Last updated: June 2026
Privacy Policy of Bhakti Marga Canada
- Introduction
Thank you for your interest in Bhakti Marga Canada and our beloved Guruji, Paramahamsa Sri Swami Vishwananda. Bhakti Marga Canada, a charitable organization registered in Canada (“Bhakti Marga Canada”, “we”, “us”, or “our”), respects your privacy and is committed to protecting your personal data.
This Privacy Policy explains the types of personal data we collect, how we use and protect that data, and what rights you have under applicable privacy laws. It applies to all users worldwide, including individuals located in Canada, the European Union (EU), the United States, and other jurisdictions. In doing so, it incorporates legal requirements from multiple regulatory frameworks, including the General Data Protection Regulation (GDPR) of the European Union, Canadian privacy legislation such as the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, relevant provincial laws such as Quebec’s Law 25, as well as United States state-level privacy laws such as the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), and the Colorado Privacy Act (CPA). We are committed to processing your personal information responsibly and transparently, in accordance with the highest applicable standards of data protection across all regions in which we operate.
By accessing or using our website at www.bhaktimarga.ca and any other domains owned by Bhakti Marga Canada and accessible through http://www.bhaktimarga.ca/ , including but not limited to, https://bhaktimarga.ca/donations/canada-2/, https://bhaktimarga.ca/events/, and https://shop.bhaktimarga.ca/, (collectively, the “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information. or interacting with us via electronic communications or third-party platforms, you accept the terms of this Privacy Policy.
- Controller Details
The responsible legal entity for data processing is Bhakti Marga Canada Cultural Center, Entity Type – Charitable, Represented by Sairam Karalamoorthy Registered office: 1425 Rougemount Drive, Pickering, ON, L1V 1N2, Canada Phone: +1 6476776127 Email: info@bhaktimarg.ca Charitable #: 735307522RR0001
- Scope of this Policy
This policy applies to information we collect: – On this Website; – In email, text, and other electronic messages between you and this Website; – When you interact with our advertising and applications on third-party websites…
The words of which the initial letter is capitalized have meanings defined under the following conditions… [Full Definitions Section]
This policy applies to information we collect:
- On this Website;
- In email, text, and other electronic messages between you and this Website;
- When you interact with our advertising and applications on Telegram, Facebook, Instagram, Youtube, Twitter, Flickr, or any other third-party websites and services, if those applications or advertising include links to this policy.
It does not apply to information collected by:
- Use offline or through any other means, including on any other website operated by Bhakti Marga Canada or any third party;
- Any third party, including through any application or content (including advertising) that may link to or be accessible from or through the Website.
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.
- Interpretation and Definitions
Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions
For the purposes of this Privacy Policy:
- Account means a unique account created for You to access our Service or parts of our Service.
- Affiliate means an entity that controls, is controlled by or is under common control with a party
- E-Mail info@bhaktimarga.ca
- Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
- Country refers to: Canada
- Device means any device that can access the Service such as a computer, a cell phone or a digital tablet.
- Personal Data is any information that relates to an identified or identifiable individual.
- Service refers to the Website.
- Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analysing how the Service is used.
- Usage Data refers to data collected automatically, either generated using the Service or from the Service infrastructure itself (for example, the duration of a page visit).
- Website refers to: https://bhaktimarga.ca
- accessible from https://bhaktimarga.ca
- You mean the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
- Collecting and Using Your Personal Data
Types of Data Collected: – Personal Data: Email address, First name and last name, Address, etc. – Usage Data: IP address, browser type, pages visited, etc. – Tracking Technologies and Cookies: Cookies, web beacons, and their purposes.
Types of Data Collected
Personal Data
While using Our Service, we may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:
- Email address.
- First name and last name.
- Address, State, Province, ZIP/Postal code, City.
- Usage Data
- Use of Your Personal Data
We use your data to: – Provide and maintain our Service – Manage your Account – Fulfill contracts and contact you – Send promotional content (if not opted out) – Comply with legal obligations
Using Your Personal Data
Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
Tracking Technologies and Cookies
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse Our Service. The technologies We use may include:
- Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, you may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
- Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.
We use both Session and Persistent Cookies for the purposes set out below:
- Necessary / Essential Cookies
Type: Session Cookies
Administered by: Us.
Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
- Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: Us.
Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
- Functionality Cookies
Type: Persistent Cookies
Administered by: Us.
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
For more information about the cookies, we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.
Use of Your Personal Data
The Company may use Personal Data for the following purposes:
- To provide and maintain our Service, including to monitor the usage of our Service.
- To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
- For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
- To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including the security updates, when necessary or reasonable for their implementation.
- To provide You with news, special offers and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
- To manage Your requests: To attend and manage Your requests to Us.
- For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
- For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing, and your experience.
We may share Your personal information in the following situations:
- With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
- For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
- With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
- With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
- With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
- With Your consent: We may disclose Your personal information for any other purpose with Your consent.
- Legal Basis for Processing
Depending on your location and activity, we rely on:
- Consent
- Contractual necessity
- Legal obligation
- Legitimate interests
For users located in the European Economic Area (EEA), this corresponds to the legal bases set out in Article 6 of the General Data Protection Regulation (GDPR).
- Retention and Deletion of Personal Data
Data is retained only as long as necessary to fulfill purposes or comply with legal obligations. Users may request deletion unless retention is legally required.
Retention of Your Personal Data
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
Delete Your Personal Data
You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.
Our Service may give You the ability to delete certain information about You from within the Service.
You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.
Please note, however, that we may need to retain certain information when we have a legal obligation or lawful basis to do so.
- Disclosure of Personal Data
We may disclose data to: – Acquirers in business transactions – Law enforcement (where required, Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency)) – Enforce legal rights – Prevent fraud or harm
Other legal requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
- Comply with a legal obligation.
- Protect and defend the rights or property of the Company.
- Prevent or investigate possible wrongdoing in connection with the Service.
- Protect the personal safety of Users of the Service or the public.
- Protect against legal liability.
Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies if the processing procedures below do not state otherwise.
- Data Sharing and International Transfers
We may share personal data with: – Service providers (e.g., Stripe, Google, Meta) – Affiliates under strict agreements – Payment processors and media platforms International transfers are safeguarded via SCCs, adequacy decisions, or the Data Privacy Framework.
Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.
Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.
The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.
We share personal data with:
- Service providers (e.g.,Woocommerce, Stripe, Paypal, Google, Meta...)
- Affiliates under strict data protection agreements
- Payment processors for donations and purchases
- Social platforms (e.g., YouTube, Facebook) for media delivery
All providers are bound by contracts and, where required, Standard Contractual Clauses (SCCs) or certified under the EU-US Data Privacy Framework.
International Transfers
Your personal information may be transferred to, stored, accessed or processed in countries outside your province, territory or country of residence, including by service providers located in Canada, the European Union, the United States and other jurisdictions where Bhakti Marga Canada or its service providers operate.
Where personal information is transferred across borders, Bhakti Marga Canada takes reasonable steps to ensure that appropriate safeguards are implemented and that personal information receives a level of protection comparable to that required under applicable privacy laws. Such safeguards may include contractual protections, data processing agreements, security measures, and other legally recognized transfer mechanisms.
By using our services or providing personal information to us, you acknowledge that your personal information may be transferred to and processed in jurisdictions outside your country of residence, which may be subject to different privacy laws and may permit access by governmental, regulatory or law enforcement authorities in accordance with applicable laws.
- Children’s Privacy
Our Service does not address anyone under the age of 16. We do not knowingly collect personally identifiable information from anyone under the age of 16. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 16 without verification of parental consent, we take steps to remove that information from Our servers.
If we need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, we may require Your parent’s consent before We collect and use that information. If you believe we might have any information from or about a child under sixteen (16), please contact us at info@bhaktimarga.us.
- Links to Other Websites
Our Website may contain links to third-party sites. We are not responsible for the content or privacy practices of those sites. Users should consult the privacy policies of external sites they visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
- Webhosting and Online Shop
Webhosting
Sebastian Gates Web Development, Address: J.W. Lucasweg 35, 2031 BE Haarlem, Netherlands, sebastian.gates@dkit.ie
WordPress.com: Hosting and software for the creation, provision and operation of websites, blogs and other online offerings; service provider: Aut O’Mattic A8C Ireland Ltd, Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests; Website: https://wordpress.com; Privacy Policy; Data Processing Agreement. Basis for transfer to third countries: EU-US Data Privacy Framework (DPF).
Online shop
Which data do we process in the context of the online shop?
In the course of an order in our Online Shop on the website https://shop.bhaktimarga.ca/shop/, we process, inter alia, title, first and last name, company name, country, billing and shipping address, e-mail address, telephone number, spiritual name (optional), notes about the order (optional), information about the products or services you have ordered, including the order status, and payment information such as credit card number or other bank information.
