This policy outlines the type of information and data we collect when you use our website, livechat facilities, post a comment, make a purchase on our online shop, make a donation, or you register and/or attend any of our online events (workshops, livestreams, meetings, lectures, etc.).
This policy also explains the collection, use, storage, maintenance, protection and disclosure practices we have regarding data that is collected.
Most of the data that we collect is directly provided by you, especially relating to any personally identifiable information. Some data is collected without your consent, as it is necessary to make the website more intuitive and user-friendly.
You may submit inquiries regarding personal data protection, privacy and security matters, as well as withdraw previously given consent by contacting us at [email protected]
2. About Us
Spiritual Science Research Foundation INC (“SSRF”) is a non‐profit organization. We are registered:
- in Australia with the Australian Securities & Investments Commission (ASIC) ABN 49 119 742 291
- in the United States of America in the State of New Jersey No: 0400176958
- Germany with Local Court, Stendal, Register of associations no. VR 6298
- in Croatia with the Register of Associations of the Republic of Croatia under registration number 21012023
3. What data do we collect?
Information provided by you:
- Personally Identifiable Information (PII) disclosed by you (e.g., when voluntarily signing up for an account, events, WhatsApp alerts, completing purchases, submitting questions via chat or login, seeking website tech support from SSRF, etc.), that can (but is not limited to) include:
- year of birth
- shipping address
- billing address
- e-mail address
- SSRF account password
- phone number
- credit card information
- other general information relating to your areas of interest on our website such as donation preferences and questions.
- Non-confidential information, such as:
- Any information which you disclose to the public through our comments facility
- Other Non Personally Identifiable Information
- ISP’s IP addresses.
- the type and version of browser you’re using
- Geographic location, city, state or country
- Usage behavior on our website, such as time spent and pages visited
- Other information related to the usage of the website, which is not considered personally identifiable information
- Other information which is logged when you visit SSRF’s website:
We advise that you limit or do not publish or communicate personally identifiable information to the public through our services, such as our comments functionality.
3.1 Collecting your data
In some instances, we process your data (personally identifiable information) when you have given us consent to do so (e.g., signing up for newsletters, accounts, making donations or purchases). It is important to note that, in the event that you may choose to withhold consent, some of these services where your data is absolutely necessary for performance of the service itself, may not remain fully functional for you.
Apart from that, some cookies and data processing tools used on the SSRF website, which are necessary to ensure proper website functionality (e.g., livechat), protect your data, and to identify and report suspected fraud and/or data breaches, may collect data without your consent. This data is of a non-personally-identifiable category and is also anonymised or protected with end-to-end encryption at collection stage, such that it is not traceable back to you.
3.2 Using your data
We may use the information we collect or receive in the following ways:
- To send you our email or WhatsApp alerts about SSRF and our affiliates’ events, new articles, and/or newsletter if you have subscribed (opted-in) to them. The introduction/reminder of new functionalities, or products and services related to the Site.
- In response to individual questions and comments.
- To respond to and fulfil requests for products and services made through SSRF Shop (SSRF’s online shop). We also relay order details to an online payment gateway to collect payment on our behalf.
- To contact you about the status of your orders, donations and event registrations, including, but not limited to, their completion.
- Survey completion if you are a registered SSRF member. You will always have the option to not participate or provide feedback.
- To inform of any data breaches, problems with your accounts, flag fraudulent activity.
- To improve upon the user experience.
- In response to offensive, inappropriate, or objectionable content anywhere on or to SSRF, or otherwise engaging in any disruptive behaviour on the Site.
- In response to legal requests and to prevent If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
Under special circumstances, we may be required to disclose your personal information:
- To comply with legal authorities (e.g., court orders, government requests, regulatory purposes)
- To protect the interests, property, and rights of SSRF, its users or others, or to enforce website policies.
We do not sell or share your data to any third parties, except as necessary for payment gateways and third party applications that assist our services.
3.3 Storing your data
Although the internet itself is not 100% secure, we have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process.
Please note that transmission of personal information to and from our website is at your own risk. You should only access any website within a secure environment.
Measures we have in place are intended to protect your PII at a physical, electronic, and managerial level from misuse, loss, or unauthorised access, including by means of firewalls, password access and secure servers and encryption of data encryption:
- Physical security : SSRF website is hosted on the servers in highly secure data-centre that includes firewall facilities
- We use a control panel provided by the hosting provider to make any changes. No handmade changes are made on the server itself.
- We use a Web Application Firewall. All requests on the website pass through this firewall. This serves as an added layer of protection of your data.
- SSRF uses HTTPS secure protocol with TLS Certificates on the entire website including login, registration, shop, events etc.
- We use login credentials with strong passwords to view, delete or modify our databases
- SSRF encrypts all passwords that enable you to interact with the website. This includes the transmission, authentication, and storage of passwords. This means that none of our staff can see your passwords.
- We encrypt your passwords so that it cannot be read as the information travels over the Internet or when it resides on our servers.
- SSRF’s database is protected from unauthorized access by a series of sophisticated software protection programs.
- Credit Card information
- We have made it a policy not to store any credit card details on our website or on our servers.
