Privacy Policy

General Data Protection Regulation (GDPR)

Purpose

This is a description of the privacy policy of the Swiss Vipassana Association (Dhamma Sumeru, Vipassana Centre, No 140, CH-2610 Mont-Soleil). In this policy, we explain who we are, why we need your data, what we do with it and how we help you to exercise your rights with respect to your data. Our privacy policy aims to deal with great care with your data and your rights, in compliance with national and international rules and regulations, especially the General Data Protection Regulation (GDPR) as well as the Swiss Federal Act on Data Protection (FADP). We are following the GDPR guidelines which is the EU’s data protection law. For more information you may have a look at: www.privacy-eu.dhamma.org. Following these guidelines is in line with the revised Federal Act on Data Protection (FADP) in Switzerland. The revised FADP is coming into effect as of 01. September 2023.

Who we are 

If you apply for a 10-day Vipassana course your data goes through an online application process called CALM (standing for Course Application and Letters Management). Affiliated Vipassana organisations use this registration system to organise courses. The CALM Foundation (located in Rotterdam, The Netherlands) manages this system and has its own CALM Privacy Policy. Swiss Vipassana Association is responsible for the further processing of your data. 

Your data is used to process your application, provide you with a place on the course, a room and a place to meditate, and if necessary to make special provisions for you.

Why we store your information

With the information you give us, we assess if you are mentally and physically capable of participating in a course. A Vipassana course can be very demanding.

We then use your information to:

  • plan accommodation, food or transport;
  • give you adequate guidance and assistance during the course;
  • provide additional services to old students, such as newsletters and after course mailings;
  • share opportunities to volunteer/serve or share other relevant information with you.
  • keep financial information for tax reasons or other personal information required by law.

We will not do these things if you do not want us to. There are cases when we need to keep personal details because somebody could harm themselves or others by participating in a course.

The information we collect

We collect your name, date of birth, gender, profession, medical and/or mental health history (as provided by you), name of spouse, name of friends who are participating in the course, emergency contact, general contact information, course history, native language and other languages spoken. 

For the duration of the course we also store the licence plate number of your vehicle in case we need to remove it in an emergency.

If a teacher has grounds to decide that you cannot participate in a course, we will keep this information and the reason why. The decision may be based on data provided by you, but also on events or the observations made by a teacher. Only teachers involved with the assessment have access to this information.

How long it is stored

In CALM, all sensitive information and communication is removed 3 months after your course is completed. Only some basic information is stored, such as your name and if you completed a previous course. An assessment that you cannot participate in a course in the future, or only under certain conditions, is kept for a maximum of 10 years. This period can be prolonged after a new assessment. The physical form that you complete on arrival at the Vipassana centre/course location will be destroyed after 10 years.

If you participate in a course, Swiss Vipassana Association is responsible for storing your data in compliance with national rules and regulations. However, we delete all information that we no longer need.To know exactly how long the information is stored, and, in the case of a non-centre location, where forms are stored, please contact the relevant Data Protection Officer (DPO) or Privacy Contact Person (PCP) below. 

How we process your personal information

When we process your personal information we follow a set of principles:

  1. your information is only used and stored in accordance with what we really need and as long as needed;
  2. we have an overview of all the type of information that is stored;
  3. if we don’t need your information any more, we will delete it;
  4. we give you access to your information;
  5. we keep your information properly secured;
  6. we only share your personal information within our organisation (this means: with Vipassana organisations in the same tradition with the same goals, provided there are safeguards in place (see below);
  7. No automated decision making and no profiling is taking place based on the information you have provided.

 The Data Protection Officer (DPO)

The CALM foundation is responsible for the international online registration system. Meditation centres that use the CALM system, like the Swiss Vipassana Association, are responsible for the further processing. Each country has a Data Protection Officer (DPO). The DPO is responsible for protecting your data. You can contact the DPO at: [email protected]  

Special rules for children

Children, have a special privacy policy because they are more vulnerable:
www.privacy-eu.dhamma.org/children.

Legal grounds

Personal information is only stored if we have a legitimate reason to hold it and if the law allows us to do so. For example: by consent, under a contract, because of any other legitimate interest such as the vital interest of a student, or because a special law requires us to. We can always inform you of the legal reason why we are holding your information.

Security

Fellow workers/volunteers who process data for Swiss Vipassana Association sign a confidentiality agreement. Only the teachers, involved with an assessment, have access to very sensitive information (they have signed a confidentiality agreement). Your personal information is kept securely and is not in any circumstances disclosed to a third party, unless specifically authorised to receive that information.

Personal data is kept:

  • in a locked room with controlled access; and/or
  • in a locked drawer or filing cabinet; and/or
  • if computerised, password-protected in line with corporate requirements in the Access Control Policy; and/or
  • stored on (removable) computer media which are encrypted and will be anonymized or pseudonymized wherever possible.

PC screens and terminals, used for processing data, are not visible except to authorised fellow workers/volunteers. Physical records may not be left where they can be accessed by unauthorised personnel and may not be removed from the workplace without explicit authorisation. As soon as manual records are no longer required they are removed from secure archiving.

Sudents rights

We respect your rights. More specifically we ensure that:

  1. We can provide an overview of all the information we keep about you. 
  2. We will make sure your information is correct.
  3. We will correct and remove any information at your request, unless we have a legal ground to process the information without your consent. You have a right to object to our decision.
  4. We will redirect you to the applicable Data Protection Officer or Privacy Contact Person.
  5. We offer you the option to submit an objection to the processing to the appeals committee, our so-called Special Cases Committee.
  6. We will respect your right to file a complaint at the Data Protection Authority

Access to information and objections towards the processing

If you want to find out what information we keep about you, or if you do not agree with the data we keep, and if you want to submit an objection towards processing, you can make a request by sending an email to: [email protected]

Data breaches

If there is a breach that may have repercussions for you, we will inform you about this, and the Data Protection Authority as soon as possible. Sometimes information accidentally ends up in the wrong place. For example, you may receive a letter intended for another student. Or your own information was forwarded to somebody that shouldn’t have access to it. Whenever personal information is shared without the proper authorisation, there could be a data breach. Suspicious e-mails or virus attacks may signify or lead to data breaches. If you suspect a data breach please report it here. You can do that as a Vipassana volunteer or as a student. Prompt reporting of suspected data breaches will help the Data Protection Officer to take immediate action to mitigate or prevent a breach. If in doubt, please contact us on: [email protected]

International safeguards

Whenever we share your personal information with a Vipassana-organisation outside the European Union, we apply additional safeguards. To learn more about the safeguards we applied in your specific case, please contact us. 

In case you ask us to provide data, to an organisation without adequate safeguards, we will inform you about the risks. You can then decide whether or not to provide the information.

Contact information

If you have any questions or would like to contact us, send us an e-mail: [email protected].