Privacy Policy for https://www.bhaktimarga.in

Last updated: November, 2025

Privacy Policy of Vithal Kripa Pvt. Ltd.

1. Introduction

By accessing or using our website at https://www.bhaktimarga.in and any other domains owned by Vithal Kripa Pvt. Ltd and accessible through, including but not limited to https://www.bhaktimarga.in (collectively, the “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information or interacting with us via electronic communications or third-party platforms, you accept the terms of this Privacy Policy.

2. Controller Details

 

The responsible legal entity (Data Controller) for all data processing activities conducted through this website is: Vithal Kripa Pvt. Ltd (VKPL), a company incorporated under the laws of India bearing the Corporate Identification Number - U22219DL2021PTC390762.

Thank you for your interest in Vithal Kripa Pvt. Ltd. Vithal Kripa Pvt. Ltd ("Vithal Kripa Pvt. Ltd", "VKPL", "we", "us", or "our"), respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains what types of personal data we collect, how we use and protect that data, and what rights you may have under applicable data protection laws.

This Policy applies to all users accessing our services via this website, regardless of their country of residence or location. It reflects the requirements of Indian data protection law, including the Digital Personal Data Protection Act, 2023 (DPDP Act), as well as relevant privacy regulations from other jurisdictions such as the European Union General Data Protection Regulation (GDPR) and U.S. state-level privacy laws (e.g., CCPA, VCDPA, CPA).

By accessing or using this website, you acknowledge and consent to the processing of your personal data in accordance with this Privacy Policy and the applicable legal framework.

 

Vithal Kripa Pvt. Ltd
M-52 (Market Block), Third Floor
Greater Kailash - 2, New Delhi,
Delhi, India - 110048

E-Mail: legal@bhaktimarga.in

 

3. Scope of this Policy

This policy applies to information we collect:

• On this Website;
• In email, text, and other electronic messages between you and this Website;
• When you interact with our advertising and applications on Telegram, Facebook, Instagram, Youtube, Twitter, Flickr, or any other third-party websites and services, if those applications or advertising include links to this policy.

 

It does not apply to information collected by:

• Us, offline or through any other means, including on any other website operated by Vithal Kripa Pvt. Ltd or any third party;
• Any third party, including through any application or content (including advertising) that may link to or be accessible from or through the Website.

 

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it.  By accessing or using this Website, you agree to this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

 

4. Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined as under . The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

• Account means a unique account created for You to access our Service or parts of our Service.
• Affiliate means an entity that controls, is controlled by or is under common control with a party
• E-Mail: legal@bhaktimarga.in
• Company
• Cookies are small files that are placed on Your computer, mobile device or any other device, by a website, containing the details of Your browsing history on that website among its many uses.
• Country refers to: India
• Device means any device that can access the Service such as a computer, a cell phone or a digital tablet.
• Personal Data is any information that relates to an identified or identifiable individual.
• Service refers to the Website.
• Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analysing how the Service is used.
• Usage Data refers to data collected automatically, either generated using the Service or from the Service infrastructure itself (for example, the duration of a page visit).
• Website refers to: https://www.bhaktimarga.in

 

• You mean the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

 

5. Collecting and Using Your Personal Data

Types of Data Collected:
- Personal Data: Email address, First name and last name, Address, etc.
- Usage Data: IP address, browser type, pages visited, etc.
- Tracking Technologies and Cookies: Cookies, web beacons, and their purposes.

Types of Data Collected

Personal Data

While using Our Service, we may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

• Email address.
• First name and last name.
• Address, State, Province, ZIP/Postal code, City.
• Usage Data

6. Use of Your Personal Data

We use your data to:
- Provide and maintain our Service
- Manage your Account
- Fulfill contracts and contact you
- Send promotional content (if not opted out)
- Comply with legal obligations

Using Your Personal Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse Our Service. The technologies We use may include:

• Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, you may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
• Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.

We use both Session and Persistent Cookies for the purposes set out below:

• Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us.

Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

• Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us.

Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

• Functionality Cookies

Type: Persistent Cookies

Administered by: Us.

Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

For more information about the cookies, we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

• To provide and maintain our Service, including to monitor the usage of our Service.
• To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
• For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
• To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including the security updates, when necessary or reasonable for their implementation.
• To provide You with news, special offers and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
• To manage Your requests: To attend and manage Your requests to Us.
• For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
• For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing, and your experience.

We may share Your personal information in the following situations:

• With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
• For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
• With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
• With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
• With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
• With Your consent: We may disclose Your personal information for any other purpose with Your consent.

 7. Legal Basis for Processing

Depending on your location and activity, we rely on:

• Consent 
• Contractual necessity 
• Legal obligation 
• Legitimate interests 

For users located in the European Economic Area (EEA), this corresponds to the legal bases set out in Article 6 of the General Data Protection Regulation (GDPR).

8. Retention and Deletion of Personal Data

Data is retained only as long as necessary to fulfill purposes or comply with legal obligations. Users may request deletion unless retention is legally required.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

Our Service may give You the ability to delete certain information about You from within the Service.

You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.

Please note, however, that we may need to retain certain information when we have a legal obligation or lawful basis to do so.

9. Disclosure of Personal Data

We may disclose data to:
- Acquirers in business transactions
- Law enforcement (where required, Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency))
- Enforce legal rights
- Prevent fraud or harm

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation.
• Protect and defend the rights or property of the Company.
• Prevent or investigate possible wrongdoing in connection with the Service.
• Protect the personal safety of Users of the Service or the public.
• Protect against legal liability.

 

Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies if the processing procedures below do not state otherwise.

 

10. Data Sharing and International Transfers

We may share personal data with:
- Service providers (e.g., Shopify, Razorpay, Stripe, Google, Meta)
- Affiliates under strict agreements
- Payment processors and media platforms
International transfers are safeguarded via SCCs, adequacy decisions, or the Data Privacy Framework.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

We share personal data with:

• Service providers (e.g., Shopify, Razorpay, Stripe, Google, Meta)
• Affiliates under strict data protection agreements
• Payment processors for purchases
• Social platforms (e.g., YouTube, Facebook) for media delivery

All providers are bound by contracts and, where required, Standard Contractual Clauses (SCCs) or certified under the legal Privacy Framework.

International Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the United States. In accordance with Art. 44 GDPR, we ensure that such transfers are subject to appropriate safeguards, such as European Commission-approved Standard Contractual Clauses (SCCs), adequacy decisions, or other legally recognized mechanisms.

 

11. Children’s Privacy

Our Service does not address anyone underaged. We do not knowingly collect personally identifiable information from anyone under the age of 16. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 16 without verification of parental consent, we take steps to remove that information from Our servers.

