Privacy Policy

Privacy Policy

With this Privacy Policy we inform you about the processing of personal data in connection with our activities and operations, including our website at the domain haslerstiftung.ch. In particular, we inform you which personal data we process for which purpose, in which manner and at which location. We also inform you about the rights of persons whose data we process.

This Privacy Policy was drafted in German. If it is published in another language, the German-language Privacy Policy remains authoritative.

For individual or additional activities and operations, we may publish further privacy policies or other information on data protection.

1. Contact addresses

The controller for data protection purposes is:

Hasler Stiftung
Hirschengraben 6
3011 Bern
Switzerland

contact@haslerstiftung.ch

In individual cases, third parties may be responsible for the processing of personal data, or there may be joint responsibility with third parties. On request, we are happy to provide data subjects with information about the respective responsibilities.

Data Protection Officer

We have appointed the following Data Protection Officer as a contact point for data subjects and as a contact for supervisory authorities for data protection enquiries:

Sinja Christiani
Hasler Stiftung
Hirschengraben 6
3011 Bern
Switzerland

contact@haslerstiftung.ch

2. Definitions and legal bases

2.1 Definitions

Data subject: Natural person about whom we process personal data.

Personal data: All information that relates to an identified or identifiable natural person.

Sensitive personal data: Data on trade union, political, religious or ideological views and activities, data on health, the intimate sphere or affiliation with an ethnic group or race, genetic data, biometric data that uniquely identify a natural person, data on administrative and criminal proceedings or sanctions, and data on social assistance measures.

Processing: Any handling of personal data, regardless of the means and procedures used, for example the querying, comparing, adapting, archiving, retaining, retrieving, disclosing, obtaining, collecting, gathering, deleting, ordering, organising, storing, modifying, distributing, linking, destroying and using of personal data.

2.2 Legal bases

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (Data Protection Act, FADP) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

3. Nature, scope and purpose of the processing of personal data

We process such personal data as is necessary in order to carry out our activities and operations in a lasting, user-friendly, secure and reliable manner. The personal data processed may in particular fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data and payment data. The personal data may further constitute sensitive personal data.

We also process personal data which we receive from third parties, obtain from publicly accessible sources or collect in the course of our activities and operations, insofar as such processing is permissible.

Where required, we process personal data with the consent of the data subjects. In many cases we may process personal data without consent, for example to fulfil legal obligations or to safeguard overriding interests. We may also ask data subjects for their consent even if their consent is not required.

We process personal data for as long as is necessary for the respective purpose. We anonymise or delete personal data in particular depending on statutory retention and limitation periods.

4. Automation and Artificial Intelligence (AI)

We may process personal data in an automated manner or use Artificial Intelligence for the processing of personal data.

We may use profiling in order to automatically evaluate certain personal aspects relating to data subjects. Profiling serves, for example, the analysis or prediction of interests, behaviour or personal preferences.

We will provide information on a case-by-case basis about decisions which are based exclusively on the automated processing of personal data and which entail legal consequences for the data subjects or significantly affect them (automated individual decisions).

5. Disclosure of personal data

We may disclose personal data to third parties, have it processed by third parties or process it jointly with third parties. Such third parties may, for example, be specialised providers whose services we use. Such third parties may in turn disclose personal data to further third parties.

Within the framework of our activities and operations, we may in particular disclose personal data to banks and other financial service providers, authorities, education and research institutions, advisors and lawyers, accounting and trust service providers, debt collection companies, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, parent, sister and subsidiary companies, organisations and associations, social institutions, telecommunications companies, insurers and payment service providers.

6. Communication

We process personal data in order to communicate with individuals as well as with authorities, organisations and companies. In doing so we process in particular data which a data subject transmits to us when making contact, for example by post or e-mail. We may store such data in an address book or with comparable tools.

Third parties who transmit data about other persons to us are legally obliged to ensure data protection for these data subjects on their own responsibility. They must in particular ensure that they are entitled to transmit such data and that the data transmitted is accurate.

7. Applications

We process personal data about applicants insofar as it is necessary to assess their suitability for an employment relationship or for the subsequent performance of an employment contract. The necessary personal data are derived in particular from the data requested, for example as part of a job advertisement. We may publish job advertisements with the help of suitable third parties, for example in electronic and printed media or on job portals and recruitment platforms.

