General Data Protection Regulation
Thank you for your interest in bodhana. Data protection has a very high priority for our company. A use of our internet pages is basically possible without any indication of personal data. However, if an affected person wishes to use our company’s special services through our website, personal data processing may be required. If the processing of personal data is required, we generally seek the consent of the person concerned.
The processing of personal data, such as the name, address, e-mail address or telephone number of the concerned person, is always in accordance with the GDPR and in accordance with our country-specific privacy policy. By means of this privacy policy, our company wants to inform affected persons about their rights.
As administrator, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website as well as our e-mail traffic. Nevertheless, Internet-based data transmissions can, in principle, have security gaps so that absolute protection cannot be guaranteed. For this reason, each affected person is free to submit personal data to us in alternative ways, for example by telephone.
- Definitions of our Privacy Policy
The privacy policy is based on the terminology used by the European legislature and legislature in the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for both the public and our customers and business partners. To ensure this, we would like to explain in advance the terminology used. We use the following terms in this privacy policy, including but not limited to:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (‘the person concerned’). A natural person is considered to be identifiable who, directly or indirectly, in particular by means of an assignment to an identifier such as a name, to an identification number, to location data, to an online identifier or to one or more special features, the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.
b) The person affected
Affected person is any identified or identifiable natural person whose personal data is processed by the administrator.
c) Processing
Processing means any process or series of operations related to personal data, such as collecting, collecting, organizing, organizing, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures; disclosure by transfer, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction
d) Restriction of processing
Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
e) Profiling
Profiling is any kind of automated processing of personal data that involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular, aspects relating to job performance, economic situation, health to analyze or predict personal preferences, interests, reliability, behavior, location or change of location of that natural person.
f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that personal data can no longer be allocated to a specific person without the need for additional information, provided that such additional information is kept separate and subject to technical and organizational measures that ensure: that the personal data are not assigned to an identified or identifiable natural person.
g) Administrator or party responsible
The administrator is the natural or legal person, public authority, institution or establishment that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by the law of the Union or the law of the Member States, the administrator or the specific criteria of his designation may be provided for under Union or national law.
h) Processor
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the administrator.
i) Recipient
Recipient is a natural or legal person, agency, authority or other entity to whom personal data are disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law under a particular audit mission shall not be considered as beneficiaries.
j) Third parties
Third is a natural or legal person, public authority, agency or other entity other than the person concerned, the administrator, the processor and the persons authorized under the immediate responsibility of the administrator or the responsible person to process the personal data.
k) Consent
Consent, is any information given voluntarily by the affected person in an informed and unequivocal manner in the form of a statement or other unambiguous confirmatory act by which the person affected indicates that he/she agreed to the processing of personal data.
- Responsible party
The person responsible within the meaning of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions of a data protection character is:
bodhana wellness centre
sangam projects s.l.
annette adelskamp
c/benito jeronimo feijoo 2,
07181 costa d’en blanes
Spain
Tel 971 67 64 69
Email info@bodhana.com
Website www.bodhana.com
- Administration
We process data in the context of administrative tasks and organization of our business, financial accounting and compliance with legal obligations, such as the archiving. In doing so, we use the same data that we process in the course of rendering our contractual services. The processing principles are Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. The processing affects customers, interested parties, business partners and website visitors. The purpose and interest in processing lies in the administration, financial accounting, office organization, data archiving, and tasks that serve to maintain our business, perform our duties and provide our services. The deletion of data relating to contractual services and contractual communications complies with the information provided in these processing activities.
We disclose or transmit data to the financial services, consultants such as tax accountants or auditors, and other fee and payment service providers.
Furthermore, based on our business interests, we store information about suppliers, promoters and other business partners, e.g. for later contact. This majority of company-related data, we store in principle permanently, until revoked.
- Rights of the user – rights of our customers
You can currently exercise the following rights under the contact details of our data protection administrator:
- Information about your stored data and their processing
- Correction of incorrect personal data
- Deletion of your stored data
- Limitation of data processing, if we are not yet allowed to delete your data due to legal requirements
• Objection to the processing of your data with us and - Data portability, if you have consented to the data processing or have concluded a contract with us.
If you have given us your consent, you can withdraw it at any time with effect for the future.
- Legal basis of processing
Art. 6 I lit. A GDPR is used by our company as a legal basis for processing operations where we obtain consent for a particular processing purpose. If the processing of personal data is necessary to fulfill a contract of which the person concerned is a party, as is the case, for example, in processing operations necessary for the supply of goods or other service or consideration, the Processing on Art. 6 I lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be required to protect the vital interests of the person concerned or another natural person. This would be the case, for example, if a visitor to our facilities were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR.
Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. On this legal basis, processing operations that are not covered by any of the above legal bases are required if processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and freedoms of the person concerned prevail. Such processing operations are particularly allowed to us because they have been particularly mentioned by the European legislator. In that regard, it considered that a legitimate interest could be assumed if the person concerned is a customer of the administrator (recital 47, second sentence, GDPR).
- Duration of storage of personal data
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline, the corresponding data will be routinely deleted, if they are no longer required to fulfill the contract or to initiate a contract.
- Legal or contractual regulations
We clarify that the provision of personal information may be required by law in part (for example, tax regulations) or may arise from contractual arrangements (such as details of the contractor).
Occasionally it may be necessary for a contract to be concluded that an affected person provides us with personal data that must subsequently be processed by us. For example, the concerned person is required to provide us with personal information when our company enters into a contract with her. Failure to provide personal data would mean that the contract could not be concluded with the person concerned.
- Hosting
The hosting services we use are for the purpose of providing the following services: infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance services we use to operate this online service.
Here, we – or our hosting provider – process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer according to Art. 6 para. 1 lit. f GDPR in connection with Art. 28 GDPR (conclusion of an assignment processing contract).
- Server log files
In server log files, our website provider collects and stores information that your browser automatically sends to our website. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
There is no merge of this data with other data sources. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.
- SSL or TLS encryption
In order to best protect your transmitted data, we use SSL encryption. You recognize such encrypted connections with the prefix “https: //” in the page link in the address bar of your browser. Unencrypted pages are identified by “http: //”.
All data you submit to this website – such as inquiries or logins – cannot be read by third parties due to SSL encryption.
All e-mail traffic between you and our company is realized from our side via an encrypted connection (TLS).
- Contact form
Data submitted via the contact form will be stored, including your contact details, to process your request or to be available for follow-up questions. A disclosure of this data will not take place without your consent.
The processing of the data entered into the contact form takes place exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). User information can be stored in a Customer Relationship Management System (“CRM System”) or similar software. A revocation of your already given consent is possible at any time. For the revocation is sufficient an informal message by e-mail. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data submitted via the contact form will remain with us until you request us to delete it, revoke your consent to the storage or there is no longer any need for data storage. Mandatory statutory provisions – in particular retention periods – remain unaffected.
- Cookies
This website uses cookies for the pseudonymized range measurement, which are transmitted either from our server or the third party server to the user’s browser. Cookies are small files that are stored on your device. Your browser accesses these files. The use of cookies increases the user-friendliness and security of this website.
If you do not want to save range-measuring cookies on your device, you can object to the use of these files here:
- Cookie opt-out page of the Network Advertising Initiative:
http://optout.networkadvertising.org/?c=1#!/
- Cookie deactivation page on the US website: http://optout.aboutads.info/?c=2#!/
- Cookie deactivation page of the European website: http://optout.networkadvertising.org/?c=1#!/
Popular browsers offer the preference option of not allowing cookies. Note: There is no guarantee that you will be able to access all functions of this website without any restrictions if you make the appropriate settings.
- Google Analytics
The administrator has integrated on this website the component Google Analytics (with anonymization function). Google Analytics is a web analytics service. Web analysis is the collection, storage, use and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data about which website an affected person has come to a website (so-called referrers), which subpages of the website were accessed, or how often and for which length of stay a subpage was viewed. A web analysis is mainly used to optimize a website and cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The administrator uses the addition “_gat._anonymizeIp” for web analytics via Google Analytics. By means of this addendum, the IP address of the Internet connection of the person concerned will be shortened and anonymised by Google if the access to our website is from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our websites, and to provide other services related to the use of our website.
Google Analytics uses a cookie on the information technology system of the person affected. What cookies are, has already been explained above. By using this cookie Google is enabled to analyze the usage of our website. Each time one of the pages of this website is accessed by the administrator and a Google Analytics component has been integrated, the internet browser on the information technology system of the person concerned will be automatically identified by the respective Google Analytics website. Component causes data to be submitted to Google for the purposes of online analysis. As part of this technical process, Google will be aware of personally identifiable information, such as the IP address of the person concerned, which Google uses to help track the origin of visitors and clicks, and subsequently enable commission billing.
The cookie stores personally identifiable information, such as access time, the location from which access was made, and the frequency of site visits by the person concerned. Each time you visit our website, your personal information, including the IP address of the Internet connection used by the concerned person, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer this personal information obtained through the technical process to third parties.
