PRIVACY POLICY
Charity Number: 1176788
Registered Address: 11 Lyndon Avenue HA5 4QF
Last Updated: 20 November 2025
1. Introduction
Bhakti Marga UK (“we”, “us”, “our”) is a charitable incorporated organisation registered in England and Wales. We are committed to protecting the privacy and security of your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.
This privacy policy explains how we collect, use, store, and protect your personal information when you interact with our charity, attend our events, volunteer with us, or support our work.
2. Who We Are
Data Controller: Bhakti Marga UK is the data controller responsible for your personal data. We determine how and why your personal data is processed.
This Privacy Policy applies to the processing of personal data carried out by Bhakti Marga UK in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). Where this Privacy Policy refers to the GDPR or Articles of the GDPR, such references shall be understood as referring to the corresponding provisions of the UK GDPR, unless otherwise stated.
Bhakti Marga UK acts as the Data Controller for all processing activities relating to users, visitors, event participants, donors and online services accessed from within the United Kingdom.
Legal Bases (UK GDPR)
All processing of personal data is based on one or more of the following legal grounds:
Art. 6(1)(a) UK GDPR – Consent
Art. 6(1)(b) UK GDPR – Performance of a contract
Art. 6(1)(c) UK GDPR – Compliance with a legal obligation Art. 6(1)(f) UK GDPR – Legitimate interests
For special category data (e.g., religious or philosophical beliefs), processing is based on:
Art. 9(2)(a) UK GDPR – Explicit consent
Art. 9(2)(d) UK GDPR – Processing by a not-for-profit body with a religious or spiritual purpose
International Data Transfers (UK GDPR)
Where personal data is transferred outside the United Kingdom, such transfers are safeguarded by one of the following mechanisms:
UK Adequacy Regulations issued by the UK Government UK-approved Standard Contractual Clauses
The UK International Data Transfer Agreement (IDTA)
The UK Addendum to the EU Standard Contractual Clauses
Transfers are made only where appropriate safeguards are implemented in accordance with Chapter V UK GDPR.
Relationship with Other Bhakti Marga Entities
Where data is jointly processed with other Bhakti Marga organisations (for example, Bhakti Event GmbH in Germany), a Joint Controllership Agreement under Art. 26 UK GDPR is in place. Each party has defined roles and responsibilities regarding transparency, media processing and the exercise of data subject rights.
Contact Information:
Email: legal@bhaktimarga.co.uk
If you have any questions about this privacy policy or how we handle your personal data, please contact us using the details above.
3. What Personal Data We Collect
We may collect and process the following categories of personal data:
3.1 Identity and Contact Information
- Full name
- Date of birth
- Gender
- Email address
- Postal address
- Telephone number
- Photographs and video recordings (from events)
3.2 Financial Information
- Donation records
- Gift Aid declarations
- Payment information (processed through secure third-party payment providers)
- Bank details (for volunteer expenses or trustee reimbursements)
3.3 Volunteer and Membership Information
- Volunteer application details
- Skills, qualifications and experience
- References
- Emergency contact information
- Volunteer hours and activities
3.4 Event Participation Information
- Registration details for yoga, meditation, worship, kirtan, and other events
- Dietary requirements and accessibility needs
- Attendance records
- Feedback and testimonials
3.5 Communications
- Correspondence via email, post, telephone, or in person
- Newsletter subscription preferences
- Marketing preferences
3.6 Technical Data
- IP addresses
- Browser type and version Device information
- Website usage data (via cookies)
- Location data (when you attend our events)
3.7 Special Category Data
In certain limited circumstances, we may process special category data (sensitive personal information) with your explicit consent or where otherwise permitted by law:
- Religious or philosophical beliefs (in relation to participation in Hindu religious activities)
- Health information (for safeguarding purposes or to meet accessibility requirements at events)
- Photographs or videos that may reveal religious beliefs
We will only process special category data where we have:
- Your explicit consent; or
- It is necessary for reasons of substantial public interest; or
- It is necessary for the purposes of our charitable objectives
4. How We Collect Your Personal Data
We collect personal data through:
Direct interactions: When you register for events, volunteer, make donations, subscribe to newsletters, complete forms, or communicate with us.
Automated technologies: Cookies and similar technologies when you visit our website.
Third parties: Gift Aid information from HMRC, payment processors, event booking platforms, and social media platforms.
Public sources: Charity Commission records, Companies House, publicly available directories.
5. Legal Basis for Processing Your Personal Data
We process your personal data only when we have a lawful basis under UK GDPR.
