How we protect your data.

Effective Date: August 17, 2020

This Privacy Policy applies to processing of Personal Data by Drukama (“Drukama,” “we” or “us”) in the context of any affiliates located in the EEA, as well as Drukama’s offering of goods and services, or monitoring the behavior, of individuals located in the EEA. This Privacy Policy describes how Drukama collects and otherwise processes your Personal Data (as defined below) in connection with:

  • Your use of our website and mobile applications;
  • Subscriptions to our newsletters and other marketing messages;
  • Invitations to and participation in our discussions, lectures, retreats, consultations and other events;
  • Our use of Personal Data related to the family members, next of kin, and/or dependents for emergency contact purposes in connection with the provision of services.

For any other use of your Personal Data, please refer to our general Privacy Policy.


“Personal Data” refers to any information that relates to you directly or indirectly or any other “personal data” as defined in Article 4 point 1 of Regulation (EU) 2016/679 (General Data Protection Regulation) (“GDPR”). We process the following categories of Personal Data:

  • Contact information, such as your name, home or business address, email address, phone number, social media handles, and business contact information;
  • User information, which includes information provided or made available to us by or on behalf of our users and information generated by us in the course of providing services to our users;
  • Technical information, such as data collected about your interaction with our websites, mobile applications, and email communications;
  • Financial information, such as payment card and related information when not processed through a payment gateway;
  • Identification or background information provided by you or collected by us or third parties as part of our business analysis, user onboarding, regulatory compliance checks, and related processes;
  • Family information, such as the demographic and contact information of your family members, dependents, next kin, and other persons that serve as emergency contacts for the user; and
  • Any other information that you provide us that can be used to identify you.

We collect Personal Data from:

  • Direct interactions, such as when you enquire about our services, provide us your contact details, register for a course, retreat, lecture, or other event with us, provide us with information in connection with our services, surveys, questionnaires, courses, lectures, live streams, online discussions and similar events, subscribe to notifications and updates, or in any way engage with us or our personnel and volunteers;
  • Cookies and automated technologies, such as when you interact with our website, mobile applications or click on links in our emails;
  • Mobile applications, such as when you use mobile applications that we may offer as part of our services or at certain Drukama events we host;
  • Private third party sources, such as when third parties, including banks or users provide information to us;
  • Through social media, such as if you link to social media platforms or use social media plug-ins, we may (depending on your user privacy settings on that social media platform) automatically receive information about you from that social media platform;
  • Public sources, such as when we need to collect your Personal Data from publicly available sources including, government and law enforcement agencies, companies and land registries.


Personal Data we obtain through our provision of services:

We use Personal Data in the course of and in connection with the services we provide to our users. The legal basis for processing such data will generally be our legitimate interest to provide services to our users (Article 6(1)(f) GDPR). We may process identification and background information as part of our business acceptance, finance, administration and marketing processes, including conflict and reputational checks. We will also process Personal Data provided to us by or on behalf of our users for the purposes of the work we do for them or on their behalf. Personal Data may be disclosed to third parties to the extent necessary in connection with that work.

Personal Data we obtain outside of our provision of services:

Below is a description of the Personal Data we collect outside of our provision of services, the likely source of the Personal Data, how we may use it, and for what purposes and pursuant to what legal basis.

Use of your Personal Data Categories of Personal Data we Process Source of the Personal Data Legal Basis
Obtain your subscription preferences and send eNewsletters and similar marketing communications Contact information and other information you provide, such as your topic preferences and areas of interests You Legitimate Interest: To provide you with information you need and other services you request and to efficiently communicate with our user where you are the user or contact person for our user (Article 6(1)(f) GDPR)
Respond to inquiries and fulfill requests Contact information and other information you provide, such as your requests You Legitimate Interest: To provide you with information you need and other services you request and to efficiently communicate with our user where you are the user or contact person for our user (Article 6(1)(f) GDPR)

Consent: We will send you marketing communications by email and text/SMS pursuant to your consent (Article 6(1)(a) GDPR)

