We take your privacy very seriously at Lisbon Meditation, and we are committed to keep your personal data safe. Please see below for our integrity policy. Should you still have any questions with regard to how we process your personal data, please don’t hesitate to contact us directly.
1. What personal data we collect and the purpose of collecting it
- Through the booking function on our website zagrebmeditacija.org, you are asked to provide personal data in form of your name and telephone number. We also ask for this information if you make a reservation through telephone or meeting us in person while promoting our meditation. The legal basis for processing this data is that we have a legitimate interest to process this information in order to give you the introductory seminar that you have signed up for. We use the data to provide you with confirmation of your reservation, address to the meditation center, etc.
- Should you sign up for membership at Lisbon Meditation we will collect your first and last name, address, date of birth, telephone number and e-mail address. We will also record information about the hours you spend meditating as well as certain steps you make in the meditation. The legal basis for processing this data is that we need this information in order to fullfill our commitment to provide you with meditation guidance. (Information related to previous students will be processed on basis of legitimate interest, see further section 2.2. below.) We will use the information for our membership directory, for keeping track of your meditation progress, and for the purpose of contacting you regarding reservation for meditation classes and to inform you about meditation and other membership activities at the meditation center.
- On occasion, we receive queries about our meditation via e-mail from the general public. These messages normally include some personal data, such as e-mail address and name. The legal basis for processing this data is either consent or legitimate interest, depending on the content of the e-mail message. We will use the personal information for the purpose of responding to the e-mail queries. Our intention is to keep any e-mail correspondence to a minimum.
We will not use your personal data for any other purposes than the above stated, i.e. we will not sell or share your data or use it for marketing purposes, publish it, or transfer it to any unauthorized third party.
2. Storage and deletion of personal data
- The personal data collected in accordance with section 1.1 above is stored until you have visited the center for the introductory seminar, or cancelled your seminar reservation or where the circumstances show that you do not wish to attend the seminar. The information will thereafter be deleted.
- The personal data collected in accordance with section 1.2 is stored until the membership has expired or has been terminated by the member. However, name and telephone number of the member may be kept for a maximum period of one year after the expiry of the membership in order to occasionally inform previous members about current meditation center activities.
- The personal data collected in accordance with section 1.3 above will be deleted after the e-mail correspondence has ended.
- Some personal data, such as names on receipts of payment, may classify as book-keeping material under Swedish law, and will therefore be stored and deleted in accordance with such regulations.
- We use technical and organisational security measures to protect your personal data against loss or any unauthorized access. We regularly revise our security policies and routines in order to ensure that our systems are secure and up-to-date.
4. Transfer of personal data to a country outside of EU/EEC
- The personal data collected through our website zagrebmeditacija.org is stored on servers belonging to the company WPEngine, Inc. based in the United States. WPEngine, Inc. has certified its compliance with the EU-U.S. Privacy Shield Framework (please visit privacyshield.gov for further information), which has been approved by the European Commission for meeting adequate safety standards. Furthermore, we have entered into a data processor agreement with WPEngine, Inc. in order to retain control of and safeguard your information.
- In case we would transfer your personal data a country outside the EU/EEC in any other instance than set forth in section 4.1 above, we will make sure that such transfer is made safely and in accordance with EU law.
5. Your rights
- Right to information
You have the right to know which personal data we process and you can request a copy of that personal data.
- Right to rectify any inaccurate personal data
In case any of the personal data relating to you is inaccurate, you have the right to ask us to rectify it.
- Right to erasure
You have the right to have your personal data erased from our systems in certain cases. You can require us to erase your personal data if the data that is not necessary for our purposes of collecting it or if there is no legal basis for processing it.
- Right to restriction
Restriction means that you, under certain circumstances, have the right to stop us from using your data and instead only store it on our systems. In case you would contest the accuracy of the data or our right to process it, restriction applies during the time we need to respond to your claim. Furthermore, you have the right to restriction in case we process your information unlawfully or if the processing is no longer necessary.
- Right to object
With regard to some personal data, we process it on basis of the so-called “legitimate interest” (see sections 1.1 – 1.3 above). In the event you find that the we lack such legitimate interest, you have the right to object against it. Furthermore, if we would use personal data for direct marketing purposes, you have the right to object to such use.
- Right to lodge complaint
If you are dissatisfied with the way we process your data, you have the right to lodge a complaint with [Data Inspection Committee], which is the supervisory authority for the processing of personal data in [COUNTRY]. Please visit [URL of GDPR information page] for further information.