Mother Meera Foundation (UK) – Privacy Notice
1. About This Privacy Notice
This notice explains how, why and when we collect personal data, how and why we use it, how we keep it secure and your rights in relation to it. In this context, personal data is that which can be used to identify an individual. The collection and processing of personal data is governed by the EU General Data Protection Regulation (“GDPR”), with which the Mother Meera Foundation (UK) complies.
The GDPR is regulated in the UK by the Information Commissioners Office (ICO). Further information about the GDPR may be found on the ICO website – https://ico.org.uk
For the purposes of the GDPR, the legal basis upon which we collect and process your personal data is consent, i.e. that you give your consent for us to collect and use your data, as set out in this privacy notice. You do this by means of the buttons and tick boxes which are found on the cookie notices, contact form, mailing list subscription form and on-line shop checkout.
We reserve the right to amend this privacy notice from time to time without prior notice. However any changes which may affect you will not be made retrospectively.
We are the Mother Meera Foundation, a charity registered in England and Wales, number 1123048. For the purposes of the GDPR we are the “Data Controller” – this means that we decide how your personal data is processed and for what purposes.
We can be contacted by postal mail at:
Mother Meera Foundation
21 The Vineyard
3. What Data Do We Collect and Why?
The following sections cover the different ways / places on our website / etc in which personal data is collected. They also outline the length of time that data is kept.
3.1 Entire Website
The mothermeera.org.uk website uses Google Analytics to collect various items of data about visitors to the site and to do this it creates cookies on your computer (or tablet, phone etc). This is why, on visiting the website for the first time, you saw a cookie notice asking for your consent – that is, your consent to create cookies on your device.
At the same time as creating a cookie, data is passed back to Google. It is important to note that both the data in the cookie and that passed to Google is anonymised, i.e. it is changed so that it is not possible to use it to identify you as an individual. Consequently we don’t really have to notify you, under the GDPR, that we are sending this data to Google but we do so in order to reassure you that no personally identifiable data is sent to them.
3.2 On-Line Shop
a) While you are using the on-line shop the website creates cookies to keep track of the items you have added to your shopping basket and the contact details (address, email, etc) you have entered. Because this data could be used to identify you as an individual the shop pages have a separate cookie notice asking for your consent to store this data on your computer and pass it back to the website server. This is necessary for you to be able to buy anything from the shop – if you disable cookies you will not be able to do that.
b) The shop pages also make use of Google Analytics and, as with the main part of the website, your personal data is anonymised, so that it is not possible to identify you, before being stored in Google Analytics cookies or being transmitted to Google.
c) Details of the credit/debit card or PayPal account that you use to pay for any purchases is not collected by us, it is collected by PayPal and these details are not not made available to us.
d) Certain personal details may be passed to us by PayPal, these include your email and postal addresses as recorded on your PayPal account. We collect these details from you in the checkout anyway but they may be different from what is stored on your PayPal account.
e) Records of your purchases, including the items you purchased, how you paid (but not your payment credentials), your name and contact details, are kept indefinitely but, providing we do not need them for accounting purposes and to compile accounts for HMRC and the Charities Commission, you can ask us to delete them if you wish.
3.3 Bookshop at Darshan Events
When you come to a darshan event we normally provide a bookshop where you can buy various Mother Meera related items – books, photos of Mother, CDs, incense, etc. To pay for these items we accept cash, cheque or credit/debit cards. The latter are processed using a PayPal card reader. Depending on whether PayPal have taken your details in the past we may receive an email from PayPal which includes your name and email address. These emails may be kept indefinitely. In addition the same data is available to us using our PayPal on-line account.
4. How We Protect Your Data
a) All communication between you and our website is securely encrypted (as indicated by the https: at the beginning of the website address and often a green padlock symbol on many browsers). Data on our website is stored on servers located within the UK or European Union.
b) Note that the content of emails sent to us, or received from us, can never be guaranteed to be 100% secure as emails are transmitted as plain text and can be intercepted in transit.
c) Your data will not be transferred outside Europe, nor to any non-European organisations who are not certified under the EU-US Privacy Shield, without your explicit consent (we currently don’t envisage any need to do so). Data may be transferred to Mother Meera’s centre in Germany, this is most likely to occur if you contact us to say that you are having problems using the darshan reservation system.
d) In some cases we may refuse to delete your personal data when requested by you. This occurs if we need to keep it in order to comply with future legal obligations, e.g. compliance with tax requirements and exemptions and the establishment or defence of legal claims.
e) All on-line payments are received through a recognised on-line secure payments provider (PayPal).
f) We will notify you promptly in the event of any data breach which might expose you to serious risk.
5. Who Else Has Access to Your Data?
We do not share your personal data outside of Mother Meera Foundation (UK) and Mother Meera’s centre in Germany.
Engineers working for our internet provider (1and1) do have access to data stored on our website however, if they are found to be doing so without our express permission, then losing their job is likely to be the least of their problems.
We will never sell your personal data. We will not disclose your personal data to any third party without your prior consent (which you are free to withhold), except where required to do so by law.
7. Your Rights
Regarding the personal information that we keep about you, the GDPR provides you with the following rights:
- The right to be informed (that’s the purpose of this privacy notice).
- The right of access (you can ask us what data we store about you).
- The right to rectification (you can ask us to correct it if it’s not correct).
- The right to erasure (you can ask us to delete your data).
- The right to restrict processing (e.g. you can ask us not to send you any more mailing list emails).
- The right to data portability (you can ask us to send you your data in machine readable form).
If you wish to exercise any of these rights please get in touch (see section 2 above).
If you have any complaints about how we store or process your personal information then please let us know. However if you are still not satisfied you may take them to the Information Commissioner. Their contact details are as follows:
Information Commissioner’s Office
Telephone: 0303 123 1113
Web page: https://ico.org.uk/concerns