Privacy Notice of www.zenokarlschindler-foundation.ch

In this Privacy Notice, we describe what we do with your data when you use our website, obtain services from us, interact with us in relation to a contract, communicate with us or otherwise deal with us, and how you can exercise your data protection rights. We use the word “data” here interchangeably with “personal data”. Personal data means any information relating to an identified or identifiable natural person.

If you provide data to us about other individuals (e.g., family members, contact per-sons), we assume that you are authorized to do so and that the relevant data is accu-rate. Please make sure that these individuals have been informed about this Privacy Notice.

This Privacy Notice is aligned with the Swiss Federal Act on Data Protection (DPA) and the EU General Data Protection Regulation (GDPR). However, the application of these laws depends on each individual case.

1. WHO IS THE CONTROLLER FOR PROCESSING YOUR DATA?

FONDATION ZENO KARL SCHINDLER (CHE-112.490.686), a foundation incorporated under Swiss laws in Geneva, Switzerland (Foundation ZKS, “we” or “us”), is the controller of the processing of your personal data according to this Privacy Notice.

If you have any questions about this Privacy Notice or our processing of your personal data or wish to exercise your rights under Section 13, please write to us at the following email address here.

2. WHAT DATA DO WE PROCESS?

We process different categories of personal data about you. The main categories are as follows:

Master data

Master data is the basic data about you, such as your title, name, contact details and date of birth. It also includes payment information (e.g., bank details and invoice address), as well as information about third parties involved (e.g., contact persons, representatives). We collect master data in particular when you apply for a grant or communicate with us.

Grant data

Grant data is the data you provide to us in relation to applications for potential grants, awards or research projects which may be allocated by Foundation ZKS, as well as all data derived from or published in relation thereto. We collect master data in particular when you apply for a grant.

Contract data

Contract data is personal data collected in the context of the conclusion and performance of contracts, such as information on the relevant contracts (e.g., type and duration), information on the administration of contracts (e.g., contact details, delivery addresses, successful or unsuccessful deliveries, and information about payment methods), information about acquired claims and receivables, information about financial matters (e.g., reminders), information about defects and complaints, and information about customer satisfaction. We primarily conclude contracts with users of the Website, contractual partners and business partners.

Communication data

When you communicate with us, such as when you write to us, contact our representatives, or call us, we process the content of the communication (e.g., the content of emails, written correspondence, and telephone conversations), as well as the metadata of those communications (e.g., the type, time, and place of the communication). This data may also include information about third parties. In some situations, we may also ask you to provide proof of your identity.

Technical data

When you use our website, we collect certain technical data, such as the IP address of your device, protocols in which we record the use of our systems (log files), information about your device and its configuration (e.g., operating systems and language settings), information about the browser with which you access our offerings and its configuration, your approximate location and time of use of our Website, information about your actions on our Website, and information about your Internet service provider. In some cases, we may also assign your device (PC, tablet, smartphone, etc.) a unique identifier (ID), for example by using cookies or similar technologies, so that we can recognize it. You can find more information on cookies and similar technologies in Section 11. Technical data generally does not allow us to infer who you are. However, technical data may be linked to other categories of data (and potentially to you), for example when you create an account.

Behavioral and Preference Data

You can find more information about how we process your data on our social media pages in Section 12 and how tracking works on our website in Section 11.

Other data

We also collect data about you in other situations. For example, we process data that may relate to you in administrative or judicial proceedings (e.g., evidence).

Most of the data mentioned in this Section 2 is provided to us directly by you (e.g., when you contact us or apply for a grant). We may also collect data ourselves (e.g., technical data when you use our Website). To the extent permitted, we may also collect data from publicly available sources (e.g., debt collection registers) or obtain data from authorities or other third parties (e.g. other Website users).

As far as it is not unlawful we also collect data from public sources (for example debt collection registers, land registers, commercial registers, the media, or the internet including social media) or receive data from public authorities and from other third parties (such as credit agencies, contractual partners, internet analytics services, etc.).

3. FOR WHAT PURPOSES DO WE PROCESS YOUR DATA?

We process your data for the following purposes:

Communication

We process your data for the purpose of communicating with you, e.g. to respond to your requests, to contact you in case of questions and to perform our activities. For this purpose, we use, among other things, communication data and master data.

Our communication with you usually takes place in connection with other processing purposes, for example so that we can perform our activities, allocate grants or perform a contract.

 

Review of applications for grants

We process your data in connection with the review of applications for grants which may be allocated by Foundation ZKS, including in relation to the publication of the relevant research on the website of Foundation ZKS. For this purpose, we use, among other things, grant data, communication data and master data.

