Donate
OUR DIGITAL DHARMA HUB
My Account
My Account
Donate

Tara Mandala Privacy Policy

Tara Mandala, Inc. Privacy Policy

Effective Date: May 28, 2026

Tara Mandala, Inc. (“Tara Mandala,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit www.taramandala.org, the Dakini Store, or any other website, mobile experience, portal, or online service where this Privacy Policy is posted; register for or attend retreats, teachings, programs, family or youth offerings, online programs, community events, or other activities; make a donation or become a member; submit prayer requests, dedications, testimonials, or other content; apply for financial aid, employment, or volunteer opportunities; purchase products or services; or otherwise interact with us (collectively, the “Services”).

This Privacy Policy is intended to apply to individuals worldwide. Additional notices for consumer health data, U.S. state privacy laws, California residents, and individuals in the European Economic Area, the United Kingdom, and Switzerland appear below. Some privacy laws apply only if legal thresholds are met or if particular exemptions do not apply. Where a law does not require us to provide a right, we may still choose to honor a request in our discretion.

This Privacy Policy is not a contract and does not create rights beyond those provided by applicable law. Unless we expressly state otherwise, Tara Mandala is not a health care provider and this Privacy Policy is not a HIPAA notice of privacy practices.

1. Personal Information We Collect

“Personal information” means information that identifies, relates to, describes, can reasonably be associated with, or could reasonably be linked to an individual or household. It does not include information that is deidentified, aggregated, or otherwise excluded from the definition of personal information under applicable law.

1.1 Information You Provide to Us

We collect personal information that you choose to provide, which may include:

  • Contact information, such as name, email address, mailing address, telephone number, country, and communication preferences.
  • Account and profile information, such as username, password, profile details, program history, preferences, and account settings.
  • Program and retreat registration information, such as program selections, attendance records, date of birth or age, gender or pronouns if provided, occupation, sangha or community affiliation if provided, lodging or travel details, emergency contacts, dietary preferences or restrictions, allergies, accessibility or accommodation requests, health or safety information you voluntarily provide, consent forms, waivers, and other information needed to administer programs and retreats.
  • Family, youth, and minor participant information, such as a child’s name, age, guardian contact information, emergency contacts, authorized pickup information, dietary or accessibility needs, and other information reasonably necessary to administer family or youth programming.
  • Donation, membership, and fundraising information, such as donation amount, donation frequency, membership status, event attendance, pledge information, employer matching information, billing details, tribute or memorial dedications, and communications about giving.
  • Store and transaction information, such as products or services purchased, billing and shipping address, payment status, order history, returns, customer service communications, and related transaction details.
  • Payment information, such as billing address, payment method, transaction identifiers, and limited payment details. Full payment card numbers are processed by our payment processors and are not intended to be stored on our servers.
  • Financial aid information, such as income range, employment status, household or financial circumstances, reasons for applying, and supporting information you choose to provide.
  • Prayer requests, dedications, sponsorship requests, and spiritual support requests, including names and other information you submit about yourself or others. Please do not submit sensitive information about another person unless you have permission or another lawful basis to do so.
  • Community and user-generated content, such as posts, comments, messages, survey responses, testimonials, files, photographs, video, audio, chat content, or other materials you submit through the Services or authorize us to use.
  • Employment and volunteer application information, such as resume, cover letter, work and education history, qualifications, references, interview notes, background-check information where permitted and with consent where required, and other information you provide in connection with an application.
  • Communications and support information, such as inquiries, feedback, requests, complaints, and records of our responses.

1.2 Information Collected Automatically

When you use the Services, our service providers and we may collect information automatically, including:

  • Device and network information, such as IP address, device identifiers, browser type, operating system, language settings, referring and exit pages, internet service provider, and mobile carrier.
  • Usage information, such as pages viewed, links clicked, search terms, downloads, interactions with emails or forms, dates and times of visits, and other information about your use of the Services.
  • Approximate location information, such as general location inferred from IP address.
  • Precise location information, only if you enable it through your device, browser, or application settings.
  • Cookie and tracking information, as described in Section 6.

1.3 Information We Receive From Other Sources

We may receive personal information from other sources, including payment processors, donation platforms, registration and learning platforms, e-commerce providers, shipping and fulfillment providers, analytics providers, advertising and social media platforms, references, partner organizations, publicly available sources, and other individuals who provide information about you, such as when they identify you as an emergency contact, family member, authorized pickup person, reference, prayer request subject, or program participant.