If we need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, we may require Your parent's consent before We collect and use that information. If you believe we might have any information from or about a child under sixteen (16), please contact us at

 

12. Links to Other Websites

Our Website may contain links to third-party sites. We are not responsible for the content or privacy practices of those sites. Users should consult the privacy policies of external sites they visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

 

 

 

13. Webhosting and Online Shop

 

Webhosting

 

 

Sebastian Gates Web Development, Address: 1 Park Place, Grange Rath, Drogheda, Ireland, sebastian.gates@dkit.ie

WordPress.com: Hosting and software for the creation, provision and operation of websites, blogs and other online offerings; service provider: Aut O'Mattic A8C Ireland Ltd, Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://wordpress.com; Privacy Policy; Data Processing Agreement. Basis for transfer to third countries: EU-US Data Privacy Framework (DPF).

 

Online shop

Which data do we process in the context of the online shop?

In the course of an order in our Online Shop on the website https://www.bhaktimarga.in;  we process, inter alia, title, first and last name, company name, country, billing and shipping address, e-mail address, telephone number, spiritual name (optional), notes about the order (optional), information about the products or services you have ordered, including the order status, and payment information such as credit card number or other bank information.

For what purposes and on what legal basis do we process this data?

The personal data collected as part of the online shop will only be used to fulfil your order. Therefore, the processing is necessary to fulfil contractual or quasi-contractual obligations (Art. 6 (1) lit. b GDPR), respectively consent (Art. 6 (1) lit. a GDPR respectively Art. 9 (2) lit. a GDPR), where the provision of your data is optional.

For our online shop on the website https://www.bhaktimarga.in we use the e-commerce software Shopify.  Privacy policy of Shopify: Shopify International Limited, address: Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, e-mail: hilfe@shopify.de , Privacy Policy of Shopify https://www.shopify.com/legal/privacy.

Shopify processes this data primarily on European servers. Shopify sends some data to its Canadian servers. Data transfers to Canada are legitimised by an adequacy decision. Occasionally, Shopify sends data to sub-processors in the USA. However, Shopify obliges them to comply with strict data protection obligations.

Use of Shopify under Multi-License Structure

Our online shop is operated on the Shopify platform, which is provided under a centralized multi-license agreement managed by Bhakti Event GmbH, a company based in the European Union. Vithal Kripa Pvt. Ltd is an authorized user of this platform and operates the online shop for users located in the United States and countries outside the European Union (“Rest of World”).

All technical services, hosting, and backend infrastructure are maintained under the main Shopify license held by Bhakti Event GmbH (EU). Vithal Kripa Pvt. Ltd utilizes this infrastructure to manage the shop content, customer orders, shipping, payments, and all legally required customer interactions for users in its region.

To ensure proper handling of your personal data, Vithal Kripa Pvt. Ltd and Bhakti Event GmbH have entered into a formal Inter-Entity and Agency Agreement. This agreement outlines:

• Joint controllership responsibilities under applicable data protection laws, including GDPR (Art. 26),
• Cross-border data transfer safeguards, including the use of Standard Contractual Clauses (SCCs),
• Shared and separate responsibilities for customer support, consent collection, order fulfillment, and data subject rights (such as access and deletion requests).

Regardless of your location, your data is processed in accordance with our commitment to data security, privacy, and transparency, and is handled in compliance with both U.S. and EU data protection standards, as applicable.

Bhakti Event GmbH has concluded an order processing contract with Shopify in accordance with Art. 28 GDPR.

DPA from Shopify: https://www.shopify.com/legal/dpa#3-european-union-and-united-kingdom.

Server log files

You can use our websites without submitting personal data.

Every time our website is accessed, user data is transferred to us or our web hosts/IT service providers by your internet browser and stored in server log files. This stored data includes for example the name of the site called up, date and time of the request, the IP address, amount of data transferred and the provider making the request. The processing is carried out based on the legal basis of our legitimate interests in ensuring the smooth operation of our website as well as improving our services.

 

Your data may be transferred to third countries outside the European Union for which an adequacy decision has been made by the EU Commission.

 

 

Proactive contact of the customer by e-mail

If you contact us proactively via email, we shall collect your personal data (name, email address, message text) only to the extent provided by you. The purpose of the data processing is to handle and respond to your contact request.

If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place based on Article 6(1)(b) GDPR.

If the initial contact occurs for other reasons, this data processing takes place based on Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.

We will only use your email address to process your request. Your data will subsequently be deleted in compliance with statutory retention periods unless you have agreed to further processing and use.

 

Collection and processing when using the contact form.

When you use the contact form, we will only collect your personal data (name, email address, message text) in the scope provided by you. The data processing is for the purpose of making contact.

If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place based on Article 6(1)(b) GDPR.

If the initial contact occurs for other reasons, this data processing takes place based on Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.

We will only use your email address to process your request. Finally, your data will be deleted, unless you have agreed to further processing and use.

 

Events 

 

What data do we process in the context of booking and managing events? 

 

If you register for our events or paid courses in the events calendar on our website, we will process your title, first and last name, country, address, email address, telephone number, spiritual name (optional), information about the event for which you have registered, payment data such as credit card number or other bank details, among other things. If you register for our free events in the event calendar on our website, we will process your username, email address, spiritual name (optional), information about the event for which you have registered, among other things. 

 

For what purposes and on what legal basis do we process this data? 

 

The personal data collected in the context of booking and managing the event will be used in particular to respond to your request. In addition, we may use the data collected to contact you directly and offer you similar offers and events based on your booking history and personal interests. The processing is necessary for the fulfilment of contractual or pre contractual obligations (Art. 6 GDPR). We may also ask for your explicit consent to the processing of personal data collected in connection with the booking and management of the event. Consent will be entirely voluntary.

15. Media Platform App & Event Recordings

This privacy notice explains how Vithal Kripa Pvt. Ltd ("VKPL") and Bhakti Marga America ("BM US") process your personal data when you attend events with Paramahamsa Vishwananda in India or use the Bhakti Marga Media Platform App "Bhakti +", available via the Apple App Store, Google Play Store, or through our websites.

Joint Controllership – Bhakti Marga Media Platform

Vithal Kripa Pvt. Ltd and Bhakti Marga America act as joint controllers under Article 26 GDPR in relation to media content created during Vithal Kripa Pvt. Ltd events in India and distributed via the Bhakti Marga Media Platform. The responsibilities are defined as follows:

• VKPL: Responsible for organising events in India, including the collection and documentation of valid consent from participants for media recordings (photos, videos, livestreams) in accordance with applicable privacy laws.
• BM US: Responsible for the technical operation, hosting, and management of the Bhakti Marga Media Platform ("Bhakti +") and for media processing and publication of content for users in the USA and Rest of World (ROW), under a multi-license agreement with Bhakti Event GmbH (BM EU), the original licensor and rights holder.

Data subjects may exercise their rights with either controller. Requests will be forwarded and processed in accordance with applicable laws.

