopping cart cookie in an online store. The online store stores items that a customer has placed in the virtual shopping cart via a cookie.
The data subject may, at any time, prevent the setting of cookies through our website by means of the corresponding setting of the Internet browser used, and may therefore permanently deny the setting of cookies. In addition, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject disables the setting of cookies in the Internet browser used, not all the functions of our website can be fully usable.
- Use of the Cookie Consent Plug-in from CookieYes
We use the GDPR Cookie Consent Plug-in from CookieYes Limited of 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom, company number 13074037, VAT number GB381305513 on our website. The plug-in enables you to give your consent to data processing via the website, in particular to set cookies, as well as to make use of your right of revocation for consents already provided. The data processing serves the purpose of obtaining and documenting necessary consents to data processing and thus to comply with legal obligations. Cookies may be deployed for this purpose. Among other things the following information can be collected and transmitted to CookieYes: anonymised IP address, User ID, consent status, date and time of the consent or rejection. This data will not be passed on to any other third parties.
The data processing is carried out on the basis of Article 6 para. 1 lit. c GDPR to comply with a legal obligation. For more information about data protection at CookieYes, please visit: https://www.cookieyes.com/privacy-policy/.
12. Sign up for our newsletter
On the Bhakti Marga Italy website, users have the opportunity to subscribe to our company newsletter. The input mask used for this purpose determines what personal data is transmitted, as well as when the newsletter is ordered by the controller.
Bhakti Marga Italy regularly informs its customers and business partners through a newsletter about company offers. The company newsletter can only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the records of the data subject for the dispatch of the newsletter. A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for the dispatch of the newsletter, for legal reasons, in the double acceptance procedure. This confirmation email is used to demonstrate whether the owner of the email address as the data subject is authorized to receive the newsletter.
When registering for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary to understand the (possible) misuse of a data subject’s e-mail address at a later date, and therefore serves the purpose of the legal protection of the controller.
Personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, newsletter subscribers can be informed by e-mail, provided that this is necessary for the operation of the newsletter service or a registration in question, as this may occur in the event of changes to the newsletter offer, or in the case of a change in the technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter can be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has provided for the dispatch of the newsletter, can be revoked at any time. For the purpose of withdrawing consent, a corresponding link can be found in each newsletter. You can also unsubscribe from the newsletter at any time directly on the controller’s website or communicate this to the controller in a different way.
- Newsletter-monitoring
The Bhakti Marga Italy newsletter contains so-called tracking pixels. A tracking pixel is a thumbnail graphic embedded in such emails, which are sent in HTML format to allow logging and analysis of log files. This allows for statistical analysis of the success or failure of online marketing campaigns. Based on the built-in tracking pixel, Bhakti Marga Italy can see if and when an email was opened by a data subject, and what links in the email were called up by data subjects.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analysed by the controller in order to optimize the delivery of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. This personal data will not be passed on to third parties. The persons concerned shall at any time have the right to withdraw the respective separate declaration of consent issued by means of the double acceptance procedure. After a revocation, this personal data will be deleted by the controller. Bhakti Marga Italy automatically considers a withdrawal from receipt of the newsletter as a revocation.
13. Possibility of contact through the website
The website of Bhakti Marga Italy contains information that allows a quick electronic contact with our company, as well as a direct communication with us, which also includes a general address of the so-called e-mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller shall be kept for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
14. Routine deletion and blocking of personal data
The controller processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of storage, or to the extent that this is permitted by the European legislator or other legislators in laws or regulations to which the controller is subject.
If the purpose of storage is not applicable or if a retention period prescribed by the European legislator or another competent legislator expires, personal data is regularly blocked or deleted in accordance with legal requirements.
15. Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.
