• Be the digital guardian in your area: As an officer of Shambhala, protect and advocate for the protection of individuals (their digital rights and data about them).
• Be virtuous: Shambhala gathers, records, and processes accurate data about people for their benefit. Therefore, do not send unwanted email or contact people without their consent. Never mis-represent them or use Shambhala data or email to harass, abuse, or harm another person.
• Obey applicable laws and regulations: never use Shambhala email for spamming or for commercial or political purposes.
• Follow Shambhala’s policies: Only use Shambhala data for official purposes and delete when no longer needed. Only share Shambhala data with trusted people who will also be bound by these terms of use. Unless required for purposes such as organizing local practice events, registration or financial management, data extracts from the SDB to be used in independent databases are not permitted.
• Be security minded: Never share your password with others or bypass mechanisms designed to enforce these terms of use.
• Enforcement: These terms of use are enforceable by Shambhala (Kalapa Media staff) and your local authorities. Your privileges may be revoked if you do not comply.
• Persistent obligation: Your obligation to comply with these terms of use does not end when you cease being a DBA or are not connected with Shambhala.

Why does Shambhala have these “terms of use”? To make privacy and other rules clear to everyone so that Shambhala’s tax status is protected, our email is not blacklisted, and we are able to get our message out to the world. These terms of use were approved by the Shambhala Digital Oversight Commission in November, 2018.

John here I would like to have a list of “down-to-earth” recommandations.

• Do not share your password with anyone
• Do not use another system to manage Shambhalians personal data and communications (using Mailchimp synched with the SDB is not considered as another system)
• Do not send emails outside of a newsletter channel unless there is a good reason
• Inform us if you don't need to access the SDB anymore
• Connect on a regular basis (once a week) to the SDB to execute your “data Rota”
• Read and agree to the latest code of conduct at least once a year (you will be automatically reminded to do so)

Hello Bernard and John,

I think it's a good idea to have all the rules and hints in one place.

I wonder if this point: Do not use another system to manage Shambhalians personal data and communications (using Mailchimp synched with the SDB is not considered as another system) could not be a little looser because I believe in practice centers use their own systems (for example for managing donors, managing libraries etc.)?

Also, I would consider adding some recommendations:

- do not copy data if it's not necessary - delete copied data when it's no more needed (don't forget about deleting old backups, USB drives, cloud backups etc.) - do not share data with others if it's not necessary, do not send it via emails if it's not necessary. When you have to do it, use additional layers of protection, for example, set passwords, use confidential mode (Gmail) or encrypt emails - protect your devices (and data kept) from random people access - scan your devices against viruses and other malware on a regular basis - regularly update software used on your devices (OS, browsers etc.) - use firewalls when it's possible, - use only strong, secure passwords and change them at least once a year, take care of the security of your passwords - in case you notice any privacy or other threats related to SDB let us know - report to us privacy breaches that you are aware of

I will think about it more… Warmly, Pawel

• Contact compliance@shambhala.org.
• See additional information here:
  • You should never share an SDB Password
  • Specific roles and privileges according to your level of authorization.
  • Shambhala is bound by the European Union's General Data Protection Regulation (GDPR).