---

 

Events and Media Recordings

During events organised by Vithal Kripa Pvt. Ltd — such as events with Paramahamsa Sri Swami Vishwananda — photo and video recordings (including livestreams and video-on-demand) may be created and shared via:

• Vithal Kripa Pvt. Ltd Media Platform App "Bhakti +"
• Vithal Kripa Pvt. Ltd Website Livestreams
• Vithal Kripa Pvt. Ltd YouTube Channel
• Facebook, Instagram, Flickr
• Promotional print or digital materials

While the focus of recordings is on Paramahamsa Vishwananda, attendees may be incidentally filmed. To protect individual privacy, livestream-free zones and black wristbands are available at all events upon request.

---

 

Legal Basis for Processing

Depending on your location and interaction, we rely on the following legal bases under GDPR:

• Contractual necessity (Art. 6(1)(b) GDPR)
• Explicit consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR)
• Legitimate interest (Art. 6(1)(f) GDPR), particularly for spiritual outreach and communication
• International data transfer safeguards (Art. 46 GDPR – SCCs)

---

 

Platform Operation & License Structure

The Bhakti Marga Media Platform, including all streaming infrastructure, is operated by BM US under a multi-license agreement from Bhakti Event GmbH (BM EU)  . The operational responsibilities are:

• BM US: Technical operation and regional access management for US and ROW users; media processing and publication of non-EU content.
• VKPL: Event organisation and data collection (consent) in India.
• BM EU: Licensor and owner of the platform, with ongoing rights and oversight.

BM US does not have access to personal data of EU users. Any processing of EU-origin content by BM US is subject to BM EU’s instruction and user consent.

---

 

Data Processing, IP Tracking & Storage

When users access the Media Platform App or associated websites, IP addresses are used for regional redirection:

• EU-based users → redirected to the EU Shopify platform operated by Bhakti Event GmbH (BM EU)
• All others (USA, India, ROW) → redirected to the US Shopify platform operated by BM US

Regardless of redirection:

• All customer data is stored in a centralised Shopify EU database.
• Each entity (BM EU, BM US, VKPL) is solely responsible for the data of users under its jurisdiction.
• No shared operational access exists between legal entities; responsibilities are clearly separated.

 

Data Categories Processed

We may process the following categories of personal data:

• Identification (e.g., name, spiritual name, country)
• Contact information (e.g., email)
• Photos, video recordings, testimonials
• Device & session data (e.g., IP, app logs)
• Subscription, transaction and payment data
• Media preferences and language settings

Data Collection Sources

Your personal data is collected when you:

• Register for the platform or an event
• Use the app or website
• Purchase subscriptions
• Provide consent for recordings
• Interact with our support teams

Processors & Data Sharing

Data processors under Article 28 GDPR include:

Processor	Purpose	Hosting / Safeguards	References
Hexaglobe (France)	Video hosting and embedding	EU-only	Privacy Policy, DPA
Shopify Intl. Ltd. (Ireland)	App infrastructure	EU servers, SCCs	Privacy Policy, DPA
Flickr (Yahoo Inc., USA)	Image gallery (optional)	SCCs	Privacy Policy, DPA
YouTube (Google Ireland)	Video streaming	SCCs via Google DPA	Privacy Policy, DPA
Meta Platforms Ireland Ltd.	Livestreams & promotion	SCCs via Meta DPA	Privacy Policy, DPA

---

 

International Transfers

• Content made available to US/ROW viewers is processed via BM US under SCCs or EU instructions.
• Content recorded in India and processed by BM US is governed by SCCs or joint controller terms between VKPL and BM US.
• No EU user data is transferred without explicit consent and appropriate safeguards.

 

Retention Periods

Personal data is retained only as long as necessary for the purposes stated or required by law. If consent is withdrawn, data will be deleted or anonymised unless legal obligations require otherwise.

Your Rights

Depending on your location, you have the right to:

• Access your data
• Rectify inaccuracies
• Request erasure or restriction
• Object to processing
• Withdraw consent (Art. 7 GDPR)
• Lodge a complaint with your local data protection authority

Contact Information & Consent Withdrawal

To exercise your rights or withdraw consent, contact:

For users in India, USA, and Rest of World (ROW):
Bhakt Marga US
📧 info@bhaktimarga.us
Subject: Withdrawal of Consent

For users in India

Vithal Kripa Pvt. Ltd:

📧 legal@bhaktimarga.in
Subject: Withdrawal of Consent

For users in the EU:
Bhakti Event GmbH
📧 dataprotection@bhaktimarga.org
Am Geisberg 1–8, 65321 Heidenrod, Germany
Subject: Withdrawal of Consent

We will process your request promptly and in accordance with legal requirements. Consent withdrawal only applies to future processing.

 

16. Social Media and Plugins and Marketing

We maintain presences on platforms such as:
- Facebook, Instagram, Telegram, YouTube
- Plugins and APIs include: Google Fonts, YouTube embedding
Data processing may include behavioral tracking, analytics, and advertising.
Legal basis: legitimate interest, consent (for tracking), joint controllership (e.g. Facebook Fanpages).

Presence in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights.

Furthermore, user data is generally processed within social networks for market research and advertising purposes. For example, user profiles can be created based on user behaviour and the resulting interests of users. The user profiles can in turn be used, for example, to place adverts within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. Should you nevertheless require assistance, you can contact us.

- Processed data types: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication, and process data (e.g. IP addresses, time data, identification numbers, consent status); Inventory data (e.g. names, addresses).

- Data subjects: Users (e.g. website visitors, users of online services).

- Purposes of Processing: Contact requests and communication; Feedback (e.g. collecting feedback via online form); Marketing. Provision of our online services and user-friendliness.

- Legal basis: Legitimate interests

Further information on processing operations, procedures, and services:

• Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com. Privacy Policy: https://instagram.com/about/legal/privacy.
• Facebook pages: Profiles within the social network Facebook - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see under "Things you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under "Device information" in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, so-called "Page Insights", for page operators so that they can gain insights into how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfil the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights"  (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Basis for transfer to third countries: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum). Further information: Agreement on joint controllership: https://www.facebook.com/legal/terms/information_about_page_insights_data. The joint controllership is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns the transfer of the data to the parent company Meta Platforms, Inc. in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
• Telegram channels: We use the Telegram platform to send messages to subscribers of our Telegram channel; Service provider: Representative in the European Union: European Data Protection Office (EDPO), Avenue Huart Hamoir 71, 1030 Brussels, Belgium; Website: https://telegram.org/; Privacy Policy: https://telegram.org/privacy; Further information: We process the personal data of subscribers only to the extent that we can view and delete the subscribers as recipients of the channel. Beyond this, i.e. in particular for the sending of messages, the evaluation and provision of anonymous sending statistics for the channel operators and the administration of subscribers, Telegram is responsible under data protection law.

 

• YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy Policy: https://policies.google.com/privacy; Basis for third country transfer: EU-US Data Privacy Framework (DPF). Option to object (opt-out): https://adssettings.google.com/authenticated.