Contract: If you are our user or prospective user (Article 6(1)(b) GDPR)
Conduct surveys and questionnaires Contact information and other information you provide, such as your survey answers You Legitimate interests: To evaluate and take action with regard to your feedback and comments about Drukama’s services (Article 6(1)(f) GDPR)

Contract: If you are our user or prospective user (Article 6(1)(b) GDPR)
Register for or participate in online and in person events (including lectures, courses, live streams, chat or forum discussions, and retreat programs) and deliver event-related materials Contact information other information you provide, such as your preferences for the event You Legitimate interests: To enable your attendance at our events and to deliver you event materials (Article 6(1)(f) GDPR)

Contract: As may be described on the registration page for the event (Article 6(1)(a) GDPR)
Obtain current user and emergency contact data and update contact records Contact information and other information you provide, such as your relationships to people at Drukama You and public sources, such as LinkedIn Legitimate interests: To ensure the integrity of our user and other contact data (Article 6(1)(f) GDPR)
Perform website analytics Technical information and other information we collect  demographics, interests, behavior tracking, event tracking First and third party analytics cookies Legitimate interests: To understand more about our website visitors (what pages you view, how long you visit, your devices, etc.) in order to improve our services (Article 6(1)(f) GDPR)
Special Categories:

We only process Special Categories of Personal Data if you give us your explicit consent, the processing is necessary to meet a legal or regulatory obligation, the processing is in connection with the establishment, exercise or defense of our or our user’s legal claims or is otherwise expressly permitted by the GDPR. Special Categories of Personal Data includes information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and data concerning health, sex life, and sexual orientation.

Other Uses:

Any other purposes for which we wish to use your Personal Data that are not listed above, or any other changes we propose to make to the existing purposes will be notified to you by amending this Privacy Policy in accordance with the Section titled “Changes to this Privacy Policy” below.

If we need to collect Personal Data by law or under the terms of any contract we may have with you and you fail to provide us with the information when requested, we may not be able to continue services or registration for services. We will inform you of any mandatory Personal Data we require from you and the consequences if you fail to provide it.


We will share your Personal Data within the Drukama entity, and with Drukama employees and/or volunteers as may be required, with data processors, and with other controllers. Your Personal Data will be used by our employees, volunteers and other staff members for the purposes described above and for accounting, tax and other administrative purposes.

We may also transfer your Personal Data outside of the EEA.

Data Processors:

We may engage third-party service providers for the provision of services that help us in processing Personal Data and providing services to our users. These will process your personal data as data processors (Article 28 GDPR) solely on our behalf. The categories of such recipients include:

  • service providers for information technology and telecommunications (such as data centres, hosting providers, email service providers;
  • marketing service providers;
  • accounting service providers;
  • forensic service providers;
  • cyber security providers; and
  • business process outsourcing providers.
Other Controllers:

In addition, we may share your Personal Data with:

  • Any party for whom your consent has been provided or other legal basis obtained, including third parties with whom you ask us to share your Personal Data;
  • Third-party firms that provide services necessary to accomplish the processing activities set forth above;
  • Third parties, if we determine that the disclosure is necessary: (i) to comply with any law applicable to us, a request from law enforcement, a regulatory agency, or other legal process; (ii) to our users in order to satisfy our duties towards our users; (iii) to protect the legitimate rights, privacy, property, interests or safety of Drukama, our users, business partners, personnel, volunteers, or the general public; (iv) to pursue available remedies or limit damages; (v) to enforce our Terms of Use; or (vi) to respond to an emergency.
International Transfer of Personal Data

Drukama is committed to complying with this Privacy Policy and European data protection laws with regard to information transferred from the EEA. The laws in the United States and other countries outside the EEA may not be as protective as the laws in Europe. Because of this, Drukama has taken steps to protect your privacy and fundamental rights when your Personal Data is transferred to the United States (and to other countries where no adequacy decision of the European Commission exists). For transfers to third parties, we make sure that either recipient is subject to a jurisdiction for which an adequacy decision of the European Commission (including the EU-U.S. Privacy Shield where the recipient is a participant), or that there are adequate safeguards such as the Standard Contractual Clauses or binding corporate rules in place.

