PRIVACY POLICY
Last updated: January 23, 2026
1. Scope of Application
This Privacy Policy applies to the use of our website and all content and services offered on it.
We are a company based in Switzerland. Data processing is primarily governed by the revised Swiss Federal Act on Data Protection (revDSG).
In addition, the General Data Protection Regulation (GDPR) applies insofar as personal data of persons in the European Economic Area (EEA) is processed and our offer is relevant to these persons (e.g., through bookability from the EEA and prices stated in Euro).
2. Data Controller
Madhukar – Enlighten Life
Madhukar Merkle B.J.
Marktplatz 7
CH-5080 Laufenburg/AG, Switzerland
Email: info@madhukar.org
3. What Data We Process
a) Visiting the Website
When you visit our website, technically necessary data is automatically processed, including:
IP address
Date and time of access
Pages accessed
Browser type and operating system
Referrer URL (the page from which you accessed our website)
Purpose: Technical provision, stability, security, and improvement of the website.
Legal basis:
revDSG: Overriding legitimate interest
GDPR: Art. 6(1)(f) (legitimate interest)
b) Contact Forms
When you contact us via a form, we process the data you provide (e.g., name, email address, message).
Purpose: Processing and responding to your inquiry.
Legal basis:
revDSG: Contract performance or overriding interest
GDPR: Art. 6(1)(b) (pre-contractual measures) or Art. 6(1)(f) (legitimate interest)
Retention period: Until your inquiry is resolved, then deletion, unless legal retention obligations exist.
c) Newsletter Subscription
When you subscribe to our newsletter, we collect:
Email address
Name (optional)
IP address and timestamp of registration (to prove consent)
Purpose: Sending our newsletter with information about retreats, events, and teachings.
Legal basis:
revDSG: Consent
GDPR: Art. 6(1)(a) (consent)
Double Opt-In: After registration, you will receive a confirmation email. Your subscription will only be activated after you click on the confirmation link.
Newsletter provider: We use MailerLite (UAB "MailerLite", J. Basanavičiaus 15, LT-03108 Vilnius, Lithuania) for sending newsletters. MailerLite processes your data on our behalf under a data processing agreement (DPA). For more information, see MailerLite's Privacy Policy.
Withdrawal of consent: You can unsubscribe from the newsletter at any time by clicking the unsubscribe link in any newsletter email or by sending an email to info@madhukar.org.
d) Download of Free eBook and Starter Kit
When you download our free eBook or Starter Kit, we collect:
Email address
Name (optional)
Purpose: Sending the requested content and a 5-day email orientation.
Legal basis:
revDSG: Consent
GDPR: Art. 6(1)(a) (consent)
Retention period: Until you unsubscribe or request deletion.
e) Retreat Bookings and Donations
When you book a retreat or make a donation, we collect:
Name
Email address
Billing address (if required)
Payment information (processed by third-party providers or via bank transfer)
Purpose: Processing your booking or donation.
Legal basis:
revDSG: Contract performance
GDPR: Art. 6(1)(b) (contract performance)
Payment Methods:
1. Credit Card / Online Payment (Stripe)
We use Stripe (Stripe, Inc., 510 Townsend Street, San Francisco, CA 94043, USA) to process online payments. Stripe processes payment data on our behalf under a data processing agreement (DPA).
When you make a payment via Stripe, your payment data (e.g., credit card information) is processed directly by Stripe. We do not store your complete credit card data on our servers. Stripe is PCI-DSS certified and uses industry-standard security measures.
Data transfer to the USA: Stripe may transfer data to servers in the USA. We rely on Standard Contractual Clauses approved by the EU Commission to ensure adequate data protection.
For more information, see Stripe's Privacy Policy.
2. Bank Transfer (SWIFT) to PostFinance
If you wish to pay by bank transfer, you will receive our bank details (IBAN, BIC, account holder). You must provide the following data:
Your name (as account holder)
Your IBAN (for payment reconciliation)
Payment reference (to match your payment to your booking)
What we do with this data:
We receive the transfer data from PostFinance (name, IBAN, payment reference, amount, date)
We use this information to match your payment to your booking or donation
We store this data as part of our accounting records
Legal basis:
revDSG: Contract performance and legal obligation (accounting/tax law)
GDPR: Art. 6(1)(b) (contract performance) and Art. 6(1)(c) (legal obligation)
Retention period: As required by Swiss law for accounting and tax purposes: 10 years from the end of the calendar year in which the payment was made.