For what purposes and on what legal basis do we process this data?
The personal data collected as part of the online shop will only be used to fulfil your order. Therefore, the processing is necessary to fulfil contractual or quasi-contractual obligations, respectively consent, where the provision of your data is optional.
Use of WooCommerce and Compliance with PIPEDA
For our online shop on the website https://shop.bhaktimarga.ca/shop/ we use the e-commerce software WooCommerce, a secure e‑commerce platform provided by Automattic, Inc. (60 29th Street #343, San Francisco, CA 94110, USA). We use WooCommerce to process customer orders, manage payment transactions, and facilitate shipping.
When you place an order through our website, we collect certain personal information – such as your name, billing and shipping address, e-mail address, IP address, and payment details—in order to fulfill your purchase. Because this data is collected from individuals in Canada, it is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).
In accordance with PIPEDA, we are committed to:
- obtaining your meaningful consent before collecting or using personal information,
- limiting collection to what is necessary for the identified purpose,
- using appropriate safeguards to protect your data,
- providing you with the right to access and correct your personal information, and
- identifying a Privacy Officer who is accountable for our compliance with Canadian privacy laws.
For details on how WooCommerce and Automattic handle personal data, please refer to their privacy policy.
.
Server log files
You can use our websites without submitting personal data.
Every time our website is accessed, user data is transferred to us or our web hosts/IT service providers by your internet browser and stored in server log files. This stored data includes for example the name of the site called up, date and time of the request, the IP address, amount of data transferred and the provider making the request. The processing is carried out based on the legal basis of our legitimate interests in ensuring the smooth operation of our website as well as improving our services.
Your data may be transferred to third countries outside the European Union for which an adequacy decision has been made by the EU Commission.
Proactive contact of the customer by e-mail
If you contact us proactively via email, we shall collect your personal data (name, email address, message text) only to the extent provided by you. The purpose of the data processing is to handle and respond to your contact request.
If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place based on our contract.
If the initial contact occurs for other reasons, this data processing takes place based on our legitimate interest for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of legitimate interest.
We will only use your email address to process your request. Your data will subsequently be deleted in compliance with statutory retention periods unless you have agreed to further processing and use.
Collection and processing when using the contact form.
When you use the contact form, we will only collect your personal data (name, email address, message text) in the scope provided by you. The data processing is for the purpose of making contact.
If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place based on a contract.
If you contact us for any reason, we may collect and process the personal information you provide in order to handle, respond to and follow up on your request.
Such processing is carried out for purposes reasonably necessary to communicate with you, respond to your enquiry, fulfil contractual obligations where applicable, and comply with legal or regulatory requirements.
We will use your contact information only for these purposes unless you have consented to additional uses. Your personal information will be retained only for as long as necessary to fulfil the purposes for which it was collected or to comply with applicable legal, accounting, tax or regulatory obligations, after which it will be securely deleted or anonymized where appropriate.
- Event Booking and Management
We collect registration and payment data for event participation (e.g., title, name, email, country, payment info). Legal basis: contract performance, legitimate interest, or consent.
Events
What data do we process in the context of booking and managing events?
If you register for our events or paid courses in the events calendar on our website, we will process your title, first and last name, country, address, email address, telephone number, spiritual name (optional), information about the event for which you have registered, payment data such as credit card number or other bank details, among other things. If you register for our free events in the event calendar on our website, we will process your username, email address, spiritual name (optional), information about the event for which you have registered, among other things.
For what purposes and on what legal basis do we process this data?
The personal data collected in the context of booking and managing the event will be used in particular to respond to your request. In addition, we may use the data collected to contact you directly and offer you similar offers and events based on your booking history and personal interests. The processing is necessary for the fulfilment of contractual or pre contractual obligations (Art. 6 GDPR). We may also ask for your explicit consent to the processing of personal data collected in connection with the booking and management of the event. Consent will be entirely voluntary.
Service provider for ticketing
Events Calendar
Our website uses The Events Calendar to publish and manage events, courses, retreats, festivals and other activities offered by Bhakti Marga Canada.
When you view or register for an event, personal data such as your name, email address, telephone number, event selections and other information required for the organisation of the event may be collected and processed. This information is used to administer registrations, communicate with participants and organise the respective event.
The processing of your personal data is carried out for the performance of a contract and, where applicable, to comply with legal obligations.
Further information about The Events Calendar can be found at:
https://theeventscalendar.com/privacy-policy/
WooCommerce Tickets
Our website uses WooCommerce Tickets to manage paid event registrations, ticket generation and participant administration.
When you purchase or register for an event, personal data such as your name, email address, billing information, payment status and event registration details may be processed. Where applicable, participant lists, QR codes, check-in lists, tickets and confirmation emails may be generated to facilitate the organisation and administration of the event. Participant information may also be shared with teachers, organisers, venues or local teams where necessary for the delivery of the respective event.
The processing of your personal data is carried out for the performance of a contract and, where applicable, to comply with legal obligations.
Further information about WooCommerce and WooCommerce Tickets can be found at:
https://woocommerce.com/document/marketplace-privacy/
Events
What data do we process in the context of booking and managing events?
If you register for our events or paid courses in the events calendar on our website, we will process your title, first and last name, country, address, email address, telephone number, spiritual name (optional), information about the event for which you have registered, payment data such as credit card number or other bank details, among other things. If you register for our free events in the event calendar on our website, we will process your username, email address, spiritual name (optional), information about the event for which you have registered, among other things.
For what purposes and on what legal basis do we process this data?
The personal data collected in the context of booking and managing the event will be used in particular to respond to your request. In addition, we may use the data collected to contact you directly and offer you similar offers and events based on your booking history and personal interests. The processing is necessary for the fulfilment of contractual or pre contractual obligations. We may also ask for your explicit consent to the processing of personal data collected in connection with the booking and management of the event. Consent will be entirely voluntary.
14.1 Joint Organization of the Event and Sharing of Participant Information
This event is jointly organized and promoted by Bhakti Marga Canada Cultural Center and Bhakti Marga America (together, the “Organizers”).
The Organizers cooperate in the planning, promotion, administration, delivery, and follow-up of the event and jointly determine certain purposes and means of processing participant information in connection with the event.
Personal Information We May Process
Depending on your participation, we may collect and process:
- Name
- Email address
- Country, province/state, and location information
- Registration and participation details
- Communications relating to the event
- Technical information required to provide online participation
- Photographs, video recordings, livestream recordings, and other media captured during the event
Sharing of Personal Information Between the Organizers
In connection with the organization and operation of the event, personal information may be shared between Bhakti Marga Canada and Bhakti Marga America for the following purposes:
- Event registration and administration
- Participant management and support
- Event communications
- Provision of online participation and livestream access
- Organization, promotion, and follow-up of the event
- Management of media recordings and publications
- Internal reporting, planning, and administration related to the event
Both organizations will only access and use personal information to the extent reasonably necessary for these purposes.
Photographs, Videos and Media Recordings
The event may be photographed, filmed, livestreamed, and otherwise recorded.
Photographs, video recordings, livestream recordings, audio recordings, and other media materials may be used by Bhakti Marga Canada, Bhakti Marga America, and affiliated Bhakti Marga organizations for spiritual, educational, informational, archival, documentary, and promotional purposes.
Such materials may be published through:
- Official Bhakti Marga websites
- Printed publications
- Official social media channels
- Mobile applications
- Video-on-demand and streaming platforms operated by or on behalf of Bhakti Marga
- Telegram channels and similar communication platforms
- Other media and communication channels operated by or on behalf of Bhakti Marga
Future Communications from Bhakti Marga America
Where required by applicable law, Bhakti Marga America will only use your contact information to send information regarding future spiritual events, courses, retreats, programs, and related activities where you have provided your consent or another valid legal basis exists.
You may withdraw your consent to receive such communications at any time by following the unsubscribe instructions included in the communication or by contacting the relevant organization.
International Transfers
Because Bhakti Marga is an international organization, personal information may be accessed, processed, or stored by Bhakti Marga America and affiliated service providers located outside Canada, including in the United States.
Where personal information is transferred outside Canada, reasonable contractual and organizational safeguards are implemented to protect the information in accordance with applicable privacy laws.
Contact
If you have questions regarding the processing of your personal information in connection with this event, you may contact:
Bhakti Marga Canada Email: info@bhaktimarga.ca
or
Bhakti Marga America
Entity Type – Religious Corporation
Registered Office: 304 Demarest Parkway, Elmira, New York, 14905
E-Mail: info@bhaktimarga.us
Legal Representative: Hancock Estabrook, LLP
Telephone: +1 607 391 2860
15. Bhakti+ Media Platform, Livestreams and Event Recordings
This section explains how Bhakti Marga Canada (“BM Canada”) and, where applicable, Bhakti Marga America (“BM US”) process personal information in connection with:
- the Bhakti+ Media Platform;
- livestreams and video-on-demand services;
- recordings of spiritual events;
- Darshan events;
- festivals;
- spiritual courses and seminars, including online and hybrid events;
- and other media content featuring Paramahamsa Vishwananda and Bhakti Marga activities.