If you would like to know more about how we protect your Personal Data, or obtain a copy of the adequate safeguards, you can contact us using the information in the section “Contact Us” at the end of this Privacy Policy.

Use of our Website:

This section only applies to the use of our website from the EEA.

Cookies and Other Data Collection Technology:

"Cookie" is a small text file that is sent to or accessed from your web browser or your computer’s hard drive. A Cookie typically contains the name of the domain (internet location) from which the Cookie originated, the “lifetime” of the Cookie (when it expires), and a randomly generated unique number or other similar identifier. A Cookie may also contain information about your device, such as user settings, browsing history and activities conducted while using our online services.

"Web Beacon" (also called a "pixel tag"" or "clear GIF") is a piece of computer code that enables us to monitor user activity and website traffic.

We refer to Cookies, web beacons (also known as pixel tags and clear GIFs) and other similar technology as "Data Collection Technology". To learn more about cookies and web beacons, visit

Data Collection Technology helps us improve your experience on our online services. For example, we use Google Analytics, a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. Google Analytics does this by placing Cookies on your device. The information that the Cookies collect, such as the number of visitors to the website, the pages visited and the length of time spent on the website, is aggregated. We also may use Data Collection Technology to collect information from the computer or device that you use to access our online services, such as your operating system type, browser type, domain and other system settings, as well as the language your system uses and the country and time zone in which your computer or device is located.

We generally use the following types of Data Collection Technologies, which may change from time to time:

Description Cookie Name Category
Cookies used to maintain the session of the user from page to page _drukama_session Session cookie
Cookies used to distinguish users _ga
Third party (Google Analytics, SiteImprove, Load Banner) analytics cookie
Cookies used to throttle request rate. _gat
If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>
Third party (Google Analytics, SiteImprove, Load Banner) analytics cookie
Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service. AMP_TOKEN Third party (Google Analytics, SiteImprove, Load Banner) analytics cookie
Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. _gac_<property-id> Third party (Google Analytics, SiteImprove, Load Banner) analytics cookie
Cookie used to determine whether a user has accepted our cookie notice cookie_consent Session cookie
Your Control of Cookies:

Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject Cookies or alert you when a Cookies is placed on your device. You may also be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. Although you are not required to accept Cookies or mobile device identifiers, if you block or reject them, you may not have access to all features available through our online services.

Our Policy on Do Not Track Signals:

Some web browsers incorporate a "Do Not Track" ("DNT") or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. We do not have technology in place to follow the DNT signals we receive from your browsers.


Our services may include links or references to third party websites and services that we do not operate or control. If you provide your Personal Data to that third party through its websites or services, you will be subject to that third party’s privacy practices and policies. This Privacy Policy does not apply to any Personal Data that you provide to a third party website or service. We recommend that you read the Privacy Policy that applies to that third party website or service. A link or reference to a third party website or service does not mean that we endorse that third party or the quality or accuracy of the information presented on its website or service.


We implement appropriate technical and organizational measures designed to ensure your Personal Data is protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. For example:

  • Limiting access of your Personal Data to authorized parties;
  • Limiting our collection and use of your Personal Data to the extent necessary to provide you with our services;
  • If we outsource processing of Personal Data to third parties, basing our selection on said third parties having adequate safeguards in place that meet our data protection and security standards, and regularly auditing their compliance with applicable data protection policies, laws and regulations;
  • Having systems in place designed to ensure that we can restore the availability and access to Personal Data in the event of a physical or technical incident;
  • Periodically inspecting, assessing, and evaluating the effectiveness of our technical and organizational measures designed to ensure the security of our processing; and
  • If you would like to know more about how we protect your Personal Data, you can contact us using the information in the section “Contact Us” at the end of this Privacy Policy.

We will keep your Personal Data for as long as necessary to fulfill the purposes we collected it for, including any legal or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data, whether we can achieve those purposes through other means, and all applicable legal requirements.


Our services are not directed to or intended for use by minors. Consistent with the requirements of the U.S. Children’s Online Privacy Protection Act, the GDPR, and all other applicable laws and regulations, if we learn that we have received information directly from a child under age 16 without his or her parent or legal guardian’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use our services. Subsequently, we will delete such information.


