Privacy Policy — Darshan Luxembourg 2026

1. Data Controller

The data controller for this website and the Darshan event registration is:

Bhakti Marga Luxembourg a.s.b.l.
1, rue de la Gare
L-5353 Oetrange
Luxembourg

Association Registration Number: F15701

Represented by the Board Members:

ORIL Shraddha Bhavi (President)
MOOSUN DYANGHEE Koushma Devi (Vice President)

Contact: info@darshan2026.lu
Website: https://darshan2026.lu

2. General Information

We take the protection of your personal data very seriously. Your personal data is processed exclusively in accordance with the General Data Protection Regulation (“GDPR”) and applicable Luxembourg data protection law.

This Privacy Policy explains which personal data we process in connection with the use of our website and the registration for the Darshan event.

3. Categories of Personal Data Processed

When using this website and registering for the event, we may process the following personal data:

First name and last name
Email address
Phone number (optional)
Country of residence
Number of accompanying children
Whether this is your first Darshan
Information regarding how you heard about the event
Ticket category
Consent preferences
Payment status
Communication data
IP address
Browser and device information
Technical log data
Voluntarily provided information in forms

Participation in a spiritual event may reveal religious or philosophical beliefs and may therefore constitute special categories of personal data under Art. 9 GDPR.

4. Purposes and Legal Bases of Processing

4.1 Event Registration (Art. 6(1)(b) GDPR — Contract)

We process your registration data in order to:

manage your registration,
organise the event,
communicate with participants,
issue tickets and QR codes,
grant access to the event.

This processing is necessary for the performance of a contract.

4.2 Payment Processing (Art. 6(1)(b) GDPR — Contract)

Payments are processed securely via Stripe.

We share your email address and transaction-related information with Stripe solely for payment processing purposes.

We do not store or have access to your full credit card or bank account details.

4.3 Confirmation Emails (Art. 6(1)(b) GDPR — Contract)

After successful registration and payment, we send transactional confirmation emails containing tickets and QR codes.

For this purpose, we use:

Resend, Inc.

Website: https://resend.com
Privacy Policy: https://resend.com/legal/privacy-policy
Data Processing Addendum (DPA): https://resend.com/legal/dpa
Security & GDPR Information: https://resend.com/security

International transfers are protected through Standard Contractual Clauses (SCCs) and additional safeguards where applicable.

This processing is necessary to provide the purchased service.

4.4 Photo, Video & Livestream Recordings (Art. 6(1)(a) and Art. 9(2)(a) GDPR — Consent)

With your explicit consent, photos, videos and audio recordings may be created during the event.

These recordings may be used by:

Bhakti Marga Luxembourg a.s.b.l.,
Bhakti Event GmbH,
and official Bhakti Marga channels

for:

event documentation,
livestreaming,
video-on-demand,
spiritual education,
promotional purposes,
publication on official websites and social media channels.

This may involve international transfers to third countries, including the USA (e.g., YouTube / Google LLC).

Consent is voluntary and may be withdrawn at any time with effect for the future. Withdrawal does not affect processing carried out prior to withdrawal.

4.5 Marketing & Newsletter (Art. 6(1)(a) GDPR — Consent)

With your consent, we may send newsletters and updates regarding Bhakti Marga events and activities.

Emails may contain tracking technologies (e.g., tracking pixels) to analyse engagement and improve communication.

You may unsubscribe at any time using the unsubscribe link included in every email.

4.6 Event Check-In (Art. 6(1)(b) GDPR — Contract)

Your registration data, including your QR code, may be used during the event to verify your registration and manage access control.

5. Events with Paramahamsa Vishwananda: Livestreams, Media Recordings and Publication of Event Content (Art. 26 GDPR)

5.1 Scope

During Bhakti Marga events, photo, video and audio recordings may be created within designated film zones.

These recordings serve the purposes of documenting spiritual events, spiritual education, and providing livestreams and video-on-demand content for the Bhakti Marga community.

The recordings may reveal information about religious or spiritual beliefs and may therefore constitute special categories of personal data within the meaning of the GDPR.

This section applies to all photo, video and audio recordings created in connection with Bhakti Marga events, including but not limited to:

Darshan events
Satsangs
Festivals
Pilgrimages
Spiritual seminars
Hybrid and online events

This applies irrespective of whether participation takes place physically or digitally.