The Bhakti+ Media Platform is available through mobile applications, websites and other digital services operated by or on behalf of Bhakti Marga.
In connection with these services and events, personal information may be processed for the purposes of providing access to digital content, administering registrations and subscriptions, operating livestreams, creating and publishing event recordings, supporting spiritual education, maintaining archives of spiritual events, and communicating with participants and users.
Additional information regarding event recordings, livestreams and the publication of media content is provided in the following sections of this Privacy Policy.
15.1 Events with Paramahamsa Vishwananda: Livestreams, Media Recordings and Publication of Event Content
1. Scope
During Bhakti Marga events, photo, video and audio recordings may be created within designated filming areas.
These recordings serve the purposes of documenting spiritual events, preserving spiritual teachings, providing livestreams and video-on-demand content, supporting educational activities, and communicating with the wider Bhakti Marga community.
This section applies to all photo, video and audio recordings created in connection with Bhakti Marga events, including but not limited to:
- Darshan events
- Satsangs
- Festivals
- Pilgrimages
- Spiritual seminars and courses
- Hybrid events
- Online events
This applies irrespective of whether participation takes place physically or digitally.
Nature of the Information Processed
During events, photo, video and audio recordings may be created.
Such recordings may include:
- Images of participants
- Voice recordings
- Statements or testimonials voluntarily provided
- Participation in spiritual activities
- Spiritual names (where voluntarily provided)
- Event registration information, such as name, email address and language preference
Participation in a spiritual event may reveal information relating to an individual’s religious, spiritual or philosophical beliefs. Such information is processed only where reasonably necessary for the purposes described in this Privacy Policy and in accordance with applicable privacy laws.
The primary focus of filming and photography is Paramahamsa Vishwananda, the musicians, speakers, performers, ceremonial activities and the spiritual programme itself. Participants may be captured incidentally as part of audience, crowd, overview or event atmosphere recordings.
15.2 Joint Controllership – Bhakti Marga Media Platform
Bhakti Marga Canada Cultural Centre (“BM Canada”) and Bhakti Marga America (“BM US”) may act as joint controllers in relation to media content created during Bhakti Marga events and distributed through the Bhakti+ Media Platform and related Bhakti Marga media channels.
The responsibilities are generally allocated as follows:
BM Canada is responsible for:
- organising and conducting events in Canada;
- collecting participant information and registration data;
- providing privacy notices and event-related information;
- obtaining and documenting any required consents for media recordings, livestreams and publications;
- implementing on-site privacy and filming measures.
BM US is responsible for:
- operation and management of the Bhakti+ Media Platform and for media processing and publication of content for users in the USA and Rest of World (ROW), under a multi-license agreement with Bhakti Event GmbH (BM EU), the original licensor and rights holder.
- distribution of media content to users in the United States and other regions served through the platform;
- management of platform user accounts and subscriptions;
- publication and administration of audiovisual content on the platform.
Bhakti Event GmbH, Germany, acts as a technical and media service provider on behalf of BM Canada and/or BM US and may provide filming, production, livestreaming, hosting, technical support and related services. Where Bhakti Event GmbH processes personal information solely on behalf of another organisation, it acts as a processor or service provider and not as an independent controller.
Individuals may exercise their privacy rights by contacting either BM Canada or Bhakti Marga America (“BM US”). The organisations will cooperate as necessary to respond to requests in accordance with applicable privacy laws.
15.3 Events and Media Recordings
During events organised by Bhakti Marga Canada — such as Darshan with Paramahamsa Sri Swami Vishwananda — photo and video recordings (including livestreams and video-on-demand) may be created and shared.
While the focus of recordings is on Paramahamsa Vishwananda, attendees may be incidentally filmed. To protect individual privacy, livestream-free zones and black wristbands are available at all events upon request.
15.4 Film Zones and Opt-Out Mechanisms
To safeguard participants’ rights:
- Clearly marked film zones may exist.
- Targeted close-up recordings occur only within such zones or on the basis of consent.
- Outside film zones, only non-focused overview recordings may be made.
- Livestream-free zones are provided.
- Participants may notify organisers if they do not wish to be filmed.
- Visible identifiers (e.g., wristbands) may be used to protect opt-out participants.
15.5 Publication Channels
Media content may be published via:
Internal Platform
- Bhakti+ Media Platform (Bhakti+ App) https://bhakti.plus/de/de
Official External Channels
- YouTube
- Official channels including:
- @ParamahamsaVishwananda108 https://www.youtube.com/@ParamahamsaVishwananda108
- @BhaktiMarga1008
- https://www.youtube.com/@BhaktiMarga1008
- @BhaktiMargaMusic
- https://www.youtube.com/channel/UCRA5DC4xf7slRF8W7taZ-fQ
- Facebook, https://www.facebook.com/bhaktimarga108/
- Official Bhakti Marga pages, https://www.bhaktimarga.org/https://paramahamsavishwananda.com/https://justlovefestival.org/https://shreepeethanilaya.org/
- Instagram, https://www.instagram.com/bhaktimarga/
- Flickr, https://www.flickr.com/photos/bhaktimarga/
- Official Bhakti Marga websites (including country websites)
15.6 Legal Basis for Processing Personal Data
|
Region |
Legal Basis |
Description & Examples |
|
European Union |
Contractual necessity (Art. 6(1)(b) GDPR) |
Processing required to provide services or respond to your request (e.g., seva registration, event participation). |
|
Explicit consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR) |
Used when you voluntarily provide sensitive information (e.g., spiritual name, religious beliefs, health data). |
|
|
Legitimate interests (Art. 6(1)(f) GDPR) |
For communication, spiritual outreach, community building, and responding to general inquiries. |
|
|
International data transfers (Art. 46 GDPR – Standard Contractual Clauses) |
When data is transferred outside the EU, we use appropriate safeguards such as SCCs to ensure adequate protection. |
|
|
Canada |
Consent (as required under PIPEDA and applicable provincial laws) |
You may provide express or implied consent to collect and use your data, e.g., through contact forms or newsletter signup. |
|
Contractual necessity |
When your data is needed to respond to your request, register for services, or fulfill a volunteer engagement. |
|
|
Reasonable business interest |
We may process limited data for purposes such as communication, event organization, or internal analysis. |
Platform Operation & License Structure
The Bhakti Marga Media Platform, including all streaming infrastructure, is operated by BM US under a multi-license agreement from Bhakti Event GmbH (BM EU) . The operational responsibilities are:
- BM US: Technical operation and regional access management for US and ROW users; media processing and publication of non-EU content.
- BM Canada: Event organisation and data collection (consent) in Canada.
- BM EU: Licensor and owner of the platform, with ongoing rights and oversight.
BM US does not have access to personal data of EU users. Any processing of EU-origin content by BM US is subject to BM EU’s instruction and user consent.
Data Processing, IP Tracking & Storage
When users access the Media Platform App or associated websites, IP addresses are used for regional redirection:
- EU-based users → redirected to the EU Shopify platform operated by Bhakti Event GmbH (BM EU)
- All others (USA, Canada, ROW) → redirected to the US Shopify platform operated by BM US
Regardless of redirection:
- All customer data is stored in a centralised Shopify EU database.
- Each entity (BM EU, BM US, BM Canada) is solely responsible for the data of users under its jurisdiction.
- No shared operational access exists between legal entities; responsibilities are clearly separated.
