Privacy Policy of the Society cetovimutti sangha e.V. according to GDPR

General information on the data protection declaration

PDF version

We are pleased about your interest in the society cetovimutti sangha e.V.
We (the society cetovimutti sangha e.V.) are not a commercial, profit-orientated company. Data protection and serious handling of information is particularly important for us as a Buddhist society.

This data protection declaration is intended to make clear the nature, scope and purpose of how cetovimutti sangha e.V. deals with the data and information you transmit to us and how your data is protected. Furthermore this data protection informs data subjects of their rights.

The rules regarding the handling of personal data were laid down in the General Data Protection Regulation of the EU (GDPR) 2016/2017 and in the Federal Data Protection Act (BDSG).

All questions regarding our data protection declaration in the society and the handling of data should be sent by e-mail to


Who are we?

The cetovimutti sangha e.V supports Christina Garbe in her Dhamma work. The aim of the society is to enable interested people to hear the dhamma, to practice the teachings and to walk this path together. You can find more information about the goals of the society ´here‘.


Person in Charge

Responsible for the collection, processing and use of your personal data as defined by Art. 4 Nr. 7 GDPR is the society cetovimutti sangha e.V., Hemmerleinstr. 2, 96050 Bamberg, legally represented by the Management Board, Edith Obrusnik and Ulrike Dörfler,
e-mail: See also: 'Impressum'.

The cetovimutti-theravā website of Christina Garbe supports the society in its work with the menu item 'Society'.

The Society cetovimutti sangha e.V is responsible for the content of the menu item 'Society' of the website. The content of the menu item 'Society' is designed by Edith Obrusnik and Ulrike Dörfler; they are responsible for what is published.

The cetovimutti-theravā website is responsible for the data protection of the website. Information about the data protection of the website (Data protection declaration according to the General Data Protection Regulation - GDPR) can be found here.


Basic information about the handling of your data

The society cetovimutti sangha e.V. adheres to the principles of Article 5 (1) GDPR when processing your personal data, e.g.:
  • We process your data exclusively for the purpose for which it was collected,
  • We do not store nor collect unnecessary data,
  •  We try to keep your personal data up to date,
  •  The data will be deleted after the purpose has ceased to exist, We protect your data from loss, misuse, unauthorized access or disclosure; we assure that we employ appropriate means to protect your data.


Ho do we get data from you?

The collection and processing of personal data of society members or of participants in events and of donors is carried out exclusively for the fulfilment of the purposes and tasks of the society as well as for the information of interested parties. The legal basis for this is Article 6 (1) (a), (b) and (f) of the GDPR.


Data collection via contact forms, via e-mail and via options on the website

We receive personal data from you,

  • If you contact us via the contact forms and/or on the website: your name and e-mail-address; in addition, we may receive additional personal information from you when you attach a membership application and/or registration form to your e-mails (see below)
  • If you contact us with your own e-mail program: name and e-mail-address
  •  If you subscribe to the Newsletter via the registration function on the website or make an inquirey via e-mail to name and e-mail-address


Direct collection of personal data by the society

The society collects personal data from its members, from participants in its events, from interested parties for the newsletter and from donors.

Application for membership in the Society cetovimutti sangha e.V.
The data is collected using a form – Application for Membership – to be completed and signed by the future member of the society. The application will be sent to the society by e-mail ( or by post.
The following data in the Application of Membership is marked as mandatory:

  • salutation
  • name und first name
  • Address: street, house number, postcode, city
  • country
  • e-mail-address

in addition the following voluntary data are collected:

  • phone number: landline and/or mobile
  • date of birth

The collected data will be entered into a member list.

Registration for an event of the society, such as retreats, seminars, lectures and other activities
The collection of data for retreats, seminars, etc. is carried out using a form – registration form – which must be completed and signed by the participants of an event. The registration form will be sent to the society by e-mail ( or per post. The mandatory and voluntary data collected correspond to that described above under „Membership Application“.
The personal data will be entered in participant lists for the respective events.

Subscription to the newsletter
In order to receive the irregular newsletter, interested parties can register for inclusion in the newsletter list.
The registration can take place:

  • via the `Newsletter-Anmeldung´ option on the website,
  • via e-mail to,
  • by ticking the appropriate option in the membership application
  • by entering your name in the newsletter list, which is available at events.

The following data is collected: name and first name, e-mail address.
The collected data will be entered in a newsletter list.

Donation to support the goals of the society, cash management
Our cash register administration records the surname, first name and bank account details of donors and of participants in events who transfer the event fee. If a donation receipt is issued, the address (street, house number, postcode, city) of the donor is also recorded.


Obligation to provide information during data collection

In the case of direct collection of personal data, the data subjects are informed of the permissibility of the data processing and of their rights as data subjects persuant to Art (1) and (2) GDPR:

  • In the application for membership, data protection notices are printed overleaf.
  • In the registration forms for participation in society events, the persons concerned are directly informed about their right of withdrawal and for detailed information on data protection referred to the data protection declaration of the society on the Website.
  • When the newsletter list is displayed, corresponding data prtoection information is made available.


Who has access to your data?

The data which you send us or which the society collects will only be viewed confidentially by the authorised persons, i.e. by the person or persons who are authorised to process your data.

The spiritual direction of the society (Mrs Christina Garbe), as well as the first and second chairmen (Mrs Edith Obrusnik and Mrs Ulrike Dörfler) will have full access to all data.

The treasurer of the society (Mrs Pia Schafft) has access to the surname, first name and account details of donors and of participants in events who transfer the event fee. When issuing donation receipts, the treasurer also has access to the address (street, house number, post code, city) of donors.