5.2 Nature of the Data Processed

During events, photo, video and audio recordings may be created. Such recordings may include:

Images of participants
Voice recordings
Statements or testimonials
Participation in spiritual activities
Spiritual names (if voluntarily provided)
Event registration data (name, email, language preference)

Participation in a spiritual event may reveal religious or philosophical beliefs. Therefore, processing may involve special categories of personal data within the meaning of Art. 9 GDPR.

Above all, Paramahamsa Sri Swami Vishwananda, the musicians and the ceremonial area surrounding Him are filmed as part of the spiritual documentation of the event.

5.3 Joint Controllership for Bhakti Marga Activities (Art. 26 GDPR)

In the context of organising and delivering Bhakti Marga activities (including events, courses, community activities and related communications), Bhakti Marga Luxembourg a.s.b.l., 1, rue de la Gare, L-5353 Oetrange, Luxembourg, and Bhakti Event GmbH, Am Geisberg 1–8, 65321 Heidenrod-Springen, Germany, act as joint controllers within the meaning of Art. 26 GDPR.

Scope of Joint Processing

This joint controllership applies in particular to the following activities:

creation of photo, video and audio recordings during events;
livestreaming and publication of audiovisual content via the Bhakti+ platform and official Bhakti Marga channels;
documentation and archiving of events for spiritual, educational and community purposes.

Allocation of Responsibilities

Bhakti Marga Luxembourg a.s.b.l. is responsible for:

organising and conducting events locally;
collecting participant data (e.g. registration details);
providing data protection information to participants;
ensuring GDPR-compliant processing;
obtaining and documenting any required consent or contractual participation agreements;
implementing on-site data protection measures (e.g. filming zones, signage, announcements);
acting as the primary contact point for participants on-site.

Bhakti Event GmbH is responsible for:

audiovisual production (camera, sound, direction);
livestreaming via the Bhakti+ App platform;
technical processing, hosting, storage and archiving of recordings;
post-production and publication of content;
ensuring GDPR-compliant processing and implementing appropriate technical and organisational measures.

Exercise of Data Subject Rights

Data subjects may exercise their rights under Articles 15–22 GDPR (e.g. access, rectification, erasure, restriction, objection) with either joint controller.

The controller receiving the request will coordinate internally to ensure a proper and timely response.

Essence of the Joint Controllership Arrangement

The essence of the arrangement between the joint controllers includes:

joint decision-making regarding the recording and publication of events;
local responsibility of BM Luxembourg for participant information and data collection;
central responsibility of Bhakti Event GmbH for media production and platform operation;
coordinated handling of data subject rights.

Further details of the joint controllership arrangement can be made available upon request.

Where users outside the EU/EEA access content via regional structures, processing may additionally occur under separate responsibility of Bhakti Marga Church (USA), acting as an independent controller under applicable data protection laws.

5.4 Legal Basis for Processing

Processing of personal data is based on:

Art. 6(1)(b) GDPR (performance of a contract in relation to event participation),
Art. 6(1)(f) GDPR (legitimate interests in organising, documenting and sharing Bhakti Marga activities), and
where applicable, Art. 6(1)(a) GDPR (consent, in particular for publication of images and videos).

Consent is voluntary and may be withdrawn at any time with effect for the future. Withdrawal does not affect processing carried out prior to withdrawal.

5.4.2 Contractual Basis (Where Applicable)

If a participant signs a specific participation or production agreement, processing may additionally be based on Art. 6(1)(b) GDPR.

5.4.3 Legitimate Interest (Limited Scope)

In strictly limited cases, processing may additionally rely on Art. 6(1)(f) GDPR. This applies exclusively to:

Overview or wide-angle recordings
Documentation of the general atmosphere
Situations where individuals are not the focus of the recording

The legitimate interests pursued consist in:

Public communication of spiritual activities
Documentation and preservation of spiritual teachings
Enabling the worldwide spiritual community to participate in and experience the spiritual event, including members who cannot attend physically
Maintaining historical archives of Bhakti Marga activities

A documented legitimate interest assessment has been conducted.

Where recordings reveal special categories of personal data in a targeted manner, processing is carried out exclusively on the basis of explicit consent.

5.5 Film Zones and Opt-Out Mechanisms

To safeguard participants’ rights:

Clearly marked film zones may exist.
Targeted close-up recordings occur only within such zones or on the basis of consent.
Outside film zones, only non-focused overview recordings may be made.
Livestream-free zones are provided.
Participants may notify organisers if they do not wish to be filmed.
Visible identifiers (e.g., wristbands) may be used to protect opt-out participants.