 

 

18. Third Party Providers Online Service

To offer you a convenient website, we use, inter alia, cPanel, and YouTube (Google Maps and YouTube are together referred to as “content plug-ins”), and so-called social media plugins of the social networks.

18.1 YouTube

On our websites, we use the services of the video portal YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, ("YouTube") to integrate videos. In connection with the provision of YouTube, we use the "Enhanced Privacy Mode", which is intended to ensure that data is only transmitted to YouTube when the videos are accessed.

Thus, only if you interact with the video, a connection to YouTube will be established to be able to call up and display the video. In this context, YouTube stores at least the IP address, the date and time as well as the website you visited. In addition, a connection to Google's advertising network "DoubleClick" is established.

If you are logged into YouTube at the time, you visit our website, YouTube may establish a connection to your YouTube account. To prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

For the purpose of ensuring improved usability and analyzing usage behavior, YouTube permanently stores cookies on your end device via your Internet browser. If you do not agree with this processing, you have the option to prevent the storage of cookies by a setting in your Internet browser. You can find more information on this above under "Cookies".

Google provides further information on the collection and use of data as well as your rights and protection options in this regard in the Privacy Notice.

 

18.2 Video conferencing, online meetings, webinars and online lectures and online courses and screen sharing

We use third-party platforms and applications (hereinafter referred to as "Conference Platforms") for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as "Conference"). When selecting conference platforms and their services, we take into account the legal requirements.

Data processed by conference platforms: In the context of participation in a conference, the conference platforms process the personal data of the participants mentioned below. The scope of the processing depends, on the one hand, on which data is requested in the context of a specific conference (e.g. provision of access data or real names) and which optional information is provided by the participants. In addition to processing for the implementation of the conference, the data of the participants may also be processed by the conference platforms for security purposes or service optimization. The processed data includes personal data (first name, last name), contact information (e-mail address, telephone number), access data (access codes or passwords), profile pictures, details of professional position/function, the IP address of the Internet access, details of the participants' end devices, their operating system, the browser and its technical and linguistic settings, information on the content of the communication processes, i.e. entries in chats, as well as audio and video data, as well as the use of other available features (e.g. surveys). The content of the communications is encrypted to the extent technically provided by the conference providers. If the participants are registered as users with the conference platforms, then further data may be processed in accordance with the agreement with the respective conference provider.

Logging and recordings: If text entries, participation results (e.g. of surveys) as well as video or audio recordings are logged, this will be communicated transparently to the participants in advance and they will be asked for consent if necessary.

Data protection measures of the participants: For the details of the processing of your data by the conference platforms , please note their data protection notices and select the optimal security and data protection settings for you within the settings of the conference platforms. Please also ensure that data and privacy are protected in the background of your recording for the duration of a video conference (e.g. by notifying roommates, locking doors and, as far as technically possible, using the function to make the background unrecognizable). Links to the conference rooms as well as access data may not be passed on to unauthorized third parties.

Notes on legal bases: If, in addition to the conference platforms , we also process the data of the users and the users ask for their consent to the use of the conference platforms or certain functions (e.g. consent to a recording of conferences), the legal basis for the processing is this consent. Furthermore, our processing may be necessary for the fulfilment of our contractual obligations (e.g. in participant lists, in the case of processing of interview results, etc.). In addition, users' data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.

●     Types of data processed: inventory data (e.g. names, addresses); contact details (e.g. email, phone numbers); Content data (e.g. submissions in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, timings, identification numbers, consent status).

●      Data subjects: communication partners; Users (e.g. website visitors, users of online services). People depicted.

●     Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; Contact requests and communication. Office and organizational procedures.

●     Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

●     Zoom: conferencing and communication software; Service Provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://zoom.us; Privacy Policy: https://zoom.us/docs/de-de/privacy-and-legal.html; Data processing agreement: https://zoom.us/docs/de-de/privacy-and-legal.html (referred to as Global DPA). Basis for third-country transfers: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://zoom.us/docs/de-de/privacy-and-legal.html (referred to as Global DPA)).

 

19. Advertising and Marketing

Vithal Kripa Pvt. Ltd uses Meta advertising tools (including Facebook and Instagram Ads) to promote spiritual events and activities, such as local appearances by Paramahamsa Vishwananda. These tools allow us to display targeted advertisements to individuals based on factors such as geographic location, page engagement, and platform interests.

Our advertising activities are limited to U.S.-based users. Campaigns are managed exclusively by Vithal Kripa Pvt. Ltd, and we do not intentionally target, access, or use personal data from individuals located in the European Union or other GDPR-regulated jurisdictions for these campaigns.

In connection with these tools, Meta Platforms Inc. may act as a joint controller of data, particularly where user interactions on Meta platforms are used for audience targeting or measurement. This may include the processing of personal data such as IP address, device information, interaction history, and inferred interests.

Where Meta processes data as a joint controller, such processing is governed by Meta’s Controller Addendum. For more information on how Meta processes personal data, please refer to Meta’s Data Policy.

You can manage your advertising preferences through your Facebook or Instagram account settings.

This includes both standard ads created via Meta Ads Manager and boosted posts promoted directly from Instagram.

 

19.1 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to know what categories of personal information we collect, the purposes for which it is used, and with whom your information is shared. Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), you also have the right to opt out of the “sharing” of your personal information for cross-context behavioral advertising.

To opt out of targeted advertising through Meta, you can:

• Adjust your preferences via Facebook: Ad Preferences
• Adjust your preferences via Instagram: Instagram Ad Settings
• Submit a request using our Do Not Sell or Share My Personal Information form.

 

19.2 Notice to Users in the European Union

This website is operated by Vithal Kripa Pvt. Ltd a company established and governed under the laws of India. While our services and advertising activities are directed exclusively to users in India, our website and public content on Meta platforms (e.g., Facebook and Instagram) may be accessible from within the European Union (EU).

We do not target EU-based individuals with advertisements, nor do we intentionally collect or process personal data from EU users for advertising purposes.

However, due to the way Meta’s platforms function, incidental data processing by Meta Platforms Ireland Ltd. may occur when EU-based users view or interact with our content. In such cases:

• Meta Platforms Ireland Ltd. is responsible for the processing of personal data of EU users.
• Where applicable, Meta and Vithal Kripa Pvt. Ltd. may be considered joint controllers under Article 26 GDPR, particularly in relation to audience insights or engagement analytics.
• Such joint processing is governed by Meta’s Joint Controller Addendum and subject to Meta’s Data Policy.

Vithal Kripa Pvt. Ltd does not retain or use any personal data of EU users for its own advertising purposes. If you are located in the EU, you may exercise your rights under the General Data Protection Regulation (GDPR) directly with Meta Platforms Ireland Ltd.

 

20. Newsletter Subscription  and Communication

 

Purpose

If you subscribe to our newsletter, we use your personal data to send you updates about Vithal Kripa Pvt. Ltd, including upcoming events, services, spiritual content, promotions, and other relevant news. Our newsletter may also include automated or personalized content based on your interests and interactions.