 

Donations

We process your data in the context of donations to Foundation ZKS and for the preparation of the relevant donation certificate. For this purpose, we use, among other things, communication data and master data.

Performance of contracts

We process your data in connection with the conclusion, administration and performance of contracts, e.g. to decide whether and how we conclude a contract with you, to deliver services and, if necessary, to assert claims arising from the contracts (debt collection, legal proceedings, etc.). For this purpose, we use master data, contract data, communication data, among others.

Compliance with legal requirements

We want to lay the foundations for compliance with legal requirements. We therefore also process personal data to comply with legal requirements, and to prevent and detect violations. This includes, for example, receiving and processing complaints, com-plying with judicial or administrative decisions, and detecting and investigating abuse. This may involve all categories of personal data mentioned in Section 2.

Other purposes

We may process your data for other purposes, for example for security and prevention purposes (e.g. to ensure IT security, prevent theft, fraud and abuse) and for quality assurance and training purposes. We may also process your data to protect our rights and defend ourselves against third parties claims. This may involve all categories of personal data mentioned in Section 2.

4. ON WHAT BASIS DO WE PROCESS YOUR DATA?

To the extent that the GDPR applies and we need a legal basis to process personal data, we generally rely on one or more of the following legal bases depending on the purpose of the processing:

Initiation or performance of a contract

Processing is necessary to initiate or perform a contract with you or the entity you represent.

Legitimate Interests

Processing is necessary for our or a third party’s legitimate interests, including to car-ry out processing for the purposes described in Section 3 and to disclose data in accordance with Sections 7 and 8, as well as to carry out the purposes related to them. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognized as a legal basis by applicable data protection legislation (e.g. laws in the EEA). This also includes the marketing of our activities, the desire to better understand our markets and to manage and develop our business, including its operations, safely and efficiently.

Consent

The processing is based on your consent. In these cases, we will inform you separately about the purposes of the processing at issue. You may withdraw your consent at any time with effect for the future by sending us written notice; you will find our con-tact details in Section 1. To withdraw your consent to online tracking, please see Section 11. Once we receive notice of withdrawal of consent, we will no longer process your information for the purpose(s) to which you consented, unless we have another legal basis for doing so. Withdrawal of consent does not, however, affect the lawfulness of the processing based on the consent prior to the withdrawal.

In some cases, other legal bases may apply and, if so, we will inform you separately.

5. DO WE CONDUCT PROFILING?

“Profiling” refers to a procedure in which personal data is processed in an automated way in order to analyze personal aspects or to make predictions (e.g. to analyze an individual’s personal interests, preferences, and affinities or to predict likely behavior). We generally do not do this, but we will inform you separately if we are required to conduct profiling in individual cases. In such cases, we ensure the proportionality and reliability of the results and take measures against the misuse of these profiles or profiling.

6. DO WE USE AUTOMATED INDIVIDUAL DECISION-MAKING?

“Automated individual decision-making” are decisions that are made on a fully automated basis, i.e. without relevant human influence, and that have legal consequences for the data subjects concerned or otherwise significantly affect them. We generally do not do this, but we will inform you separately if we are required to make automated individual decisions in individual cases. In such cases, you have the opportunity to have the decision reviewed by a human being if you do not agree with it.

7. WITH WHOM DO WE SHARE YOUR DATA?

In the context of our processing activities, we may disclose your personal data to third parties, in particular to the following categories of recipients:

Service providers

We work with service providers in Switzerland and abroad. These service providers generally process your personal data on our behalf as “processors”. Our processors are obliged to process personal data in accordance with our instructions and to take appropriate measures for data security. Some service providers are also responsible jointly with us or independently (e.g. collection agencies).

Contractual partners

We disclose your data to our contractual partners insofar as the disclosure of your data is based on the relevant contracts. These recipients also include the persons involved with the review of applications for grants, as well as contractual partners with whom we cooperate (e.g. providers of solution on the Website) or who advertise on our behalf and to whom we may therefore disclose your data for analysis and marketing purposes. You will find more information on this subject in Section 11. These contractual partners may act as separate controllers and process your data for their own purposes.

If you have concerns or wish to exercise your data protection rights, please contact these contractual partners directly.

Authorities

We may disclose your personal data to authorities when we are legally required to do so or when it appears necessary to protect our interests. These authorities act as separate controllers.

Other persons

We may also share your data with other persons, such as service recipients and third party debtors specified by you.