16. Rights of the data subject
a) Right of confirmation
Each data subject shall have the right conferred by the European legislator to obtain confirmation from the controller of the existence or not of personal data concerning him or her. If a data subject wishes to make use of this right of confirmation, he or she may, at any time, contact any employee of the controller.
b) Right of access
Each data subject shall have the right conferred by the European legislator to obtain from the controller free information on his or her personal data stored at any time and a copy of that information. In addition, European directives and regulations grant the person concerned access to the following information:
- the purposes of the processing;
- the categories of personal data in question;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the expected period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller the rectification or erasure of personal data, or the restriction of the processing of personal data relating to the data subject, or to object to such processing;
- the existence of the right to lodge a complaint with the supervisory authority;
- where personal data are not collected from the data subject, any information available on their source;
- the existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, significant information on the logic in question, as well as the significance and expected consequences of such processing for the data subject.
In addition, the data subject shall have the right to obtain information on the transfer of personal data to a third country or international organization. In such a case, the person concerned shall have the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to make use of this right of access, he or she may, at any time, contact any employee of the controller.
c) Right of rectification
Each data subject shall have the right conferred by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to complete incomplete personal data, including by submitting a supplementary statement.
If a data subject wishes to exercise this right of rectification, he or she may, at any time, contact any employee of the controller.
d) Right to erasure (right to be forgotten)
Each data subject shall have the right conferred by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase the personal data without undue delay where one of the following reasons applies, provided that the processing is not necessary:
- Personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) of the GDPR or Article 9(2)(a) GDPR, and where there is no other legal basis for the processing.
- The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there is no legitimate legitimate grounds for the processing or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
- The personal data has been processed unlawfully.
- Personal data must be deleted in order to comply with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data has been collected in connection with the provision of the information society services referred to in Article 8(1) of the GDPR.
If any of the above reasons apply and the data subject wishes to request the erasure of the personal data stored by Bhakti Marga Italy, he or she may, at any time, contact any employee of the controller. An employee of Bhakti Marga Italy will immediately comply with the cancellation request immediately.
Where the controller has made personal data public and is required, pursuant to Article 17(1), to erase the personal data, the controller, taking into account the available technology and the costs of implementation, shall take reasonable measures, including technical measures, to inform other controllers of the personal data that the data subject has requested the erasure by those controllers of any link, copy or replication of such personal data, provided that processing is not required. An employee of Bhakti Marga Italy will arrange the necessary measures in individual cases.
e) Right to restrict processing
Each data subject shall have the right, granted by the European legislator, to obtain from the controller the restriction of processing where one of the following conditions applies:
- The accuracy of the personal data is contested by the data subject, for a period that allows the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of personal data and instead requests the restriction of their use.
- The controller no longer needs the personal data for the purposes of the processing, but is required by the data subject for the establishment, exercise or defence of legal claims.
- The data subject has objected to the processing pursuant to Article 21(1) of the GDPR pending verification that the legitimate grounds of the controller prevail over those of the data subject.
If any of the above conditions is met and the data subject wishes to request the restriction of the processing of personal data stored by Bhakti Marga Italy, he or she may at any time contact any employee of the controller. The employee of Bhakti Marga Italy will restrict the processing.
f) Right to data portability
Each data subject shall have the right, recognised by the European legislator, to receive personal data concerning him or her, provided to a controller, in a structured, commonly used and machine-readable format. He has the right to transmit such data to another controller without hindrance to the controller to whom the personal data have been provided, provided that the processing is based on the consent referred to in Article 6(1)(a) of the GDPR or point (a) of Article 9 (2) of the GDPR, or a contract pursuant to Article 6(1)(b) of the GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of public authority conferred on the controller.
In addition, in exercising his or her right to data portability under Article 20(1) of the GDPR, the data subject shall have the right to transmit personal data directly from one controller to another, where technically feasible, and in doing so not adversely affect the rights and freedoms of others.
To assert the right to data portability, the data subject may at any time contact any employee of Bhakti Marga Italy.
g) Right to the object
Each data subject has the right, recognised by the European legislator, to object, on grounds relating to his or her particular situation, at any time, to the processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.
Bhakti Marga Italy will no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
If Bhakti Marga Italy processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject subjects Bhakti Marga Italy to processing for direct marketing purposes, Bhakti Marga Italy will no longer process personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to the processing of personal data concerning him or her by Bhakti Marga Italy for scientific or historical research purposes, or for statistical purposes within the meaning of Article 89 (1) of the GDPR, unless the processing is necessary for the performance of an activity carried out for reasons of public interest.