What data is collected?

When you subscribe to our newsletter, we may collect and process the following types of data:

• Email address (required)
• First and last name (optional, for personalized communication)
• Subscription time and date
• IP address and device/browser metadata
• Consent status and log data
• Interaction data (e.g. email opens, clicks, unsubscribes)

 

Email Analytics & Tracking

Our emails include tracking technologies such as web beacons (also known as tracking pixels). These allow us to collect data on:

• Whether and when a newsletter was opened
• Which links were clicked
• The location and device used to access the email
• Technical data such as browser type and IP address

This information helps us to understand engagement and improve the content and timing of our emails. Analytics data may be stored in your subscriber profile to personalize future communication.

Legal Basis

• Consent: When you voluntarily subscribe to our newsletter, your data is processed based on your consent.
• Legitimate Interest: If you are an existing customer, we may send relevant updates based on our legitimate interest in maintaining contact, unless you object.
• Analytics & performance measurement are also based on your consent.

 

Unsubscribing and Consent Withdrawal

You may unsubscribe at any time by clicking the unsubscribe link in any of our emails or by contacting us at:
📧E-Mail:

After unsubscribing, your email address will be removed from the active mailing list.

Retention and Deletion

• We may retain unsubscribed email addresses for up to three years in a secure archive for documentation purposes (e.g. to prove prior consent).
• If legally required to respect your opt-out permanently, your email may be added to a blocklist.
• You may request earlier deletion, provided you confirm prior consent.

Newsletter Service Provider and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletters”) only with the consent of the recipients or based on a legal permission. If the contents of the newsletter are specifically described during the registration process, such descriptions are binding for the user's consent. Otherwise, our newsletters contain information about our services and organization.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may request your name for the purpose of personalized addressing in the newsletter or additional information if necessary for the purpose of the newsletter.

Double Opt-In Procedure
Newsletter registration is carried out through a double opt-in process. This means that after registration, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can register with someone else’s email address. Subscriptions are logged to comply with legal requirements, including the storage of the registration and confirmation time as well as the IP address. Changes to your data stored by the email service provider are also logged.

Deletion and Restriction of Processing
We may retain unsubscribed email addresses for up to three years based on our legitimate interests in order to demonstrate prior consent. The processing of this data is restricted to the purpose of defending against potential legal claims. A deletion request is possible at any time, provided that the former existence of consent is confirmed. In the case of legal obligations to permanently honor objections, we may store the email address in a blocklist for this purpose only.

The logging of the registration process is based on our legitimate interest in demonstrating a legally compliant subscription process. If we use a service provider for sending emails, this is done based on our legitimate interest in an efficient and secure delivery system.

Content of the Newsletters:
Information about us, our services, events, promotions, and offerings.

Types of Data Processed:

• Inventory data (e.g., names, addresses)
• Contact data (e.g., email addresses, phone numbers)
• Meta, communication, and procedural data (e.g., IP addresses, timestamps, consent status)
• Usage data (e.g., visited websites, interest in content, access times)

Data Subjects:
Communication partners

Purposes of Processing:
Direct marketing (e.g., via email or postal mail)

Legal Bases:

• Consent (Art. 6(1)(a) GDPR)
• Legitimate interests (Art. 6(1)(f) GDPR)

Right to Object / Opt-Out:
You may unsubscribe from our newsletters at any time, i.e., revoke your consent or object to further receipt. You will find an unsubscribe link at the end of each newsletter, or you may use one of the contact options listed above (preferably via email).

 

Additional Notes on Processing Activities and Tools:

Measurement of Open and Click Rates:
Our newsletters include a so-called "web beacon"—a pixel-sized file that is retrieved from our server, or from the server of our email service provider, when the newsletter is opened. During this retrieval, technical information such as your browser type, system information, IP address, and the time of access is collected.

This data is used to improve the technical performance of our newsletter system and to analyze user behavior, based on the access location (determined via IP address) or access time. This analysis also helps us understand whether newsletters are opened, when they are opened, and which links are clicked. This information is associated with individual newsletter recipients and stored in their profiles until deletion.

These evaluations help us understand the reading habits of our users and to adapt content accordingly or to send different content tailored to user interests.

The measurement of open and click rates, storage of results in user profiles, and any further processing is carried out based on the user's consent.
It is not possible to revoke performance measurement separately; in this case, the entire newsletter subscription must be cancelled. When unsubscribed, the stored profile information will be deleted.

Legal Basis:
Consent (Art. 6(1)(a) GDPR)

 

Email Delivery and Marketing Automation Services

Our email communications and newsletter distribution are managed using HubSpot, a platform for marketing automation and customer relationship management.

This service is provided under a multi-license agreement administered by Bhakti Event GmbH (Germany), which has entered into a Data Processing Agreement (DPA) in accordance with Article 28 GDPR with HubSpot for the use of the service across affiliated entities, including Vithal Kripa Pvt. Ltd.

• Service provider: HubSpot, Inc. (USA)
  EU representative: HubSpot Ireland Limited, 1 Sir John Rogerson’s Quay, Dublin 2, Ireland
• Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) and consent (Art. 6(1)(a) GDPR) where applicable
• Website: https://www.hubspot.com
• Privacy policy: https://legal.hubspot.com/privacy-policy
• Data Processing Agreement: https://legal.hubspot.com/dpa
• Data transfer mechanisms:

• EU–U.S. Data Privacy Framework (DPF)
• Standard Contractual Clauses (SCCs) provided by HubSpot

• Additional safeguards: https://trust.hubspot.com

Your data may be transferred to the United States. The European Commission has adopted an adequacy decision for the USA under the Trans-Atlantic Data Privacy Framework (TADPF). HubSpot is certified under the TADPF and has committed to compliance with European data protection principles.

Please note: Vithal Kripa Pvt. Ltd uses HubSpot solely within the framework of the multi-tenant license managed by Bhakti Event GmbH, who acts as the central contractual party with HubSpot and ensures GDPR compliance through a DPA as required under Article 28 GDPR.

21. Seva Form Data

 

Seva form 

When using the seva contact form, we collect your personal data (name, e-mail address, address, nationality, spiritual name, telephone number, talents, message text) only to the extent that you have provided it. The purpose of the data processing is to   establish contact. If the purpose of contacting us   is to   carry out pre-contractual measures (e.g. advice in the event   of interest in a purchase, the preparation of quotations) or an already in the case of a contract concluded between you and us, this data processing is carried out based on Art. 6(1)(b) GDPR. If contact is made   for other reasons, this data is processed based on Art. 6 para.  1 lit.  f GDPR is based on our overriding legitimate interest in answering your question. In this case, you have the right to object at any time, on grounds arising from your  particular situation,  to  the  processing of your personal data on the basis of Article 6(1)(f) of the GDPR. The processing of this data is based on Art. 6 (1) lit. b GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures.  Your email address will only be used to process your request. Your data will then be deleted latest after 6 month, if you have not consented to further processing and use. In all other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.

