Web Site Terms and Conditions of Use
By accessing this web site, you are agreeing to be bound by these web site Terms and Conditions of Use, applicable laws and regulations and their compliance. If you disagree with any of the stated terms and conditions, you are prohibited from using or accessing this site. The materials contained in this site are secured by relevant copyright and trade mark law.
2. Use License
1. Permission is allowed to temporarily download one duplicate of the materials (data or programming) on Kagyu Samye Dzong Cardiff's site for individual and non-business use only. This is the just a permit of license and not an exchange of title, and under this permit you may not:
a. modify or copy the materials;
b. use the materials for any commercial use , or for any public presentation (business or non-business);
c. attempt to decompile or rebuild any product or material contained on Kagyu Samye Dzong Cardiff's site;
d. remove any copyright or other restrictive documentations from the materials; or
e. transfer the materials to someone else or even "mirror" the materials on other server.
2. This permit might consequently be terminated if you disregard any of these confinements and may be ended by Kagyu Samye Dzong Cardiff whenever deemed. After permit termination or when your viewing permit is terminated, you must destroy any downloaded materials in your ownership whether in electronic or printed form.
1. The materials on Kagyu Samye Dzong Cardiff's site are given "as is". Kagyu Samye Dzong Cardiff makes no guarantees, communicated or suggested, and thus renounces and nullifies every single other warranties, including without impediment, inferred guarantees or states of merchantability, fitness for a specific reason, or non-encroachment of licensed property or other infringement of rights. Further, Kagyu Samye Dzong Cardiff does not warrant or make any representations concerning the precision, likely results, or unwavering quality of the utilization of the materials on its Internet site or generally identifying with such materials or on any destinations connected to this website.
In no occasion should Kagyu Samye Dzong Cardiffor its suppliers subject for any harms (counting, without constraint, harms for loss of information or benefit, or because of business interference,) emerging out of the utilization or powerlessness to utilize the materials on Kagyu Samye Dzong Cardiff's Internet webpage, regardless of the possibility that Kagyu Samye Dzong Cardiff or a Kagyu Samye Dzong Cardiff's approved agent has been told orally or in written of the likelihood of such harm. Since a few purviews don't permit constraints on inferred guarantees, or impediments of obligation for weighty or coincidental harms, these confinements may not make a difference to you.
5. Amendments and Errata
The materials showing up on Kagyu Samye Dzong Cardiff's site could incorporate typographical, or photographic mistakes. Kagyu Samye Dzong Cardiff does not warrant that any of the materials on its site are exact, finished, or current. Kagyu Samye Dzong Car diffmay roll out improvements to the materials contained on its site whenever without notification. Kagyu Samye Dzong Cardiff does not, then again, make any dedication to update the materials.
Kagyu Samye Dzong Cardiff has not checked on the majority of the websites or links connected to its website and is not in charge of the substance of any such connected webpage. The incorporation of any connection does not infer support by Kagyu Samye Dzong Cardiff of the site. Utilization of any such connected site is at the user's own risk.
Kagyu Samye Dzong Cardiff may update these terms of utilization for its website whenever without notification. By utilizing this site you are consenting to be bound by the then current form of these Terms and Conditions of Use.
8. Governing Law
Any case identifying with Kagyu Samye Dzong Cardiff's site should be administered by the laws of the country of United Kingdom Kagyu Samye Dzong Cardiff State without respect to its contention of law provisions.
Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.
We will gather and utilization of individual data singularly with the target of satisfying those reasons indicated by us and for other good purposes, unless we get the assent of the individual concerned or as required by law.
We will just hold individual data the length of essential for the satisfaction of those reasons.
We will gather individual data by legal and reasonable means and, where fitting, with the information or assent of the individual concerned.
Personal information ought to be important to the reasons for which it is to be utilized, and, to the degree essential for those reasons, ought to be exact, finished, and updated.