1.4 Sensitive Personal Information

Some personal information may be considered sensitive personal information, special category data, or consumer health data under applicable law. Depending on your interactions with us, this may include:

  • Information that may reveal religious or philosophical beliefs, including participation in Buddhist teachings, retreats, practices, memberships, community activities, or related offerings.
  • Health-related information you choose to provide, such as dietary restrictions, allergies, accessibility needs, accommodation requests, mobility information, emergency or safety information, or other information relevant to program participation and safety.
  • Precise geolocation information, if you choose to enable it.
  • Account login credentials.
  • Payment card or financial account information processed in connection with transactions.
  • Government-issued identification or tax information, if required for employment, contractor, financial, or legal purposes.
  • Demographic information that may be protected by law, such as age, gender, or disability status, if you provide it or if we need it to administer a program or comply with law.

We use sensitive personal information only for the purposes described in this Privacy Policy, for purposes you authorize, or as otherwise permitted by law. We do not use sensitive personal information to infer characteristics for unrelated purposes, and we do not use consumer health data for targeted advertising.

2. How We Use Personal Information

We use personal information for the following purposes:

  • To provide and administer the Services, including operating websites and accounts, processing registrations, administering retreats and programs, providing online teachings, fulfilling store orders, processing donations, managing memberships, and responding to requests.
  • To support program safety, accessibility, and accommodations, including administering dietary requests, allergies, lodging needs, accessibility needs, emergency contacts, incident response, and onsite safety.
  • To communicate with you, including sending confirmations, receipts, service messages, program updates, administrative notices, policy updates, and responses to inquiries.
  • To provide community, prayer, dedication, and spiritual support offerings, including fulfilling requests you submit and sharing information with teachers, authorized staff, volunteers, or practice communities when reasonably necessary or when you direct us to do so.
  • To process payments, donations, refunds, store orders, financial aid, scholarships, and related accounting and recordkeeping.
  • To send newsletters, program announcements, fundraising communications, store communications, event notices, and other marketing communications, subject to your choices and applicable consent requirements.
  • To personalize and improve the Services, including understanding participation patterns, interests, and preferences; improving programs and website features; and evaluating the effectiveness of communications and offerings.
  • To perform analytics, measurement, and research, including producing aggregated or deidentified information that does not identify you.
  • To evaluate financial aid, employment, volunteer, contractor, or service-provider applications.
  • To maintain security and prevent fraud, abuse, unauthorized access, and other unlawful or harmful activity.
  • To comply with legal, tax, accounting, audit, reporting, and recordkeeping obligations.
  • To protect rights, safety, and property, including enforcing terms, responding to legal requests, and establishing, exercising, or defending legal claims.
  • To complete or evaluate organizational transactions, restructuring, asset transfers, mergers, dissolutions, or similar events.
  • For other purposes with your consent or as disclosed when you provide the information.

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing. Transaction security, fraud-prevention, analytics, and similar tools may support our operations, but we do not use them to make solely automated decisions about program eligibility, financial aid, employment, or access to essential Services.

3. How We Disclose Personal Information

We disclose personal information as described below:

  • Service providers, processors, and contractors. We disclose personal information to vendors that perform services for us, such as website hosting, cloud storage, registration platforms, learning platforms, customer relationship management, email delivery, payment processing, donation processing, e-commerce, shipping, analytics, security, fraud prevention, information technology, accounting, and professional services. These parties are expected to use personal information only to provide services to us or as otherwise permitted by law.
  • Teachers, program staff, volunteers, and retreat personnel. We may disclose information to authorized teachers, instructors, program staff, volunteer coordinators, retreat managers, kitchen or lodging personnel, accessibility coordinators, and similar personnel when reasonably necessary to administer programs, retreats, accommodations, safety, community offerings, or spiritual support requests.
  • Payment, donation, store, shipping, and fulfillment partners. We disclose information as needed to process payments and donations, fulfill store orders, provide shipping and returns, and administer related customer service.
  • Partner organizations and co-sponsors. If a program, event, retreat, or offering is organized with another organization, teacher, venue, or sponsor, we may disclose information as reasonably necessary to administer that offering. We will provide additional notice where appropriate.
  • Emergency, medical, safety, or security personnel. We may disclose information when reasonably necessary to protect health, safety, or security, including in connection with emergency contacts, onsite incidents, medical response, or crisis response.
  • Public or community areas. If you post, submit, or authorize content for public or community areas, that content may be visible to others according to the setting or context in which it is submitted.
  • Professional advisors. We disclose information to lawyers, accountants, auditors, insurers, banks, and other professional advisors where reasonably necessary.
  • Legal, compliance, and safety recipients. We may disclose information to courts, government authorities, law enforcement, regulators, or other parties when we believe disclosure is required or appropriate to comply with law, respond to legal process, protect rights and safety, prevent fraud, or investigate misconduct.
  • Organizational transactions. We may disclose information in connection with a contemplated or completed merger, consolidation, reorganization, financing, asset transfer, dissolution, bankruptcy, or similar transaction.
  • With your direction or consent. We disclose information when you direct us to do so or when you consent.

