INTERNATIONAL SOCIETY FOR KRISHNA CONSCIOUSNESS BHAKTIVEDANTA MANOR
This privacy notice contains important information on who we are, how and why we collect, store, use and share personal information which you give to us or any that we may collect from or about you, your rights in relation to your personal information and how to contact us and the UK supervisory authority in the event you have a complaint.
ISKCON is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you in accordance with the General Data Protection Regulation (GDPR).
Who we are
The International Society for Krishna Consciousness Limited (registration number ZA097058) which includes ISKCON Bhaktivedanta Manor are responsible for any personal data that you give to us, or any that we may collect from or about you. References in this Notice to “we” or “us” are to the entities listed.
Each of the listed entities are committed to protecting your privacy and are joint data controllers within the meaning of data protection laws applicable in the European Union (EU) and European Economic Area (EEA).
As joint data controllers, we have arrangements between us to ensure that we handle your personal data correctly and in accordance with data protection law. This arrangement reflects our respective roles and responsibilities in relation to you and considers which entity is in the best position to fulfil each obligation to you. This arrangement between us does not affect your rights under data protection law. For more information on these arrangements, feel free to contact us as set out under “Contacting Us” below.
This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you.
When we ask you for personal data, we will:
In return, we ask you to:
1. What kinds of personal data do we process about you?
We will process some or all of the following where necessary to perform our tasks:
2. How do we process your personal data?
ISKCON will comply with its legal obligations to keep personal data up to date; to store and destroy it securely; to not collect or retain excessive amounts of data; to keep personal data secure, and to protect personal data from loss, misuse, unauthorised access and disclosure and to ensure that appropriate technical measures are in place to protect personal data.
We use your personal data for some or all of the following purposes:
3. What is the legal basis for processing your personal data?
Most of our data is processed because it is necessary for our legitimate interests, or the legitimate interests of a third party (such as our Governing Body Commission). An example of this would be our safeguarding work to protect children and vulnerable adults. We will always take into account your interests, rights and freedoms.
Some of our processing is necessary for compliance with a legal obligation.
We may also process data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with our wedding services.
Religious organisations are also permitted to process information about your religious beliefs to administer membership or contact details.
Where your information is used other than in accordance with one of these legal bases, we will first obtain your consent to that use.
4. Sharing your personal data
Your personal data will be treated as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our tasks or where you first give us your prior consent. It is likely that we will need to share your data with some or all of the following (but only where necessary):
How long do we keep your personal data?
We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of 7 years to support HMRC audits. In general, we will endeavour to keep data only for as long as we need it. This means that we may delete it when it is no longer needed.
Your rights and your personal data
You have the following rights with respect to your personal data:
When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
Transfer of Data Abroad
In some cases the personal data we collect from you may also be processed outside the European Economic Area (EEA) and such destinations may not have laws which protect your personal data to the same extent as in the EEA. We have obligations to ensure that your personal data processed by us or by ISKCON centres outside the EEA is treated securely and is protected against unauthorised access, loss or destruction, unlawful processing and any processing which is inconsistent with the purposes set out in this Notice.
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Please contact the Data Protection Officer, if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact our Data Protection Officer, please send an email to firstname.lastname@example.org, or write to: The DPO, Yogendra Sahu, Bhaktivedanta Manor Hilfield Lane, Aldenham, Herts WD25 8EZ.
Please contact us if you have any questions about this Privacy Notice or the personal information we hold about you or to exercise all relevant rights, queries or complaints. The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Changes to this privacy notice
This privacy notice was published on 24 May 2018.
We may change this privacy notice from time to time.