GDPR Compliance

Poulstone receives and processes data from the following sources and in the following ways:

  1. From: inquires to www.poulstone.com, email communications, facilitators and their retreatees. This information is stored and and may be used in response to the specific inquiry or general request made. This data may be stored and used to send out information about Poulstone activities, this includes alternative and holistic health and all spiritual traditions.
  2. From retreat organisers and their guests to fulfil contractual obligations and to ensure their retreat runs smoothly.
  3. Dietary requests. This information may be shared with Kitchen staff so as to meet the dietary requests.
  4. Contractors to Poulstone who have contractual obligations with Poulstone or undertake work for Poulstone.
  5. Employees

The data is stored in the office computer (C1) whose login is password protected and placed in the office whose entry is locked and is not accessible to the public.

The director/s of Poulstone, Rajesh Rai, Divya Dhasmana and those who assist remotely with office tasks, can access this information remotely via Dropbox and One Drive (both are GPDR compliant) through their portable computers which are password protected (C2 and C3).

No data, that identifies the owner of the data, is shared with third parties without the consent of the person to whom the data belongs.

Rajesh Rai (RR), Divya Dhasmana (DD), who are the Directors and/or managers have access to C1, C2 and C3.

From time to time, RR, DD may authorise Nishchal Rai, Kaushik Rai who assist with office tasks and administrative work, access to the C1.

Poulstone values the privacy of the people it deals with. It does not share data with third parties and uses the data strictly for the purposes stipulated at 1 hereinabove.

Further, from now on in:

  1. Anyone who has access to data must read the “Statement on Privacy Policy”
  2. There will be a Privacy section on the website which explains how data collected from the website will be used.
  3. Where ever possible names will be anonymised and initials used. This is good practice.
  4. Private emails will not be used for Poulstone work, particularly in relation to those described at 1 above.

And:

  1. Nobody will have access to C1 save for:
    – Rajesh Rai (RR)
    – Divya Dhasmana (DD)
    – RR and/or DD have authorised Kaushik Rai and Nishchal Rai access to C1. They are reminded of the Company’s Private Policy statement.
    – No one else is to have access to C1 without proper authorisation, oversight from RR and/or DD and must be familiar with the Private Policy statement.
  2. Nobody must be given access to the office without specific permission from RR and DD to use the office.
  3. When the office is not being used it must be locked and keys kept in a secure location.
  4. When communicating via email with a third party or staff at Poulstone, you must use Poulstone email only. Personal emails must not be used to communicate with persons whose data has been collected or stored through 1. above. You must obtain consent from Rajesh Rai, the data controller, if you wish to contact those at 1. above using a non Poulstone email ID.
  5. Data collected or stored at Poulstone cannot be shared with a third party.
  6. How data is used at Poulstone will become a priority and will reflect the GDPR Directive. All Poulstone forms will be reviewed so that they are GDPR compliant.

Many regards,

Rajesh Rai
16 December 2020