4. Sources of Personal Information

We collect personal information from the following categories of sources:

  • Directly from you or your parent, guardian, authorized representative, or organization.
  • Automatically from your device, browser, and use of the Services.
  • From service providers and partners that support payments, donations, registration, store operations, analytics, advertising, communications, shipping, and security.
  • From public sources and social media platforms, if you interact with us through those platforms or make information public.
  • From other individuals, such as references, emergency contacts, family members, authorized pickup persons, co-participants, or people who submit prayer requests, dedications, or related information.

5. Retention of Personal Information

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods vary based on the nature of the information, the purpose for which it was collected, legal and accounting requirements, risk management, dispute resolution, security, and whether the information is needed for ongoing relationships or programs.

Our general retention practices are:

  • Account and profile information: for the life of the account, plus a reasonable period after closure or inactivity.
  • Program registration and attendance records: generally up to seven years after the program, unless a shorter or longer period is appropriate for program continuity, safety, legal, accounting, or dispute-resolution purposes.
  • Dietary, accessibility, accommodation, and health or safety information: only as long as reasonably necessary for the program, safety, accommodation, legal, or recordkeeping purpose for which it was collected, unless you ask us to retain it for future programs or a longer period is required or permitted by law.
  • Donations, memberships, store transactions, and payment records: generally up to seven years for tax, accounting, audit, and reporting purposes.
  • Financial aid records: generally up to three years after the relevant funding cycle, unless needed longer for audit, dispute, or compliance purposes.
  • Marketing records: until you unsubscribe, withdraw consent where applicable, or become inactive for a reasonable period.
  • Prayer requests, dedications, and spiritual support requests: as long as reasonably necessary to fulfill the request and maintain appropriate records, unless you request earlier deletion and deletion is legally and operationally feasible.
  • Community content: for as long as the relevant community feature, program, account, or record remains active, unless removed earlier or retained for legal, safety, or archival reasons.
  • Employment and volunteer applicant records: generally up to two years for applicants who are not selected, unless a longer period is required or permitted by law.
  • Employee, contractor, and volunteer administration records: as required for legal, tax, accounting, safety, insurance, and organizational purposes.
  • Website analytics and cookie information: as described in our Cookie Policy and cookie settings, or otherwise as configured by the relevant tool.
  • Security, fraud, incident, and legal records: as long as reasonably necessary to protect rights and safety, investigate incidents, prevent fraud, comply with law, or establish, exercise, or defend legal claims.
  • Backup archives: stored securely and isolated from active processing, then deleted or overwritten on a reasonable rolling schedule.

When personal information is no longer needed, we will delete, deidentify, aggregate, or otherwise handle it in accordance with applicable law and our recordkeeping practices.

6. Cookies, Tracking Technologies, and Opt-Out Signals

Our service providers and we use cookies, pixels, tags, software development kits, local storage, and similar technologies to operate the Services, remember preferences, enable transactions, secure the Services, analyze usage, measure communications, and, where enabled, support advertising, social media, and marketing activities.

Our cookies and similar technologies may include:

  • Strictly necessary cookies, which are needed for site functionality, security, account access, checkout, donation processing, and similar functions.
  • Preference cookies, which remember choices such as language, region, and display settings.
  • Analytics and performance cookies, which help us understand how visitors use the Services and improve them.
  • Advertising, social media, and measurement cookies, which may help us measure campaigns, understand engagement, or deliver or evaluate advertising and social media content.

