This Privacy Policy applies to information we collect:

• On our website at imih.org;
• In email, text, and other electronic messages between you and our website;
• From the Innergy mobile app; and
• From the web portal (innergyapp.com) on our website to access Innergy

It does not apply to information collected by:

• Us offline or through any other means, including on any other website operated by IMIH or any third party; or
• Any third party, including through any application or content (including advertising) that may link to or be accessible from or on the IMIH Digital Sites.

We may use your personal information to, among other things:

1. Send you communications, including confirmations, notices, updates, alerts, and administrative messages;
2. Provide recommendations for relevant content choices.
3. Communicate with you by mail and/or e-mail about IMIH services, events, special offers, business developments, and promotional information;
4. Operate and improve the IMIH Digital Sites, business and services. We may keep a user database and other business records;
5. With your consent, we send push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
6. Detect, prevent and enforce against fraudulent, malicious or illegal acts;
7. Meet legal, regulatory, insurance, audit, security and processing requirements; and
8. For other purposes with your consent or as permitted or required by law.

We may disclose your personal information to third parties:

1. As needed to meet legal, regulatory, insurance, audit, security and processing requirements;
2. As permitted or required by law, including to respond to lawful requests and legal process, to protect the rights and property of our agents, users, and others, to enforce our agreements, policies and terms of use, in an emergency to protect the safety of a person from imminent harm;
3. Who perform certain services or functions on our behalf (for example, we may share your information with a hosting service provider who hosts the IMIH Digital Sites);
4. To fulfill the purpose for which you provide such information;and
5. In connection with any proposed or actual merger, sale of company assets, financing or acquisition of all or a part of our business to another company to evaluate and/or perform the transaction.

IMIH takes reasonable, industry standard steps to help protect personal information that we have or control against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted through the IMIH Digital Sites. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the IMIH Digital Sites.

Subject to certain limits and conditions provided under law, we honor the exercise of the right of access or deletion for all of our users, regardless of their location. Any user of the IMIH Digital Sites may exercise this right by contacting us at privacy@imih.org.

If you have questions or concerns about how we use your personal information, please contact our Privacy Officer at:

1. Email: privacy@imih.org
2. Postal Mail: Institute for Meditation and Inner Harmony, 4151 Naperville Road, Lisle, IL 60532

Please be sure to include your full name, postal address, and e-mail address. Please also describe your concern so we can better help you.

The IMIH Digital Sites are not intended for children under 18 years of age. No one under age 18 may provide any personal information to or on the IMIH Digital Sites. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on the IMIH Digital Sites. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at privacy@imih.org.

We retain personal information for no longer than is necessary for the purposes for which it is processed, unless applicable law requires storage for a longer period of time.

• For data relating to your account: such data will be permanently and irrevocably anonymized in the event that your account is: (i) inactive for a period of two (2) years; and (ii) not subscribed to the IMIH Digital Sites. Moreover, we will permanently and irrevocably anonymize your account data within thirty (30) days of your written request to do so via email to privacy@imih.org.
• For transactional data relating to your purchases: such data is kept for the entire period of the contractual relationship, then in accordance with legal obligations and applicable statute of limitation periods. Please note that this data does not include Payment Card information, which is processed by Apple & Google through the IMIH Digital Sites, and not IMIH.
• For data collected based on your consent to receive our marketing communications: we will use such data until you opt out, withdraw consent or applicable law requires that such data is no longer used.
• When your data is collected in the context of requests/queries: such data is kept for the period necessary to process and reply to such requests or queries.
• When cookies or other trackers are placed on your terminal, they are kept for a period of 12 months. Other data will be kept as long as necessary for the purposes pursued and in compliance with our legal obligations, including the applicable statute of limitations.

A European Union law called the General Data Protection Regulation (“GDPR”) gives certain rights to individuals located in certain countries/regions in relation to their personal data. We will comply with GDPR with respect to those individuals that are located in countries/regions in which we are required to comply with GDPR. As required under GDPR, the rights afforded to such individuals are:

• A right of access: you have the right to obtain (i) confirmation as to whether personal data concerning you is processed or not and, if processed, to obtain (ii) access to such data and a copy thereof.
• A right to rectification: you have the right to obtain the rectification of any inaccurate personal data concerning you. You also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
• A right to erasure: in some cases, you have the right to obtain the erasure of personal data concerning you. Upon request, IMIH will permanently and irrevocably anonymize your data such that it can never be reconstructed to identify you as an individual. However, this is not an absolute right and IMIH may have legal or legitimate grounds for keeping such data.
• A right to restriction of processing: in some cases, you have the right to obtain restriction of the processing of your personal data.
• A right to data portability: you have the right to receive the personal data concerning you which you have provided to IMIH, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from IMIH. This right only applies when the processing of your personal data is based on your consent or on a contract and such processing is carried out by automated means.
• A right to object to processing: you have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you when such processing is based on the legitimate interest of IMIH. IMIH may, however, invoke compelling legitimate grounds for continued processing. When your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of such data. You may, in particular, exercise that right by clicking on the “unsubscribe” link provided at the bottom of any messages received.
• A right to lodge a complaint with the competent supervisory authority: you have the right to contact the supervisory authority to complain about IMIH's personal data protection practices.
• A right to give instructions concerning the use of your data after your death: as required by applicable law, you may have the right to give IMIH instructions concerning the use of your personal data after your death.

To exercise one or more of these rights, you can email privacy@imih.org. You may access your personal data to modify or update at any time via an online account, or by emailing privacy@imih.org. We will respond to your request in a reasonable timeframe in accordance with applicable law.

Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:

• Confirm whether we process their personal information.
• Access and delete certain personal information.
• Data portability.
• Opt-out of personal data processing for targeted advertising and sales.

Colorado, Connecticut, and Virginia also provide their state residents with rights to:

• Correct inaccuracies in their personal information, taking into account the information's nature processing purpose.
• Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.

To the extent that IMIH is subject to the state specific requirements described above, IMIH shall comply with such requirements. If you are located in one of the foregoing states, to exercise any of your above described rights (to the extent applicable to IMIH), please contact us at privacy@imih.org. To appeal a decision regarding a consumer rights request, please contact us at privacy@imih.org.

Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may submit a request to this designated address: privacy@imih.org. However, please know we do not currently sell data triggering that Nevada's opt-out requirements.

As a non-profit entity, IMIH is not currently subject to the California Consumer Privacy Act of 2018, as amended.

California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of the IMIH Digital Sites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@imih.org or write us at our contact address set forth above.

Some internet browsers include the ability to transmit “Do Not Track” signals. We do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will update this Privacy Policy.

The IMIH Digital Sites may contain links to third-party sites not owned or operated by us. We are not responsible for the privacy practices or the content of any websites operated by third parties and expressly disclaim any liability with respect to your use of any third party services or websites. Once you have left the IMIH Digital Sites, we suggest you check the applicable privacy policy of the third-party website to determine how they will handle any information they collect from you.

We may revise this Privacy Policy at any time. Any amendments or modifications to this Privacy Policy will be posted on the IMIH Digital Sites and effective immediately upon posting. The date of last modification will be indicated above. You are responsible for periodically visiting the IMIH Digital Sites and this Privacy Policy to check for any changes.