(Updated 7 December 2022)

Privacy and Security

Sanskrut Bhakti reviews its systems and processes on an on-going basis to ensure they follow current General Data Protection Regulation (GDPR) guidelines.

Who ‘We’ Are

In this Privacy Policy document, any reference to ‘We’, ‘Us’ or ‘Our’ is a reference to Sanskrut Bhakti (henceforth also referred to as “SB”), a non-profit, non-registered organisation operating in the UK for the specific purpose of promoting the Sanskrit language (and its rich cultural heritage) in local, national, and international communities. SB-registered volunteers and students will henceforth also be referred to as “Affiliates” in this Policy.

Personal and Sensitive Information

SB classifies Personal Information (“PI”), such as a volunteer teacher’s or student’s name, address, telephone, email, age (only for Children’s Classes, ages 5-16), previous experience of or future aspirations of learning the Sanskrit language. Details relating to medical conditions, ethnicity, political leanings, religious beliefs, etc., do not form part of SB’s information gathering processes: SB does not ask for, nor store, Affiliates’ Sensitive Personal Information (“SPI”).

For completeness of disclosure, some non-personal information is also collected via the website hosting company, such as IP addresses (the location of the computer that’s accessing the Internet), website pages accessed, files downloaded, etc. This helps Us to profile Our website access and use, e.g., the number of times in one day / week / month people visit Our website, which gives a handle on popular pages. This information is inherently anonymised and does not inform on who specifically has accessed the information, nor does it indicate their exact location.  But the data does gives sufficient information to manage the relative load on Our website which could provide inputs to decisions about both the content changes / updates on webpages and any changes required to the hosting service for the website itself.

Data Protection Officer (DPO)

SB has yet to designate a DPO. In the interim, the co-founders of SB, together with the web administrator, will implement policy guidelines in compliance with GDPR. Should an Affiliate have concern over the use or storage of their personal data, they are fully entitled to make representation to one of the co-founders and to have it updated or removed completely.

General Security

sanskrutbhakti.org is the official domain name and production website for SB’s presence on the Internet. sbhakti.org.uk is similar but used to support the production website, and test new features and content before they are deployed to production.

The hosting company used for SB’s domain names and websites follow industry standards that should prevent unauthorised access. The website has an SSL certificate installed to ensure all data communication with users’ browsers are encrypted. Note, however, that the transmission of electronic data over the public Internet and its storage in “the Cloud” cannot be guaranteed to be 100% secure. Whilst SB and the webhosting company will do their utmost best to protect the security of PI, a 100% guarantee cannot be given against the loss, interception, misuse, or alteration of data by determined hackers. Should such an unfortunate data incident happen, those whose PI data were compromised would be informed as soon as We are reliably informed.

Our website currently operates a mostly view-only access to the organisation’s structure, courses, links to other relevant resources on the Internet, volunteer teacher profiles and additional password-protected web pages where SB-affiliated teachers and students may access restricted information for courses or events hosted by SB.

The website currently has password-protected, administrator logins to manage its configuration, design and content.

The current course registration and contact us process is “off-platform” but integrated into the website for user inputs. The forms capture some personal information but only for the specific purpose of managing the delivery of Sanskrit courses (over the Zoom video conferencing platform) and to answer queries.

Some offline files with PI are stored by the current co-founders and teachers on their personal computers, in personal or generic SB-related gmail accounts and on Goodle drive. Information is shared amongst Affiliates on a need-to-know basis.

Reasonable care has been taken with the storage of paper documentation that has PI, ensuring it is not accessible by unauthorised personnel.

Handling of Personal Data

SB complies with Article 6 of the UK GDPR Act:  Affiliates have given consent for specific personal data to be collected and used for operational purposes only. 

Unless informed otherwise, SB will assume all PI provided through the website or via the Google registration process has the consent to Our collecting and using it as defined in this Privacy Policy. No PI is obtained through other online, mass-mailing, free or fee-paying subscription services. The information is also not used for any kind of personal profiling, neither is it shared with any third-party company or sold, unless mandated by a legitimate law enforcement agency or if compelled by an order of the Court.

We collect information about the people who attend (either virtually over Zoom or in-person) our events, our classes, our children’s classes and /or have requested ad-hoc information through the Contact Us link on Our website.

We do bcc, as a standard, in group emails, however, if within a SB-Affiliates Group, we might display the emails for convenience of communication and discussion.

SB also uses WhatsApp (from Meta) Groups, with Affiliates belonging to one or more Groups. Telephone numbers are inevitably visible to Group members. However, the Group Admins moderate the content of the messaging for relevance. WhatsApp, however, reveals mobile phone numbers to all those that are members of a particular WhatsApp Group, this allowing Affiliates to send messages directly to each other. Affiliates have the freedom to leave WhatsApp Groups whenever they wish to do so.

Affiliates have the right to ask and be told what information about them is held on file and/or is being made available to other Affiliates. We are also legally required to share information with a law enforcement agency legitimately exercising a power or if compelled by an order of the Court.

There is currently no online members’ directory that is accessible from the website.

Affiliates have the right to request their personal information be removed completely from Our electronic and paper databases. Just send Us a message via Our Contact Us webpage.

We will keep PI only for as long as it is needed to provide past, existing and prospective Affiliates with Sanskrit education services and / or to comply with the prevailing law. When We no longer need the PI data, nor require its archive for audit or legal purposes, it will be disposed securely, using a third-part services if necessary.

Prospective students and teachers who use the Google on-line registration forms for courses will confirm their agreement on the use of their PI for the specific purpose of delivering Our services efficiently and at low cost.

Affiliates parting with SB can request their PI to be removed from the active or archived directories and will no longer have access to restricted pages of the website when associated passwords are changed.

Photographs & Documents

Our Affiliates and the public may from time to time submit appropriate photographs or written documents to be put on Our website or to be shared with some other publication (e.g. a local newspaper). Such submissions will be assumed to have been made in good faith and deemed to have the consent from other individuals in the photos/images. The exception to this is a ‘general view’ category of images/photos which may include several “appropriate people” as part of an overall scene.

Should any person included in any image/photo on the website or paper file request for it be removed (via Contact US), then the same will be edited or taken off completely as appropriate. No images/photos of children will be published in any form without the full parental or guardian consent.

Affiliates’ Responsibilities & Rights

Affiliates will confirm agreement (or otherwise) to be included in a members’ / Affiliates directory.

Affiliates will ensure that any documents created, such as minutes of meetings, reports, etc. that include sensitive information are correctly handled in compliance with GDPR. If in doubt, ask!

We operate for the benefit of our Affiliates and the wider community in which We operate: an electronic or physical security breach is serious and could have GDPR repercussions. All known breaches of information security, however minor, should be reported to one or more of Our co-founders.

GDPR gives certain rights over a person’s data and how We use it, including:

• the right to have inaccurate PI corrected or destroyed by Us
• the right to prevent one’s PI being used for direct marketing of Our Courses and Events by Us
• the right to request a copy of one’s PI held by Us

Should you wish to exercise any of these rights, please send Us a message via Our Contact Us webpage.

Children’s Data

Some of the Sanskrit classes and events We offer are aimed specifically at children. To deliver these services safely, it is necessary for Us to collect PI and store it. As part of collecting this data for anyone under 18, We would always ask the Parent to both register the child and confirm that a responsible adult would also participate with the child during a Zoom session.

Links to third-party Websites

Our website contains links to third-party websites that may be of interest to visitors. This Privacy Policy only governs Our website, not the third-party websites that may be referenced.

Social Media Sites

We currently don’t have a presence on social media.

<ENDS>