 

22. Payment Processing and Service Providers

Vithal Kripa Pvt. Ltd offers a variety of secure payment options for your convenience. To process your payments, we may share certain payment-related data with third-party payment service providers. For more information about how these providers handle your personal data, please consult their respective privacy policies.

Why do we use third-party payment providers?

We use third-party providers to enable efficient and secure online payments on our website and in our apps. Payment data is processed for:

• Fulfilling contractual or donation-related transactions;
• Compliance with legal and financial regulations.

Who receives your payment information?

In addition to financial institutions (such as your bank), we work with third-party payment processors who may receive your data to execute the transaction. Credit agencies may also be involved to verify your identity and assess creditworthiness, depending on the payment method selected.

What payment data may be collected?

The payment service providers may collect and process the following types of data:

• Full name
• Billing and shipping address
• Bank account or credit card details (card number, CVC, expiration date)
• Authentication data (e.g. passwords, TANs)
• Order or donation details (amount, recipient, purpose)
• IP address
• Time and date of transaction
• Device and browser information
• Consent status
• Cookies and other identifiers

Please note: We do not receive or store your full credit card or account data. We only receive confirmation or failure status regarding the transaction.

Legal basis for processing payment data

Your personal data may be processed for payment purposes based on:

• Your consent, where required (you may withdraw your consent at any time);
• Contract performance, such as fulfilling your donation or order;
• Legal obligations, such as record-keeping and fraud prevention.

Additional terms and privacy policies

Please note that payment processing is additionally governed by the terms and privacy policies of the respective payment providers. We recommend that you read their policies carefully before completing your transaction.

How long is your payment data stored?

Retention periods vary depending on the provider and applicable financial regulations. Generally, data is stored only as long as necessary for payment processing and legal compliance.

 What rights do you have?

You may exercise your data protection rights such as access, correction, deletion, or objection. For data processed by the payment provider, please contact them directly using the information in their privacy policy.

 Payment Providers We Use

We offer multiple payment methods so you can choose the one most convenient for you. These include:

• Visa
• Mastercard
• American Express
• Maestro
• UnionPay
• ShopPay
• Apple Pay
• Google Pay
• PayPal

 

Visa

Provider Contact Details
Visa Inc.
Visa Europe Limited
1 Sheldon Square
London, W2 6TT, United Kingdom
https://www.visa.com

Purpose of Processing
We use Visa for secure and reliable processing of credit card transactions.

What data does Visa collect?
Visa may collect and process:

• Name and surname
• Email address
• Visa card number
• Transaction details (date, time, amount)

Visa may also conduct profiling and data analysis to prevent fraud and security threats. For details, see Visa’s privacy policies:

• https://www.visa.com/legal/global-privacy-notice.html
• https://www.visa.co.uk/legal/global-privacy-notice/jurisdictional-notice-eea.html

Data Transfers
Visa may process data outside the U.S. or EU.
We have a contractual agreement in place with Visa to ensure adequate data protection safeguards where applicable.

Legal Basis
Visa processes your data based on:

• Consent (if required),
• Contract performance (e.g. processing a donation),
• Legal obligations (e.g. financial reporting).

Retention Period
Visa stores data for as long as necessary to fulfill the transaction and comply with financial laws.

Your Rights
You may exercise your rights (such as access, correction, deletion) directly with Visa.

 

Use of Mastercard, AMEX, Union Pay, EPS

• Mastercard: Payment services (technical connection of online payment methods); service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.mastercard.de/de-de.html. Privacy Policy

 

• AMEX, American Express payment services (technical connection of online payment methods); service provider: American Express Theodor-Heuss-Allee 112 60486 Frankfurt am Main Germany; Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.americanexpress.com Privacy Policy

 

• Union Pay International Co, Ltd, German Branch, An der Welle 4, 60322 Frankfurt, for the payment brands "CUP" and "Union Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website:Pay" http://www.unionpayintl.com/en/aboutUs/com, Privacy Policy

•  Discover

Provider Contact Details
Discover Financial Services
2500 Lake Cook Road
Riverwoods, IL 60015, USA
https://www.discover.com

Purpose of Processing
We use Discover to enable secure credit card transactions for users based in the United States and other regions where Discover is supported.

What data does Discover collect?
Discover may process:

• Name and contact information
• Credit card details (number, expiration, CVC)
• Transaction details (amount, date, merchant info)
• IP address and device/browser information

Legal Basis
Processing is based on your consent, the need to fulfill a contract (e.g. a donation or purchase), or compliance with legal obligations.

Data Transfers
Discover processes data primarily within the United States.

Retention Period
Data is retained as long as necessary for payment processing and regulatory compliance.

Your Rights
Please refer to Discover’s privacy policy:
https://www.discover.com/privacy-statement/
For any data-related concerns, you may contact Discover directly.

Shopify Payments (via Razorpay)

What data does Shopify Payments collect?
Shopify Payments (processed via Razorpay) may collect:

• Name and billing address
• Email and order information
• Payment method details (e.g., card number, expiration, security code)
• Transaction amount and currency
• IP address and device/browser metadata

Legal Basis
Processing is based on the performance of a contract (e.g., donation or order), legal obligations (e.g., tax and accounting), or our legitimate interests in fraud prevention and secure payment handling.

Data Transfers
Razorpay processes data within the EU and may transfer data to third countries. Standard contractual safeguards are in place.

Retention Period
Data is stored for as long as required by financial and tax regulations.

Your Rights
Please refer to:

• Shopify Privacy Policy
• RazorpayPrivacy Policy

Google Pay

What data does Google Pay collect?
Google Pay may collect:

• Name and contact details
• Linked card or payment account
• IP address and device information
• Payment amount and transaction metadata
• Location (for security and fraud detection)

Legal Basis
Processing is based on your consent, contract performance (e.g., completing a transaction), and fraud prevention.

Data Transfers
Google may transfer data globally. Adequate protection mechanisms are applied where required.

Retention Period
Data is retained in accordance with Google's policies and financial recordkeeping requirements.

Your Rights
Please refer to:

• Google Privacy Policy

Apple Pay

What data does Apple Pay collect?
Apple Pay may collect:

• Encrypted payment token and metadata
• Device account number
• Dynamic transaction code
• Minimal transaction-related details (not including full card info)

Legal Basis
Processing is based on contract performance and legitimate interests in secure authentication and fraud prevention.

Data Transfers
Apple may process transaction data on servers located outside your country. Information is anonymized or pseudonymized.

Retention Period
Apple retains payment information only as necessary for transaction processing and support.

Your Rights
Please refer to:

• Apple Pay Privacy Overview

Razorpay (Direct Use)

What data does Razorpay collect?
Razorpay may collect:

• Name, address, and contact details
• Payment method and transaction metadata
• IP address, device/browser data
• Credit check data (for some payment types)

Legal Basis
Processing is based on contract performance, legal obligations (e.g., tax law), and Razorpay’s legitimate interest in fraud prevention. If credit scoring is performed, it is based on a balancing of interests.

