General Data Protection Regulation
Thank you for your interest in bodhana. Data protection has a very high priority for our company. A use of our internet pages is basically possible without any indication of personal data. However, if an affected person wishes to use our company’s special services through our website, personal data processing may be required. If the processing of personal data is required, we generally seek the consent of the person concerned.
As administrator, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website as well as our e-mail traffic. Nevertheless, Internet-based data transmissions can, in principle, have security gaps so that absolute protection cannot be guaranteed. For this reason, each affected person is free to submit personal data to us in alternative ways, for example by telephone.
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (‘the person concerned’). A natural person is considered to be identifiable who, directly or indirectly, in particular by means of an assignment to an identifier such as a name, to an identification number, to location data, to an online identifier or to one or more special features, the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.
b) The person affected
Affected person is any identified or identifiable natural person whose personal data is processed by the administrator.
Processing means any process or series of operations related to personal data, such as collecting, collecting, organizing, organizing, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures; disclosure by transfer, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction
d) Restriction of processing
Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
Profiling is any kind of automated processing of personal data that involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular, aspects relating to job performance, economic situation, health to analyze or predict personal preferences, interests, reliability, behavior, location or change of location of that natural person.
Pseudonymisation is the processing of personal data in such a way that personal data can no longer be allocated to a specific person without the need for additional information, provided that such additional information is kept separate and subject to technical and organizational measures that ensure: that the personal data are not assigned to an identified or identifiable natural person.
g) Administrator or party responsible
The administrator is the natural or legal person, public authority, institution or establishment that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by the law of the Union or the law of the Member States, the administrator or the specific criteria of his designation may be provided for under Union or national law.
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the administrator.
Recipient is a natural or legal person, agency, authority or other entity to whom personal data are disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law under a particular audit mission shall not be considered as beneficiaries.
j) Third parties
Third is a natural or legal person, public authority, agency or other entity other than the person concerned, the administrator, the processor and the persons authorized under the immediate responsibility of the administrator or the responsible person to process the personal data.
Consent, is any information given voluntarily by the affected person in an informed and unequivocal manner in the form of a statement or other unambiguous confirmatory act by which the person affected indicates that he/she agreed to the processing of personal data.
- Responsible party
The person responsible within the meaning of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions of a data protection character is:
bodhana wellness centre
sangam projects s.l.
c/benito jeronimo feijoo 2,
07181 costa d’en blanes
Tel 971 67 64 69
We process data in the context of administrative tasks and organization of our business, financial accounting and compliance with legal obligations, such as the archiving. In doing so, we use the same data that we process in the course of rendering our contractual services. The processing principles are Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. The processing affects customers, interested parties, business partners and website visitors. The purpose and interest in processing lies in the administration, financial accounting, office organization, data archiving, and tasks that serve to maintain our business, perform our duties and provide our services. The deletion of data relating to contractual services and contractual communications complies with the information provided in these processing activities.
We disclose or transmit data to the financial services, consultants such as tax accountants or auditors, and other fee and payment service providers.
Furthermore, based on our business interests, we store information about suppliers, promoters and other business partners, e.g. for later contact. This majority of company-related data, we store in principle permanently, until revoked.
- Rights of the user – rights of our customers
You can currently exercise the following rights under the contact details of our data protection administrator:
- Information about your stored data and their processing
- Correction of incorrect personal data
- Deletion of your stored data
- Limitation of data processing, if we are not yet allowed to delete your data due to legal requirements
• Objection to the processing of your data with us and
- Data portability, if you have consented to the data processing or have concluded a contract with us.
If you have given us your consent, you can withdraw it at any time with effect for the future.
- Legal basis of processing
Art. 6 I lit. A GDPR is used by our company as a legal basis for processing operations where we obtain consent for a particular processing purpose. If the processing of personal data is necessary to fulfill a contract of which the person concerned is a party, as is the case, for example, in processing operations necessary for the supply of goods or other service or consideration, the Processing on Art. 6 I lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be required to protect the vital interests of the person concerned or another natural person. This would be the case, for example, if a visitor to our facilities were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR.
Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. On this legal basis, processing operations that are not covered by any of the above legal bases are required if processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and freedoms of the person concerned prevail. Such processing operations are particularly allowed to us because they have been particularly mentioned by the European legislator. In that regard, it considered that a legitimate interest could be assumed if the person concerned is a customer of the administrator (recital 47, second sentence, GDPR).
- Duration of storage of personal data
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline, the corresponding data will be routinely deleted, if they are no longer required to fulfill the contract or to initiate a contract.
- Legal or contractual regulations
We clarify that the provision of personal information may be required by law in part (for example, tax regulations) or may arise from contractual arrangements (such as details of the contractor).
Occasionally it may be necessary for a contract to be concluded that an affected person provides us with personal data that must subsequently be processed by us. For example, the concerned person is required to provide us with personal information when our company enters into a contract with her. Failure to provide personal data would mean that the contract could not be concluded with the person concerned.
The hosting services we use are for the purpose of providing the following services: infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance services we use to operate this online service.
Here, we – or our hosting provider – process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer according to Art. 6 para. 1 lit. f GDPR in connection with Art. 28 GDPR (conclusion of an assignment processing contract).
- Server log files
In server log files, our website provider collects and stores information that your browser automatically sends to our website. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
There is no merge of this data with other data sources. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.
- SSL or TLS encryption
In order to best protect your transmitted data, we use SSL encryption. You recognize such encrypted connections with the prefix “https: //” in the page link in the address bar of your browser. Unencrypted pages are identified by “http: //”.