To exercise the right to object, the data subject may contact any employee of Bhakti Marga Italy. Moreover, the data subject is free in the context of the use of information society services and, by way of derogation from Directive 2002/58/EC, to exercise his or her right to object by means of automated means using the technical specifications.
- Is the processing based on automated decision-making or profiling?
You have the right not to be subject to a decision based solely on automated processing, including profiling, if the decision is not necessary for the conclusion or fulfilment of a contract, is not required by law or is not based on your express consent.
Bhakti Marga Italy does not use automated decision-making, including profiling, unless we have expressly informed you of this.
i) Right to withdraw consent to data protection
Each data subject has the right, granted by the European legislator, to withdraw his or her consent to the processing of his or her personal data at any time.
If the data subject wishes to exercise the right to withdraw consent, he or she may, at any time, contact any employee of Bhakti Marga Italy.
j) Right to complain to the regulatory authority
You have the right to complain to the regulatory authority according to art. 77 GDPR if you believe that your data is not being processed legally.
You can lodge a complaint with, among others, the supervisory authority responsible for us. In case you could not solve your problem with us directly, you can also complain to your local data protection authority or the place of the suspected violation. Contact information of these authorities can be accessed at the website of the European Data Protection Board.
17. Third Party providers Online Services
To offer you a convenient website, we use, inter alia, Hubspot, and YouTube (Google Maps and YouTube are together referred to as “ content plug-ins”), and so-called social media plugins of the social networks.
17.1 HubSpot
On our websites, we use the services of the CRM platform HubSpot, which is operated by HubSpot, Inc. The European subsidiary is HubSpot Ireland Limited, 1 Sir John Rogerson’s Quay, Dublin 2.
The processed data may include, personal data as necessary to provide the CRM services by HubSpot, in particular, IP addresses and email addresses, which, however, are not collected and processed without your consent (Art. 6 (1) lit. a GDPR) (usually as part of the settings of your desktop or mobile devices). The data may be processed in the USA. Further information can be found in HubSpot’s privacy policy, which you can access here.
– Hubspot: email sending and email sending and automation services; service provider: HubSpot, Inc. The European subsidiary is HubSpot Ireland Limited, 1 Sir John Rogerson’s Quay, Dublin 2
– Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website; Privacy Policy: https://legal.hubspot.com/privacy-policy; Data processing agreement: https://legal.hubspot.com/de/dpa; Basis for transfer to third countries: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (provided by the service provider). Further information: Special security measures: https://trust.hubspot.com. Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). HubSpot has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.
18. Presence in social networks (social media)
We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.
We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights.
Furthermore, user data is generally processed within social networks for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place adverts within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behavior and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. Should you nevertheless require assistance, you can contact us.
– Processed data types: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication, and process data (e.g. IP addresses, time data, identification numbers, consent status); Inventory data (e.g. names, addresses).
– Data subjects: Users (e.g. website visitors, users of online services).
– Purposes of Processing: Contact requests and communication; Feedback (e.g. collecting feedback via online form); Marketing. Provision of our online services and user-friendliness.
– Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing operations, procedures, and services:
- Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com. Privacy Policy: https://instagram.com/about/legal/privacy.
- Facebook pages: Profiles within the social network Facebook – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content users view or interact with, or the actions they take (see under “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under “Device information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, so-called “Page Insights”, for page operators so that they can gain insights into how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook (“Information on Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfil the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information on Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Basis for transfer to third countries: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum). Further information: Agreement on joint controllership: https://www.facebook.com/legal/terms/information_about_page_insights_data. The joint controllership is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns the transfer of the data to the parent company Meta Platforms, Inc. in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
- X: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Privacy Policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization).
– Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://twitter.com/de; Privacy Policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization); Data processing agreement: https://privacy.twitter.com/en/for-our-partners/global-dpa. Basis for third country transfer: Standard Contractual Clauses (https://privacy.twitter.com/en/for-our-partners/global-dpa).
