Privacy Policy

Sirimangalo International
Version: 29.06.2019

Overview

This privacy policy explains to you the kinds and purposes of processing of personal data (hereinafter referred to as “data”) on our website(s). With regard to the terms used, such as “processing” or “person responsible”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Responsible Office

The data “controller” according to Art. 4 (7) GDPR is Sirimangalo International 41 Lang Crescent, Kitchener, Ontario, N2K 1P2.

Types of Data Processed

Data is collected if you either directly provide it to us (like by filling out a form on our website) or it is automatically stored by our IT systems when you use our services (see section 3.1).

Purposes of Data Collection

Some data we need to ensure the proper functioning of the website, other data you consent to provide us will only be used in manners as described for this special purpose in section 3.

General and Mandatory Information

Relevant Legal Basis

In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consents is Art. 6 (1) (a) and Art. 7 GDPR, the legal basis for processing for the performance of our services and performance of contractual measures as well as for answering inquiries is Art. 6 (1) (b) GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 (1) (c) GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 (1) (f) GDPR. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.

Security Measures

We shall take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, in accordance with Article 32 GDPR, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing and the different likelihood and severity of the risk to the rights and freedoms of natural persons; the measures shall include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and its separation. Furthermore, we have established procedures that guarantee the exercise of data subject rights, deletion of data and reaction to data risks. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly presettings (Art. 25 GDPR).

SSL/TLS Encryption

We secure our traffic – especially the transmission of sensitive information – using SSL/TLS encryption. This is indicated by the “s” in the “https” of the requested URL in your browser’s address bar.

Cooperation with Third Parties

If we disclose data to other persons and companies (contract processors or third parties) within the course of our processing, transmit it to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, is required for contract fulfillment pursuant to Art. 6 (1) (b) GDPR), if you have consented, if this is provided for by a legal obligation or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called “data processing agreement” (DPA), this is done on the basis of Art. 28 GDPR.

Your Rights

Rights of the Persons Concerned

You have the right to request confirmation as to whether or not personal data is being processed and to request information about these data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.

In accordance with Art. 17 GDPR, you have the right to demand that relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data in accordance with Art. 18 GDPR.

You have the right to request that the data concerning you which you have provided to us be received in accordance with Art. 20 GDPR and to request its transmission to other persons responsible.

You also have the right to file a complaint with the competent supervisory authority pursuant to Art. 77 GDPR.

Right of Revocation

You have the right to revoke granted consents according to Art. 7 (3) GDPR with effect for the future.

Right of Objection

You can object to the future processing of the data concerning you in accordance with Art. 21 GDPR at any time. The objection may be lodged in particular against processing for direct marketing purposes.

Right of Deletion

The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage obligations. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

Data We Store

Server log files

We automatically store the following technical information in “log files” on our server about you, when you visit one of our websites:

    • Your IP address
    • The type/version of your browser
    • The requested webpage
    • The time of your request
    • The host name of your computer and your operating system

We store this information for supporting technical trouble shooting and protection against security threats. We will store this information for no longer than 60 days. The basis for this processing is Art. 6 (1) (b) GDPR.

Contact form

When contacting us via our contact form, we collect

    • Your name
    • Your email address

for the purpose of answering your request at a later time. By clicking on “Send“ you agree to provide this information according to Art. 6 (1)(a) GDPR. You may revoke your consent at any time by contacting us (i.e. via email). We will store the data you provide until its deletion after the person responsible for processing considers the purpose of your request to be completed or because you revoked your consent for storing it.

“Apply to Meditate” form

On our site, we offer a form which lets you apply to come to our meditation centre. By filling it out and submitting it, you consent to share the following information about you according to Art. 6 (1) (a) GDPR:

    • Your name
    • Your email address
    • The day you would like to arrive
    • The day you would like to leave (after your arrival)

This information is necessary for us to organize and plan our applications and to contact you. We will keep that data for as long as we think we might need it to contact you or you request its deletion.

“Visitors and Inquiries” form

We provide a form for “Visitors and Inquiries” where you have to consent to give us

    • Your name
    • Your email address

in addition to your inquiry on the base of Art. 6 (1) (a) GDPR. This data will only be used for contacting you.

“Food Support” form

For people who would like to offer food to the Sirimangalo International Monastery and Meditation Centre, there exists a special form, where it is necessary to leave

    • Your name
    • Your email address
    • Your Phone number
    • The proposed date for meal offering

This information is necessary for us to stay in contact with you and will only be used for that purpose on the basis of Art. 6 (1) (f) GDPR.