We will protect individual data by security shields against misfortune or burglary, and also unapproved access, divulgence, duplicating, use or alteration.
We will promptly provide customers with access to our policies and procedures for the administration of individual data.
We are focused on leading our business as per these standards with a specific end goal to guarantee that the privacy of individual data is secure and maintained.
1.1 We are committed to safeguarding the privacy of our website visitors and service users.
1.2 This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
1.5 In this policy, "we", "us" and "our" refer to Kagyu Samye Dzong Cardiff[ For more information about us, see Section 13.]
2.1 This document was created using a template from SEQ Legal (https://seqlegal.com).
3. How we use your personal data
3.1 In this Section 3 we have set out:
(a) the general categories of personal data that we may process;
(b) [in the case of personal data that we did not obtain directly from you, the source and specific categories of that data];
(c) the purposes for which we may process personal data; and
(d) the legal bases of the processing.
3.2 We may process [data about your use of our website and services] ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is google analytics. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services].
3.3 We may process your account data ("account data").The account data may include your name and email address. The source of the account data is you or your employer. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
3.4 We may process information contained in any enquiry you submit to us regarding goods and/or services ("enquiry data"). The enquiry data may be processed [for the purposes of offering, marketing and selling relevant goods and/or services to you]. The legal basis for this processing is consent.
3.5 We may process information relating to our customer relationships, including customer contact information ("customer relationship data").The customer relationship data may include your name, your employer, your job title or role, your contact details, and information contained in communications between us and you or your employer. The source of the customer relationship data is you or your employer. The customer relationship data may be processed for the purposes of managing our relationships with customers, communicating with customers, keeping records of those communications and promoting our products and services to customers. The legal basis for this processing is our legitimate interests, namely the proper management of our customer relationships.
3.6 We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website ("transaction data"). The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the proper administration of our website and business.
3.7 We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters ("notification data"). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
3.8 We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication.[Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
3.9 We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
3.10 We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
3.11 In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
3.12 Please do not supply any other person's personal data to us, unless we prompt you to do so.
4. Providing your personal data to others
4.1 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
4.2 Financial transactions relating to our website and services are handled by our payment services providers, PayPal. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full .
4.3 In addition to the specific disclosures of personal data set out in this Section 4, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
5. International transfers of your personal data
5.1 In this Section 5, we provide information about the circumstances in which your personal data may be transferred to [countries outside the European Economic Area (EEA)]
5.2 You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
6. Retaining and deleting personal data
6.1 This Section 6 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
6.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6.3 Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
7.1 We may update this policy from time to time by publishing a new version on our website.
7.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
7.3 We [may] notify you of significant changes to this policy by email.
8. Your rights
8.1 In this Section 8, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
8.2 Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
8.3 You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. The information will be made available within one calendar month of the request date.
8.4 You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
8.5 In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
8.6 In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
8.7 You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
8.8 You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
8.9 You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
8.10 To the extent that the legal basis for our processing of your personal data is:
(a) consent; or
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
8.11 If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
8.12 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
8.13 You may exercise any of your rights in relation to your personal data [by written notice to us, in addition to the other methods specified in this Section 8.
9. About cookies
9.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
9.2 Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
9.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
10. Cookies that we use
11. Cookies used by our service providers
12. Managing cookies
12.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
12.2 Blocking all cookies will have a negative impact upon the usability of many websites.
12.3 If you block cookies, you will not be able to use all the features on our website.
13. Our details
13.1 This website is owned and operated by Kagyu Samye Dzong Cardiff (Rokpa Trust). Website is www.meditateinwales.net
13.2 We are registered in [England and Wales] Kagyu Samye Dzong Cardiff is part of Rokpa Trust Limited. Registered Charity No: 1059293
13.3 Our principal place of business is at The Tibetan Buddhist Centre for World Peace and Health , 248 Cowbridge Road East, Canton, Cardiff, CF5 1GZ.