- TIKTOK
We use the TikTok Pixel on our website. The TikTok Pixel is a TikTok advertiser tool from the two providers:
– TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and
– TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B
6NH, United Kingdom (both hereinafter collectively referred to as “TikTok”).
The TikTok Pixel is a snippet of JavaScript code that allows us to understand and track visitor activity on our website. The TikTok Pixel collects and processes information about the creators of our website or the devices they use (so-called event data).
Some of this event data is information that is stored in the device you are using. In addition, cookies are also used via the TikTok Pixel, via which information is stored on the device you are using. Such storage of information by the TikTok pixel or access to information that is already stored in your end device only takes place with your consent. The legal basis for the collection and transmission of personal data by us to TikTok is therefore Article 6 (1) (a) GDPR. You can revoke your consent at any time via our consent management tool.
TikTok is solely responsible for the processing of the transmitted event data that follows the transmission. For more information on how TikTok processes personal data, including the legal basis on which TikTok relies and how you can exercise your rights against TikTok, see TikTok’s data policy.
18. Communication via messenger
We use messengers for communication purposes and therefore ask you to observe the following information on the functionality of the messengers, encryption, the use of communication metadata and your options to object.
You can also contact us by alternative means, e.g. by telephone or email. Please use the contact options provided to you or the contact options provided within our online offering.
In the case of end-to-end encryption of content (i.e. the content of your message and attachments), we would like to point out that the communication content (i.e. the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with encryption enabled to ensure that the message content is encrypted.
However, we would also like to point out to our communication partners that although the providers of the messengers cannot view the content, they can find out that and when communication partners communicate with us and that technical information about the device used by the communication partners and, depending on the settings of their device, location information (so-called metadata) is also processed.
Notes on legal bases: If we ask communication partners for permission before communicating with them via Messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for consent and you contact us, for example, on your own initiative, we use Messenger in relation to our contractual partners and in the context of contract initiation as a contractual measure and, in the case of other interested parties and communication partners, on the basis of our legitimate interests in fast and efficient communication and fulfilment of our communication partners’ needs for communication via Messenger. We would also like to point out that we will not transmit the contact data provided to us to the messengers for the first time without your consent.
Revocation, objection and deletion: You can revoke your consent at any time and object to communication with us via Messenger at any time. In the case of communication via Messenger, we delete the messages in accordance with our general deletion guidelines (i.e., for example, as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information from the communication partners, if no reference to a previous conversation is to be expected and the deletion does not conflict with any statutory retention obligations.
Reservation of reference to other communication channels: Finally, we would like to point out that, for reasons of your security, we reserve the right not to answer enquiries via Messenger. This is the case if, for example, internal contractual information requires special confidentiality or a reply via Messenger does not fulfil the formal requirements. In such cases, we will refer you to more appropriate communication channels.
Processed data types: Contact data (e.g. e-mail, telephone numbers); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status); Content data (e.g. entries in online forms).
Data subjects: Communication partners.
Purposes of processing: Contact requests and communication; direct marketing (e.g. by email or post).
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- Telegram channels: We use the Telegram platform to send messages to subscribers of our Telegram channel; Service provider: Representative in the European Union: European Data Protection Office (EDPO), Avenue Huart Hamoir 71, 1030 Brussels, Belgium; Website: https://telegram.org/; Privacy Policy: https://telegram.org/privacy; Further information: We process the personal data of subscribers only to the extent that we can view and delete the subscribers as recipients of the channel. Beyond this, i.e. in particular for the sending of messages, the evaluation and provision of anonymous sending statistics for the channel operators and the administration of subscribers, Telegram is responsible under data protection law.
- Threema: Threema Messenger with end-to-end encryption; Service provider: Threema GmbH, Churerstrasse 82, 8808 Pfäffikon SZ, Switzerland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://threema.ch/en. Privacy Policyhttps://threema.ch/de/privacy.