“Booklet Request” form

If you would like to obtain a printed version of the booklet “How To Meditate: A Beginner’s Guide to Peace”, you can use the request form provided by us only for this purpose. For the purpose of being able to send the booklet to you, we ask for the following mandatory information:

    • Your name
    • Your email address
    • Your Phone number
    • A valid shipping address (includes country, state, city, postal code, street name and number)

The data will be only used for sending you the booklet, to reply to your request via email, to inform you about the feasibility of your request or to send details about the shipment.

Newsletter

If you would like to receive our newsletter, we require you to enter a valid email address and to confirm this email address before being subscribed (double opt-in method). Optionally you can provide your name which will only be used for setting a custom header in the newsletter emails you receive from us. This data will be stored and processed separately from other data we might have stored about you. We do not use this data for other purposes than sending you the newsletter and you can unsubscribe anytime from it by clicking on the “Unsubscribe” link at the bottom of every newsletter email.

In order to manage the registration process, keep track of the number of our subscribers and prepare our newsletter, we use the third party service “MailChimp”, with whom we have entered into a Data Processing Agreement (DPA). You can read more about “MailChimp” in section 4 of this privacy policy.

Comments

When leaving a comment on our site, we require you to additionally enter

    • Your name
    • Your email address

Your email address will not be publicly visible and only be used to protect against unlawful misuse of our comment section. We have a legitimate interest in storing your email for such security measures according to Art. 6 (1) (f) GDPR.

Third Party Services We Use

DigitalOcean

We use the infrastructure services of DigitalOcean for hosting our websites. This service is provided by DigitalOcean LLC, 101 Avenue of the Americas, 10th Floor, New York, NY 10013. DigitalOcean is certified under the EU-US Privacy Shield and therefore ensures compliance with European privacy standards in the United States. By using their services, we automatically entered into a “data processing agreement” with them. For more information see https://www.digitalocean.com/security/gdpr/.

Disqus Comments

We use Disqus Comments widget at our website for you to be able to comment at our webpages using Disqus commenting system. Disqus may collect information about you when you register for and use the Service. Such information may include “Personally Identifiable Information” which means information that identifies you as an individual, such information may include, but is not limited to, your name, email address, telephone number, username or account ID, and “Non-Personally Identifiable Information” which means information that does not identify you as an individual. Non-Personally Identifiable Information may include, but is not limited to, information about your browser, your IP address, device ID, what pages you visit on our Partner Sites, which website you came from, what advertisements you clicked on, whether on our Partner Websites, the Service or other third party websites, and other information about your online activity that does not identify you as an individual, in accordance with their data privacy policy: https://help.disqus.com/terms-and-policies/disqus-privacy-policy

Facebook Comments Plugins

Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the comment box on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/.

When you visit our site, a direct connection between your browser and the Facebook server is established via the plugin. This enables Facebook to receive information that you have visited our site from your IP address. If you write a Facebook comment on our site while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate visits to our site with your user account. Please note that, as the operator of this site, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses this data. For more information, please see Facebook’s privacy policy at https://de-de.facebook.com/policy.php.

If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.

MailChimp

We use the services of MailChimp to send newsletters. This service is provided by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The connected privacy policy can be accessed under https://mailchimp.com/legal/privacy. MailChimp is certified under the EU-US Privacy Shield and therefore ensures compliance with European privacy standards in the United States.

Gravatar

We use the service Gravatar of Automattic Inc. 60 29th Street #343, San Francisco, CA 94110, USA, within our online offer.

Gravatar is a service where users can log in and store profile pictures and their email addresses. If users leave contributions or comments with the respective email address on other online presences (above all in blogs), their profile pictures can be displayed next to the contributions or comments. For this purpose, the email address provided by the user is transmitted to Gravatar in encrypted form for the purpose of checking whether a profile has been saved for it. This is the sole purpose of the transmission of the email address and it will not be used for other purposes, but will be deleted thereafter.

The use of Gravatar is based on our legitimate interests within the meaning of Art. 6 (1) (f) GDPR, as we offer the possibility of personalising your contributions with a profile picture with the help of Gravatar.

By displaying the images, Gravatar obtains the IP address of the users, as this is necessary for communication between a browser and an online service. For more information on Gravatar’s collection and use of the data, please refer to Automattic’s privacy policy: https://automattic.com/privacy/.

If users do not want an image associated with their email address to appear in Gravatar’s comments, you should use a non-Gravatar email address for commenting. We would also like to point out that it is also possible to use an anonymous or no email address if users do not wish their own email address to be sent to Gravatar. Users can completely prevent the transfer of data by not using our comment system.

Google Fonts

We integrate the fonts (“Google Fonts”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Youtube

We integrate videos of the platform “YouTube” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

PayPal

We accept donations via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg. If you click on the donation button, you will be redirected to PayPal. In order to meet legal requirements, we store your name and the amount you donated.