Data Categories Processed
We may process the following categories of personal data:
- Identification (e.g., name, spiritual name, country)
- Contact information (e.g., email)
- Photos, video recordings, testimonials
- Device & session data (e.g., IP, app logs)
- Subscription, transaction and payment data
- Media preferences and language settings
Data Collection Sources
Your personal data is collected when you:
- Register for the platform or an event
- Use the app or website
- Purchase subscriptions
- Provide consent for recordings
- Interact with our support teams
15.7 Processors & Data Sharing (Art. 28 GDPR)
Bhakti Event GmbH uses carefully selected service providers as processors within the meaning of Art. 28 GDPR to operate the Bhakti+ platform and to technically implement media content.Appropriate data processing agreements (DPAs) are in place with all service providers.
a) Hexaglobe, Paris, France
Service: Video hosting and embedding servicesWebsite: https://www.hexaglobe.comPrivacy Policy: https://www.hexaglobe.com/en/privacy-policyDPA: https://www.hexaglobe.com/en/legalSafeguards: EU hosting (no third-country transfer)
b) Shopify International Ltd., Ireland
Service: Hosting of the app infrastructure and platform-related servicesWebsite: https://www.shopify.comPrivacy Policy: https://www.shopify.com/legal/privacyDPA: https://www.shopify.com/legal/dpaSafeguards: DPA and Standard Contractual Clauses (SCCs), where applicable
c) Flickr (Yahoo! Inc.), USA (optional)
Service: Optional image galleriesWebsite: https://www.flickr.comPrivacy Policy: https://www.flickr.com/help/privacyDPA: https://www.flickr.com/help/dpaSafeguards: Standard Contractual Clauses (SCCs)
d) YouTube (Google Ireland Ltd.) (currently not used for livestreams)
Service: Video hosting or informational content, if usedWebsite: https://www.youtube.comPrivacy Policy: https://policies.google.com/privacyDPA: https://cloud.google.com/terms/data-processing-addendumSafeguards: SCCs pursuant to Google DPA
e) Meta Platforms Ireland Ltd. (Facebook) (currently not used for livestreams)
Service: Optional social media communication, if usedWebsite: https://www.facebook.comPrivacy Policy: https://www.facebook.com/privacy/policy/DPA: https://www.facebook.com/legal/terms/dataprocessingSafeguards: SCCs pursuant to Meta DPA
Public authorities (e.g., tax authorities) receive personal data only where a legal obligation exists
15.8 International Transfers of Media Content
Media content created during Bhakti Marga events may be made available to users located in Canada, the United States and other countries through the Bhakti+ Media Platform and related Bhakti Marga media channels.
Where event recordings, livestreams or related media content are processed, stored, hosted or distributed by Bhakti Marga America (“BM US”) or other service providers located outside Canada, appropriate contractual, technical and organisational safeguards are implemented to protect personal information in accordance with applicable privacy laws.
Media content recorded during events in Canada may be processed by BM Canada, BM US, Bhakti Event GmbH and authorised service providers for the purposes of livestreaming, hosting, publication, video-on-demand services, archiving and related media activities.
Where personal information is transferred internationally, Bhakti Marga Canada takes reasonable steps to ensure that personal information receives a level of protection appropriate to the nature and sensitivity of the information and in accordance with applicable privacy and data protection laws.
16. Retention Periods
Personal information is retained only for as long as necessary to fulfil the purposes for which it was collected, to provide requested services, to comply with legal, accounting, tax, regulatory or reporting requirements, or as otherwise permitted or required by applicable law.
If consent is withdrawn, personal information will be deleted, anonymized or securely destroyed, unless retention is required to comply with legal obligations, resolve disputes, enforce agreements or maintain appropriate business and financial records.
Your Rights
Depending on your location, you have the right to:
- Access your data
- Rectify inaccuracies
- Request erasure or restriction
- Object to processing
- Withdraw consent or Electronic Documents Act (PIPEDA), specifically in Section 4.3.8 of Schedule 1.
- Lodge a complaint with your local data protection authority
Contact Information & Consent Withdrawal
To exercise your rights or withdraw consent, contact:
For users in Canada, USA, and Rest of World (ROW):Bhakt Marga US📧 info@bhaktimarga.usSubject: Withdrawal of Consent
For users in Canada
Bhakti Marga Canada:
📧 info@bhaktimarga.ca
Subject: Withdrawal of Consent
For users in the EU:Bhakti Event GmbH📧 dataprotection@bhaktimarga.orgAm Geisberg 1–8, 65321 Heidenrod, GermanySubject: Withdrawal of Consent
We will process your request promptly and in accordance with legal requirements. Consent withdrawal only applies to future processing.
17. Online Events and Technical Service Providers
For certain online courses, livestreams, retreats, and spiritual programs organized by Bhakti Marga Canada Inc., including the Sri Yantra Course and similar online events, Bhakti Event GmbH, Am Geisberg 1–8, 65321 Heidenrod, Germany (“Bhakti Event”), acts as a technical service provider and data processor on behalf of Bhakti Marga Canada Inc.
Bhakti Marga Canada Inc. remains the sole organizer, operator, and controller of the event and determines the purposes and means of the processing of participant information.
Bhakti Event may provide technical and administrative services in connection with the event, including:
-
operation and support of event websites and landing pages;
-
technical support for participant registration processes;
-
email workflow and technical administration;
-
customer support and technical assistance;
-
user account creation and login management;
-
provision of online event access;
-
livestream support and content delivery;
-
management of video-on-demand access where applicable.
To provide these services, Bhakti Event may process participant information on behalf of Bhakti Marga Canada Inc.
Processors and Technical Service Providers for Online Events
To provide online courses, livestreams, registrations, participant administration, video-on-demand services, and related online event functionality, Bhakti Event GmbH uses carefully selected service providers and subprocessors. Appropriate contractual and technical safeguards are implemented to protect personal information.
a) Hexaglobe SAS, France
Service: Streaming platform, video hosting, user authentication, livestream delivery, and video-on-demand services
Website: https://www.hexaglobe.com
Privacy Policy: https://www.hexaglobe.com/privacy-policy
Safeguards: EU-based hosting and contractual data processing safeguards.
b) Shopify International Ltd., Ireland (if used)
Service: Event landing pages, registration workflows, customer account management, and related e-commerce functionality.
Website: https://www.shopify.com
Privacy Policy: https://www.shopify.com/legal/privacy
Data Processing Addendum: https://www.shopify.com/legal/dpa
c) Bhakti+ Platform https://bhakti.plus/de/de
Where participants receive access to recordings following an event, recordings may be made available through the Bhakti+ platform operated and technically supported by Bhakti Event GmbH.
Depending on the participant’s location and service configuration, content may be delivered through infrastructure operated by Bhakti Event GmbH and its service providers.
Bhakti Event GmbH processes personal information solely on behalf of and under the instructions of Bhakti Marga Canada Inc. and does not use participant information for its own independent purposes.
Personal information may be transferred to and processed in Canada, Germany, France, the United States, and other jurisdictions in which the above service providers operate. Appropriate contractual, techn
18. Social Media and Plugins and Marketing
We maintain presences on platforms such as: – Facebook, Instagram, Telegram, YouTube, Twitter, TikTok, Meetup – Plugins and APIs include: Google Maps, Google Tag Manager, YouTube embedding Data processing may include behavioral tracking, analytics, and advertising. Legal basis: legitimate interest, consent (for tracking), joint controllership (e.g. Facebook Fanpages).
Presence in social networks (social media)
We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.
We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights.
Furthermore, user data is generally processed within social networks for market research and advertising purposes. For example, user profiles can be created based on user behaviour and the resulting interests of users. The user profiles can in turn be used, for example, to place adverts within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. Should you nevertheless require assistance, you can contact us.
– Processed data types: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication, and process data (e.g. IP addresses, time data, identification numbers, consent status); Inventory data (e.g. names, addresses).
– Data subjects: Users (e.g. website visitors, users of online services).
– Purposes of Processing: Contact requests and communication; Feedback (e.g. collecting feedback via online form); Marketing. Provision of our online services and user-friendliness.
– Legal basis: Legitimate interests
Further information on processing operations, procedures, and services:
- Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests; Website: https://www.instagram.com. Privacy Policy: https://instagram.com/about/legal/privacy.
- Facebook pages: Profiles within the social network Facebook – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content users view or interact with, or the actions they take (see under “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under “Device information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, so-called “Page Insights”, for page operators so that they can gain insights into how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook (“Information on Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfil the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information on Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Basis for transfer to third countries: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum). Further information: Agreement on joint controllership: https://www.facebook.com/legal/terms/information_about_page_insights_data. The joint controllership is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns the transfer of the data to the parent company Meta Platforms, Inc. in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
- Telegram channels: We use the Telegram platform to send messages to subscribers of our Telegram channel; Service provider: Representative in the European Union: European Data Protection Office (EDPO), Avenue Huart Hamoir 71, 1030 Brussels, Belgium; Website: https://telegram.org/; Privacy Policy: https://telegram.org/privacy; Further information: We process the personal data of subscribers only to the extent that we can view and delete the subscribers as recipients of the channel. Beyond this, i.e. in particular for the sending of messages, the evaluation and provision of anonymous sending statistics for the channel operators and the administration of subscribers, Telegram is responsible under data protection law.
- WhatsApp Business: Communication service for responding to enquiries and communicating with users, participants and other communication partners; Service Provider: WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (for users in the European Economic Area) and WhatsApp LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (for users outside the EEA); Legal basis: Legitimate interests; Website: https://www.whatsapp.com/; Privacy Policy: https://www.whatsapp.com/legal/privacy-policy; Basis for third-country transfers: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (SCCs), where applicable.
- YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests; Privacy Policy: https://policies.google.com/privacy; Basis for third country transfer: EU-US Data Privacy Framework (DPF). Option to object (opt-out): https://adssettings.google.com/authenticated.
19. Third Party Providers Online Service
To offer you a convenient website, we use, inter alia, cPanel, and YouTube (Google Maps and YouTube are together referred to as “content plug-ins”), and so-called social media plugins of the social networks.