- We use an online payment gateway system and any of your financial information that you provide during a credit card transaction is only known to those providers.
- Any autofill options that arise are stored on your browser or in the database of the company processing the financial transaction
- Accessibility to your data
- SSRF limits access to your personal information to SSRF representatives who process data and who are required to fulfil the requests for specific information, services or products.
- Your personal information is password protected with access only to those selected members to perform these tasks and authorized persons.
- Regular review:
- Periodically, our operations and organisation’s practices, policies and procedures are reviewed for security and privacy
- This policy may be updated from time to time so please check this statement periodically, as it is your responsibility to make sure you are aware of our latest policies.
- We will keep your information in our systems until we determine it necessary to purge it, unless you specifically asked us to disassociate yourself from us and to no longer be in our database.
- Please note that we are required to retain data processed through the SSRF shop for 7 years for tax and legal purposes. If you have any concern about your data at the SSRF shop, you can contact us at [email protected], specifically mentioning that the request is about the SSRF shop.
All data collected from servers is stored on servers in the EU. In cases where the second server is located outside of the EU, please note that it is part of the Privacy Shield Framework. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us and by the third parties listed under the Data Sharing section.
3.4 Securing your data
We also store data with third-party processors. For details please see the data sharing section below
3.5 Sharing data with Third parties
We only share and disclose your information with the following types of third parties. You can read more specific details about the specific third-party vendors below
Third party processors
|Through event registration.
|36 months||WhatsApp Help Center – General|
|LiveChat||Whenever a user is exchanging messages via chat.
All communication you have with us through Livechat, as well as the email address which you input in LiveChat are stored on LiveChat servers in the USA or Germany. Default setting is the USA.
|Sendgrid||If you requested to receive newsletters or event alerts from us by email, we share your email address with Sendgrid to send out emails. Data is stored on Sendgrid servers
Whenever the user clicks, contacts on the email, messages, communication sent via SendGrid.Data stored at SendGrid data centers locations.
|Retains email message activity/metadata (such as opens and clicks) for 30 days.
Stores customer’s aggregated sending stats and suppression lists (bounces, unsubscribes) and spam reports (which may contain content) indefinitely, and stores minimal random content samples for 61 days.Personal data for 30 days and security event logs for 365 days. Details
|CookiePro||A Unique Site Visitor ID||Cookie pro does not track any personally identifiable information that is trackable to an end user. A unique site visitor ID is captured for 1 year, which is strictly for statistical purposes.||Privacy Notice | OneTrust|
|Paypal||Payment Processing||Seven years||https://www.paypal.com/webapps/mpp/ua/privacy-full|
|Stripe||Payment Processing||Five or more years||https://stripe.com/en-au/privacy|
|WSDesk – ELEX||WordPress Helpdesk & Customer Support Ticket System Plugin||https://elextensions.com/policy/|
4. What do we do in the case of a data breach?
A privacy breach occurs when there is unauthorized access to or collection, use, disclosure, or disposal of personal information.
- You will be notified about data breaches without undue delay if SSRF believes you are at risk or serious harm, and in the event that you have provided us your contact information, and you have given us permission to contact you through email or WhatsApp. For example, a data breach that may result in serious financial harm or harm to your mental or physical well-being. We may also inform visitors about data breaches on our website homepage.
- In the event that SSRF becomes aware of a security breach which has resulted or may result in unauthorized access, use or disclosure of personal information, SSRF will promptly investigate the matter and notify the applicable Supervisory Authority/ies not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
5. Data privacy of minors
All the services on our website (including, but not limited to: login, chat, comments, shop, donations, event registrations, subscriptions, etc) are intended for individuals over the age of 18 years old or for minors with written consent of a legal guardian.
We do not knowingly collect data from anyone under 18 years of age.
If we learn that personal information from users less than 18 years of age has been collected without express written consent of their legal guardian, we will deactivate the account and take reasonable measures to promptly delete such data from our records.
If you become aware of any data we have collected from children under age 18, please contact us at [email protected]
6. Account Deactivation and Subscription cancellations
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases.
When you unsubscribe from our newsletter email list and/or whatsapp subscription you will be removed from the email list – however, we will retain your information for a period of 3 years for security purposes.
If you would like to unsubscribe from our mailing list you can do so by clicking unsubscribe under any email received from us. If you would like to unsubscribe from our whatsapp contacting list, you can reply to us on Whatsapp with a message “Unsubscribe”.
If you would like to terminate your account and delete all your data, you can request it at [email protected]
7. Additional Rights and Provisions
As a result of an increasing number of states, countries and regions with new and updated privacy and data protection laws, you also have the following rights:
- Right to copies of your collected data, sent to you or another organization under certain conditions
- Right to be forgotten/erasure
- Right to rectification of personal data
- Right of refusal to have your data collected or processed
- Right to restrict data collection and processing
- Right to object to processing of personal data for direct marketing purposes
- Right to file complaints with regional privacy authorities regarding how your data is handled
Should you want to exercise any of the above-stated rights, please email us at [email protected] and we will respond within one month; depending upon the number of requests and complexity, we will inform if any extensions are required (up to a period of an additional two months) and the reasons for the delays.
Current Policy Revision Date: April 6, 2022.