Mandala of Light Privacy Policy

Last Updated: March 19, 2025

1. Introduction

Mandala of Light ("us," "we," or "our") is a spiritual community dedicated to fostering personal growth and spiritual development through online and in-person learning experiences. We are committed to protecting the privacy and security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you interact with our websites (mandalaoflight.org), applications, events, and other services (collectively, the "Services").  

2. Information We Collect

We collect information about you through various means, including:

2.1 Information You Provide Directly

Account and Profile Information: When you create an account or complete your profile, we collect details such as your full name, email address, phone number, date of birth, physical address, username, password, profile picture, biographical information, and areas of spiritual interest.

Membership Information: As a member, we may collect additional information related to your participation, including attendance records, event registrations, and feedback.

Financial Information: When you make a purchase or donation, we collect payment information, including credit card details, billing address, and transaction history. We utilize secure third-party payment processors and do not store sensitive payment information on our servers.

Communications and Support: We collect information from your communications with us, including emails, chat logs, support tickets, and feedback forms.

Event and Program Participation: When you participate in our events, workshops, or programs, we may collect information related to your participation, such as attendance, feedback, and any specific needs or requirements.

Sensitive Information: As part of our diversity and healing initiatives, we may collect sensitive information such as race, gender identity, sexual orientation, and details about physical or mental health conditions. This information is collected with your explicit consent and is used solely for the purposes described in this policy.

Information Regarding other Individuals: If you provide information regarding another individual, you are responsible for gaining their consent, and informing them of this privacy policy.

2.2 Information Collected Automatically

Website Usage Data: We collect information about your interactions with our websites, including IP address, browser type, operating system, referring URLs, pages visited, time spent on pages, and clickstream data.

Device Information: We collect information about the devices you use to access our Services, including device type, operating system version, unique device identifiers, and mobile network information.

Location Data: With your consent, we may collect location data from your device to provide location-based services or personalize your experience.Log Files: We maintain log files that record events related to your use of our Services, including access times, IP addresses, and error logs.

2.3 Cookies and Tracking Technologies

Cookies: We use cookies to enhance your browsing experience, personalize content, and analyze website traffic. You can manage your cookie preferences through your browser settings.  

Web Beacons and Pixel Tags: We use web beacons and pixel tags to track user activity, measure the effectiveness of our marketing campaigns, and personalize advertising.

Third-Party Analytics: We use third-party analytics services, such as Google Analytics and Meta Pixel, to collect and analyze data about website usage and user behavior. These services may use cookies and similar technologies to track your online activity.

Advertising Technologies: We may use advertising technologies to deliver targeted ads to you on our websites and other platforms.

3. How We Use Your Information

We use your information for the following purposes:

Providing and Maintaining Services: To operate, maintain, and improve our Services, including account management, event registration, and customer support.

Personalization: To personalize your experience with our Services, including content recommendations, event suggestions, and targeted offers.

Communication: To communicate with you about our Services, events, updates, and promotional materials.

Marketing and Advertising: To deliver targeted ads and promotional content to you on our websites and other platforms.

Analytics and Research: To analyze website traffic, user behavior, and market trends to improve our Services.

Security and Fraud Prevention: To protect our Services and users from fraud, abuse, and unauthorized access.

Legal Compliance: To comply with applicable laws and regulations, including responding to legal requests and enforcing our policies.

Diversity and Inclusion Initiatives: To analyze demographic data for the purpose of improving diversity and inclusion within our community.

Healing Initiatives: To provide support and resources related to healing, with your explicit consent.

4. Legal Basis for Processing

We process your personal information based on one or more of the following legal bases:

Consent: We rely on your consent to process certain types of personal information, such as sensitive information and marketing communications.

Contractual Necessity: We process your information when necessary to fulfill our contractual obligations to you, such as providing access to our Services or processing payments.

Legitimate Interests: We process your information when it is in our legitimate interests to do so, such as improving our Services, conducting analytics, and preventing fraud.

Legal Obligations: We process your information when necessary to comply with legal obligations, such as responding to legal requests or enforcing our policies.

