PRIVACY POLICY

General Data Protection Regulation (GDPR) Framework

Purpose

This is a description of the privacy policy of the trust of Polish Vipassana Foundation (Dhamma Pallava, Dziadowice 3a, 62-709 Dziadowice).

In this policy, we explain who we are, why we need your data, what we do with it and how we help you to exercise your rights with respect to your data.

Our privacy policy aims to deal with great care with your data and your rights, in compliance with national and international rules and regulations, especially the General Data Protection Regulation (GDPR).

 

Who we are

If you apply for a 10-day Vipassana course your data goes through an online application process called CALM (standing for Course Application and Letters Management). Affiliated Vipassana organisations use this registration system to organise courses.

The CALM Foundation (located in Rotterdam, The Netherlands) manages this system and has its own CALM Privacy Policy.

The trust of Polish Vipassana Foundation is responsible for the further processing of your data.

 

Your data is used to process your application, provide you with a place on the course, a room and a place to meditate, and if necessary to make special provisions for you.

 

Why we store your information

With the information you give us, we assess if you are mentally and physically capable of participating in a course. A Vipassana course can be very demanding.

 

We then use your information to:

  • plan accommodation, food or transport;

  • give you adequate guidance and assistance during the course;

  • provide additional services to old students, such as newsletters and after course mailings;

  • share opportunities to volunteer/serve or share other relevant information with you.

  • keep financial information for tax reasons or other personal information required by law.

We will not do these things if you do not want us to.


There are cases when we need to keep personal details because somebody could harm themselves or others or the organisation by participating in a course.

 

The information we collect

We collect your name, date of birth, gender, profession, medical and/or mental health history (as provided by you), name of spouse, name of friends who are participating in the course, emergency contact, general contact information, course history, native language and other languages spoken.

For the duration of the course we also store the licence plate number of your vehicle in case we need to remove it in an emergency.

If a teacher has grounds to decide that you cannot participate in a course, we will keep this information and the reason why. The decision may be based on data provided by you, but also on events or the observations made by a teacher. Only teachers involved with the assessment have access to this information.

 

How long it is stored

In CALM, all sensitive information and communication is removed 3 months after your course is completed. Only some basic information is stored, such as your name and if you completed a previous course.

An assessment that you cannot participate in a course in the future, or only under certain conditions, is kept for a maximum of 10 years. This period can be prolonged after a new assessment.

The physical form that you complete on arrival at the Vipassana centre/course location will be destroyed after 2 years.

If you participate in a course, the trust of Polish Vipassana Foundation is responsible for storing your data in compliance with national rules and regulations.

However, we delete all information that we no longer need.

To know exactly how long the information is stored, and, in the case of a non-centre location, where forms are stored, please contact the relevant Data Protection Officer (DPO) or Privacy Contact Person (PCP) below.

 

How we process your personal information

When we process your personal information, we follow a set of principles:

  1. your information is only used and stored in accordance with what we really need and as long as needed;

  2. we have an overview of all the types of information that are stored;

  3. if we don’t need your information any more, we will delete it;

  4. we give you access to your information;

  5. we keep your information properly secured;

  6. we only share your personal information within our organisation (this means: with Vipassana organisations in the same tradition with the same goals, provided there are safeguards in place (see below).

 

The Data Protection Officer (DPO) and Privacy Contact Person (PCP)

The CALM foundation, responsible for the international online registration system, has a Data Protection Officer. Meditation centres that use the system, like the trust of Polish Vipassana Foundation, are responsible for the further processing. Therefore, each country has a Privacy Contact Person. The Privacy Contact Person co-operates with the Data Protection Officer to protect your data. You can contact any of them at: [email protected].

 

Special rules for children

Children, have a special privacy policy because they are more vulnerable:

www.privacy-eu.dhamma.org/children.

 

Legal grounds

Personal information is only stored if we have a legitimate reason to hold it and if the law allows us to do so. For example: by consent, under a contract, because of any other legitimate interest such as the vital interest of a student, or because a special law requires us to. We can always inform you of the legal reason why we are holding your information.

 

Security

Fellow workers/volunteers who process data for the trust of Polish Vipassana Foundation sign a confidentiality agreement. Only the teachers, involved with an assessment, have access to very sensitive information (they have signed a confidentiality agreement). Your personal information is kept securely and is not in any circumstances disclosed to a third party, unless specifically authorised to receive that information.

Personal data is kept:

  • in a locked room with controlled access; and/or

  • in a locked drawer or filing cabinet; and/or

  • if computerised, password-protected in line with corporate requirements in the Access Control Policy; and/or

  • stored on (removable) computer media which are encrypted and will be anonymized or pseudonymized wherever possible.

PC screens and terminals, used for processing data, are not visible except to authorised fellow workers/volunteers. Physical records may not be left where they can be accessed by unauthorised personnel and may not be removed from the workplace without explicit authorisation. As soon as manual records are no longer required they are removed from secure archiving.

 

Students rights

We respect your rights. More specifically we ensure that:

  1. We can provide an overview of all the information we keep about you.

  2. We will make sure your information is correct.

  3. We will correct and remove any information at your request, unless we have a legal ground to process the information without your consent. You have a right to object to our decision.

  4. We will redirect you to the applicable Data Protection Officer or Privacy Contact Person.

  5. We offer you the option to submit an objection to the processing to the appeals committee, our so-called Special Cases Committee.

  6. We will respect your right to file a complaint at the Data Protection Authority.

 

Access to information and objections towards the processing

If you want to find out what information we keep about you, or if you do not agree with the data we keep, and if you want to submit an objection towards processing, you can fill in this form and make the request by sending it to [email protected].

If you cannot access your data, please send an email to [email protected].

 

Data breaches

If there is a breach that may have repercussions for you, we will inform you about this, and the Data Protection Authority. If you would like to report a breach, please see: https://www.privacy-eu.dhamma.org/report-a-data-breach/.

 

International safeguards

Whenever we share your personal information with a Vipassana-organisation outside the European Union, we apply additional safeguards.

To learn more about the safeguards we applied in your specific case, please contact us.

 

In case you ask us to provide data, to an organisation without adequate safeguards, we will inform you about the risks. You can then decide whether or not to provide the information.

 

 

Contact information

If you have any questions or would like to contact us: [email protected] or https://www.privacy-eu.dhamma.org.