5.6 Publication Channels

Media content may be published via:

Internal Platform

Bhakti+ Media Platform (Bhakti+ App): https://bhakti.plus

Official External Channels

YouTube — Official channels including:
Facebook — facebook.com/bhaktimarga108
Official Bhakti Marga pages — bhaktimarga.org, paramahamsavishwananda.com, justlovefestival.org, shreepeethanilaya.org
Instagram — instagram.com/bhaktimarga
Flickr — flickr.com/photos/bhaktimarga
Official Bhakti Marga websites (including country websites)

Publication may occur worldwide.

5.7 Regional Operation of the Bhakti+ Platform App

The Bhakti+ platform Application is operated on a regional basis using IP-detection.

For users within the EU/EEA, the collection and processing of personal data is carried out by:

Bhakti Event GmbH

Am Geisberg 1–8, 65321 Heidenrod-Springen, Germany

For users outside the EU/EEA (ROW), personal data is collected and processed independently by:

Bhakti Marga Church (USA)

as a controller within the meaning of the GDPR or the applicable national data protection laws.

No transfer of user account or profile data from Bhakti Event GmbH to Bhakti Marga Church (USA) takes place.

5.8 Bhakti+ Platform App

5.9 Processors for the Bhakti+ Platform (Art. 28 GDPR)

Bhakti Event GmbH uses carefully selected service providers as processors within the meaning of Art. 28 GDPR to operate the Bhakti+ platform and to technically implement media content. Appropriate data processing agreements are in place.

a) Hexaglobe, Paris, France

Service: Video hosting and embedding services
Website: hexaglobe.com
Privacy Policy: hexaglobe.com/en/privacy-policy
DPA: hexaglobe.com/en/legal
Safeguards: EU hosting

b) Shopify International Ltd., Ireland

Service: Hosting of the app infrastructure and platform-related services
Website: shopify.com
Privacy Policy: shopify.com/legal/privacy
DPA: shopify.com/legal/dpa

c) Flickr (Yahoo! Inc.), USA (optional)

Service: Optional image galleries
Website: flickr.com
Privacy Policy: flickr.com/help/privacy
DPA: flickr.com/help/dpa
Safeguards: Standard Contractual Clauses (SCCs)

d) YouTube (Google Ireland Ltd.) (currently not used for livestreams)

Service: Video hosting or informational content, if used
Website: youtube.com
Privacy Policy: policies.google.com/privacy
DPA: cloud.google.com/terms/data-processing-addendum

e) Meta Platforms Ireland Ltd. (Facebook) (currently not used for livestreams)

Service: Optional social media communication, if used
Website: facebook.com
Privacy Policy: facebook.com/privacy/policy
DPA: facebook.com/legal/terms/dataprocessing

Public authorities (e.g., tax authorities) receive personal data only where a legal obligation exists.

5.10 Storage Period

Personal data is stored only for as long as necessary for the respective processing purposes. Data will be deleted once the purpose of processing no longer applies or consent has been effectively withdrawn, unless overriding legal grounds apply.

Media content (photo, video and audio recordings) may be stored for a longer period for documentation and archival purposes of spiritual events, provided that a valid legal basis exists.

Media content may be stored for longer periods for:

Documentation
Archival purposes
Preservation of spiritual teachings

Deletion occurs:

Upon withdrawal of consent, unless overriding legal grounds apply
When the purpose no longer applies
Subject to statutory retention obligations

Exemptions under Art. 17(3) GDPR may apply.

5.11 Data Subject Rights

Under the GDPR, you have the right to:

Access (Art. 15)
Rectification (Art. 16)
Erasure (Art. 17)
Restriction (Art. 18)
Data portability (Art. 20)
Objection (Art. 21)
Withdraw consent at any time (Art. 7(3))
Lodge a complaint with a supervisory authority (Art. 77)

Identity verification may be required.

5.12 Technical and Organisational Measures (Art. 32 GDPR)

We implement appropriate technical and organisational measures, including:

Role-based access controls
Encrypted data transmission (SSL/TLS)
Secure hosting infrastructure
Logging and monitoring
Confidentiality obligations
Regular review of security measures

In the event of a personal data breach, notification obligations pursuant to Art. 33 and 34 GDPR apply.

