PRIVACY POLICY

Charity Number: 1176788

Registered Address: 11 Lyndon Avenue HA5 4QF

Last Updated: 20 November 2025

1.  Introduction

Bhakti Marga UK (“we”, “us”, “our”) is a charitable incorporated organisation registered in England and Wales. We are committed to protecting the privacy and security of your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

This privacy policy explains how we collect, use, store, and protect your personal information when you interact with our charity, attend our events, volunteer with us, or support our work.

 

2.  Who We Are

Data Controller: Bhakti Marga UK is the data controller responsible for your personal data. We determine how and why your personal data is processed.

This Privacy Policy applies to the processing of personal data carried out by Bhakti Marga UK in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). Where this Privacy Policy refers to the GDPR or Articles of the GDPR, such references shall be understood as referring to the corresponding provisions of the UK GDPR, unless otherwise stated.

Bhakti Marga UK acts as the Data Controller for all processing activities relating to users, visitors, event participants, donors and online services accessed from within the United Kingdom.

Legal Bases (UK GDPR)

All processing of personal data is based on one or more of the following legal grounds:

Art. 6(1)(a) UK GDPR – Consent

Art. 6(1)(b) UK GDPR – Performance of a contract

Art. 6(1)(c) UK GDPR – Compliance with a legal obligation Art. 6(1)(f) UK GDPR – Legitimate interests

For special category data (e.g., religious or philosophical beliefs), processing is based on:

Art. 9(2)(a) UK GDPR – Explicit consent

Art. 9(2)(d) UK GDPR – Processing by a not-for-profit body with a religious or spiritual purpose

International Data Transfers (UK GDPR)

Where personal data is transferred outside the United Kingdom, such transfers are safeguarded by one of the following mechanisms:

UK Adequacy Regulations issued by the UK Government UK-approved Standard Contractual Clauses

The UK International Data Transfer Agreement (IDTA)

The UK Addendum to the EU Standard Contractual Clauses

Transfers are made only where appropriate safeguards are implemented in accordance with Chapter V UK GDPR.

Relationship with Other Bhakti Marga Entities

Where data is jointly processed with other Bhakti Marga organisations (for example, Bhakti Event GmbH in Germany), a Joint Controllership Agreement under Art. 26 UK GDPR is in place. Each party has defined roles and responsibilities regarding transparency, media processing and the exercise of data subject rights.

Contact Information:

Email: legal@bhaktimarga.co.uk

If you have any questions about this privacy policy or how we handle your personal data, please contact us using the details above.

 

3.  What Personal Data We Collect

We may collect and process the following categories of personal data:

 3.1  Identity and Contact Information

  • Full name
  • Date of birth
  • Gender
  • Email address
  • Postal address
  • Telephone number
  • Photographs and video recordings (from events)

3.2  Financial Information

  • Donation records
  • Gift Aid declarations
  • Payment information (processed through secure third-party payment providers)
  • Bank details (for volunteer expenses or trustee reimbursements)

 3.3  Volunteer and Membership Information

  • Volunteer application details
  • Skills, qualifications and experience
  • References
  • Emergency contact information
  • Volunteer hours and activities

 3.4  Event Participation Information

  • Registration details for yoga, meditation, worship, kirtan, and other events
  • Dietary requirements and accessibility needs
  • Attendance records
  • Feedback and testimonials

 3.5  Communications

  • Correspondence via email, post, telephone, or in person
  • Newsletter subscription preferences
  • Marketing preferences

3.6  Technical Data

  • IP addresses
  • Browser type and version Device information
  • Website usage data (via cookies)
  • Location data (when you attend our events)

3.7  Special Category Data

In certain limited circumstances, we may process special category data (sensitive personal information) with your explicit consent or where otherwise permitted by law:

  • Religious or philosophical beliefs (in relation to participation in Hindu religious activities)
  • Health information  (for  safeguarding  purposes  or  to  meet  accessibility requirements at events)
  • Photographs or videos that may reveal religious beliefs

We will only process special category data where we have:

  • Your explicit consent; or
  • It is necessary for reasons of substantial public interest; or
  • It is necessary for the purposes of our charitable objectives

 

4.  How We Collect Your Personal Data

We collect personal data through:

Direct interactions: When you register for events, volunteer, make donations, subscribe to newsletters, complete forms, or communicate with us.

Automated technologies: Cookies and similar technologies when you visit our website.

Third parties: Gift Aid information from HMRC, payment processors, event booking platforms, and social media platforms.

Public sources: Charity Commission records, Companies House, publicly available directories.

 

5.  Legal Basis for Processing Your Personal Data

We process your personal data only when we have a lawful basis under UK GDPR.

