Privacy Policy

Effective date: February 22, 2026

This Privacy Policy describes how personal data is collected, processed, and protected when using the subscription service for the Majjhima Nikaya Book Club newsletter (hereinafter referred to as the “Service”).

1. Data Controller

Ivan Ermakov Munich, Germany Email: ekayanomaggo.project@gmail.com

The controller is the data controller within the meaning of Art. 4(7) of Regulation (EU) 2016/679 (GDPR), as well as the personal data operator within the meaning of Federal Law No. 152-FZ “On Personal Data” of the Russian Federation.

2. Data Collected

When subscribing to the newsletter, we collect the following data:

• First name — for personalization of communications
• Last name (optional) — if provided by the subscriber
• Email address — for delivery of the newsletter
• IP address — automatically recorded at the time of subscription
• Timestamp — date and time of subscription

This data is collected exclusively through the voluntary completion of the subscription form.

3. Purpose of Processing and Legal Basis

Purpose of processing: sending the informational newsletter of the Majjhima Nikaya Book Club, containing translations and analyses of suttas from the Pali Canon.

Legal basis:

• Art. 6(1)(a) GDPR — consent of the data subject. Subscription is voluntary and uses a double opt-in mechanism.
• Federal Law No. 152-FZ Art. 9 — consent of the personal data subject to processing (applicable to Russian Federation residents).

Data is processed exclusively for the stated purpose and is not used for profiling, targeted advertising, or any other purposes.

4. Data Processors (Third Parties)

There are no data processors. All data is processed exclusively on the controller’s own server. No third parties are involved in the processing of personal data.

The newsletter is distributed through self-hosted Listmonk software on the controller’s server. No data is transmitted to third-party mailing services.

5. Data Storage Location

All personal data is stored on servers located in Germany (IONOS VPS, Frankfurt am Main). Data does not leave the territory of the European Union.

6. Data Retention Period

• During the active subscription — data is retained as long as the subscription is active.
• After unsubscription — the subscriber’s personal data is deleted within 30 days of unsubscription.
• Consent logs — records of consent given and withdrawn are retained for 3 years in accordance with the general statute of limitations under German law (Section 195 BGB).

7. Data Subject Rights

In accordance with the GDPR and Federal Law No. 152-FZ, you have the right to:

• Right of access (Art. 15 GDPR) — obtain information about what personal data is being processed
• Right to rectification (Art. 16 GDPR) — request correction of inaccurate data
• Right to erasure (Art. 17 GDPR) — request deletion of your data (“right to be forgotten”)
• Right to restriction of processing (Art. 18 GDPR) — request restriction of data processing
• Right to data portability (Art. 20 GDPR) — receive your data in a machine-readable format
• Right to object (Art. 21 GDPR) — object to the processing of your data

To exercise any of these rights, please contact the controller at: ekayanomaggo.project@gmail.com.

8. Withdrawal of Consent

You may withdraw your consent to the processing of personal data at any time:

• Via the “Unsubscribe” link — located at the bottom of every newsletter email
• By email — by sending a request to ekayanomaggo.project@gmail.com

Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

9. Right to Lodge a Complaint

If you believe your rights have been violated, you have the right to lodge a complaint with a supervisory authority:

For EU data subjects: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18, 91522 Ansbach, Germany https://www.lda.bayern.de

For Russian Federation data subjects: Roskomnadzor (Federal Service for Supervision of Communications, Information Technology, and Mass Media) https://rkn.gov.ru

10. Cross-Border Data Transfer

Data is stored and processed exclusively on the territory of Germany (European Union). No cross-border transfer of data outside the EU is carried out.

For data subjects from the Russian Federation: Germany is included in the list of foreign states that provide an adequate level of protection for personal data subjects’ rights (Order of Roskomnadzor No. 274 dated August 5, 2013, as amended).

Last updated: February 22, 2026