We also process such personal data which applicants voluntarily share or publish, in particular as part of cover letters, CVs and other application documents as well as as part of online profiles.

8. Data security

We take appropriate technical and organisational measures in order to ensure a level of data security appropriate to the respective risk. Our measures ensure in particular the confidentiality, availability, traceability and integrity of the personal data processed, however, without being able to guarantee absolute data security.

Access to our website and our other digital presence takes place via transport encryption (SSL / TLS, in particular with Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers warn before visiting a website without transport encryption.

Our digital communication – like essentially all digital communication – is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, in the rest of Europe, in the United States of America (USA) and in other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police authorities and other security authorities. We also cannot rule out that a data subject may be specifically monitored.

9. Personal data abroad

We process personal data as a rule in Switzerland. However, we may also disclose or export personal data to other countries, in particular in order to process it there or have it processed there.

We may disclose personal data to all countries on Earth and elsewhere in the universe, provided that the law there ensures an adequate level of data protection in accordance with the decision of the Swiss Federal Council.

We may disclose personal data to countries whose law does not ensure an adequate level of data protection, provided that an appropriate level of data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or with other suitable safeguards. By way of exception, we may export personal data to countries without an adequate or suitable level of data protection if the specific data protection requirements are met, for example the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. On request, we are happy to inform data subjects about any safeguards or to provide a copy of the safeguards.

10. Rights of data subjects

10.1 Data protection rights

We grant data subjects all rights under the applicable law. Data subjects have in particular the following rights:

  • Information: Data subjects may request information as to whether we process personal data about them and, if so, which personal data is involved. Data subjects also receive such information as is necessary to enforce their data protection rights and to ensure transparency. This includes the personal data processed as such, but also, among other things, information on the purpose of the processing, the duration of retention, any disclosure or export of data to other countries, and the origin of the personal data.
  • Correction and restriction: Data subjects may have incorrect personal data corrected, have incomplete data completed and have the processing of their data restricted.
  • Opportunity to state their own point of view and to obtain human review: In the case of decisions that are based exclusively on the automated processing of personal data and that entail legal consequences for them or significantly affect them (automated individual decisions), data subjects may state their own point of view and request review by a human.
  • Deletion and objection: Data subjects may have personal data deleted (“right to be forgotten”) and object to the processing of their data with effect for the future.
  • Data release and data portability: Data subjects may request the release of personal data or the transfer of their data to another controller.

We may postpone, restrict or refuse the exercise of the rights of data subjects within the legally permissible framework. We may inform data subjects about any conditions to be met for the exercise of their data protection rights. We may, for example, refuse the request for information in whole or in part by reference to obligations of confidentiality, overriding interests or the protection of other persons. We may, for example, also refuse the deletion of personal data in whole or in part, in particular by reference to statutory retention obligations.

We may exceptionally charge costs for the exercise of these rights. We will inform data subjects of any such costs in advance.

We are obliged to identify data subjects who request information or assert other rights by means of appropriate measures. Data subjects are obliged to cooperate.

10.2 Legal remedies

Data subjects have the right to enforce their data protection rights through legal action or to file a complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

11. Use of the website

11.1 Cookies

We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies of third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data need not be limited to traditional cookies in text form.

Cookies may be stored in the browser temporarily as “session cookies” or for a certain period as so-called persistent cookies. “Session cookies” are deleted automatically when the browser is closed. Persistent cookies have a defined storage period. Cookies enable, in particular, the recognition of a browser on the next visit to our website, thereby allowing, for example, the measurement of the reach of our website. Persistent cookies may, however, also be used for online marketing.

Cookies can be deactivated, restricted or deleted in whole or in part in the browser settings at any time. Browser settings often also allow automated deletion and other management of cookies. Without cookies, our website may no longer be fully available. We – at least to the extent required by the applicable law – actively request explicit consent to the use of cookies.

For cookies used for measuring success and reach or for advertising, a general objection (“opt-out”) is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

11.2 Logging

For every access to our website and our other digital presence, we may at minimum log the following information, provided it is ascertained or transmitted to our digital infrastructure as standard during such accesses: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including data volume transmitted, last page accessed in the same browser window (referer or referrer).

We log such information, which may also constitute personal data, in log files. This information is necessary in order to make our digital presence available in a lasting, user-friendly and reliable manner. The information is further necessary in order to ensure data security – also through third parties or with the help of third parties.