Data processor: PostFinance (PostFinance AG, Mingerstrasse 20, 3030 Bern, Switzerland) processes payment data on behalf of the payer and recipient. PostFinance is subject to Swiss banking secrecy and Swiss data protection laws. For more information, see PostFinance's Privacy Policy.
Retention period (general): Payment and booking data is stored as long as necessary for contract performance and as required by law (e.g., tax and commercial retention obligations: 10 years in Switzerland).
4. Cookies
Our website uses cookies. Cookies are small text files stored on your device that help us provide and improve our services.
Types of Cookies:
a) Necessary Cookies
These cookies are essential for the proper functioning of the website (e.g., session cookies, security cookies).
Legal basis:
revDSG: Overriding legitimate interest
GDPR: Art. 6(1)(f) (legitimate interest)
b) Optional Cookies (Analytics, Marketing)
These cookies are only used with your consent (e.g., Google Analytics, social media cookies).
Legal basis:
revDSG: Consent
GDPR: Art. 6(1)(a) (consent)
Managing Cookies:
You can manage or delete cookies in your browser settings. Please note that disabling cookies may affect the functionality of the website.
5. Web Analytics (Google Analytics)
Our website uses Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
Data collected:
IP address (anonymized)
Pages visited
Time spent on pages
Browser and device information
Purpose: Analysis of website usage and improvement of user experience.
Legal basis:
revDSG: Consent
GDPR: Art. 6(1)(a) (consent)
Data transfer to the USA: Google may transfer data to servers in the USA. We have concluded a data processing agreement with Google and rely on Standard Contractual Clauses approved by the EU Commission.
IP anonymization: We have activated IP anonymization so that your full IP address is not stored.
Opt-out: You can prevent Google Analytics from collecting your data by installing the Google Analytics Opt-Out Browser Add-On.
For more information, see Google's Privacy Policy.
6. Social Media
Our website may contain links or embedded content from social networks (e.g., Instagram, Facebook, Pinterest, YouTube).
a) Simple Links (Social Media Buttons)
If only links (buttons) to our profiles on social networks are used on our website, no personal data is automatically transferred to the respective platforms when you visit our website. Data processing only begins when you click on such a link and are redirected to the website of the respective social network.
b) Embedded Content (Social Plugins)
If embedded content or social plugins (e.g., Facebook Like button, Instagram feed) are used, a connection to the servers of the respective social network may be established when you visit our website. Personal data (e.g., IP address) may be transmitted to the respective provider.
Legal basis:
revDSG: Consent
GDPR: Art. 6(1)(a) (consent)
Platforms we use:
Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) – Privacy Policy
Facebook (Meta Platforms Ireland Limited) – Privacy Policy
YouTube (Google LLC) – Privacy Policy
Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) – Privacy Policy
7. Disclosure and International Data Transfers
We only disclose personal data if:
It is necessary for the provision of our services (e.g., to payment service providers, newsletter providers)
We are legally obligated to do so
Data transfers outside Switzerland/EEA:
Some of our service providers (e.g., Google, Stripe) are based in the USA or other countries. We ensure adequate data protection through:
Standard Contractual Clauses (SCCs)
Adequacy decisions by the EU Commission or the Swiss Federal Data Protection and Information Commissioner (FDPIC)
8. Retention Period
We store personal data only as long as necessary for the respective purpose or as required by law (e.g., tax and commercial retention obligations: 10 years in Switzerland).
9. Your Rights
Under revDSG (Switzerland):
Right to access
Right to rectification
Right to erasure
Right to object
Under GDPR (where applicable):
Right to access (Art. 15)
Right to rectification (Art. 16)
Right to erasure ("right to be forgotten") (Art. 17)
Right to restriction of processing (Art. 18)
Right to data portability (Art. 20)
Right to object (Art. 21)
Right to withdraw consent (Art. 7(3))
Right to lodge a complaint:
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority:
Switzerland: Swiss Federal Data Protection and Information Commissioner (FDPIC) – www.edoeb.admin.ch
EU/EEA: Your local data protection authority – List of EU Data Protection Authorities
10. Data Security
We take appropriate technical and organizational measures to protect your data from unauthorized access, loss, or misuse, including:
SSL/TLS encryption
Secure servers
Access controls
Regular security audits
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The current version is always available on our website.
12. Contact
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:
Madhukar – Enlighten Life
Madhukar Merkle B.J.
Marktplatz 7
CH-5080 Laufenburg/AG, Switzerland
Email: info@madhukar.org