19.1 YouTube
On our websites, we use the services of the video portal YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, (“YouTube”) to integrate videos. In connection with the provision of YouTube, we use the “Enhanced Privacy Mode”, which is intended to ensure that data is only transmitted to YouTube when the videos are accessed.
Thus, only if you interact with the video, a connection to YouTube will be established to be able to call up and display the video. In this context, YouTube stores at least the IP address, the date and time as well as the website you visited. In addition, a connection to Google’s advertising network “DoubleClick” is established.
If you are logged into YouTube at the time, you visit our website, YouTube may establish a connection to your YouTube account. To prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.
For the purpose of ensuring improved usability and analyzing usage behavior, YouTube permanently stores cookies on your end device via your Internet browser. If you do not agree with this processing, you have the option to prevent the storage of cookies by a setting in your Internet browser. You can find more information on this above under “Cookies”.
Google provides further information on the collection and use of data as well as your rights and protection options in this regard in the Privacy Notice.
19.2 Video conferencing, online meetings, webinars and online lectures and online courses and screen sharing
We use third-party platforms and applications (hereinafter referred to as “Conference Platforms”) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as “Conference”). When selecting conference platforms and their services, we take into account the legal requirements.
Data processed by conference platforms: In the context of participation in a conference, the conference platforms process the personal data of the participants mentioned below. The scope of the processing depends, on the one hand, on which data is requested in the context of a specific conference (e.g. provision of access data or real names) and which optional information is provided by the participants. In addition to processing for the implementation of the conference, the data of the participants may also be processed by the conference platforms for security purposes or service optimization. The processed data includes personal data (first name, last name), contact information (e-mail address, telephone number), access data (access codes or passwords), profile pictures, details of professional position/function, the IP address of the Internet access, details of the participants’ end devices, their operating system, the browser and its technical and linguistic settings, information on the content of the communication processes, i.e. entries in chats, as well as audio and video data, as well as the use of other available features (e.g. surveys). The content of the communications is encrypted to the extent technically provided by the conference providers. If the participants are registered as users with the conference platforms, then further data may be processed in accordance with the agreement with the respective conference provider.
Logging and recordings: If text entries, participation results (e.g. of surveys) as well as video or audio recordings are logged, this will be communicated transparently to the participants in advance and they will be asked for consent if necessary.
Data protection measures of the participants: For the details of the processing of your data by the conference platforms , please note their data protection notices and select the optimal security and data protection settings for you within the settings of the conference platforms. Please also ensure that data and privacy are protected in the background of your recording for the duration of a video conference (e.g. by notifying roommates, locking doors and, as far as technically possible, using the function to make the background unrecognizable). Links to the conference rooms as well as access data may not be passed on to unauthorized third parties.
Notes on legal bases: If, in addition to the conference platforms , we also process the data of the users and the users ask for their consent to the use of the conference platforms or certain functions (e.g. consent to a recording of conferences), the legal basis for the processing is this consent. Furthermore, our processing may be necessary for the fulfilment of our contractual obligations (e.g. in participant lists, in the case of processing of interview results, etc.). In addition, users’ data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.
- Types of data processed: inventory data (e.g. names, addresses); contact details (e.g. email, phone numbers); Content data (e.g. submissions in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, timings, identification numbers, consent status).
- Data subjects: communication partners; Users (e.g. website visitors, users of online services). People depicted.
- Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; Contact requests and communication. Office and organizational procedures.
- Legal basis: Legitimate interests.
Further information on processing processes, procedures and services:
- Zoom: conferencing and communication software; Service Provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Legal basis: Legitimate interests; Website: https://zoom.us; Privacy Policy: https://zoom.us/docs/de-de/privacy-and-legal.html; Data processing agreement: https://zoom.us/docs/de-de/privacy-and-legal.html (referred to as Global DPA). Basis for third-country transfers: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://zoom.us/docs/de-de/privacy-and-legal.html (referred to as Global DPA)).
19.3 HubSpot
On our websites, we use the services of the CRM platform HubSpot, which is operated by HubSpot, Inc. The European subsidiary is HubSpot Ireland Limited, 1 Sir John Rogerson’s Quay, Dublin 2.
The processed data may include, personal data as necessary to provide the CRM services by HubSpot, in particular, IP addresses and email addresses, which, however, are not collected and processed without your consent (usually as part of the settings of your desktop or mobile devices). The data may be processed in the USA. Further information can be found in HubSpot’s privacy policy, which you can access here.
– Hubspot: email sending and email sending and automation services; service provider: HubSpot, Inc. The European subsidiary is HubSpot Ireland Limited, 1 Sir John Rogerson’s Quay, Dublin 2
– Legal basis: Legitimate interests; Website; Privacy Policy: https://legal.hubspot.com/privacy-policy; Data processing agreement: https://legal.hubspot.com/de/dpa; Basis for transfer to third countries: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (provided by the service provider). Further information: Special security measures: https://trust.hubspot.com. Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). HubSpot has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.
19.4 Gravity Forms
We use Gravity Forms to provide contact forms, registration forms and other online forms on our website.
When you submit a form, the information you provide may be collected and processed in order to respond to your enquiry, administer registrations, provide requested services and communicate with you.
The personal information collected depends on the specific form and may include your name, email address, telephone number and any other information you choose to provide.
Further information about Gravity Forms is available at:
https://www.gravityforms.com/privacy/
20. Advertising and Marketing
Bhakti Marga Canada uses Meta advertising tools (including Facebook and Instagram Ads) to promote spiritual events and activities, such as local appearances by Paramahamsa Vishwananda. These tools allow us to display targeted advertisements to individuals based on factors such as geographic location, page engagement, and platform interests.
Our advertising activities are limited to Canada and the US-based users. Campaigns are managed exclusively by Bhakti Marga Canada, and we do not intentionally target, access, or use personal data from individuals located in the European Union or other GDPR-regulated jurisdictions for these campaigns.
In connection with these tools, Meta Platforms Inc. may act as a joint controller of data, particularly where user interactions on Meta platforms are used for audience targeting or measurement. This may include the processing of personal data such as IP address, device information, interaction history, and inferred interests.
Where Meta processes data as a joint controller, such processing is governed by Meta’s Controller Addendum. For more information on how Meta processes personal data, please refer to Meta’s Data Policy.
You can manage your advertising preferences through your Facebook or Instagram account settings.
This includes both standard ads created via Meta Ads Manager and boosted posts promoted directly from Instagram.
20.1 Canadian Privacy Rights (PIPEDA)
If you are a Canadian resident, you have the right to know what personal information we collect, the purposes for which it is used, and with whom your information is shared. Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you also have the right to access your personal data, request corrections, withdraw consent, and file a complaint if you believe your privacy rights have been violated.
To exercise your privacy rights or make inquiries, you can contact us directly at info@bhaktimarga.ca. For further information or to file a complaint, you may also contact the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca.
20.2 California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the right to know what categories of personal information we collect, the purposes for which it is used, and with whom your information is shared. Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), you also have the right to opt out of the “sharing” of your personal information for cross-context behavioral advertising.
To opt out of targeted advertising through Meta, you can:
- Adjust your preferences via Facebook: Ad Preferences
- Adjust your preferences via Instagram: Instagram Ad Settings
- Submit a request using our Do Not Sell or Share My Personal Information form.
20.3 Notice to Users in the European Union
Although our advertising activities are limited to U.S. residents, this website is accessible from within the European Union. Bhakti Marga Canada does not intentionally target or process personal data of EU-based users for advertising purposes.
However, because Meta’s platforms are jointly controlled by Meta Platforms Ireland Ltd. for EU users, incidental processing of EU user data (e.g., from page visits or public engagement) may occur. In such cases, data processing is governed by Meta’s Joint Controller Addendum in accordance with Article 26 GDPR, and subject to Meta’s Privacy Policy.
Bhakti Marga Canada does not make decisions regarding the data of EU users, does not retain such data, and does not use it for ad targeting. If you are located in the EU, you may exercise your GDPR rights directly with Meta Platforms Ireland Ltd.
21. Communications with Existing Contacts
If you have previously registered for an event, course, retreat or other activity, made a donation, contacted us, or otherwise have an existing relationship with Bhakti Marga Canada, we may use your contact information to send you emails relating to upcoming events, courses, retreats, spiritual activities, organisational news and similar information that may be of interest to you.
These communications are sent based on our legitimate interest in maintaining our relationship with our community members and supporters, or where otherwise permitted by applicable law. Where required, we will obtain your consent before sending such communications.
We use HubSpot to manage these communications. You may opt out of receiving such emails at any time by using the unsubscribe link included in the communication or by contacting us directly.