5.1 The legal bases we rely on include:
Consent
You have given clear consent for us to process your personal data for specific purposes, such as:
- Sending marketing communications
- Processing special category data
- Taking photographs or videos at events
5.2 Contract
Processing is necessary to full a contract with you or to take steps at your request before entering into a contract, such as:
Processing volunteer agreements Managing event registrations
5.3 Legal Obligation
Processing is necessary for us to comply with the law, such as: Complying with Gift Aid requirements and HMRC regulations Meeting Charity Commission reporting obligations
Fulling health and safety requirements
5.4 Legitimate Interests
Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided your interests and rights do not override those interests. Examples include:
Administering and managing our charity operations Fundraising to support our charitable objectives Improving our services and events
Preventing fraud and maintaining security Network and information security
We will always balance our legitimate interests against your rights and will not use your personal data in ways you would not reasonably expect.
5.5 Substantial Public Interest
For special category data, processing may be necessary for reasons of substantial public interest.
6. How We Use Your Personal Data
We use your personal data for the following purposes:
6.1 Charitable Activities
- Organising and delivering yoga, meditation, worship, kirtan, devotional art, and seva programs
- Managing event registrations and communications
- Providing studies through Bhakti Marga Academy
- Building
6.2 Volunteer Management
- Recruiting, managing, and supporting volunteers
- Recording volunteer hours and activities
- Providing references
6.3 Fundraising and Donations
- Processing donations and Gift Aid claims
- Thanking donors and providing updates on our work
- Conducting fundraising campaigns Managing donor relationships
6.4 Communications
- Responding to enquiries and requests
- Sending newsletters and updates about our activities
- Providing information about events and programs
- Sending marketing communications (with your consent)
6.5 Administration and Governance
- Managing trustee information and governance
- Maintaining financial records
- Complying with legal and regulatory obligations
- Conducting internal audits and quality assurance
6.6 Website and Technology
Maintaining and improving our website
Analysing website usage to enhance user experience Ensuring network and information security
7. Who We Share Your Personal Data With
We may share your personal data with the following categories of recipients:
7.1 Service Providers
Third-party service providers who process data on our behalf, including:
- Email marketing platforms
- Payment processors
- Event booking and ticketing systems
- Website hosting and IT support providers
- Accounting and bookkeeping services
All service providers are required to maintain the security and confidentiality of your personal data and may only use it for the specified purposes.
7.2 Regulatory Bodies
HMRC: For Gift Aid claims and tax purposes
Charity Commission: For regulatory compliance and reporting
Police and law enforcement: Where required by law.
7.3 Professional Advisers
Lawyers, accountants, auditors, and insurers who provide professional services to the charity
7.4 Bhakti Marga International Network
We may share information with other Bhakti Marga organisations internationally for coordination of activities and community building, subject to appropriate safeguards.
7.5 Third Parties with Your Consent
We may share your information with third parties where you have provided specific consent.
We do not sell, rent, or trade your personal data to third parties for marketing purposes.
8. International Transfers
We may transfer your personal data to countries outside the United Kingdom, particularly when coordinating with the international Bhakti Marga network. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as:
Standard Contractual Clauses approved by the UK Government Adequacy decisions recognising equivalent data protection standards Explicit consent for the specific transfer
9. How Long We Keep Your Personal Data
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal and regulatory requirements.
Retention Periods
| Type of Data | Retention Period |
| Donation records | 7 years (HMRC requirement) |
| Gift Aid declarations | 7 years after last claim |
| Financial records | 7 years (legal requirement) |
| Volunteer records | 6 years after leaving |
| Event registrations | 2 years after event |
| Marketing consents | Until consent withdrawn |
| Website analytics | 26 months |
| Email communications | 3 years |
| Trustee records | Permanently (governance) |
| Photographs/videos | Until consent withdrawn |
Table 1: Standard retention periods for different data types
After the retention period expires, we will securely delete or anonymise your personal data. In some cases, we may retain data for longer periods where required by law or where we have a legitimate reason to do so.
10. Your Rights
Under UK data protection law, you have the following rights regarding your personal data:
10.1 Right of Access (Art. 15)
You have the right to obtain confirmation that we are processing your personal data and to request a copy of that data.
10.2 Right to Rectification
You have the right to have inaccurate or incomplete personal data corrected.
10.3 Right to Erasure (“Right to be Forgotten”) (Art. 17)
In certain circumstances, you have the right to request deletion of your personal data, such as:
The data is no longer necessary for the purposes collected You withdraw consent (where processing is based on consent)
You object to processing and there are no overriding legitimate grounds The data has been unlawfully processed
This right does not apply where we have a legal obligation to retain your data or where retention is necessary for other legal reasons.
10.4 Right to Restrict Processing (Art. 18)
You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
10.5 Right to Data Portability
Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine readable format and to transmit it to another organisation.
10.6 Right to Object
You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing your data for that purpose.
10.7 Rights Related to Automated Decision-Making
We do not use automated decision-making or pro ling that produces legal or similarly significant effects. If this changes, we will update this policy and provide appropriate information.
10.8 Right to Withdraw Consent (Art. 7(3))
Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.
10.9 Right to Complain
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we have not handled your personal data properly.