8. IS YOUR DATA SHARED ABROAD?

We process and store personal data primarily in Switzerland and the European Economic Area (EEA). In some cases, however, we may also disclose personal data to service providers and other recipients (see Section 7) who are located outside this area or who process personal data outside this area, in principle in any country in the world. These countries may not have laws that protect your personal data to the same extent as in Switzerland or the EEA, such as in the United States (see Section 11). If we transfer your personal data to such a country, we will ensure the protection of your personal data in an appropriate manner. In particular, we use the European Commission’s standard contractual clauses for this purpose, unless the recipient is already subject to a legally accepted set of rules to ensure data protection or we can invoke an exception. We would like to emphasize that these contractual measures partly compensate for less or no legal protection, but do not completely exclude all risks (e.g. the risk of data being accessed by governments abroad). In exceptional cases, we may allow the transfer of your personal data to countries without adequate protec-tion in other cases, for example if you consent, in the context of legal proceedings abroad or if it is necessary for the performance of a contract.

Please note that data exchanged via the internet is often routed through third countries. Your data may therefore be sent abroad even if the sender and recipient are in the same country.

9. HOW LONG DO WE PROCESS YOUR DATA?

We process your data for as long as our processing purposes (see Section 3), legal retention periods and our legitimate interests in documentation and keeping evidence require it or storage is a technical requirement. After the expiration of these periods, we will delete or anonymize your data insofar as there are no legal or contractual ob-ligations to the contrary.

For example, we adhere to the following retention periods, which we may waive on a case-by-case basis:

 

Grant data

Personal data associated with applications for grant data is retained for a maximum period of three years following finalization of the review or the end of the grant (as applicable), and personal data associated with grants (name, thesis/research project, etc.) is retained for as long as you do not withdraw your consent in relation thereto (but for at least 10 years).”

 

Master and contract data

We generally store master and contract data for ten years from the last contractual activity or the end of the contract. However, this period may be longer if necessary for evidentiary purposes, due to legal or contractual provisions or for technical reasons. Transaction data related to contracts (e.g. invoices) are generally stored for ten years.

 

Communication data

E-mails and written correspondence are generally kept for ten years. However, this period may be longer if necessary for evidentiary purposes, due to legal or contractual provisions or for technical reasons.

 

Technical Data

We generally retain technical data for 30 days. Cookies and similar technologies (see Section 11) are generally retained for 30 days.

 

Other data

The retention period for other data depends on the purpose of the processing and is limited to what is necessary. It ranges from a few days to several years.

10. HOW DO WE PROTECT YOUR DATA?

We take appropriate technical and organizational security measures to maintain the required security of your data and to ensure the confidentiality, integrity and availa-bility of your data, to protect it against unjustified or unlawful processing and to miti-gate the risk of loss, accidental alteration, unauthorized disclosure or access. Like all companies, however, we cannot exclude with certainty any data protection breach; some residual risks are unavoidable.

11. WHAT COOKIES AND SIMILAR TECHNOLOGIES DO WE USE AND HOW CAN THEY BE DISABLED?

We use various techniques on our Website that allow us or third parties we hire to recognize you when you visit our Website and potentially track you over multiple visits. This section informs you about these techniques.

“Cookies” are files that your browser automatically stores on your device when you visit our Website. Cookies contain a unique identifier (ID) that allows us to distinguish individual visitors from others, generally without identifying them.

Depending on their intended use, cookies may contain further information, such as the pages visited and the time spent on the pages. We use both session cookies, which are deleted as soon as the browser is closed, and persistent cookies, which remain stored for a certain period of time after the browser is closed (30 days from the cookies acceptance) and are used to recognize visitors on subsequent visits.

We may also use similar technologies such as pixel tags, fingerprints and other technologies to store data in the browser. “Pixel tags” are small, usually invisible images or program codes uploaded by a server that provide the server operator with specific information such as whether and when a website was visited.

“Fingerprints” are information about the configuration of your device or browser that are collected when you visit a website and that can be used to differentiate your de-vice from other devices. Most browsers also use other data storage technologies in browsers that are similar to cookies and that we may also use (e.g. web storage).

We use the following types of cookies and similar technologies:

Strictly necessary cookies

Some cookies are essential to the use of the Website and its features. These cookies ensure the essential functionality of the Website, for example, to be able to navigate from page to page. These cookies have an expiration period of up to 30 days.

Performance Cookies

Performance cookies collect information about how our Website is used and allow us to perform analyses of its use, such as which pages are viewed most often and how visitors navigate our Website. These cookies are used to make visiting the Website easier and faster and, in general, to improve the user experience and comfort. We use third-party analytics services for this purpose. These cookies have an expiration period of up to 30 days.