Additional information is provided in our Cookie Policy at www.taramandala.org/about/cookies-policy/ and in any cookie settings or consent tool made available on the Services. Where required by law, we will obtain consent before using non-essential cookies or similar technologies. You can also control cookies through your browser settings, device settings, and our cookie tools where available.

6.1 Global Privacy Control and Other Opt-Out Preference Signals

Where required by applicable law, we honor Global Privacy Control (GPC) and other recognized universal opt-out preference signals as requests to opt out of the sale of personal information, sharing of personal information for cross-context behavioral advertising, and processing of personal information for targeted advertising. If we detect a recognized signal, we will apply it to the browser or device sending the signal and, where technically feasible and where you are logged in, to the associated account.

6.2 Do Not Track

Some browsers transmit “Do Not Track” signals. Because there is no uniform industry standard for responding to these signals, we do not currently respond to Do Not Track signals. We do respond to GPC and other legally recognized opt-out preference signals as described above.

7. Sale, Sharing, and Targeted Advertising

We do not sell personal information for money.

Depending on the technologies enabled on the Services and your privacy choices, we may disclose identifiers, internet or network activity information, approximate location information, commercial information, and inferences to analytics, advertising, social media, or measurement partners in ways that may be considered a “sale,” “sharing,” or “targeted advertising” under some U.S. state privacy laws. You may opt out of these activities through any cookie settings or “Your Privacy Choices” link made available on the Services, by enabling GPC or another legally recognized opt-out preference signal, or by contacting us as described in Section 18.

We do not knowingly sell or share for cross-context behavioral advertising the personal information of individuals we know are under 16 years old. We do not sell consumer health data, and we do not use consumer health data for targeted advertising.

8. Your Choices

You have the following choices regarding your personal information:

  • Marketing communications. You may unsubscribe from marketing emails using the unsubscribe link in the email or by contacting us. Even if you opt out of marketing, we may still send service, transactional, safety, legal, or administrative messages.
  • Donations and recurring giving. You may contact us or use available account tools to update recurring donation preferences, subject to processing deadlines and legal or accounting requirements.
  • Cookies and tracking. You may use cookie settings, browser settings, device settings, GPC or other recognized opt-out preference signals, and any “Your Privacy Choices” link made available on the Services.
  • Account information. You may update certain account information by logging into your account or contacting us.
  • Community content. You may be able to edit or delete certain content depending on the feature. We may retain copies where necessary for legal, safety, archival, backup, or program administration purposes.
  • Sensitive information. Where we rely on consent to process sensitive personal information, you may withdraw consent at any time, subject to legal limits and the effect that withdrawal may have on our ability to provide the relevant Service.

9. Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These safeguards may include access controls, role-based permissions, encryption in transit, secure payment processing through third-party providers, vendor review, staff training, and other security measures appropriate to the nature of the information and the Services.

No system is completely secure. We cannot guarantee that personal information will be completely protected against every unauthorized access, loss, misuse, or disclosure. You are responsible for maintaining the confidentiality of your account credentials and for using secure devices and networks.

10. Children and Minors

Our general website and online Services are not directed to children under 13. However, some Tara Mandala programs, retreats, family camps, youth activities, or community offerings may involve children or minors.

For family, youth, or minor participant programming, we collect personal information about children and minors from a parent or guardian, with parental or guardian involvement, or as otherwise permitted by law. We use that information for registration, participation, safety, emergency contact, authorized pickup, lodging, dietary, accessibility, accommodation, payment, program administration, and legal purposes.

We do not knowingly allow children under 13 to create public accounts or submit personal information online without verifiable parental consent where COPPA applies. If you believe a child has provided personal information to us without required consent, please contact us using the information in Section 19, and we will take appropriate steps to delete or otherwise handle the information as required by law.

11. Consumer Health Data Privacy Notice

This section supplements the rest of this Privacy Policy and applies to consumer health data to the extent laws such as Washington’s My Health My Data Act, Nevada’s consumer health data law, or similar laws apply to us or to the information at issue. Where a separate consumer health data privacy notice is required, this section is intended to be read together with that separate notice, which should be posted through a distinct link where required by law.

For purposes of this section, “consumer health data” means personal information that is linked or reasonably linkable to an individual and that identifies or can reasonably be used to infer certain health-related information, as defined by applicable law. Tara Mandala is not a health care provider, but some information we collect for retreat, program, accessibility, accommodation, safety, or spiritual support purposes may be treated as consumer health data under certain laws.