ICO Contact Details:
Website: https://ico.org.uk/ Telephone: 0303 123 1113
Post: Information Commissioner’s Office, Wycliffe e House, Water Lane, Wilmslow, Cheshire, SK9 5AF
11. How to Exercise Your Rights
To exercise any of your rights, please contact us using the details in Section 2. We will:
Respond to your request without undue delay and within one month of receipt Provide information free of charge (unless requests are manifestly unfounded, excessive, or repetitive)
Verify your identity before processing certain requests to protect your privacy Explain our reasons if we cannot comply with your request.
12. Security of Your Personal Data
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:
- Encryption of data in transit and at rest
- Access controls and authentication requirements
- Regular security assessments and updates
- Statutory training on data protection and security
- Secure disposal of physical and electronic records
- Contractual obligations on service providers
- Regular backups and disaster recovery procedures
While we take all reasonable steps to protect your personal data, no method of transmission or storage is completely secure. We cannot guarantee absolute security but commit to promptly addressing any security breaches in accordance with legal requirements.
13. Cookies and Website Technologies
Our website uses cookies and similar technologies to enhance your experience and analyse usage. Cookies are small text stored on your device.
Types of Cookies We Use
| Cookie Type | Purpose |
| Strictly Necessary | Essential for website functionality and |
| Functional | Remember your preferences and settings |
| Analytics | Understand how visitors use our website |
| Marketing | Track e ectiveness of marketing campaigns (with consent) |
Table 2: Cookie categories and purposes
Managing Cookies
You can control and delete cookies through your browser settings. However, blocking certain cookies may affect website functionality. For analytics, functional, and preference cookies, you may opt out through our cookie banner, although we will provide clear information about these cookies.
For more information, visit: www.allaboutcookies.org
14. Third-Party Links
Our website or communications may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review their privacy policies before providing any personal data.
15. Children’s Privacy
We do not knowingly collect personal data from children under 13 without parental consent. If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete it promptly.
For events or programs involving children, we will:
- Obtain parental or guardian consent
- Implement appropriate safeguarding measures
- Process only necessary information
- Comply with child protection policies
16. Photography and Video Recording
We may take photographs and videos at our events for promotional purposes, including:
- Social media posts
- Website content
- Newsletters and publications
- Fundraising materials
We will:
- Inform you when photography/videography is taking place
- Provide opt-out wristbands or designated photography-free areas where practicable
- Obtain specific consent for identifiable images of children
- Respect requests to remove images where reasonably possible
- If you object to being photographed or recorded, please inform event staff or contact us after the event.
17. Marketing Communications
We may send you marketing communications about our activities, events, and fundraising initiatives if:
- You have provided consent (for email marketing); or
- You have a relationship with us (e.g., as a donor or volunteer) and have not opted out (for postal marketing)
- You can opt out of marketing communications at any time by: Clicking the “unsubscribe” link in emails
- Contacting us directly using the details in Section 2 Updating your preferences through our website (if available)
- We will always honour opt-out requests promptly, though it may take a few days to process.
18. Changes to This Privacy Policy
We may update this privacy policy from time to time to operate changes in our practices, legal requirements, or organisational needs. We will notify you of significant changes by:
- Posting the updated policy on our website with a new “Last Updated” date
- Sending an email to registered users and subscribers
- Announcing changes at events or in newsletters
- We encourage you to review this privacy policy periodically.
19. Data Protection Exemptions
As a charity, we may rely on certain exemptions under the Data Protection Act 2018 where complying with specific data protection obligations would prevent or seriously impair the achievement of our charitable purposes. We will only rely on these exemptions where strictly necessary and where we meet the legal criteria.
20. Gift Aid
If you are a UK taxpayer and make a donation, we may claim Gift Aid on your donation with your permission. To process Gift Aid claims, we must provide your details (name, address, and donation information) to HMRC. We retain Gift Aid declarations and related records for at least seven years after the last donation claim, as required by HMRC regulations.
21. Governance and Accountability
We maintain internal policies and procedures to ensure compliance with data protection law, including:
- Regular reviews of data processing activities
- Data protection impact assessments for high-risk processing
- Standard volunteer training on data protection
- Clear data retention and disposal schedules
- Incident response and breach notification procedures
- Regular audits and compliance monitoring
Our trustees have overall responsibility for ensuring that Bhakti Marga UK complies with data protection obligations and that this privacy policy is implemented effectively.
22. Contact Us
If you have any questions, concerns, or requests regarding this privacy policy or our data processing practices, please contact us:
Bhakti Marga UK
Email: legal@bhaktimarga.co.uk
Post: : 11 Lyndon Avenue HA5 4QF
We are committed to resolving any concerns promptly and transparently.
Document Version: 1.0
Approval Date: 21 November 2025
Next Review Date: November 2026
Approved by: Ana Rita Carvalho de Sousa