Data Transfers
Data may be transferred internationally with contractual safeguards in place.

Retention Period
Data is retained as long as necessary to fulfill transactions and legal requirements.

Your Rights
Please refer to:

• RazorpayPrivacy Policy

PayPal Express

What data does PayPal Express collect?
PayPal may collect:

• Name and email
• PayPal account details
• Device type, browser, and IP address
• Payment and transaction metadata
• Location and session cookies

Legal Basis
Processing is based on contract performance, your consent (e.g., for cookies), and legitimate interest in providing a smooth and secure checkout experience.

Data Transfers
PayPal processes data in the EU and US. Safeguards are in place where applicable.

Retention Period
PayPal retains data as required by financial law and its internal risk and compliance rules.

Your Rights
Please refer to:

• PayPal Privacy Policy

PayPal Check-Out (incl. Pay Later / SEPA / Credit Card)

What data does PayPal Check-Out collect?
PayPal may collect:

• Name, address, and account/payment method details
• Order data and transaction history
• Credit information (for “Pay Later” or invoice payments)
• Device and browser metadata

Legal Basis
Processing is based on contract performance and legitimate interest (e.g., creditworthiness checks, fraud protection).

Data Transfers
Data may be shared with credit agencies and processed internationally with appropriate safeguards.

Retention Period
Data is stored in accordance with financial laws and internal risk management standards.

Your Rights
Please refer to:

• PayPal Privacy Policy

Ratepay (used for Invoice via PayPal)

What data does Ratepay collect?
Ratepay may collect:

• Full name and contact information
• Payment method and transaction data
• Credit check and score values
• Address verification data

Legal Basis
Processing is based on contract performance and legitimate interest in conducting credit assessments for deferred payments.

Data Transfers
Data is processed within the EU and may be shared with credit agencies. Ratepay applies standard protections.

Retention Period
Data is retained for as long as necessary to fulfill payment processing and financial compliance.

Your Rights
Please refer to:

• Ratepay Privacy Policy
• Credit Agency Info

 

23. Cookies and Tracking Technologies

 

Cookies

What are cookies?
Cookies are small text files stored on your device by your browser when you visit a website. These files help recognize your browser on future visits and enable certain functions or user preferences.

Why do we use cookies?
We use cookies to:

• Enable essential website features (e.g. navigation, session management)
• Improve performance and usability
• Secure our services
• Remember your preferences (e.g. language or location)

Technically Necessary Cookies
These cookies are essential to the functioning of our website and cannot be disabled in our systems. They allow you to:

• Navigate pages securely
• Use services such as shopping carts, logins, and form submissions
• Stay recognized during a session

Without these cookies, parts of the website may not function properly.

Legal Basis
For users in the European Economic Area (EEA), technically necessary cookies are used based on our legitimate interest in providing a functional, secure, and user-friendly website. For any cookies beyond that (e.g., for marketing or analytics), your prior consent is required.

Managing Cookies
You can control and manage cookies through your browser settings. You can also delete cookies already stored on your device at any time. Please note that disabling cookies may limit your access to certain features.

Here are links on how to manage cookies in common browsers:

• Chrome: Manage cookies in Chrome
• Edge: Manage cookies in Microsoft Edge
• Firefox: Enable/Disable cookies in Firefox
• Safari: Manage cookies in Safari

Your Rights (EEA Users)
If you are located in the EEA, you may object to the use of cookies based on our legitimate interest, if reasons arise from your particular situation. You also have the right to withdraw any cookie consent at any time for non-essential cookies.

 

 

 

 

Analysis

Use of Google Analytics 4

We use the Google Analytics web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website.

The data processing serves the purpose of analyzing this website and its visitors as well as for marketing and advertising purposes. To this end, Google will use the information obtained on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

In this context, the following information may be collected, among others: IP address, date and time of page view, click path, information about the browser you are using and the device you are using (device), pages visited, referrer URL (website from which you accessed our website), location data, purchase activity. Your data may be linked by Google to other data, such as your search history, your personal accounts, your usage data from other devices, and any other data Google may have about you.

 

Plug-ins

Font Awesome

This site uses Font Awesome to display fonts and symbols uniformly. The provider is Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.

When you access a page, your browser loads the necessary fonts into your browser cache to display texts, fonts, and symbols correctly. For this purpose, the browser you use must connect to Font Awesome’s servers. This gives Font Awesome knowledge that this website was accessed via your IP address. The use of Font Awesome is based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in the uniform presentation of the typeface on our website. If appropriate consent has been requested, processing is carried out exclusively based on Art. 6 Para. 1 lit . B. Device fingerprinting). Consent can be revoked at any time.

If your browser does not support Font Awesome, your computer will use a standard font.

Further information about Font Awesome can be found in Font Awesome’s privacy policy at:
https://fontawesome.com/privacy

 

 

 

You can find more detailed information on the data processing and data protection at https://www.google.de/intl/de/policies/ and at https://developers.google.com/fonts/faq.

 

 

 

Use of YouTube

We use the  YouTube video  embedding function of Google Ireland  Limited (Gordon House,  Barrow Street,   Dublin 4, Ireland; "YouTube"). YouTube is a partnership with Google LLC (1600 Amphitheatre Parkway, Mountain View,   CA 94043, USA; 'Google').  

The feature displays videos  that have been deposited with YouTube in an iFrame on the website. In doing so,  the "Advanced Privacy Mode" option is  activated. As a result, YouTube does not store any information about the visitors to the website. Only when you watch  a video is the information about it transmitted to YouTube and stored  there. If necessary, your data will be transferred to  the USA. For the  US, there  is an adequacy decision from the  EU Commission:  the Trans-Atlantic Data Privacy Framework (TADPF).  YouTube has certified itself in accordance with  the TADPF  and is therefore obliged to comply with European  data protection principles. The use of cookies or similar technologies is carried out with your consent pursuant   Art. 6(1)(a) GDPR. The processing of your  personal data is carried out with your consent pursuant to Art.   6(1)(a) GDPR. You can withdraw consent at any time without affecting the lawfulness of the processing  carried out on the basis of the consent  until  the withdrawal.

You   can find more information about the collection  and  use of data  by YouTube  and  Google as  well as the  associated rights  and options for protecting your privacy in YouTube's privacy policy (https:// www.youtube.com/t/privacy). 

 

Use of Flickr

- Flickr, operated by Flickr, Inc, Flickr c/o Yahoo! Inc, 701 First Avenue, Sunnyvale, CA 94089, USA. Further information can be found in Flickr's privacy policy. Basis for the transfer to third countries: Standard contractual clauses. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.flickr.com, Privacy Policy: https://www.flickr.com/help/privacy. Data processing agreement: https://www.flickr.com/help/dpa.