In particular, we use the offers of the following service providers:

Google Analytics

Google Ireland Ltd. (located in Ireland) is the provider of the service “Google Analyt-ics” and acts as our processor. Google Ireland relies on Google LLC (located in the United States) as its sub-processor (both Google). Google collects information about the behavior of visitors to our Website (duration, page views, geographic region of access, etc.) through performance cookies (see above) and on this basis creates re-ports for us about the use of our Website. [We have configured the service so that the IP addresses of visitors are truncated by Google in Europe before forwarding them to the United States and then cannot be traced back. We have turned off the “Data sharing” option and the “Signals option”.] While we may assume that the information we share with Google is not personal data for Google, it is possible that Google may be able to draw conclusions about the identity of visitors based on the data collected, create personal profiles, and link this data with the Google accounts of these individu-als for its own purposes. In any event, if you consent to the use of Google Analytics, you expressly consent to any such processing, including the transfer of your personal data (in particular website and app usage, device information and unique IDs) to the United States and other countries. Information about data protection with Google Analytics can be found here and if you have a Google account, you can find more details about Google’s processing here.

Facebook Comments and Facebook Authentication

Meta Platforms Ireland Limited (located in Ireland) is the provider of the services “Facebook Comments”, a content commenting service enabling the users to leave comments and share them on the Facebook platform, and “Facebook Authentication”, a registration and authentication service that is connected to the Facebook social network, and acts as our processor.

By registering or authenticating, users allow such application to identify them and give them access to dedicated services and the application will be able to access data, stored by these third party services, for registration or identification purposes.

If you consent to the use of Facebook Comments and Facebook Authentication, you expressly consent to the processing of your personal data, including the transfer of your personal data (in particular website and app usage, de-vice information and unique IDs) to Meta Platforms Ireland Limited. Information about data protection the Facebook products can be found here .

When you consent to the use of cookies, you accept that your data may be transferred to a country that does not have adequate level of data protection and accept the risks that your data may potentially be subject to government lawful access in the recipient’s country, despite the safeguards we put in place. You can withdraw your consent to cookies at any time, as explained above.

In addition, you can configure your browser settings so that it blocks certain cookies or similar technologies or deletes existing cookies and other data it has stored. You can also integrate software (“plugins”) into your browser that blocks the tracking of certain third parties. You can find further information on this subject on the help pages of your browser (usually with the keyword “data protection”). Please note that the functioning of our Website may be restricted if you block cookies and similar technologies.

12. WHAT DATA DO WE PROCESS ON OUR SOCIAL NETWORK PAGES?

We operate our own pages on social networks and other similar third-party platforms (e.g. LinkedIn and Facebook). If you communicate with us through these pages or comment on or share our content, we collect the relevant information and process it for the purposes set out in Section 3, in particular for communication.

When you visit our pages on social networks, data (e.g. about your user behavior) may also be transmitted directly to the respective service provider or collected by the latter and processed together with other data already known to it, in particular for its own marketing and market research purposes and to customize its platform. In some cases, some of your data will be transferred to the United States. You can find more information about the processing of data by social network providers in the privacy policies of the respective social networks.

13. WHAT ARE YOUR RIGHTS?

Applicable data protection laws give you the right to object to the processing of your data in certain circumstances, including processing for direct marketing purposes, pro-filing for direct marketing purposes, and other legitimate interests in processing.

To help you control the processing of your personal data, you have the following rights with respect to our processing of your data in accordance with data protection laws:

  • The right to request access to the data stored by us concerning you;
  • The right to have inaccurate or incomplete personal data corrected;
  • The right to request the deletion of your data;
  • The right to receive the personal data you have made available to us in a commonly used, machine-readable structured format or to have this data transferred to another controller;
  • The right to withdraw your consent with effect for the future, to the extent that our processing is based on your consent;
  • The right to receive, upon request, other information, relevant to the exercise of these rights;
  • The right to express your views in the case of automated individual decisions (Section 6) and to request that the decision be reviewed by a human being.

 

If you wish to exercise your rights, you can contact us in writing at the email address mentioned in Section 1. In order to prevent abuse, we need to identify you (e.g. by means of a copy of your identity card, if identification is not otherwise possible).

Please note that these rights may in some cases be limited, excluded or subject to the fulfilment of certain conditions. We will inform you accordingly where applicable.

You may also file a complaint with the competent supervisory authority if you have any doubts about the lawfulness of the processing of your personal data.

The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC), who can be contacted here.

The competent supervisory authority in the Principality of Liechtenstein is the Data Protection Authority of the Principality of Liechtenstein, which can be contacted here.

You can find a list of authorities in the EEA here.

You can reach the UK supervisory authority here.

14. CAN WE UPDATE THIS PRIVACY NOTICE?

This Privacy Notice is not part of a contract with you. We can change this Privacy Notice at any time. The version published on the website is the current version.

Privacy Notice updated on August 16th 2023.

All rights on this Privacy Notice belong to their author. Any reproduction, without prior license, is strictly forbidden.