22. Payment Processing and Service Providers
Bhakti Marga Canada offers a variety of secure payment options for your convenience. To process your payments, we may share certain payment-related data with third-party payment service providers. For more information about how these providers handle your personal data, please consult their respective privacy policies.
Why do we use third-party payment providers?
We use third-party providers to enable efficient and secure online payments on our website and in our apps. Payment data is processed for:
- Fulfilling contractual or donation-related transactions;
- Compliance with legal and financial regulations.
Who receives your payment information?
In addition to financial institutions (such as your bank), we work with third-party payment processors who may receive your data to execute the transaction. Credit agencies may also be involved to verify your identity and assess creditworthiness, depending on the payment method selected.
What payment data may be collected?
The payment service providers may collect and process the following types of data:
- Full name
- Billing and shipping address
- Bank account or credit card details (card number, CVC, expiration date)
- Authentication data (e.g. passwords, TANs)
- Order or donation details (amount, recipient, purpose)
- IP address
- Time and date of transaction
- Device and browser information
- Consent status
- Cookies and other identifiers
Please note: We do not receive or store your full credit card or account data. We only receive confirmation or failure status regarding the transaction.
Legal basis for processing payment data
Your personal data may be processed for payment purposes based on:
- Your consent, where required (you may withdraw your consent at any time);
- Contract performance, such as fulfilling your donation or order;
- Legal obligations, such as record-keeping and fraud prevention.
Additional terms and privacy policies
Please note that payment processing is additionally governed by the terms and privacy policies of the respective payment providers. We recommend that you read their policies carefully before completing your transaction.
How long is your payment data stored?
Retention periods vary depending on the provider and applicable financial regulations. Generally, data is stored only as long as necessary for payment processing and legal compliance.
What rights do you have?
You may exercise your data protection rights such as access, correction, deletion, or objection. For data processed by the payment provider, please contact them directly using the information in their privacy policy.
Payment Providers We Use
We offer multiple payment methods so you can choose the one most convenient for you. These include:
- Visa
- Mastercard
- American Express
- PayPal
Visa
Provider Contact DetailsVisa Inc.Visa Europe Limited1 Sheldon SquareLondon, W2 6TT, United Kingdomhttps://www.visa.com
Purpose of ProcessingWe use Visa for secure and reliable processing of credit card transactions.
What data does Visa collect?Visa may collect and process:
- Name and surname
- Email address
- Visa card number
- Transaction details (date, time, amount)
Visa may also conduct profiling and data analysis to prevent fraud and security threats. For details, see Visa’s privacy policies:
- https://www.visa.com/legal/global-privacy-notice.html
- https://www.visa.co.uk/legal/global-privacy-notice/jurisdictional-notice-eea.html
Data TransfersVisa may process data outside the U.S. or EU.We have a contractual agreement in place with Visa to ensure adequate data protection safeguards where applicable.
Legal BasisVisa processes your data based on:
- Consent (if required),
- Contract performance (e.g. processing a donation),
- Legal obligations (e.g. financial reporting).
Retention PeriodVisa stores data for as long as necessary to fulfill the transaction and comply with financial laws.
Your RightsYou may exercise your rights (such as access, correction, deletion) directly with Visa.
Use of Mastercard, AMEX
- Mastercard – Payment Services: Mastercard is used for the technical processing of online payment transactions. The service provider is Mastercard Canada ULC, 121 Bloor Street East, 5th Floor, Toronto, Ontario M4W 3T9, Canada. The legal basis for processing is the performance of a contract and pre-contractual measures, where applicable, and in accordance with Canadian privacy legislation such as the Personal Information Protection and Electronic Documents Act (PIPEDA). For more information, please visit: https://www.mastercard.ca – Privacy Policy.
- AMEX (American Express) – Payment Services: American Express is used for the technical processing of online payment transactions. The service provider is American Express Canada, 2225 Sheppard Avenue East, Toronto, Ontario M2J 5C2, Canada. The legal basis for processing is the performance of a contract and pre-contractual measures, where applicable, and in accordance with Canadian privacy laws such as the Personal Information Protection and Electronic Documents Act (PIPEDA). For more information, please visit: https://www.americanexpress.com/ca – Privacy Policy.
When processing payments, services such as Mastercard and American Express may process certain personal data as required to complete transactions, prevent fraud, ensure security, and comply with legal obligations. This may include:
- Name and contact information
- Credit card details (e.g., card number, expiration date, CVC)
- Transaction details (e.g., amount, date, merchant information)
- IP address
The scope of data processing depends on the payment method used and the contractual relationships between the user, the merchant, and the respective payment service provider.
Legal Basis
Processing is based on your consent, the need to fulfill a contract (e.g. a donation or purchase), or compliance with legal obligations.
Data Transfers
Services such as Mastercard and American Express processes data primarily within Canada.
Retention Period
Data is retained as long as necessary for payment processing and regulatory compliance.
Your Rights
Please refer to the respective privacy policies for more information about how your personal data is handled by the payment providers:
Mastercard: https://www.mastercard.ca/en-ca/vision/corp-responsibility/commitment-to-privacy/privacy.html
American Express: https://www.americanexpress.com/ca/en/content/privacy-policy/
For any data-related concerns, you may contact Mastercard or American Express directly.
Stripe (Direct Use)
What data does Stripe collect?Stripe may collect:
- Name, address, and contact details
- Payment method and transaction metadata
- IP address, device/browser data
- Credit check data (for some payment types)
Legal Basis
Processing is based on contract performance, legal obligations (e.g., tax law), and Stripe’s legitimate interest in fraud prevention. If credit scoring is performed, it is based on a balancing of interests.
Data Transfers
Data may be transferred internationally with contractual safeguards in place.
Retention Period
Data is retained as long as necessary to fulfill transactions and legal requirements.
Your Rights
Please refer to:
PayPal Express
What data does PayPal Express collect?PayPal may collect:
- Name and email
- PayPal account details
- Device type, browser, and IP address
- Payment and transaction metadata
- Location and session cookies
Legal Basis
Processing is based on contract performance, your consent (e.g., for cookies), and legitimate interest in providing a smooth and secure checkout experience.
Data Transfers
PayPal processes data in the EU and US. Safeguards are in place where applicable.
Retention Period
PayPal retains data as required by financial law and its internal risk and compliance rules.
Your Rights
Please refer to:
- PayPal Privacy Policy: https://www.paypal.com/ca/legalhub/privacy-full
PayPal Check-Out (incl. Pay Later / SEPA / Credit Card)
What data does PayPal Check-Out collect?PayPal may collect:
- Name, address, and account/payment method details
- Order data and transaction history
- Credit information (for “Pay Later” or invoice payments)
- Device and browser metadata
Legal Basis Processing is based on contract performance and legitimate interest (e.g., creditworthiness checks, fraud protection).
Data Transfers Data may be shared with credit agencies and processed internationally with appropriate safeguards.
Retention Period Data is stored in accordance with financial laws and internal risk management standards.
Your Rights Please refer to:
- PayPal Privacy Policy: https://www.paypal.com/ca/legalhub/privacy-full
Square (Direct Use)
What data does Square collect?
Square may collect:
- Name, address, and contact details
- Payment method and transaction metadata
- IP address, device/browser data
- Transaction history and fraud prevention information
Legal Basis Processing is based on contract performance, legal obligations (e.g., accounting and tax law), and Square’s legitimate interest in fraud prevention and payment security.
Data Transfers Data may be transferred internationally with appropriate contractual safeguards in place.
Retention Period Data is retained as long as necessary to process transactions and comply with applicable legal and accounting obligations.
Your Rights
Please refer to:
Square Privacy Policy: https://squareup.com/legal/privacy
Klarna (Direct Use)
What data does Klarna collect?
Klarna may collect:
- Name, address, and contact details
- Payment and transaction information
- Date of birth (where required)
- Creditworthiness and identity verification information
- IP address, device/browser data
Legal Basis Processing is based on contract performance, legal obligations, and Klarna’s legitimate interest in fraud prevention, identity verification, and, where applicable, credit assessment.
Data Transfers Data may be transferred internationally with appropriate contractual safeguards in place.
Retention Period Data is retained as long as necessary to provide payment services and comply with applicable legal and regulatory obligations.
Your Rights
Please refer to:
Klarna Privacy Policy: https://www.klarna.com/privacy/
Ratepay (used for Invoice via PayPal)
What data does Ratepay collect?Ratepay may collect:
- Full name and contact information
- Payment method and transaction data
- Credit check and score values
- Address verification data
Legal Basis Processing is based on contract performance and legitimate interest in conducting credit assessments for deferred payments.
Data Transfers Data is processed within the EU and may be shared with credit agencies. Ratepay applies standard protections.
Retention Period Data is retained for as long as necessary to fulfill payment processing and financial compliance.
Your Rights Please refer to:
- Ratepay Privacy Policy
- Credit Agency Info
Donations via Give WP plugin
Which data do we process in the context of a donation?