 

API Keys

We make use of certain APIs, in order to provide specific features.

These APIs may include the following third party services: Google Maps (API key), Meetup (OAuth token), PayPal (email, Client ID, Client Secret), Eventbrite (API key, auth URL, Client Secret), and Zoom (email, Client ID, Client Secret).

 

24. Rights of Data Subjects

Rights of persons affected and storage duration

Duration of storage

After contractual processing has been completed, the data is initially stored for the duration of the warranty period, then in accordance with the retention periods prescribed by law, especially tax and commercial law, and then deleted after the period has elapsed, unless you have agreed to further processing and use.

 

Rights of the affected person

If the legal requirements are fulfilled, you have the following rights according to art. 15 to 20 GDPR: Right to information, correction, deletion, restriction of processing, data portability. You also have a right of objection against processing based on art. 6 (1) GDPR, and to processing for the purposes of direct marketing, according to art. 21 (1) GDPR.

 

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE TERMS. THE APPLICABLE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN PROOF COMPLEX REASONS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOM OR THE PROCESSING IS FOR THE USE OF ASSERTING, EXERCISE OR DEFENSE FORMATION OF LEGAL CLAIMS ( OBJECTION PURSUANT TO ARTICLE 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ARTICLE 21 (2) GDPR).

 

 

Right to complain to the regulatory authority

You have the right to complain to the regulatory authority according to art. 77 GDPR if you believe that your data is not being processed legally.

 

You can lodge a complaint with, among others, the supervisory authority responsible for us. In case you could not solve your problem with us directly, you can also complain to your local data protection authority or the place of the suspected violation. Contact information of these authorities can be accessed at the website of the European Data Protection Board European Data Protection Board (EDPB)..

 

 

Right to object

If the data processing outlined here is based on our legitimate interests in accordance with Article 6(1)f) GDPR, you have the right for reasons arising from your particular situation to object at any time to the processing of your data with future effect.

If the objection is successful, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests or rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims. 

 

25. Security Measures

We implement a variety of security measures designed to maintain the safety of your personal data we store and process. 

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, safeguarding availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and data protection-friendly default settings. TLS/SSL encryption (https): To protect user data transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting the data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL if a website is secured by an SSL/TLS certificate. For example, to protect the transmission of confidential information that you send to us as the website provider, we use SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any personal data under our control is compromised as a result of a security breach, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose personal data may have been compromised and or the competent data protection authority.

 

26. U.S. State Privacy Rights  (California, Virginia, Colorado, Connecticut, Utah)

Although this website is operated by an Indian legal entity (Vithal Kripa Pvt. Ltd) under Indian law, we provide the following information voluntarily and for transparency purposes to individuals residing in California, Virginia, Colorado, Connecticut, or Utah, in accordance with applicable U.S. state privacy laws.

Your Privacy Rights (Voluntary Disclosure)

Subject to certain limitations and legal exceptions, residents of the above states may have the following rights under their respective laws:

• Right to Know and Access
  You may request information about the categories and specific pieces of personal data we have collected about you in the past 12 months, including:

• Categories of data collected
• Sources of data
• Business purpose of collection
• Categories of third parties with whom data was shared
• Specific data elements collected

• Right to Delete
  You may request the deletion of your personal data, subject to applicable exceptions (e.g. for compliance or transaction fulfillment).
• Right to Correct (CA, VA, CO, CT)
  You may request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information (California only)
  We only collect sensitive personal data (such as religious beliefs) when necessary for our core religious and spiritual activities. We do not use such data to infer consumer characteristics. You may request that we limit the use of such information.
• Right to Opt Out of Sale or Sharing
  We do not sell or share personal data as defined under U.S. state privacy laws.
• Right to Data Portability
  You may request a copy of your personal data in a portable, machine-readable format.
• Right to Appeal (VA, CO, CT)
  If your request is denied, you may submit an appeal, and we will review our decision.

How to Contact Us

To exercise any of your privacy rights, please contact us using the details below:

Vithal Kripa Pvt. Ltd
M-52 (Market Block), Third Floor,
Greater Kailash - 2, New Delhi,
Delhi, India - 110048

Phone: +91 7895273170

 

Updates to This Section

We may update this section as state privacy laws evolve. Please check this Privacy Policy periodically for the latest version.

 

27. European Union Data Subjects Rights

 

EU Residents

 

If you are a resident of the European Union (“EU”), United Kingdom, Lichtenstein, Norway or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below.

For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. Vithal Kripa Pvt. Ltd will be the controller of your Personal Data processed in connection with the Services.

If there are any conflicts between this section and any other provision of this Privacy Policy, the provision or portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at dataprotection@bhaktimarga.org. Note that we may also process Personal Data of our customers’ end users or employees in connection with our provision of certain services to customers, in which case we are the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data.

The “Categories of Personal Data We Collect” section above details the Personal Data that we collect from you.

The “Our Commercial or Business Purposes for Collecting Personal Data” section above explains how we use your Personal Data.

We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.

• Contractual Necessity: We process the following categories of Personal Data as a matter of “contractual necessity”, meaning that we need to process the data in order to carry out our obligations under the Terms of Service, including providing the Services.

• Profile or Contact Data
• Payment Data
• Other Identifying Information You Voluntarily Choose to Provide
• Other Identifying Information Another User Chooses to Provide to You

• Legitimate Interest: We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties:

• Device/IP Data
• Web Analytics
• Geolocation Data
• Other Identifying Information Another User Chooses to Provide to You
• We may also de-identify or anonymize Personal Data to further our legitimate interests. Examples of these legitimate interests include:

• Providing, customizing and improving the Services
• Marketing the Services
• Corresponding with you
• Meeting legal requirements and enforcing legal terms
• Completing corporate transactions

• Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection. This information may include:

• sensitive data, such as the belief commitment  according to Art. 9 GDPR

• Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

The “How We Share Your Personal Data” section above details how we share your Personal Data with third parties.

EU and UK data subject rights

You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email us at dataprotection@bhaktimarga.org. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

• Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by logging on to your account.
• Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging on to your account in the BM web application.
• Erasure: You can request that we erase some or all of your Personal Data from our systems.
• Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
• Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
• Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
• Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
• Right to File Complaint: You have the right to lodge a complaint about Vithal Kripa Pvt. Ltd  practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.

28. EU Representative pursuant to Article 27 GDPR

Pursuant to Article 27 of the GDPR, we have appointed the following company as our representative in the European Union:

EU Representative:

Bhakti Event GmbH,Am Geisberg 1-8,65321 Heidenrod, Germany

Data subjects and supervisory authorities may contact our EU representative for all issues related to the processing of personal data by Vithal Kripa Pvt. Ltd in accordance with the GDPR.

 

29. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Revisions will be posted on this page with an updated “Last Updated” date.
Users are encouraged to review the policy regularly. Continued use of our services after updates implies acceptance of the changes.

 

 

last update: 27.11.2025