11.1 Consumer Health Data We May Collect

Depending on your interactions with us, consumer health data may include:

  • Dietary restrictions, allergies, food sensitivities, or meal-related health needs.
  • Accessibility, disability, mobility, accommodation, or support needs.
  • Health, safety, emergency, or incident information you provide or that is generated during a program or retreat.
  • Information about physical or mental health needs that you voluntarily include in registration forms, financial aid requests, prayer requests, accommodation requests, correspondence, or community communications.
  • Other information that applicable law defines as consumer health data.

Please provide only the health-related information that is necessary for the relevant request, program, retreat, accommodation, safety need, or other interaction.

11.2 Purposes for Collecting and Using Consumer Health Data

We collect and use consumer health data only as reasonably necessary for the following purposes:

  • To administer programs, retreats, lodging, meals, accessibility, accommodations, and participation.
  • To support health, safety, emergency response, incident management, and risk management.
  • To respond to your requests, communications, prayer requests, or support needs.
  • To comply with the law, maintain records, respond to legal requests, and protect rights and safety.
  • For other purposes with your consent or as permitted by applicable law.

11.3 Sources of Consumer Health Data

We collect consumer health data directly from you, from a parent or guardian, from an authorized representative, from emergency contacts or other individuals you identify, from program or retreat personnel involved in safety or accommodations, and from service providers that help us administer programs, forms, safety, or communications.

11.4 Disclosure of Consumer Health Data

We may disclose consumer health data to:

  • Service providers and processors that support registration, forms, hosting, communications, safety, accessibility, lodging, meals, or program administration.
  • Authorized teachers, program staff, volunteers, retreat personnel, kitchen staff, lodging personnel, accessibility coordinators, or safety personnel when reasonably necessary for the relevant purpose.
  • Emergency responders, medical personnel, emergency contacts, or safety personnel when reasonably necessary to protect health or safety.
  • Legal, compliance, insurance, accounting, and professional advisors when reasonably necessary.
  • Government authorities, courts, or other parties when required or permitted by law.
  • Other parties with your direction or consent.

We do not sell consumer health data, and we do not share consumer health data for targeted advertising.

11.5 Consumer Health Data Rights

Where applicable, you may have the right to confirm whether we collect, share, or sell consumer health data; access consumer health data; receive a list of certain third parties or affiliates with whom we have shared consumer health data; withdraw consent where processing is based on consent; request deletion of consumer health data; and appeal a denied request. You may exercise these rights using the process in Section 18.

12. U.S. State Privacy Rights

Residents of certain U.S. states may have privacy rights under state comprehensive privacy laws, subject to each law’s scope, thresholds, exemptions, and exceptions. These rights may include:

  • Right to know, confirm, or access. You may request confirmation that we process your personal information and access to personal information we hold about you.
  • Right to data portability. You may request a portable copy of certain personal information.
  • Right to correct. You may request correction of inaccurate personal information.
  • Right to delete. You may request deletion of personal information, subject to exceptions.
  • Right to opt out of sale, sharing, or targeted advertising. You may opt out of activities that qualify as a sale of personal information, sharing for cross-context behavioral advertising, or targeted advertising under applicable law.
  • Right to opt out of certain profiling. You may opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. We do not currently engage in such profiling.
  • Right to limit or withdraw consent for sensitive personal information. You may have the right to limit certain uses or disclosures of sensitive personal information, or to withdraw consent where consent is required.
  • Right to appeal. If we deny a rights request, you may appeal the decision.
  • Right to non-discrimination. We will not unlawfully discriminate against you for exercising privacy rights.

12.1 How to Exercise U.S. State Rights

You may exercise rights by contacting us using the information in Section 18. You may opt out of sale, sharing, or targeted advertising by using any cookie settings or “Your Privacy Choices” link made available on the Services, by enabling GPC or another recognized opt-out preference signal, or by contacting us.

We will verify your request by matching information you provide with information we maintain, and we may request additional information when reasonably necessary. We will respond within the time required by applicable law. If we deny your request, we will explain the reason where required and provide appeal instructions where applicable.

12.2 Authorized Agents

Where permitted by law, you may designate an authorized agent to submit a request on your behalf. We may require proof of the agent’s authority and may require you to verify your identity directly with us, unless an exception applies.