13.4 You can contact us:
(a) by post, to the postal address given above;
(b) using our website contact form;
(c) by telephone, on the contact number published on our website from time to time; or
(d) by email, using the email address published on our website from time to time.
14. Social Media and Third Party Provider Privacy Policies
14.1 We use a number of third party providers to supply us with vital services. This includes social media websites such as Facebook and Meetup that hold details of events and courses we run, as well as sites like Instagram and Pinterest where we host photos and context. We use Mailchimp for our mailing lists . For donations we use a secure donation box, accept cheques and standing orders. In the course of following us, you may be using one of these services and this will be abundantly clear when you do so. In most cases you will have your own account with them in order to use their service and we have provided links to their privacy policies for your convenience.
Dropbox We use Dropbox and Google Drive (&gMail etc) for the secure storage & backup of email, documents, and media. You can find their policies linked below :
Please note, we do not run the sites these links go to and it is possible that they will update their policies to a new page at some point. In the event a link breaks, you will still be able to find it on their site but please let us know so we can amend our link to it as well.
Data Protection Policy May 2018 Introduction
Kagyu Samye Dzong Cardiff (KSD) (including its directors, volunteers, advisors and self-employed contractors) will to the best of its ability adhere to the data protection principles of the Data Protection Act (DPA) which comes into force on 25 May 2018, which are:
1. Personal data shall be processed fairly and lawfully.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Use of personal data
The records we use that contain personal data are hosted by the following DPA compliant software providers:
Email Mailing List provider ‘Mailchimp’;
Email communications provider ‘Google – Gmail’;
Document storage provider ‘DropBox’, ‘Google Drive’;
Bank account provider ‘The Royal Bank of Scotland’.
These records are used solely for the purposes of administering course attendance and supporting continued engagement by individuals with the work of Kagyu Samye Dzong Cardiff. The personal data typically includes name, address, email address, payment card details (not accessible to Kagyu Samye Dzong Cardiff volunteers), emails sent to individuals via Mailchimp or Gmail, courses attended and other engagement with the work of Kagyu Samye Dzong Cardiff (eg. being a member of the centre, on the Mailchimp email list, on a contact list for an ongoing course etc.) for the purposes of administering attendance on Kagyu Samye Dzong Cardiff courses and supporting continued engagement with the work of the Kagyu Samye Dzong Cardiff . Individual emails to and from the @sfwales.org email addresses are hosted by our DPA compliant email provider Gmail, for the purposes of administering attendance on Kagyu Samye Dzong Cardiff courses and supporting continued engagement with the work of Kagyu Samye Dzong Cardiff, and will be reviewed and if no longer needed for these purposes will be deleted after a period of 3 years.
Personal data will be shared only with Kagyu Samye Dzong Cardiff designated volunteers and self-employed Kagyu Samye Dzong Cardiff tutors (also subject to the DPA) delivering the courses participated in and only to the extent necessary for administering the attendance of individuals on Kagyu Samye Dzong Cardiff courses and supporting engagement with the work of Kagyu Samye Dzong Cardiff.
Personal data will not be shared with third parties.
Collection of data
When an individual’s data is initially collected, e.g. via an online booking, printed booking form or by being inputted manually into our records, the individual will be made aware of the use which will be made of their information, by using the ‘Privacy Notice’ below and of this data protection policy.
The data you provide to Kagyu Samye Dzong Cardiff (KSD) will be stored securely and will be used for the purposes of administering your attendance on KSD courses and supporting your continued engagement with the work of KSD in accordance with our data protection policy, which can be downloaded from KSD’s website and is in accordance with the UK Data Protection Act. To support your engagement with us we will contact you from time to time via email with guidance to support your ongoing Meditation and Mindfulness practice, including details of upcoming courses, which may be of interest to you. You can opt out of receiving emails from KSD, at any time, by clicking the ‘Unsubscribe’ link at the bottom of our emails or by contacting email@example.com or again, by emailing firstname.lastname@example.org if you need assistance.