5.1 The legal bases we rely on include:

 Consent

You have given clear consent for us to process your personal data for specific purposes, such as:

  • Sending marketing communications
  • Processing special category data
  • Taking photographs or videos at events

5.2  Contract

Processing is necessary to full a contract with you or to take steps at your request before entering into a contract, such as:

Processing volunteer agreements Managing event registrations

5.3  Legal Obligation

Processing is necessary for us to comply with the law, such as: Complying with Gift Aid requirements and HMRC regulations Meeting Charity Commission reporting obligations

Fulling health and safety requirements

5.4  Legitimate Interests

Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided your interests and rights do not override those interests. Examples include:

Administering and managing our charity operations Fundraising to support our charitable objectives Improving our services and events

Preventing fraud and maintaining security Network and information security

We will always balance our legitimate interests against your rights and will not use your personal data in ways you would not reasonably expect.

5.5  Substantial Public Interest

For special category data, processing may be necessary for reasons of substantial public interest.

 

6.  How We Use Your Personal Data

We use your personal data for the following purposes:

6.1  Charitable Activities

  • Organising and delivering yoga, meditation, worship, kirtan, devotional art, and seva programs
  • Managing event registrations and communications
  • Providing studies through Bhakti Marga Academy
  • Building

6.2  Volunteer Management

  • Recruiting, managing, and supporting volunteers
  • Recording volunteer hours and activities
  • Providing references

6.3  Fundraising and Donations

  • Processing donations and Gift Aid claims
  • Thanking donors and providing updates on our work
  • Conducting fundraising campaigns Managing donor relationships

6.4  Communications

  • Responding to enquiries and requests
  • Sending newsletters and updates about our activities
  • Providing information about events and programs
  • Sending marketing communications (with your consent)

6.5 Administration and Governance

  • Managing trustee information and governance
  • Maintaining financial records
  • Complying with legal and regulatory obligations
  • Conducting internal audits and quality assurance

6.6  Website and Technology

Maintaining and improving our website

Analysing website usage to enhance user experience Ensuring network and information security

7.  Who We Share Your Personal Data With

We may share your personal data with the following categories of recipients:

7.1  Service Providers

Third-party service providers who process data on our behalf, including:

  • Email marketing platforms
  • Payment processors
  • Event booking and ticketing systems
  • Website hosting and IT support providers
  • Accounting and bookkeeping services

All service providers are required to maintain the security and confidentiality of your personal data and may only use it for the specified purposes.

7.2  Regulatory Bodies

HMRC: For Gift Aid claims and tax purposes

Charity Commission: For regulatory compliance and reporting

Police and law enforcement: Where required by law.

7.3  Professional Advisers

Lawyers, accountants, auditors, and insurers who provide professional services to the charity

7.4  Bhakti Marga International Network

We may share information with other Bhakti Marga organisations internationally for coordination of activities and community building, subject to appropriate safeguards.

7.5  Third Parties with Your Consent

We may share your information with third parties where you have provided specific consent.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

8.  International Transfers

 We may transfer your personal data to countries outside the United Kingdom, particularly when coordinating with the international Bhakti Marga network. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses approved by the UK Government Adequacy decisions recognising equivalent data protection standards Explicit consent for the specific transfer

 

9.  How Long We Keep Your Personal Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal and regulatory requirements.

Retention Periods

Type of Data Retention Period
Donation records 7 years (HMRC requirement)
Gift Aid declarations 7 years after last claim
Financial records 7 years (legal requirement)
Volunteer records 6 years after leaving
Event registrations 2 years after event
Marketing consents Until consent withdrawn
Website analytics 26 months
Email communications 3 years
Trustee records Permanently (governance)
Photographs/videos Until consent withdrawn

Table 1: Standard retention periods for different data types

After the retention period expires, we will securely delete or anonymise your personal data. In some cases, we may retain data for longer periods where required by law or where we have a legitimate reason to do so.

 

10.  Your Rights

Under UK data protection law, you have the following rights regarding your personal data:

10.1  Right of Access (Art. 15)

You have the right to obtain confirmation that we are processing your personal data and to request a copy of that data.

10.2  Right to Rectification

You have the right to have inaccurate or incomplete personal data corrected.

10.3  Right to Erasure (“Right to be Forgotten”) (Art. 17)

In certain circumstances, you have the right to request deletion of your personal data, such as:

The data is no longer necessary for the purposes collected You withdraw consent (where processing is based on consent)

You object to processing and there are no overriding legitimate grounds The data has been unlawfully processed

This right does not apply where we have a legal obligation to retain your data or where retention is necessary for other legal reasons.

10.4  Right to Restrict Processing (Art. 18)

You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

10.5  Right to Data Portability

Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine readable format and to transmit it to another organisation.

10.6  Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing your data for that purpose.

10.7  Rights Related to Automated Decision-Making

We do not use automated decision-making or pro ling that produces legal or similarly significant effects. If this changes, we will update this policy and provide appropriate information.

10.8  Right to Withdraw Consent (Art. 7(3))

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

10.9  Right to Complain

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we have not handled your personal data properly.