5. Disclosure of Your Information

We may disclose your information to the following parties:

Service Providers: We share information with third-party service providers who assist us with various aspects of our Services, including hosting, payment processing, email marketing, and analytics.

Business Partners: We may share information with business partners who offer products or services that may be of interest to you, with your consent.

Authorized Community Teachers: In our decentralized model, select community members are authorized to teach. In order to provide the services, certain data such as name and contact information may be shared.

Legal Authorities: We may disclose your information to legal authorities when required by law or to protect our rights and interests.

Affiliated Entities: We may share information with affiliated entities, such as subsidiaries or parent companies, for business purposes.

Aggregate and De-identified Data: We may share aggregate or de-identified data with third parties for research, analytics, or marketing purposes.

6. Data Security

We implement appropriate security measures to protect your information from unauthorized access, use, or disclosure. These measures include:

Encryption: We use encryption to protect sensitive data during transmission and storage.  

Access Controls: We restrict access to your information to authorized personnel on a need-to-know basis.

Regular Security Assessments: We conduct regular security assessments to identify and mitigate potential vulnerabilities.  

Data Minimization: We only collect and retain the information necessary to fulfill the purposes outlined in this policy.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.  

8. Your Rights

You have the following rights regarding your personal information:

Right to Access: You have the right to request access to your personal information and receive a copy of it. Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information.  

Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal information, subject to certain exceptions.

Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances.

Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller.  

Right to Object: You have the right to object to the processing of your personal information, including for direct marketing purposes.  

Right to Withdraw Consent: If we rely on your consent to process your information, you have the right to withdraw your consent at any time.

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe that we have violated your data protection rights.  

Right to not be subject to automated decision-making: You have the right to not be subject to decisions based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you.  

9. International Data Transfers

We may transfer your personal information to countries outside of your jurisdiction, including the United States, where data protection laws may differ from those in your country. We will implement appropriate safeguards to ensure that your information is protected in accordance with this policy and applicable laws.

10. Children's Privacy

Our Services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us.  

11. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website or by other means of communication. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the revised policy.  

12. Third-Party Links and Services

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party websites or services you visit.  

13. Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the appropriate supervisory authority without undue delay, as required by applicable law.  

14. Data Security Incident Response

We have established procedures to respond to data security incidents, including identifying and containing the incident, mitigating its impact, and notifying affected individuals and authorities as required by law.

15. Data Accuracy and Integrity

We take reasonable steps to ensure that your personal information is accurate, complete, and up-to-date. You are responsible for notifying us of any changes to your information.

16. Data Minimization and Purpose Limitation

We collect and process only the personal information that is necessary for the purposes outlined in this policy. We do not collect or retain data that is not needed for these purposes.

17. Data Protection by Design and Default

We implement data protection principles by design and by default, including integrating data protection into the design and operation of our Services and ensuring that only necessary data is processed.

18. Data Protection Impact Assessments (DPIAs)

We conduct DPIAs when required by applicable law to assess the potential impact of our processing activities on your privacy.

19. Data Subject Requests and Complaints

We have established procedures to handle data subject requests and complaints. You can contact us using the contact details provided in Section 22 to exercise your rights or file a complaint.

20. Data Transfers Outside the European Economic Area (EEA)

If we transfer your personal information outside the EEA, we will implement appropriate safeguards, such as Standard Contractual Clauses or Binding Corporate Rules, to ensure that your information is protected in accordance with applicable law.  

21. Specific Provisions Related to Sensitive Data

Explicit Consent: We will only collect and process sensitive data (such as information related to health, race, or sexual orientation) with your explicit consent.

Purpose Limitation: Sensitive data will only be used for the specific purposes for which it was collected.

Enhanced Security: We implement enhanced security measures to protect sensitive data from unauthorized access, use, or disclosure.

Data Minimization: We only collect and retain the minimum amount of sensitive data necessary for the specified purposes.

Transparency: We will provide clear and transparent information about how we collect, use, and protect sensitive data.

22. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at: [email protected]