5.13 Contact and Further Information

For further information on how Bhakti Event GmbH processes personal data, please refer to their privacy policy: bhaktimarga.org/privacy-policy

You may contact either controller regarding data protection matters:

Bhakti Marga Luxembourg: info@darshan2026.lu
Bhakti Event GmbH: dataprotection@bhaktimarga.org

6. Service Providers and Data Sharing

We share personal data only where necessary and only with carefully selected service providers. This may include:

Supabase, Inc. (USA)

Database hosting for registration data.
Website: supabase.com
Privacy Policy: supabase.com/privacy
Data Processing Addendum (DPA): supabase.com/legal/dpa
Security & GDPR Information: supabase.com/security

International data transfers are safeguarded through Standard Contractual Clauses (SCCs) and additional contractual safeguards where applicable.

Stripe, Inc. (USA)

Payment processing.
Website: stripe.com
Privacy Policy: stripe.com/privacy
DPA / GDPR Information: stripe.com/legal/dpa
Security Information: stripe.com/docs/security/stripe

Stripe acts as an independent controller for payment-related data.

Resend, Inc. (USA)

Transactional email services.
Website: resend.com
Privacy Policy: resend.com/legal/privacy-policy
Data Processing Addendum (DPA): resend.com/legal/dpa
Security & GDPR Information: resend.com/security

International transfers are protected through SCCs and additional safeguards where applicable.

Netlify, Inc. (USA)

Website hosting.
Website: netlify.com
Privacy Policy: netlify.com/privacy
Data Processing Addendum (DPA): netlify.com/gdpr-ccpa

Flickr (Yahoo! Inc.), USA

Optional image galleries.
Website: flickr.com
Privacy Policy: flickr.com/help/privacy

YouTube / Google Ireland Ltd.

Video hosting or informational content.
Website: youtube.com
Privacy Policy: policies.google.com/privacy
Google Data Processing Terms: business.safety.google/adsprocessorterms

Meta Platforms Ireland Ltd.

Facebook / Instagram communication.
Website: facebook.com
Privacy Policy: facebook.com/privacy/policy
Data Processing Terms: facebook.com/legal/terms/dataprocessing

We do not sell personal data to third parties.

7. International Data Transfers

Some service providers may process personal data outside the European Union or the European Economic Area, particularly in the USA.

Where personal data is transferred internationally, we rely on appropriate safeguards, including:

adequacy decisions under Art. 45 GDPR,
Standard Contractual Clauses (SCCs) under Art. 46 GDPR,
or explicit consent where required.

Residual risks relating to foreign government access cannot be fully excluded.

8. Payment Security

All payments are processed exclusively through Stripe’s PCI-DSS certified infrastructure.

We never see, store, or have access to full credit card or banking details.

We receive only confirmation of successful or failed payments.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law. In particular:

Registration data: up to 12 months after the event
Financial and accounting records: according to statutory retention obligations (generally 10 years)
Marketing consent data: until consent is withdrawn
Media recordings: as long as necessary for documentation, archival or spiritual purposes where a valid legal basis exists

Deletion may be restricted where statutory retention obligations apply.

10. Cookies and Local Storage

This website does not use tracking or advertising cookies.

We use only browser local storage to remember language preferences.

No personal data is shared with third parties through this mechanism.

11. Technical and Organisational Measures

We implement appropriate technical and organisational measures pursuant to Art. 32 GDPR, including:

Role-based access controls
Encrypted data transmission (SSL/TLS)
Secure hosting infrastructure
Logging and monitoring
Confidentiality obligations
Regular review of security measures

In the event of a personal data breach, notification obligations pursuant to Art. 33 and 34 GDPR apply.

12. Your Rights Under the GDPR

Under the GDPR, you have the following rights:

Access (Art. 15 GDPR)
Rectification (Art. 16 GDPR)
Erasure (Art. 17 GDPR)
Restriction (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection (Art. 21 GDPR)
Withdraw consent at any time (Art. 7(3) GDPR)
Lodge a complaint with a supervisory authority (Art. 77 GDPR)

Identity verification may be required.

To exercise your rights, please contact: info@darshan2026.lu

13. Right to Lodge a Complaint

You have the right to lodge a complaint with the Luxembourg data protection authority:

Commission Nationale pour la Protection des Données (CNPD)

15, Boulevard du Jazz
L-4370 Belvaux
Luxembourg

Website: cnpd.public.lu

14. Contact and Further Information

For privacy-related questions, you may contact:

Bhakti Marga Luxembourg a.s.b.l.

Email: info@darshan2026.lu

15. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy at any time in order to adapt it to legal, technical or organisational changes.

The latest version will always be available on this website.

Last updated: May 2026