ICO Contact Details:

Website: https://ico.org.uk/ Telephone: 0303 123 1113

Post: Information Commissioner’s Office, Wycliffe e House, Water Lane, Wilmslow, Cheshire, SK9 5AF

 

11.  How to Exercise Your Rights

To exercise any of your rights, please contact us using the details in Section 2. We will:

Respond to your request without undue delay and within one month of receipt Provide information free of charge (unless requests are manifestly unfounded, excessive, or repetitive)

Verify your identity before processing certain requests to protect your privacy Explain our reasons if we cannot comply with your request.

 

12.  Security of Your Personal Data

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments and updates
  • Statutory training on data protection and security
  • Secure disposal of physical and electronic records
  • Contractual obligations on service providers
  • Regular backups and disaster recovery procedures

While we take all reasonable steps to protect your personal data, no method of transmission or storage is completely secure. We cannot guarantee absolute security but commit to promptly addressing any security breaches in accordance with legal requirements.

 

13.  Cookies and Website Technologies

Our website uses cookies and similar technologies to enhance your experience and analyse usage. Cookies are small text stored on your device.

 

Types of Cookies We Use

Cookie Type Purpose
Strictly Necessary Essential for website functionality and
Functional Remember your preferences and settings
Analytics Understand how visitors use our website
Marketing Track e ectiveness of marketing campaigns (with consent)

Table 2: Cookie categories and purposes

Managing Cookies

You can control and delete cookies through your browser settings. However, blocking certain cookies may affect website functionality. For analytics, functional, and preference cookies, you may opt out through our cookie banner, although we will provide clear information about these cookies.

For more information, visit: www.allaboutcookies.org

 

14.  Third-Party Links

Our website or communications may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review their privacy policies before providing any personal data.

 

15.  Children’s Privacy

We do not knowingly collect personal data from children under 13 without parental consent. If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete it promptly.

For events or programs involving children, we will:

  • Obtain parental or guardian consent
  • Implement appropriate safeguarding measures
  • Process only necessary information
  • Comply with child protection policies

 

16.  Photography and Video Recording

We may take photographs and videos at our events for promotional purposes, including:

  • Social media posts
  • Website content
  • Newsletters and publications
  • Fundraising materials

We will:

  • Inform you when photography/videography is taking place
  • Provide opt-out wristbands or designated photography-free areas where practicable
  • Obtain specific consent for identifiable images of children
  • Respect requests to remove images where reasonably possible
  • If you object to being photographed or recorded, please inform event staff or contact us after the event.

 

17.  Marketing Communications

We may send you marketing communications about our activities, events, and fundraising initiatives if:

  • You have provided consent (for email marketing); or
  • You have a relationship with us (e.g., as a donor or volunteer) and have not opted out (for postal marketing)
  • You can opt out of marketing communications at any time by: Clicking the “unsubscribe” link in emails
  • Contacting us directly using the details in Section 2 Updating your preferences through our website (if available)
  • We will always honour opt-out requests promptly, though it may take a few days to process.

 

18.  Changes to This Privacy Policy

We may update this privacy policy from time to time to operate changes in our practices, legal requirements, or organisational needs. We will notify you of significant changes by:

  • Posting the updated policy on our website with a new “Last Updated” date
  • Sending an email to registered users and subscribers
  • Announcing changes at events or in newsletters
  • We encourage you to review this privacy policy periodically.

 

19.  Data Protection Exemptions

As a charity, we may rely on certain exemptions under the Data Protection Act 2018 where complying with specific data protection obligations would prevent or seriously impair the achievement of our charitable purposes. We will only rely on these exemptions where strictly necessary and where we meet the legal criteria.

 

20.  Gift Aid

 If you are a UK taxpayer and make a donation, we may claim Gift Aid on your donation with your permission. To process Gift Aid claims, we must provide your details (name, address, and donation information) to HMRC. We retain Gift Aid declarations and related records for at least seven years after the last donation claim, as required by HMRC regulations.

 

21.  Governance and Accountability

We maintain internal policies and procedures to ensure compliance with data protection law, including:

  • Regular reviews of data processing activities
  • Data protection impact assessments for high-risk processing
  • Standard volunteer training on data protection
  • Clear data retention and disposal schedules
  • Incident response and breach notification procedures
  • Regular audits and compliance monitoring

Our trustees have overall responsibility for ensuring that Bhakti Marga UK complies with data protection obligations and that this privacy policy is implemented effectively.

 

22.  Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data processing practices, please contact us:

Bhakti Marga UK

Email: legal@bhaktimarga.co.uk

Post: : 11 Lyndon Avenue HA5 4QF

We are committed to resolving any concerns promptly and transparently.

 

Document Version: 1.0

Approval Date: 21 November 2025

Next Review Date: November 2026

Approved by: Ana Rita Carvalho de Sousa