19. Video conferences, online meetings, webinars and screen sharing
We use platforms and applications of other providers (hereinafter referred to as “conference platforms”) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as “conference”). When selecting the conference platforms and their services, we observe the legal requirements. Data processed by conference platforms: In the context of participation in a conference, the conference platforms process the personal data of the participants listed below. The scope of the processing depends on which data is required in the context of a specific conference (e.g. specification of access data or clear names) and which optional information is provided by the participants. In addition to processing for the purpose of holding the conference, the conference platforms may also process participants’ data for security purposes or service optimisation.
The processed data includes personal data (first name, surname), contact information (e-mail address, telephone number), access data (access codes or passwords), profile pictures, information on professional position/function, the IP address of the Internet access, information on the participants’ end devices, their operating system, the browser and its technical and language settings, information on the content of the communication processes, i.e. entries in chats and audio and video data, as well as the use of other available functions (e.g. surveys). The content of communications is encrypted to the extent technically provided by the conference providers. If the participants are registered as users with the conference platforms, further data may be processed in accordance with the agreement with the respective conference provider.
Logging and recordings: If text entries, participation results (e.g. from surveys) and video or audio recordings are logged, this will be transparently communicated to participants in advance and they will be asked for consent where necessary.
Data protection measures for participants: Please note the details of the processing of your data by the conference platforms in their data protection notices and select the optimum security and data protection settings for you in the conference platform settings. Please also ensure data and privacy protection in the background of your recording for the duration of a video conference (e.g. by informing roommates, locking doors and using the function to make the background unrecognisable if technically possible). Links to the conference rooms and access data may not be passed on to unauthorised third parties.
Notes on legal bases: If, in addition to the conference platforms, we also process users’ data and ask users for their consent to use the conference platforms or certain functions (e.g. consent to the recording of conferences), the legal basis for processing is this consent. Furthermore, our processing may be necessary to fulfil our contractual obligations (e.g. in participant lists, in the case of processing the results of discussions, etc.). Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.
Processed data types: Inventory data (e.g. names, addresses); contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
Data subjects: Communication partners; users (e.g. website visitors, users of online services). Persons depicted.
Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; contact requests and communication. Office and organisational procedures.
Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- Zoom: Conference and communication software; Service provider: Zoom Video Communications, Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://zoom.us; Privacy Policy: https://zoom.us/docs/de-de/privacy-and-legal.html; Data processing agreement: https://zoom.us/docs/de-de/privacy-and-legal.html (referred to as Global DPA). Basis for third country transfers: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://zoom.us/docs/de-de/privacy-and-legal.html (referred to as Global DPA).
20. The legitimate interests pursued by the controller or a third party
Where the processing of personal data is based on Article 6(1)(lit. For GDPR our legitimate interest is to carry out our business in favor of the well-being of all our employees and shareholders.
21. Retention period of personal data
The criteria used to determine the retention period of personal data are the respective retention periods required by law. After the expiry of this period, the corresponding data is regularly deleted, provided that they are no longer necessary for the performance of the contract or the start of a contract.
22. Duration of storage of personal data:
Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
23. Provision of personal data as a legal or contractual requirement
Requirement necessary to enter into a contract; Obligation of the data subject to provide personal data; possible consequences of failure to provide such data.
We clarify that the provision of personal data is partly required by law (e.g. Tax regulations) or may also result from contractual provisions (e.g. information about the contractual partner).
Sometimes it may be necessary to enter into a contract that the data subject provides personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company enters into a contract with you. Failure to provide personal data would have the consequence that the contract with the data subject could not be concluded.
Before the personal data is provided by the data subject, the data subject must contact any employee. The employee shall clarify to the data subject whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of failure to provide personal data.
24. Existence of automated decision-making
As a responsible company, Bhakti Marga Italy does not use automated decision-making, including profiling, unless we have expressly informed you of this.
25. Technical security measures
We implement a variety of security measures designed to maintain the safety of your personal data we store and process. For example, to protect the transmission of confidential information that you send to us as the website provider, we use SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any personal data under our control is compromised as a result of a security breach, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose personal data may have been compromised and or the competent data protection authority.
CHANGES TO THIS PRIVACY POLICY
We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.
We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the bottom of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Last updated 27.08.2024
.