Deletion of data
At any time you can request that your records on be deleted by contacting email@example.com
Records we keep will be deleted, where an individual has opted out of email communication and has not done any prerequisite courses with KSD.
Paper or electronic copies of documents held by KSD and which contain personal information will be destroyed or deleted when a course ends.
Emails to and from KSD course participants or other individuals making enquiries to KSD will be reviewed after a period of 3 years and if no longer necessary for the purposes will be deleted.
Paper records will be destroyed by shredding on-site or burning.
Right to a copy of information held
On request an individual will be provided with a copy of the information comprising their personal data and held by KSD, within 40 days of the request. All such requests should be sent via email to firstname.lastname@example.org
Personal data is hosted by the following data processors, who are compliant with the new Data Protection Act:
- Email Mailing List provider ‘Mailchimp’; (accessible by staff and volunteers)
- Email communications provider ‘Google – Gmail’; (accessible by staff and volunteers)
- Document storage providers ‘DropBox’ & ‘Google Drive’; (accessible by staff and volunteers)
- Bank account provider ‘The Royal Bank of Scotland’ (accessible by Lorraine Harris & Ann Davies)
For the purposes of the above, staff and volunteers will include authorised IT contractors performing maintenance, upgrades or repairs.
The data security arrangements of these providers have been reviewed to ensure that they meet the requirements of the Data Protection Act.
The KSD Directors and authorised IT support contractors will review information security on an annual basis and review this with all KSD employees and Volunteers on or around 25 May each year.
No personal data will be passed to an individual who is not the individual concerned. Personal data passed on to the individual concerned will be sent only to the contact email address provided by them.
On receiving or making a phone call KSD employees and volunteers will establish the identity of the caller before disclosing or amending any of their personal data, asking for their postcode and details of the most recent course they attended.
Most KSD employees, volunteers and authorised IT support contractors work from our premises and some will work from home. Whether in our office or at home, all employees, volunteers and IT contractors will ensure that all computers used for processing personal data are password protected, that the password is changed every six months and that home computers are securely stored when not in use. Computers will be screen locked or logged out of when employees are away from their desks. Desks will be cleared at the end of each day and any personal information or other sensitive information securely stored in a locked cabinet. Computer screens should be positioned facing away from windows.
The passwords to the membership site are stored on our WordPress/WooCommerce site and are encrypted and so cannot be seen by those authorised to access WordPress/WooCommerce. In the event of a password issue, the Administrator would reset the password and the user can choose a new one for themselves. Passwords will not be confirmed by email or over the phone, except in the instance we are issuing a new temporary password, which should be immediately changed. When changing their passwords individuals should be aware that while their password is encrypted it is still advisable that they use a unique password, not used for another purpose.
Care will be taken to prevent virus attacks by ensuring computers have virus protection software and undergo regular software updates and care should be taken when opening email attachments and when visiting new websites.
Contacting Our Mailing Lists
We will continue to send you emails via Mailchimp (our mailing list provider) regarding upcoming courses, events, public talks, changes at the centre, special offers and news about meditation, mindfulness and wellbeing. This will include emails from our wellbeing practitioners that use the centre when they have a course, event or special offer that they wish to notify you of.
Our emailing list has several sections that you can opt-in or out of at any time via contacting email@example.com which will allow us to limit the type of email you receive. For instance, you may currently select Courses & Events or Thought for the Day emails and opt in or out of receiving them as you please. If we add further sections in the future, we will notify the mailing list that they are available, but will not add you to them automatically – you will need to opt in in that event.
Our aim is to provide information about courses, events and talks that will help you supporting your continued engagement with Kagyu Samye Dzong Cardiff. The emails are intended to be engaging and supportive for your ongoing Mindfulness practice.
All emails sent via our Mailchimp mailing list, contain an unsubscribe button at the bottom that changes your email status on Mailchimp so that you will no longer receive emails from us. You can unsubscribe at any time via the unsubscribe link.