Givewp and Stripe: You can use a donation function on our website. We use GiveWP as our donation portal with Stripe as payment gateway and processor to handle and manage all financial transactions. Donations are processed by the third-party provider Stripe Ltd. Further information on data processing by Stripe Ltd. can be found in the legal notice: Stripe Inc. 354 Oyster Point Boulevard, South San Francisco California 94080, USA. To find out more about the security measures of these organisations, please click on the following links: https://stripe.com/de/privacy Privacy policy of Give WP: https://givewp.com/privacy-policy/.
22. Cookies and Tracking Technologies
Cookies
What are cookies? Cookies are small text files stored on your device by your browser when you visit a website. These files help recognize your browser on future visits and enable certain functions or user preferences.
Why do we use cookies?cWe use cookies to:
- Enable essential website features (e.g. navigation, session management)
- Improve performance and usability
- Secure our services
- Remember your preferences (e.g. language or location)
Technically Necessary CookiescThese cookies are essential to the functioning of our website and cannot be disabled in our systems. They allow you to:
- Navigate pages securely
- Use services such as shopping carts, logins, and form submissions
- Stay recognized during a session
Without these cookies, parts of the website may not function properly.
Legal BasiscFor users in the European Economic Area (EEA), technically necessary cookies are used based on our legitimate interest in providing a functional, secure, and user-friendly website. For any cookies beyond that (e.g., for marketing or analytics), your prior consent is required.
Managing CookiescYou can control and manage cookies through your browser settings. You can also delete cookies already stored on your device at any time. Please note that disabling cookies may limit your access to certain features.
Here are links on how to manage cookies in common browsers:
- Chrome: Manage cookies in Chrome
- Edge: Manage cookies in Microsoft Edge
- Firefox: Enable/Disable cookies in Firefox
- Safari: Manage cookies in Safari
Your Rights (EEA Users)If you are located in the EEA, you may object to the use of cookies based on our legitimate interest, if reasons arise from your particular situation. You also have the right to withdraw any cookie consent at any time for non-essential cookies.
Use of the Cookie Consent Plug-in from WebToffee
We use the GDPR Cookie Consent Plug-in from WebToffee of Mozilor Limited (10 Paxton Crescent, Shenley Lodge, Milton Keynes MK5 7PY, United Kingdom; “WebToffee”) on our website.
The plug-in enables you to give your consent to data processing via the website, in particular to set cookies, as well as to make use of your right of revocation for consents already provided. The data processing serves the purpose of obtaining and documenting necessary consents to data processing and thus to comply with legal obligations. Cookies may be deployed for this purpose. Among other things the following information can be collected and transmitted to WebToffee: anonymised IP address, User ID, consent status, date and time of the consent or rejection. This data will not be passed on to any other third parties.
The data processing is carried out on the basis of Article 6 para. 1 lit. c GDPR to comply with a legal obligation. For more information about data protection at WebToffee, please visit: https://www.webtoffee.com/privacy-policy/
Analysis
Use of Google Analytics 4
We use the Google Analytics web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The data processing serves the purpose of analyzing this website and its visitors as well as for marketing and advertising purposes. To this end, Google will use the information obtained on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
In this context, the following information may be collected, among others: IP address, date and time of page view, click path, information about the browser you are using and the device you are using (device), pages visited, referrer URL (website from which you accessed our website), location data, purchase activity. Your data may be linked by Google to other data, such as your search history, your personal accounts, your usage data from other devices, and any other data Google may have about you.
Plug-ins
Use of the Google Tag Manager
Our website uses the Google Tag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). This application manages JavaScript tags and HTML tags which are used to implement tracking and analysis tools. The data processing serves to facilitate the needs-based design and optimisation of our website. The Google Tag Manager itself neither stores cookies nor processes personal data. It does, however, enable the triggering of further tags which may collect and process personal data. You can find more detailed information on the terms and conditions of use and data protection at https://www.google.com/intl/de/tagmanager/use- policy.html
Use of GoogleMaps
Our website uses the function for embedding Google Maps by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, “Google”)
This feature visually represents geographical information and interactive maps. Google also collects, processes, and uses data on visitors to the website when they call up pages with embedded Google maps.
Your data may also be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has thus undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent based on Art. 25 para. 1 p. 1 TTDSG. The processing of your personal data is carried out with your consent. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.
Further information on the data collected and used by Google, your rights and privacy can be found in Google’s privacy policy at https://www.google.com/privacypolicy.html. You also have the option of changing your settings in the data protection centre, allowing you to administer and protect the data processed by Google.
Use of Google Ads
Our website uses Google Ads, an online advertising service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). Google Ads enables us to promote our services through advertisements displayed on Google Search and other Google partner websites, measure the effectiveness of advertising campaigns through conversion tracking, and, where applicable, create remarketing audiences.
When you visit our website, Google may collect information such as your IP address, browser and device information, pages visited, interactions with our website, advertising identifiers and cookie information. This information may be used to analyse the performance of our advertising campaigns and to display advertisements that are more relevant to your interests.
Your data may also be transmitted to the USA. For the USA, there is an adequacy decision of the EU Commission, the EU-US Data Privacy Framework (DPF). Google has certified itself under the DPF and has thereby undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent where required by applicable law. The processing of your personal data is based on your consent and, where applicable, Art. 25 para. 1 TTDSG. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal of consent.
Further information on the data collected and processed by Google, your rights and privacy options can be found in Google’s Privacy Policy at:
https://policies.google.com/privacy
Use of Meta Pixel
Our website uses Meta Pixel, a web analytics and advertising service provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “Meta”). Meta Pixel enables us to measure the effectiveness of our advertising campaigns, analyse visitor interactions with our website and, where applicable, create remarketing and custom audiences for advertising purposes on Meta platforms such as Facebook and Instagram.
When you visit our website, Meta may collect information such as your IP address, browser and device information, pages visited, interactions with our website, advertising identifiers and cookie information. This information may be used to analyse the performance of our advertising campaigns and to display advertisements that are more relevant to your interests.
Your data may also be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the EU-US Data Privacy Framework (DPF). Meta has certified itself under the DPF and has thereby undertaken to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent where required by applicable law. The processing of your personal data is based on your consent and, where applicable, Art. 25 para. 1 TTDSG. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal of consent.
Further information on the data collected and processed by Meta, your rights and privacy options can be found in Meta’s Privacy Policy at:
https://www.facebook.com/privacy/policy/
hCaptcha
We use “hCaptcha” on this website. The provider is Intuition Machines, Inc., 350 Alabama Street, Suite 10, San Francisco, CA 94110, USA.
The purpose of hCaptcha is to check whether data entry on this website (e.g. in a contact form) is carried out by a human or by an automated program. To do this, hCaptcha analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, hCaptcha evaluates various information (e.g. IP address, browser and device information, length of time the website visitor stays on the website or mouse movements made by the user). The data collected during the analysis is transmitted to hCaptcha.
The hCaptcha analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
The storage and analysis of the data is based on legitimate interests. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and SPAM. If appropriate consent has been requested, processing is carried out exclusively based on the consent. Consent can be revoked at any time.
Further information about hCaptcha can be found in the hCaptcha Privacy Policy and Terms of Service under the following links:
- https://www.hcaptcha.com/privacy
- https://www.hcaptcha.com/terms
Use of YouTube
We use the YouTube video embedding function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”). YouTube is a partnership with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; ‘Google’).
The feature displays videos that have been deposited with YouTube in an iFrame on the website. In doing so, the “Advanced Privacy Mode” option is activated. As a result, YouTube does not store any information about the visitors to the website. Only when you watch a video is the information about it transmitted to YouTube and stored there. If necessary, your data will be transferred to the USA. For the US, there is an adequacy decision from the EU Commission: the Trans-Atlantic Data Privacy Framework (TADPF). YouTube has certified itself in accordance with the TADPF and is therefore obliged to comply with European data protection principles. The use of cookies or similar technologies is carried out with your consent. The processing of your personal data is carried out with your consent. You can withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
You can find more information about the collection and use of data by YouTube and Google as well as the associated rights and options for protecting your privacy in YouTube’s privacy policy (https:// www.youtube.com/t/privacy).
Use of Flickr
– Flickr, operated by Flickr, Inc, Flickr c/o Yahoo! Inc, 701 First Avenue, Sunnyvale, CA 94089, USA. Further information can be found in Flickr’s privacy policy. Basis for the transfer to third countries: Standard contractual clauses. Legal basis: Legitimate interests; Website: https://www.flickr.com, Privacy Policy: https://www.flickr.com/help/privacy. Data processing agreement: https://www.flickr.com/help/dpa.
API Keys
We make use of certain APIs, in order to provide specific features.
These APIs may include the following third party services: Google Maps (API key), PayPal (email, Client ID, Client Secret) and Zoom (email, Client ID, Client Secret).
