Privacy Policy

1.  What is this Privacy Notice about?

2. Who is the controller for the data processing?

3. How do we process data in relation with our activities?

4. How do we process data in relation to advertising?

5. How do we disclose personal data?

6. Can we disclose data abroad?

7. How do we process data in relation with our website?

8. Are there other processing purposes?

9. How do we protect your data?

10. How long do we process personal data?

11. What else needs to be considered?

12. What are your rights?

 

1.What is this Privacy Notice about?

This Privacy Notice explains how we process personal data, primarily in relation with our business and with our website. If you would like more information about our data processing, please feel free to contact us (Section 2). “Personal data” means any information that can be related with a specific individual, and “processing” means any handling of personal data, such as collecting, using and sharing it.

2.  Who is the controller for the data processing?

For each data processing activity, there is a party that is primarily responsible for ensuring compliance, the “controller”. For the processing described in this Privacy Notice, the controller (also referred to as “we”) is:

Fondation Peter de Haan (CHE-307.750.204), c/o Walder Wyss SA, succursale de Genève, Rue du Rhône 14, 1204 Genève, Switzerland

If you have any questions regarding data protection, please feel free to contact us at the following address:

c/o Walder Wyss SA, succursale de Genève, Rue du Rhône 14, 1204 Genève, Switzerland and info@fondationpdh.org.

You may provide us with data about other individuals (for example when you share with us personal data relating to third parties). We assume this data is accurate and that you are authorised to share it with us. As we may not directly contact these individuals or inform them about our data processing, we ask you to do so (eg, by referring them to this Privacy Notice).

3. How do we process data in relation to our activities?

When you use our products and services (collectively, “services”), we process data for onboarding, concluding service agreements, and their performance and management:

• We may advertise our activities, such as newsletters. More details are set out in Section 4.
• If we are in contact with you in view of an agreement. This is mostly data you provide to us, eg, your name, contact details or date of birth, details of services requested and the date of agreement.
• If we enter into an agreement with you, we process the data from the onboarding and information on the agreement (e.g. the date and the content of the agreement).
• We process personal data during and after the agreement, including details on payments, interactions, outcomes of any projects resulting from the agreement (e.g. charity, grants), agreement terminations, and any related disputes or proceedings. These data processing activities are necessary for agreement performance.
• We also process the above data for statistical purposes. These statistics help improve and develop our strategy and activities. We may also use this data on an identifiable basis for marketing; see Section 4 for details.

For corporate partners, we process limited personal data, as data protection law applies only to individuals. However, we handle data of individuals we interact with, such as names, contact details, professional information, communication details, and information about management personnel, as part of the general data on companies we work with.

4.  How do we process data in relation to advertising?

We also process personal data to advertise or generally raise awareness about our activities:

• Newsletter: We send out electronic information and newsletters, which may include the promotion of our activities. We will ask for your consent before sending out electronic marketing, except for certain offers to existing customers.
• Invitations: We send out invitations to acts or events which we organize.
• Market research: We process data to improve and develop our outreach and public awareness of our activities, such as information on grants and charitable activities. This may include reactions to newsletters, surveys, polls, social media, media monitoring services, and public sources.

5.  How do we disclose personal data?

We may disclose personal data to various bodies within the scope of our activities. These include the following categories:

• persons associated with you, e.g. authorized representatives, guarantors, deputies and relatives, and in the case of contact persons of companies, employees and the company itself;
• if we engage intermediaries for our activities, we may share your information with them to enable direct contact with you;
• Credit agencies and providers of sanctions lists and other databases to which we may disclose the necessary information about you as part of an information request;
• Offices, authorities and courts within the scope of our legal obligations and in connection with proceedings in which we are a party or third party;
• Third parties, e.g. in connection with the acquisition or sale of assets by us;
• Service providers, in particular for IT services (such as storage space, software services and support and maintenance), administration and consulting services, shipping and logistics services, or services of banks, the post office, etc. These service providers may process personal data to the extent necessary. For providers used for our website, see section 7.

6.  Can we disclose data abroad?

Not all data recipients are located in Switzerland. This includes certain service providers, particularly in IT. These providers may be based in the EU or EEA or in other countries worldwide. We may also share data with foreign authorities if legally required or in connection with asset sales or legal proceedings (see Section 10). Not all these countries offer adequate data protection. To address this, we implement appropriate safeguards, particularly the EU standard contractual clauses, available here.   In some cases, data may be shared abroad without such safeguards as allowed by applicable law – for instance, with your consent or if necessary to perform a contract, assert or defend legal claims, or serve overriding public interests.

7.  How do we process data in relation with our website?

For technical reasons, each time you use our website, certain data is temporarily stored in log files, including your device’s IP address, information about your internet service provider, operating system, browser, referring URL, date and time of access, and content accessed. We use this data to operate the website, ensure security and stability, optimize the site, and for statistical purposes.