11.3 Tracking pixels

We may integrate tracking pixels into our digital presence. Tracking pixels are also referred to as web beacons. Tracking pixels – including those of third parties whose services we use – are usually small, invisible images or scripts written in JavaScript that are retrieved automatically when our digital presence is accessed. With tracking pixels, at least the same information as in the case of logging in log files can be recorded.

12. Notifications and messages

12.1 Measurement of success and reach

Notifications and messages may contain weblinks or tracking pixels that record whether an individual message was opened and which weblinks were clicked. Such weblinks and tracking pixels may also record the use of notifications and messages on a personal basis. We need this statistical recording of usage for the measurement of success and reach in order to be able to send notifications and messages effectively and in a user-friendly manner, based on the needs and reading habits of recipients, and to do so in a lasting, secure and reliable manner.

12.2 Consent and objection

You must as a rule consent to the use of your e-mail address and your other contact addresses, unless the use is permitted on other legal grounds. For obtaining a doubly confirmed consent, we may use the “double opt-in” procedure. In this case you will receive a message with instructions for the second confirmation. We may log obtained consents including IP address and timestamp for reasons of proof and security.

You may as a rule object to the receipt of notifications and messages such as newsletters at any time. With such an objection you may simultaneously object to the statistical recording of usage for the measurement of success and reach. Necessary notifications and messages in connection with our activities and operations remain reserved.

13. Social Media

We are present on social media platforms and other online platforms in order to communicate with interested persons and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland.

The general terms and conditions, terms of use as well as the privacy policies and other provisions of the individual operators of such platforms also apply. These provisions inform you in particular about the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right of information.

14. Third-party services

We use the services of specialised third parties in order to be able to carry out our activities and operations in a lasting, user-friendly, secure and reliable manner. With such services we can, among other things, embed functions and content in our website. Such embedding for technical reasons causes the services used to at least temporarily capture the IP addresses of users.

For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations on an aggregated, anonymised or pseudonymised basis. This concerns, for example, performance or usage data, in order to be able to provide the respective service.

We use in particular:

14.1 Digital infrastructure

We use the services of specialised third parties in order to make use of the digital infrastructure required in connection with our activities and operations. This includes, for example, hosting and storage services of selected providers.

We use in particular:

14.2 Automation and integration of apps and services

We use specialised platforms in order to integrate and connect existing apps and services of third parties. With such “no-code” platforms we can also automate processes and activities with apps and services of third parties.

We use in particular:

  • Elfsight: Platform for the integration of widgets in websites; provider: Elfsight SL (Armenia); information on data protection: Privacy Policy.

14.3 Appointment scheduling

We use the services of specialised third parties to enable the online scheduling of appointments, for example for meetings. In addition to this Privacy Policy, any directly accessible terms of the services used, such as terms of use or privacy policies, also apply.

We use in particular:

14.4 Online collaboration

We use the services of third parties to enable online collaboration. In addition to this Privacy Policy, any directly accessible terms of the services used, such as terms of use or privacy policies, also apply.

We use in particular:

14.5 Social media features and social media content

We use services and plugins of third parties in order to be able to embed features and content of social media platforms and to enable the sharing of content on social media platforms and via other channels.

We use in particular:

15. Measurement of success and reach

We endeavour to measure the success and reach of our activities and operations. In this context, we may also measure the impact of notices from third parties or check how different parts or versions of our digital presence are used (“A/B test” method). Based on the results of the measurement of success and reach, we may in particular fix errors, strengthen popular content or make improvements.

For the measurement of success and reach, in most cases the IP addresses of individual users are recorded. In this case, IP addresses are as a rule shortened (“IP masking”) in order to follow the principle of data minimisation through corresponding pseudonymisation.

Cookies may be used and user profiles may be created in the context of the measurement of success and reach. User profiles created where applicable comprise, for example, the individual pages visited or content viewed on our digital presence, information on the size of the screen or browser window and the – at least approximate – location. As a rule, any user profiles created are exclusively pseudonymised and are not used for the identification of individual users. Individual services of third parties where users are logged in may, where applicable, assign the use of our online offering to the user account or user profile with the respective service.

We use in particular:

16. Concluding notes on the Privacy Policy

We prepared this Privacy Policy with the Privacy Generator from Datenschutzpartner.

We may update this Privacy Policy at any time. We will inform you about updates by publishing the respective current Privacy Policy on our website.