12.3 No Financial Incentives

We do not offer financial incentives or price or service differences in exchange for personal information as those terms are defined under California law.

13. California Notice at Collection and Privacy Notice

This section supplements the rest of this Privacy Policy for California residents to the extent the California Consumer Privacy Act, as amended, applies to us or to the personal information at issue.

13.1 Categories of Personal Information Collected

In the 12 months before the Last Updated date of this Privacy Policy, we may have collected the following categories of personal information:

  • Identifiers, such as name, postal address, email address, phone number, account name, IP address, online identifiers, and similar information.
  • Customer records information, such as contact details, billing details, payment information, transaction history, and account information.
  • Protected classification characteristics, such as age, gender, disability-related information, or other information you choose to provide or that is needed for a program or legal purpose.
  • Commercial information, such as donations, memberships, program registrations, store purchases, order history, and attendance records.
  • Internet or other electronic network activity information, such as browsing activity on our Sites, interactions with our emails, pages viewed, links clicked, and similar information.
  • Geolocation data, such as approximate location inferred from IP address and precise location only if you enable it.
  • Audio, electronic, visual, or similar information, such as photographs, video, audio recordings, testimonials, webinar recordings, or customer service communications.
  • Professional or employment-related information, such as job applications, volunteer applications, work history, references, and qualifications.
  • Education information, such as education history included in employment, volunteer, teacher, or program applications.
  • Inferences, such as preferences, interests, program interests, communication preferences, or similar information inferred from interactions with us.
  • Sensitive personal information, such as account credentials, payment information, information that may reveal religious or philosophical beliefs, health-related information you provide for dietary, accessibility, accommodation, safety, or program purposes, precise geolocation if enabled, and government identification or tax information where required.

We collect these categories from the sources described in Section 4, use them for the purposes described in Section 2, disclose them as described in Section 3, and retain them as described in Section 5.

13.2 Categories Disclosed for Business Purposes

In the 12 months before the Last Updated date, we may have disclosed each category of personal information listed above to the categories of recipients described in Section 3 for business or operational purposes.

13.3 Sale or Sharing

We do not sell personal information for money. Depending on the technologies enabled on the Services and your choices, we may disclose identifiers, internet or network activity information, approximate location information, commercial information, and inferences to analytics, advertising, social media, or measurement partners in a manner that may be considered a sale or sharing under California law. You may opt out as described in Sections 6, 7, 12, and 18.

We do not knowingly sell or share the personal information of individuals we know are under 16 years old.

13.4 Sensitive Personal Information

We use sensitive personal information only for purposes permitted by California law, including to provide requested Services, process transactions, ensure security and integrity, prevent fraud, maintain safety, comply with law, and with your consent. California residents may request that we limit use and disclosure of sensitive personal information to legally permitted purposes by contacting us as described in Section 18.

13.5 California Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about disclosures of certain personal information to third parties for their own direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes without your consent.

14. Notice to Individuals in the EEA, UK, and Switzerland

This section applies to individuals in the European Economic Area, the United Kingdom, and Switzerland to the extent applicable data protection laws apply to our processing of their personal information.

14.1 Controller and Contact Point

Tara Mandala, Inc., a Colorado nonprofit corporation, is the controller of personal information described in this Privacy Policy. Our contact details are in Section 19.

Tara Mandala does not currently maintain a designated representative in the European Union pursuant to Article 27 of the GDPR or in the United Kingdom pursuant to Article 27 of the UK GDPR. Individuals in the European Economic Area, the United Kingdom, and Switzerland may exercise the rights described in this Section, submit inquiries, and contact us directly regarding the processing of their personal information using the contact details provided in Section 19. We will respond to inquiries and rights requests in accordance with applicable law.

Any communication from a data protection authority or supervisory authority should be directed to Tara Mandala’s Privacy Office using the contact details in Section 19. We will handle supervisory authority communications in accordance with applicable law and the deadline stated by the authority.