Our website uses cookies – small files stored by your browser on your device. These allow us to distinguish individual visitors, usually without identifying them. Cookies may contain information about accessed content and visit duration. Some cookies (“session cookies”) are deleted when you close your browser, while others (“persistent cookies”) remain for a set period to recognize returning visitors.

You can adjust your browser settings to block certain cookies or delete cookies and other stored data. For more information, refer to your browser’s help pages (usually under “privacy”).

Please note: We do not use any analytics or tracking tools such as Google Analytics. All data collected through cookies is limited to essential technical information and is not used for profiling or marketing purposes.

8.  Are there other processing purposes?

Yes. Typical (though not necessarily frequent) cases are as follows:

• Communication: When we are in contact with you, we process the content as well as information about the nature, time, and location of the communication. For your identification, we may also process information about proof of identity.
• Job applications: We process personal data provided by applicants during the application process, including contact details, CVs, references, and other supporting documents. This data is used to assess suitability for the position, communicate with applicants, and manage the recruitment process. If necessary, data may be shared with third parties, such as background check providers, in accordance with applicable law. Applicant data is stored securely and retained only as long as necessary for the recruitment process or as required by law. Unsuccessful applications are deleted after an appropriate retention period unless consent is given for longer storage.
• Compliance with legal requirements: We may disclose data to authorities as required by law or to meet internal regulations.
• Prevention: Data is processed to prevent crime or misuse, such as fraud prevention or internal investigations.
• Legal proceedings: If involved in legal proceedings (eg, court or administrative), we process and disclose data about parties, witnesses, and others involved to courts, authorities, or other relevant entities, including abroad.
• IT security: We process data to monitor, control, analyze, secure, and assess IT infrastructure and manage backups and archives.
• Impact of our activities: We process data in order to follow and ascertain the positive impact of our activities. This may include data on key individuals (including names and contact details) and public statements.
• Investments and grants: We process data to prepare and execute transactions, including disclosing customer or employee data to potential buyers or sellers.
• Other purposes: Data is processed for training, administration (eg, contract management, accounting, claims management, process improvement), anonymous statistics, or securing other legitimate interests.

9.  How do we protect your data?

We implement appropriate technical and organizational measures to ensure the security of your personal data is commensurate with the respective risk. However, absolute data security cannot be guaranteed, and some residual risks may remain.

10.  How long do we process personal data?

We process your personal data as long as necessary for the relevant purpose (eg, for contracts, typically the duration of the contractual relationship), as long as we have a legitimate interest in its retention (eg, to enforce legal claims, for archiving, or IT security), or as required by statutory retention obligations (eg, a ten-year retention period for certain data). Once these periods expire, we delete or anonymize your data.

11.  What else needs to be considered?

Depending on the applicable law, data processing is permitted only if explicitly authorized. This restriction does not apply under the Swiss Data Protection Act but does apply under the European General Data Protection Regulation (GDPR), if applicable. In such cases, we rely on the following legal bases for processing your personal data:

• 6 para. 1 lit. b GDPR for processing necessary to perform a contract with the data subject or to take pre-contractual measures (see para. 3).
• 6 para. 1 lit. f GDPR (and Art. 9 para. 2 lit. f GDPR for special-category data, if applicable) for processing necessary to protect our or third parties’ legitimate interests, unless overridden by the data subject’s fundamental rights and freedoms. This includes compliance with Swiss law, ensuring sustainable, user-friendly, secure, and reliable operations.
• 6 para. 1 lit. c GDPR for processing necessary to comply with a legal obligation under the laws of an EEA Member State. The EEA includes EU member states, Iceland, Norway, and Liechtenstein.
• 6 para. 1 lit. a GDPR (and Art. 9 para. 2 lit. b GDPR for special-category data, if applicable) for processing based on your separate consent.

In general, you are not required to disclose data to us, except in specific cases (eg, fulfilling contractual obligations that necessitate data disclosure). However, we may need to process data for legal or contractual purposes. The use of our website would also not be possible without some data processing (see Section 7).

12.  What are your rights?

You have certain rights, subject to conditions and restrictions under applicable law:

• You can request a copy of your personal data and further information about our data processing.
• You can object to our data processing.
• You can have incorrect or incomplete personal data corrected or completed or supplemented by a note of dispute.
• You also have the right to receive the personal data that you have provided to us in a structured, common, and machine-readable format, insofar as the corresponding data processing is based on your consent or is necessary for the performance of the contract.
• To the extent that we process data based on your consent, you can withdraw your consent at any time. The withdrawal is only valid for the future, and we reserve the right to continue to process data based on another basis in the event of a withdrawal.

If you wish to exercise such a right, please feel free to contact us (Section 2). We will usually have to verify your identity (e.g. by means of a copy of your ID card). You are also free to file a complaint against our processing of your data with the competent supervisory authority, in Switzerland the Federal Data Protection and Information Commissioner (FDPIC).