If you do not wish to receive marketing-related emails from us, please click the unsubscribe link at the bottom of a marketing email, change the notification setting in your profile, or email us using the information in the section “Contact Us” at the end of this Privacy Policy. You may unsubscribe from certain marketing topics while staying subscribed to other marketing topics. Please note that even if we stop all marketing communications, you may still receive administrative, legal, and other important communications from us.


Under the GDPR, you have the following rights regarding your Personal Data that we process:

  • Right to access to the following information: (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data has not been collected from you, any available information as to their source; (h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject (Article 15 of the GDPR).
  • Right to rectification of inaccurate personal data concerning you as well as, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement (Article 16 of the GDPR).
  • Right to erasure (deletion) of personal data concerning you without undue delay where: (a) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw your consent and there are no other legal grounds for the processing; (c) you exercise your right to object (see below) and there are no compelling legitimate grounds for the processing; (d) the personal data have been unlawfully processed; or (e) the personal data have to be erased for compliance with a legal obligation applicable to us (Article 17 of the GDPR).
  • Right to restriction of processing (i.e., data will be blocked from normal processing but not erased) where: (a) you contest the accuracy of the personal data, for a period enabling us to verify the accuracy; (b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; (c) we no longer need the personal data for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims; (d) you exercise your right to object (see below) pending the verification whether our legitimate grounds override those of you (Article 18 of the GDPR).
  • Where processing is based on your consent, the right to withdraw consent at any time, without affecting the lawfulness of the processing prior to such withdrawal (Article 7(3) of the GDPR). Please note that even after you have chosen to withdraw your consent we may be able to continue to process your Personal Data, in some limited circumstances, to the extent required or otherwise permitted by law, or in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
  • Where processing is based on your consent, or on a contract, the right to data portability, i.e., the right to obtain a copy of the data concerning you in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from us.
  • Right to object to the processing of personal data based on legitimate interests of us or any third party under Article 21 of the GDPR based on your particular situation, provided that there are no compelling legitimate grounds for the processing that would override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims (Article 21 of the GDPR).

If you wish to exercise any of your rights above, please contact us using the information in the section “Contact Us” at the end of this Privacy Policy. We may charge you a reasonable fee in case you request additional copies of your Personal Data or make other requests that are manifestly unfounded or excessive. If we are unable to honor your request, or before we charge a fee, we will let you know why. In so far as practicable and required under law, we will notify third parties with whom we have shared your Personal Data of any request for correction, deletion, and/or restriction to the processing of your Personal Data. Please note that we cannot guarantee third parties will comply with your requests and we encourage you to contact those third parties directly.

Please note that if you decide to exercise some of your rights, we may be unable to perform the actions necessary to achieve the purposes set out above or you may not be able to use or take full advantage of the services and products we offer.

We must ensure that your Personal Data is accurate and up to date. Therefore, please advise us of any changes to your information by emailing us or updating any available website profile fields.


California Civil Code Section 1798.83 permits individual California residents to request certain information regarding our disclosure of certain categories of Personal Data to third parties for those third parties’ direct marketing purposes. To make such a request, please contact us using the information in the section “Contact Us” below. This request may be made no more than once per calendar year.


The Effective Date of this Privacy Policy is set forth at the top of this webpage. If we materially change the way we collect, use or disclose your Personal Data we will notify you in advance by email and/or by placing a prominent notice on this website. The amended Privacy Policy supersedes all previous versions.


We welcome your questions and comments about this Privacy Policy or how we process your Personal Data. Please contact us using the information below, and we will respond to you as soon as reasonably possible.

By Mail:

Attn: Policy
PO Box 5965
Mohave Valley, AZ 86446

By Email:

Although Drukama will in most circumstances be able to receive your e-mail or other information provided through this site (including, without limitation, service requests and other submissions), Drukama does not guarantee that it will receive all such e-mail or other information timely and accurately and shall not be legally obligated to read, act on or respond to any such e-mail or other information. Be aware that Internet e-mail typically is not secure.

Version 1.0.0
Revised on August 17, 2020
© Copyright 2024 Drukama. All rights reserved.