24. Rights of Data Subjects
Rights of persons affected and storage duration
Duration of storage
After contractual processing has been completed, the data is initially stored for the duration of the warranty period, then in accordance with the retention periods prescribed by law, especially tax and commercial law, and then deleted after the period has elapsed, unless you have agreed to further processing and use.
Your Privacy Rights
Subject to applicable law, you may have the right to:
- request access to the personal information we hold about you;
- request correction of inaccurate, incomplete or outdated personal information;
- withdraw your consent to the collection, use or disclosure of your personal information, subject to legal or contractual restrictions and reasonable notice;
- request information about how your personal information has been collected, used or disclosed;
- request that we review concerns regarding the handling of your personal information.
Where permitted or required by applicable law, certain rights may be limited, including where personal information is required for legal, regulatory, contractual, security, archival or record-keeping purposes.
To exercise any of your privacy rights, please contact us using the contact details provided in this Privacy Policy.
Marketing Communications
Where you have consented to receive newsletters, event updates, promotional communications or other marketing materials, you may withdraw your consent or unsubscribe at any time by using the unsubscribe link contained in the communication or by contacting us directly.
Upon receiving your request, we will cease sending you marketing communications, although we may continue to send service-related or transactional communications where necessary.
Complaints
If you have concerns regarding the collection, use or disclosure of your personal information, we encourage you to contact us first so that we may investigate and address your concerns.
If you are not satisfied with our response, you may have the right to submit a complaint to the Office of the Privacy Commissioner of Canada or another competent privacy regulator in accordance with applicable law.
Office of the Privacy Commissioner of Canada
Website: https://www.priv.gc.ca
You can lodge a complaint with, among others, the supervisory authority responsible for us. In case you could not solve your problem with us directly, you can also complain to your local data protection authority or the place of the suspected violation. Contact information of these authorities can be accessed at the website of the European Data Protection Board European Data Protection Board (EDPB)..
Right to object
If the data processing outlined here is based on our legitimate interests, you have the right for reasons arising from your particular situation to object at any time to the processing of your data with future effect.
If the objection is successful, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests or rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims.
25. Security Measures
We implement a variety of security measures designed to maintain the safety of your personal data we store and process.
We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, safeguarding availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and data protection-friendly default settings. TLS/SSL encryption (https): To protect user data transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting the data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL if a website is secured by an SSL/TLS certificate. For example, to protect the transmission of confidential information that you send to us as the website provider, we use SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any personal data under our control is compromised as a result of a security breach, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose personal data may have been compromised and or the competent data protection authority.
26. Canadian Privacy Rights
- This section applies solely to individuals who reside in Canada and supplements the information provided in this Privacy Policy. Canadian residents have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.
Your Privacy RightsSubject to certain exceptions, you may have the following rights:
- Right of Access: Request information about the personal data we have collected about you.
- Right to Correction: Request correction of inaccurate or incomplete personal information.
- Right to Withdraw Consent: Withdraw consent to the collection, use, or disclosure of your personal data, subject to legal or contractual restrictions.
- Right to Complain: File a complaint with us regarding our handling of your personal information. If you are not satisfied with our response, you have the right to contact the Office of the Privacy Commissioner of Canada.
How to Exercise Your RightsTo exercise any of your privacy rights, please contact us using one of the following methods:Email: info@bhaktimarga.caMail: Bhakti Marga Canada, 1425 Rougemount Drive, Pickering, ON, L1V 1N2, Canada
Office of the Privacy Commissioner of CanadaYou may also contact the Office of the Privacy Commissioner of Canada for further information or to file a complaint:Website: https://www.priv.gc.caPhone: 1-800-282-1376
Data RetentionWe retain personal data only as long as necessary for the purposes described in this Privacy Policy and in compliance with Canadian legal and financial requirements.
Updates to This SectionWe may update this section as Canadian privacy laws evolve. Please check this Privacy Policy periodically for the latest version.
27. U.S. State Privacy Rights (California, Virginia, Colorado, Connecticut, Utah)
This section applies solely to individuals who reside in California, Virginia, Colorado, Connecticut, or Utah, and supplements the information provided in this Privacy Policy. These residents may have additional rights under their respective state consumer privacy laws.
Your Privacy Rights
Subject to certain exceptions, you may have the following rights:
- Right to Know and Access: Request information about the categories and specific pieces of personal data we have collected about you in the past 12 months, including:
- The categories of personal data collected
- The sources from which the data was collected
- The business or commercial purpose for collecting the data
- The categories of third parties with whom the data was shared
- The specific personal data collected
- Right to Delete: Request the deletion of your personal data, subject to certain legal and operational exceptions (e.g., if needed to complete transactions or comply with legal obligations).
- Right to Correct (available in CA, VA, CO, CT): Request correction of inaccurate personal information.
- Right to Limit Use of Sensitive Personal Information (California only): Request restrictions on the use of sensitive personal data, such as religious beliefs or spiritual identifiers.Note: We only use sensitive data as necessary for core religious purposes and never for inferring characteristics.
- Right to Opt Out of Sale or Sharing: We do not sell or share personal data as defined by U.S. state privacy laws.
- Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
- Right to Appeal (VA, CO, CT): If we deny your request, you may appeal our decision.
How to Exercise Your Rights
To exercise any of your privacy rights, please contact us using one of the following methods:
- Email: info@bhaktimarga.ca
- Phone: +1 6476776127
- Mail: Bhakti Marga Canada, 1425 Rougemount Drive, Pickering, ON, L1V 1N2, Canada
Please include your state of residence and clearly specify which right you wish to exercise. We may need to verify your identity before processing your request (e.g., by confirming your email address or other identifying information).
Authorized Agents (California Only)
California residents may designate an authorized agent to make requests on their behalf. To do so, you must provide the agent with written authorization, and we may require confirmation of that designation directly from you.
Additional California Notices
In accordance with Cal. Civ. Code §1789.3, California residents may contact the Complaint Assistance Unit of the California Department of Consumer Affairs at:1625 North Market Blvd., Suite N 112, Sacramento, CA 95834, USA,or by phone at (800) 952-5210 or (916) 445-1254.
We will not discriminate against you for exercising your rights. This means we will not deny you services, charge you different prices, or provide you with a different level of service based on your request.
Data Retention
We retain personal data only as long as necessary for the purposes described in this Privacy Policy. For example:
- Event participation and donation records: 7 years (for legal and financial compliance)
- Newsletter engagement data: Until consent is withdrawn or after 3 years of inactivity
- Analytics and usage data: Up to 14 months
Updates to This Section
We may update this section as state privacy laws evolve. Please check this Privacy Policy periodically for the latest version.
28. European Union Data Subjects Rights
EU Residents
If you are a resident of the European Union (“EU”), United Kingdom, Lichtenstein, Norway or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below.
For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. Bhakti Marga will be the controller of your Personal Data processed in connection with the Services.
If there are any conflicts between this section and any other provision of this Privacy Policy, the provision or portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at dataprotection@bhaktimarga.org. Note that we may also process Personal Data of our customers’ end users or employees in connection with our provision of certain services to customers, in which case we are the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data.
The “Categories of Personal Data We Collect” section above details the Personal Data that we collect from you.
The “Our Commercial or Business Purposes for Collecting Personal Data” section above explains how we use your Personal Data.
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.
- Contractual Necessity: We process the following categories of Personal Data as a matter of “contractual necessity”, meaning that we need to process the data in order to carry out our obligations under the Terms of Service, including providing the Services.
- Profile or Contact Data
- Payment Data
- Other Identifying Information You Voluntarily Choose to Provide
- Other Identifying Information Another User Chooses to Provide to You
- Legitimate Interest: We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties:
- Device/IP Data
- Web Analytics
- Geolocation Data
- Other Identifying Information Another User Chooses to Provide to You
- We may also de-identify or anonymize Personal Data to further our legitimate interests. Examples of these legitimate interests include:
- Providing, customizing and improving the Services
- Marketing the Services
- Corresponding with you
- Meeting legal requirements and enforcing legal terms
- Completing corporate transactions
- Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection. This information may include:
- sensitive data, such as the belief commitment according to Art. 9 GDPR
- Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
The “How We Share Your Personal Data” section above details how we share your Personal Data with third parties.
EU and UK data subject rights
You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email us at dataprotection@bhaktimarga.org. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
- Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by logging on to your account.
- Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging on to your account in the BM web application.
- Erasure: You can request that we erase some or all of your Personal Data from our systems.
- Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
- Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
- Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
- Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
- Right to File Complaint: You have the right to lodge a complaint about Bhakti Marga practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.
30. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Revisions will be posted on this page with an updated “Last Updated” date. Users are encouraged to review the policy regularly. Continued use of our services after updates implies acceptance of the changes.
last update: June 2026