14.2 Legal Bases for Processing

We rely on the following legal bases, depending on the context:

  • Contract. We process personal information as necessary to provide Services you request, such as registering you for programs, processing purchases, administering accounts, fulfilling donations or memberships, and responding to service requests.
  • Consent. We rely on consent where required, such as for certain marketing communications, non-essential cookies, precise location, certain sensitive information, certain media uses, or other processing for which consent is the appropriate legal basis. You may withdraw consent at any time.
  • Legitimate interests. We process personal information where necessary for legitimate interests, such as operating and improving the Services, securing our systems, communicating with you, administering programs, maintaining records, preventing fraud, and protecting rights and safety, unless those interests are overridden by your rights and interests.
  • Legal obligation. We process personal information where necessary to comply with legal, tax, accounting, employment, reporting, or regulatory obligations.
  • Vital interests. We may process personal information where necessary to protect someone’s vital interests, such as in an emergency.
  • Legal claims. We may process personal information where necessary to establish, exercise, or defend legal claims.

For special category data, such as information that may reveal religious or philosophical beliefs or health-related information, we rely on explicit consent where required; processing carried out in the course of legitimate activities of a not-for-profit body with a religious or philosophical aim and appropriate safeguards where applicable; vital interests; legal claims; or another lawful basis permitted by applicable law. Where we rely on the not-for-profit religious or philosophical organization basis, we do so only where the conditions for that basis are met, including appropriate safeguards and limits on disclosure outside the organization without consent where required.

14.3 EEA, UK, and Swiss Privacy Rights

Subject to applicable law, you may have the right to:

  • Access your personal information and receive information about how it is processed.
  • Correct inaccurate or incomplete personal information.
  • Request deletion of personal information.
  • Restrict certain processing of personal information.
  • Receive certain personal information in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Object to processing based on legitimate interests, including profiling based on legitimate interests.
  • Object to direct marketing at any time.
  • Withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
  • Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects. We do not currently engage in such processing.
  • Lodge a complaint with your local data protection authority. In the UK, you may contact the Information Commissioner’s Office. In the EEA, you may contact the supervisory authority in your country or region.

You may exercise these rights using the process in Section 18. Where the GDPR or UK GDPR applies, we will respond without undue delay and generally within one month of receiving your request. Where permitted because of the complexity or number of requests, we may extend that period by up to two further months and will notify you of the extension within the first month.

 

14.4 International Transfers

Tara Mandala is based in the United States. Personal information may be transferred to, stored in, or processed in the United States and other countries that may not provide the same level of data protection as your home jurisdiction.

Where required, we use appropriate safeguards for international transfers, such as adequacy decisions, Standard Contractual Clauses, the UK International Data Transfer Addendum or equivalent safeguards, and transfer assessments and supplementary measures where appropriate.

15. Third-Party Sites, Platforms, and Services

The Services may link to or integrate with third-party websites, platforms, social media pages, payment processors, donation platforms, e-commerce providers, video platforms, maps, or other services. Those third parties may collect and process personal information under their own privacy policies. We are not responsible for the privacy practices of third parties.

16. Deidentified and Aggregated Information

We may create or use deidentified, anonymized, or aggregated information that cannot reasonably be used to identify you. We may use and disclose such information for lawful purposes, including analytics, research, reporting, program improvement, and organizational planning. We will not attempt to reidentify deidentified information except as permitted by law.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The Last Updated date above shows when this Privacy Policy was last revised. If we make material changes, we will provide notice through the Services, by email, or by another method appropriate to the change. Where required by law, we will obtain consent before applying material changes to processing activities that require consent.

18. How to Exercise Privacy Rights

To exercise privacy rights or submit a privacy request, contact us by:

  • Email: pr*****@*********la.org
  • Web form: www.taramandala.org/about/contact-tara-mandala/
  • Mail: Tara Mandala, Inc., Attn: Privacy Office, PO Box 3040, Pagosa Springs, CO 81147, USA

Please describe your request and provide enough information for us to verify and respond to it. We may ask for additional information if needed to verify your identity, understand your request, or protect against fraudulent requests.

For U.S. state privacy requests, we will respond within the period required by applicable law, generally 45 days where those laws apply, unless an extension is permitted and needed. For GDPR or UK GDPR rights requests, where those laws apply, we will respond without undue delay and generally within one month, with a possible extension of up to two further months for complex or multiple requests as permitted by law. Communications from a data protection authority, supervisory authority, court, or government body should be directed to the Privacy Office and will be handled according to the deadline stated by that authority or as otherwise required by law.

If your request is denied and applicable law provides an appeal right, you may appeal by replying to our decision email or by submitting a new request with the subject line “Privacy Appeal.” We will respond to appeals within the time required by applicable law.

19. Contact Us

End of Privacy Policy