The organizers of retreats and seminars are members of the society. In justified exceptional cases and after consultation with the board and the spiritual leadership, this requirement may be waived. The organizers only have access to the data necessary for the organisation of the events in order to be able to work conscientiously.

All persons who have access to personal data in the society commit themselves in writing to the obligation of confidentiality, the preservation of confidentiality and the observance of data protection.

The 2nd chairperson shall keep a list of all processing activities. For this purpose, the activities of the other authorized persons are reported to her and she enters them into the list.


Automated individual decision

We do not work with a decision based on automatic processing.

Third parties, which take over services for us

The Internet partner – Whirlwind Internet; for details see Privacy Policy of the website (Privacy Policy according to the General Data Protection Regulation - GDPR; click here).


Sending the newsletter

We use the ‘AcyMailing’ Software (‘AcyMailing’) on the website to send the newsletter. ‘AcyMailing’ is not a third party service provider. This software is on the own protected data base of the website. More information can be found at Privacy Policy of website (Privacy Policy according to the General Data Protection Regulation - GDPR; click here.)


Where do we store your data?

All data that you submit to us through the contact forms and options on the website will be stored on the secure systems of our server, Whirlwind Internet, The Netherlands, (

The personal data collected by the society is stored in the EDP systems of authorized persons (spiritual director, 1st and 2nd chairmen, treasurer and event organizers). The authorized users can also save and document the data in paper form (i.e. handwritten forms, printed lists).


Security precautions to prevent data loss, misuse or alteration

Personal data is protected by technical and organizational measures to prevent data loss, misuse or alteration. On the EDP systems of the authorized users this is done i.e. by activating automatic updates in the operating system and browser, installing up-to-date virus protection, regular backups to external storage media, paper destruction with standard shredder. The website is protected by SSL encryption and a security program that protects against infections and prevents access to sensitive data. You can find more information under Privacy Policy of the website (Privacy Policy according to the General Data Protection Regulation - GDPR; click here.)


How long do we store your data?

Once the purpose for which the personal data was collected no longer applies, it is deleted. A longer storage and use takes place only if we are obligated by legal defaults. Personal data relating to the treasury administration are kept by the treasurer for 10 years in accordance with the provisions of tax law.


Links to other websites

If the menu item ‚Verein’ on the website links to other websites of other organizations, this privacy policy applies only to our menu item ‚Verein’ and not to third parties. If you are redirected via the menu item ‚Verein’, you should read the privacy policy of the other website you are visiting. We are not responsible for the data protection of other websites, even when you have accessed them via our menu item ‚Verein’.

In the event that you have accessed our menu item ‚Verein’ via another website, we are not repsonsible for the privacy policies of any other party’s website which may have accessed our menu item ‚Verein’ via that website. We recommend you read the data protection declaration given there.


Under 16

We strive to protect the privacy of children under the age of 16. We process enquiries of children under 16 only with the permission of their parents or legal guardian.


Your rights according to GDPR

1. Right of withdrawal (Art. 7 para. 2 GDPR)
The data subject has the right to revoke his/her consent to data processing at any time with effect for the future.

2. Right to information (Art. 15 GDPR)
The data subject has the right to obtain confirmation as to whether personal data relating to him or her are processed. Is this the case the person concerned has a right of access to this data and to further information such as the processing purposes, the recipients to whom the data is disclosed, the duration of its storage as well as about his/her rights.

3. Right to rectification (Art. 16 GDPR)
The data subject has the right to request the rectification of inaccurate data concerning him or her. With regard to the purpose of the processing, the data subject also has the right to request the completion of incomplete data. In this case please send an e-mail to

4. Right to cancellation (Art. 17 GDPR)
Data subject have the right (with certain exceptions) to request that their data be erased, for example if it is no longer necessary for the purpose for which it was originally collected or processed, or if their consent has been withdrawn.

5. Right to limit the processing (Art. 18 GDPR)
The data subject may, in certain cases, request that the processing be limited - for example when the controller no longer needs the data, but the data subject needs it for bringing, exercising or defending a legal claim, or when the data subject has lodged an objection to the processing and it has not yet been established whether the controller’s legitimate reasons prevail over those of the data subject.

6. Right to data transferability (Art. 20 GDPR).
The data subject shall have the right, under certain conditions, to obtain a copy of the personal data concerning him/her in a customary and machine-readable file format and shall have the right to communicate such data to another controller.

7. Right of objection (Art. 21 Abs. 1 GDPR)
The data subject shall have the right to object at any time, on grounds relating to his/her particular situation, to the processing of personal data concerning him/her carried out pursuant to Article 6 Absatz 1 (e) or (f). The controller may then process the data only if he can prove compelling legitimate reasons for the processing which outweigh the interests, rights and freedoms of the data subject.

8.Right to appeal to a supervisory authority (Art. 77 GDPR)
Every person concerned has the right to lodge a complaint with a supervisory authority. The responsible supervisory authority for our society is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 27, 91522 Ansbach. Complaints can be filed online at:

Before you file a complaint with the authorities:
Before contacting the responsible authorities, we kindly ask you to contact us via (management board; Mrs Edith Obrusnik , Mrs Ulrike Dörfler) so that we have a chance to correct our mistake.

How can you bring your information and data up to date (update)?

The accuracy of your information is important to us. If your e-mail address or any other information you have provided to us changes, please send us an e-mail at


Timeliness and amendment of this data protection declaration

This privacy policy is currently valid and as of January 2019.

Due to further development of our society or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The current data protection declaration can be called up and printed out at any time on the website at Policy. © 2020