All data you submit to this website – such as inquiries or logins – cannot be read by third parties due to SSL encryption.
All e-mail traffic between you and our company is realized from our side via an encrypted connection (TLS).
- Contact form
Data submitted via the contact form will be stored, including your contact details, to process your request or to be available for follow-up questions. A disclosure of this data will not take place without your consent.
The processing of the data entered into the contact form takes place exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). User information can be stored in a Customer Relationship Management System (“CRM System”) or similar software. A revocation of your already given consent is possible at any time. For the revocation is sufficient an informal message by e-mail. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data submitted via the contact form will remain with us until you request us to delete it, revoke your consent to the storage or there is no longer any need for data storage. Mandatory statutory provisions – in particular retention periods – remain unaffected.
If you do not want to save range-measuring cookies on your device, you can object to the use of these files here:
- Cookie opt-out page of the Network Advertising Initiative:
- Cookie deactivation page on the US website: http://optout.aboutads.info/?c=2#!/
- Cookie deactivation page of the European website: http://optout.networkadvertising.org/?c=1#!/
Popular browsers offer the preference option of not allowing cookies. Note: There is no guarantee that you will be able to access all functions of this website without any restrictions if you make the appropriate settings.
- Google Analytics
The administrator has integrated on this website the component Google Analytics (with anonymization function). Google Analytics is a web analytics service. Web analysis is the collection, storage, use and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data about which website an affected person has come to a website (so-called referrers), which subpages of the website were accessed, or how often and for which length of stay a subpage was viewed. A web analysis is mainly used to optimize a website and cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The administrator uses the addition “_gat._anonymizeIp” for web analytics via Google Analytics. By means of this addendum, the IP address of the Internet connection of the person concerned will be shortened and anonymised by Google if the access to our website is from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our websites, and to provide other services related to the use of our website.
Google Analytics uses a cookie on the information technology system of the person affected. What cookies are, has already been explained above. By using this cookie Google is enabled to analyze the usage of our website. Each time one of the pages of this website is accessed by the administrator and a Google Analytics component has been integrated, the internet browser on the information technology system of the person concerned will be automatically identified by the respective Google Analytics website. Component causes data to be submitted to Google for the purposes of online analysis. As part of this technical process, Google will be aware of personally identifiable information, such as the IP address of the person concerned, which Google uses to help track the origin of visitors and clicks, and subsequently enable commission billing.
The cookie stores personally identifiable information, such as access time, the location from which access was made, and the frequency of site visits by the person concerned. Each time you visit our website, your personal information, including the IP address of the Internet connection used by the concerned person, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer this personal information obtained through the technical process to third parties.
The affected person can prevent the setting of cookies through our website, as shown above, at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
- Google fonts
In order to display our content in a correct and graphically appealing way, we use script libraries and font libraries on this website. Google Webfonts (https://www.google.com/webfonts/). Google web fonts are transferred to the cache of your browser to prevent multiple loading. If the browser does not support Google Web fonts or prohibits access, content will be displayed in a standard font and the appearance may differ from the actual appearance.
The call of script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible – but currently also unclear whether, and if so, for what purposes – that operators of such libraries collect data.
- Google Maps
This website uses Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes and uses data about the use of map functions by visitors. For more information about Google’s data processing, please refer to the Google Privacy Notice (https://www.google.com/policies/privacy/). There you can also change your personal privacy settings in the privacy center.
- Online presence in social media
We maintain online presence within social networks and platforms in order to communicate with customers, interested party and other users and to inform them about our services. When calling the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.
On some of our websites we embed Youtube videos. Operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a page with the YouTube plugin, it will connect to Youtube servers. In this case Youtube will be informed which pages you visit. If you logged in to your Youtube account, Youtube can assign your surfing behavior to you personal profile. This is prevented by logging out of your Youtube account beforehand.
For more information on the privacy of “Youtube”, see the privacy statement of the provider at: https://policies.google.com/privacy
- Newsletter Data
To send our newsletter, we need an e-mail address from you. A verification of the given e-mail address is necessary and the receipt of the newsletter is to be agreed. Supplementary data are not collected or are voluntary. The use of the data takes place exclusively for the dispatch of the newsletter.
The data provided in the newsletter registration are processed exclusively on the basis of your consent (Article 6 (1) (a) GDPR). A revocation of your already given consent is possible at any time. For the revocation is sufficient an informal message by e-mail or you sign up via the “unsubscribe” link in the newsletter. The legality of the already completed data processing operations remains unaffected by the revocation.
Data entered to set up the subscription will be deleted in the event of cancellation. If these data have been sent to us for other purposes and elsewhere, they will remain with us.
Namaste Interactive, LLC, subsidiary of Emma, Inc, 9 Leave Ave, Nashville, Tennessee 37210, USA, which is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt00000008P6HAAU&status=Active).
The mailing service provider is based on our legitimate interests acc. Art. 6 para. 1 lit. f RGPD / DS-GVO and a contract processing contract acc. Art. 28 para. 3 p. 1 RGPD / DSGVO.
The mailing service provider may use the data of the recipients in pseudonymous form, i. without assignment to a user, to optimize or improve their own services, e.g. for technical optimization of mailing and presentation of newsletters or for statistical purposes. However, the mailing service provider uses the data of our newsletter recipients not to contact you himself or to pass the data on to third parties.
As a responsible company, we refrain from automatic decision-making or profiling.