1. Contact addresses
Responsible for the processing of personal data:
contact (at) haslerstiftung.ch
We will inform you if there are other responsible parties for the processing of personal data in individual cases.
Data Protection Officer
We have the following data protection officer as a contact person for affected individuals and as a point of contact for supervisory authorities regarding data protection inquiries:
Dr. Matthias Kaiserswerth
contact (at) haslerstiftung.ch
2. Definitions and Legal Bases
Personal data refers to any information relating to an identified or identifiable person. An affected person is a person whose personal data is being processed.
Processing includes any handling of personal data, regardless of the means and procedures used, including storage, disclosure, acquisition, collection, deletion, storage, modification, destruction, and use of personal data.
2.2 Legal Bases
We process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (FADP) and the Ordinance to the Federal Data Protection Act (DPO).
3. Type, Scope, and Purpose
We process personal data that is necessary to carry out our activities and operations on a permanent, user-friendly, secure, and reliable basis. Such personal data may include categories of inventory and contact data, browser and device data, content data, meta or metadata, usage data, location data, sales data, as well as contract and payment data.
We process personal data for the duration required for the respective purpose(s) or as legally required. Personal data that is no longer necessary for processing will be anonymized or deleted.
We may engage third parties to process personal data on our behalf. We may also process or transmit personal data together with third parties. Such third parties are primarily specialized providers whose services we use. We ensure data protection also with such third parties.
We process personal data only with the consent of the affected person, unless the processing is permissible for other legal reasons. Processing without consent may be permissible, for example, for the fulfillment of a contract with the affected person and for corresponding pre-contractual measures, to safeguard our overriding legitimate interests when processing is apparent from the circumstances, or after prior notification.
Within this framework, we process, in particular, information that an affected person voluntarily provides to us when contacting us – for example, by postal mail, email, instant messaging, contact form, social media, or telephone – or when registering for a user account. We may store such information, for example, in an address book or using comparable tools. If we receive data about other individuals from third parties, the transmitting parties are obliged to ensure data protection for these individuals and to ensure the accuracy of this personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, provided that such processing is legally permissible.
4. Personal Data Abroad
We generally process personal data in Switzerland. However, we may also disclose or export personal data to other countries, particularly for the purpose of processing them.
We can disclose personal data in all states and territories on Earth as well as elsewhere in the Universe, provided that the local law ensures adequate data protection according to the assessment of the Federal Data Protection and Information Commissioner (FDPIC) or based on a decision by the Swiss Federal Council.
We may disclose personal data to countries where the law does not ensure adequate data protection if suitable data protection is guaranteed for other reasons, such as through appropriate contractual agreements, based on standard data protection clauses, or with other suitable guarantees. In exceptional cases, we may export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, such as the explicit consent of the individuals concerned or a direct connection to the conclusion or performance of a contract. Upon request, we are happy to provide affected individuals with information about any guarantees or provide a copy of the guarantees.
5. Rights of Affected Individuals
Affected individuals whose personal data we process have the rights provided by Swiss data protection law. These include the right to information as well as the right to rectification, erasure, or blocking of the processed personal data.
Affected individuals whose personal data we process have the right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
6. Data Security
We implement appropriate technical and organizational measures to ensure data security commensurate with the respective risk. However, we cannot guarantee absolute data security.
Access to our website is secured through transport encryption (SSL/TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock icon in the address bar.
Our digital communication is subject to mass surveillance without cause or suspicion, as well as other monitoring by security authorities in Switzerland, other parts of Europe, the United States of America (USA), and other countries, as is generally the case with any digital communication. We have no direct influence over the processing of personal data by intelligence services, police authorities, and other security agencies.
Cookies can be temporarily stored in the browser as “session cookies” or for a specific period as so-called persistent cookies. “Session cookies” are automatically deleted when the browser is closed. Persistent cookies have a specific storage duration. Cookies allow, in particular, the recognition of a browser during the next visit to our website, thereby, for example, measuring the reach of our website. However, persistent cookies can also be used for online marketing purposes.
7.2 Server Log Files
For each access to our website, we may collect the following information if it is transmitted from your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual sub-page of our website including transferred data volume, and the previously accessed website in the same browser window (referrer).
We store such information, which may also include personal data, in server log files. The information is necessary to permanently provide our website in a user-friendly and reliable manner and to ensure data security, especially the protection of personal data, even through third parties or with the help of third parties.
7.3 Pixel Tags
We may use pixel tags on our website. Pixel tags are also referred to as web beacons. Pixel tags, including those from third parties whose services we use, are small, usually invisible images that are automatically retrieved when visiting our website. Pixel tags can capture the same information as server log files.
8. Social Media
We have a presence on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and initiatives. In connection with such platforms, personal data may also be processed outside of Switzerland.
The terms and conditions (T&Cs), usage policies, privacy policies, and other provisions of each platform operator apply. These provisions provide information, in particular, about the rights of individuals directly with respect to the respective platform, including the right to information.
9. Third-Party Services
We utilize services from specialized third parties to ensure the continuous, user-friendly, secure, and reliable operation of our activities and initiatives. These services enable us to embed functions and content into our website. When such embedding occurs, the utilized services may, for technical reasons, temporarily collect the internet protocol (IP) addresses of the users.
For necessary security-related, statistical, and technical purposes, third parties whose services we utilize may process data aggregated, anonymized, or pseudonymized in connection with our activities and initiatives. This includes, for example, performance or usage data required to provide the respective service.
We particularly utilize:
- Microsoft Services: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), United Kingdom, and Switzerland. General information on data protection: “Privacy at Microsoft”, “Privacy (Trust Center)”, “Privacy Statement”.
9.1 Digital Infrastructure
We rely on services from specialized third parties to access the necessary digital infrastructure related to our activities and initiatives. This includes hosting and storage services provided by selected providers.
Specifically, we utilize:
9.2 Audio and Video Conferences
We utilize specialized services for audio and video conferences to facilitate online communication. This allows us to conduct virtual meetings, online classes, and webinars, among other activities. When participating in audio and video conferences, the respective terms and conditions of each service, such as privacy policies and usage agreements, apply.
Depending on your personal situation, we recommend muting the microphone by default and blurring the background or using a virtual background during audio and video conferences.
Specifically, we utilize:
- Microsoft Teams: Platform for audio and video conferences; Provider: Microsoft; Teams-specific information: “Privacy and Microsoft Teams”.
- Skype: Audio and video conferences; Skype-specific providers: Skype Communications SARL (Luxembourg) / Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom, and Switzerland; Privacy information: “Legal information for Skype”, “Privacy and security”.
- Zoom: Video-Konferenzen; Anbieterin: Zoom Video Communications Inc. (USA); Information on Data Privacy: Privacy Practices, «Zoom Privacy Statement», «Zoom Trust Center».
9.3 Mapping Services
We utilize services from third parties to embed maps into our website.
Specifically, we utilize:
- Google Maps including Google Maps Platform: Mapping service; Provider: Google; Google Maps-specific information: “How Google uses location information”.
10. Final Provisions