The affected person can prevent the setting of cookies through our website, as shown above, at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
Furthermore, the affected person has the possibility of recording the data generated by Google Analytics and referring to the use of this website and the processing of this data by Google and to prevent such. To do this, the affected person needs to download and install a browser add-on at https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as a contradiction. If the concerned person´s information technology system is later deleted, formatted or reinstalled, the person concerned must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or disabled by the person concerned or any other person within their sphere of control, it is possible to reinstall or reactivate the browser add-on.
Additional information and Google’s privacy policy can be found at
https://www.google.com/intl/en/policies/privacy/ and
http://www.google.com/analytics/terms/en.html. Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.
- Google fonts
In order to display our content in a correct and graphically appealing way, we use script libraries and font libraries on this website. Google Webfonts (https://www.google.com/webfonts/). Google web fonts are transferred to the cache of your browser to prevent multiple loading. If the browser does not support Google Web fonts or prohibits access, content will be displayed in a standard font and the appearance may differ from the actual appearance.
The call of script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible – but currently also unclear whether, and if so, for what purposes – that operators of such libraries collect data.
The privacy policy of the library operator Google can be found here:
https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated
- Google Maps
This website uses Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes and uses data about the use of map functions by visitors. For more information about Google’s data processing, please refer to the Google Privacy Notice (https://www.google.com/policies/privacy/). There you can also change your personal privacy settings in the privacy center.
For detailed instructions on managing your own data related to Google products, see: http://www.dataliberation.org/ Opt-Out: https://adssettings.google.com/authenticated
- Online presence in social media
We maintain online presence within social networks and platforms in order to communicate with customers, interested party and other users and to inform them about our services. When calling the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.
Unless otherwise stated in our privacy policy, we process users’ data as long as they communicate with us within social networks and platforms, for example, writing posts on our online presence or sending us messages.
- Youtube
On some of our websites we embed Youtube videos. Operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a page with the YouTube plugin, it will connect to Youtube servers. In this case Youtube will be informed which pages you visit. If you logged in to your Youtube account, Youtube can assign your surfing behavior to you personal profile. This is prevented by logging out of your Youtube account beforehand.
When a Youtube video is started, the provider uses cookies that provide information about user behavior. If you disabled the storage of cookies for the Google Ad program, Youtube will also not store cookies. But Youtube also gathers non-personal usage information through other cookies. If you do not want this, storage of cookies have to be blocked through the browser settings.
For more information on the privacy of “Youtube”, see the privacy statement of the provider at: https://policies.google.com/privacy
- Newsletter Data
To send our newsletter, we need an e-mail address from you. A verification of the given e-mail address is necessary and the receipt of the newsletter is to be agreed. Supplementary data are not collected or are voluntary. The use of the data takes place exclusively for the dispatch of the newsletter.
The data provided in the newsletter registration are processed exclusively on the basis of your consent (Article 6 (1) (a) GDPR). A revocation of your already given consent is possible at any time. For the revocation is sufficient an informal message by e-mail or you sign up via the “unsubscribe” link in the newsletter. The legality of the already completed data processing operations remains unaffected by the revocation.
Data entered to set up the subscription will be deleted in the event of cancellation. If these data have been sent to us for other purposes and elsewhere, they will remain with us.
- Namastelight
The newsletter is sent by means of “NamasteLight”, a newsletter service provider of the US supplier Namaste Interactive, LLC, 6864 Embarcadero, Carlsbad, USA. The privacy policy of the shipping service provider can be viewed here: https: //www.namastelight.com/privacy-policy.html
Namaste Interactive, LLC, subsidiary of Emma, Inc, 9 Leave Ave, Nashville, Tennessee 37210, USA, which is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt00000008P6HAAU&status=Active).
The mailing service provider is based on our legitimate interests acc. Art. 6 para. 1 lit. f RGPD / DS-GVO and a contract processing contract acc. Art. 28 para. 3 p. 1 RGPD / DSGVO.
The mailing service provider may use the data of the recipients in pseudonymous form, i. without assignment to a user, to optimize or improve their own services, e.g. for technical optimization of mailing and presentation of newsletters or for statistical purposes. However, the mailing service provider uses the data of our newsletter recipients not to contact you himself or to pass the data on to third parties.
- Profiling
As a responsible company, we refrain from automatic decision-making or profiling.
- Amendment
We reserve the right to amend this privacy policy to always comply with current legal requirements or to implement changes to our services in the privacy statement, e.g. when introducing new services. Your new visit will be subject to the new privacy policy.