Privacy Policy

1. Contact Addresses

The data controller in terms of data protection law is:

SIDG

Swiss Internet & Digital Governance Association
Dennlerstrasse 7
8048 Zurich
website@sidg.ch

In individual cases, third parties may be responsible for the processing of personal data, or joint responsibility with third parties may exist. We are happy to provide affected individuals with information about the respective responsibilities upon request.

Data Protection Officer

We have the following Data Protection Officer as a point of contact for affected individuals
and authorities for inquiries related to data protection:

Data Protection Officer

Swiss Internet & Digital Governance Association
Dennlerstrasse 7
8048 Zurich
info@sidg.ch

2. Terms and Legal Basis

2.1 Terms

Affected individual: Natural person whose personal data we process.

Personal data: All information relating to an identified or identifiable natural person.

Special categories of personal data: Data revealing trade union membership, political, religious or philosophical beliefs, data concerning health, the intimate sphere or racial or ethnic origin, genetic data, biometric data uniquely identifying a natural person, data concerning criminal and administrative sanctions or prosecutions, and data concerning social assistance measures.

Processing: Any operation performed on personal data, irrespective of the means and procedures applied, such as querying, matching, adapting, archiving, storing, retrieving, disclosing, procuring, collecting, recording, erasing, revealing, ordering, organizing, saving, altering, disseminating, linking, destroying, and using personal data.

2.2 Legal Basis

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection
(Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

3. Type, Scope, and Purpose of Processing of

Personal Data

We process the personal data necessary to carry out our activities and operations permanently, user-friendly, securely, and reliably. The personal data processed may fall into the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data. The personal data may also constitute special categories of personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect during the course of our activities and operations, insofar as such processing is permissible.

We process personal data, where necessary, with the consent of the affected individuals. In many cases, we can process personal data without consent, for example, to fulfill legal obligations or to protect overriding interests. We may also ask affected individuals for their consent even if their consent is not required.

We process personal data for the duration necessary for the respective purpose. We anonymize or delete personal data, in particular, depending on statutory retention and limitation periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties may include, for example, specialized service providers whose services we use.

Within the scope of our activities and operations, we may disclose personal data in particular to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and economic information agencies, logistics and shipping companies, marketing and advertising agencies, media, parent, sister, and subsidiary companies, organizations and associations, social institutions, telecommunications companies, insurance companies, and payment service providers.

5. Communication

We process personal data to communicate with individuals as well as with authorities, organizations, and companies. In doing so, we process data that an affected individual transmits to us when contacting us, for example, by mail or email. We may store such data in an address book or using comparable tools.

Third parties who transmit data about other individuals to us are obliged to independently ensure the data protection of these affected individuals.
They must, in particular, ensure that such data is correct and may be transmitted.

We use selected services from suitable providers to enable and improve communication with individuals and other communication partners. With such services, we can also manage and otherwise process the data of affected individuals beyond direct communication.

6. Data Security

We take appropriate technical and organizational measures to ensure data security commensurate with the respective risk. With our measures, we particularly ensure the confidentiality, availability, traceability, and integrity of the processed personal data, without being able to guarantee absolute data security
.

Access to our website and our other digital presence is via transport encryption (SSL / TLS, in particular with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn before visiting a website without transport encryption.

Our digital communication – like all digital communication in principle – is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by intelligence services, police forces, and other security authorities. We also cannot rule out that an affected individual is specifically monitored.

7. Personal Data Abroad

We generally process personal data in Switzerland. However, we may also disclose or export personal data to other countries,
in particular to process it there or have it processed. We may disclose personal data to all countries on Earth and elsewhere in the universe, provided that the local law ensures an adequate level of data protection according to a decision by the Swiss Federal Council.

We may disclose personal data to countries whose laws do not ensure an adequate level of data protection if an appropriate level of data protection is guaranteed for other reasons, in particular on the basis of standard data protection clauses or with other suitable safeguards. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, for example, the explicit consent of the affected individuals or a direct connection with the conclusion or execution of a contract. We are happy to provide affected individuals with information about any safeguards or provide a copy of safeguards upon request.

8. Rights of Affected Individuals

8.1 Data Protection Claims

We grant affected individuals all rights according to applicable law. Affected individuals have, in particular, the following rights:

• Information: Affected individuals can request information on whether we process personal data about them, and if so, which personal data it is. Affected individuals also receive the information necessary to assert their data protection rights and ensure transparency. This includes the personal data processed as such, but also, among other things, information on the purpose of processing, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data.
• Rectification and Restriction: Affected individuals can have inaccurate personal data rectified, incomplete data completed, and the processing of their data restricted.
• Opportunity for own viewpoint and human review: In decisions based solely on automated processing of personal data that have legal consequences for them or significantly affect them (automated individual decisions), affected individuals can present their own viewpoint and request review by a human.
• Erasure and Objection: Affected individuals can have personal data erased (“right to be forgotten”) and object to the processing of their data with effect for the future.
• Data Portability and Data Transfer: Affected individuals can request the release of personal data or the transfer of their data to another controller.

We may defer, restrict, or refuse the exercise of rights by affected individuals within the legally permissible framework. We may inform affected individuals of any conditions that must be met for the exercise of their data protection rights. For example, we may refuse information entirely or partially with reference to confidentiality obligations, overriding interests, or the protection of other individuals. We may also, for example, refuse the erasure of personal data, particularly with reference to statutory retention obligations, entirely or partially.

We may exceptionally charge costs for the exercise of rights. We will inform affected individuals in advance of any costs.

We are obliged to identify affected individuals who request information or assert other rights using appropriate measures. Affected individuals are obliged to cooperate.

8.2 Legal Protection

Affected individuals have the right to enforce their data protection claims through legal action or to file a complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

9. Website Usage

9.1 Cookies

We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data does not have to be limited to traditional text-based cookies.

Cookies can be stored temporarily in the browser as “session cookies” or for a specific period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies enable, in particular, the recognition of a browser on the next visit to our website and thus, for example, to measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.

Cookies can be completely or partially deactivated, restricted, or deleted in the browser settings at any time. Browser settings often also allow for automated deletion and other management of cookies. Without cookies, our website may no longer be fully available. We actively request – at least if and to the extent required by applicable law – explicit consent to the use of cookies.

9.2 Logging

For every access to our website and our other digital presence, we may log at least the following information, provided that it is routinely determined or transmitted to our digital infrastructure during such access: date and time including time zone, IP address, access status (HTTP status code),
operating system including user interface and version, browser including language and version, specific sub-page of our website accessed including the amount of data transferred, last visited website in the same browser window (referrer). We log such information, which may also constitute personal data, in log files. This information is necessary to provide our digital presence permanently, user-friendly, and reliably. The information is also necessary to ensure data security – also by third parties or with the help of third parties.

9.3 Tracking Pixels

We may integrate tracking pixels into our digital presence. Tracking pixels are also known as web beacons. Tracking pixels – including those from third parties whose services we use – are typically small, invisible images or scripts formulated in JavaScript that are automatically retrieved when accessing our digital presence.
Tracking pixels can record at least the same information as logging in log files.

10. Notifications and Communications

10.1 Success and Reach Measurement

Notifications and communications may contain web links or tracking pixels that record whether an individual message has been opened and which web links were clicked. Such web links and tracking pixels can also record the use of notifications and communications on a personal basis. We need this statistical recording of usage for success and reach measurement to be able to send notifications and communications effectively and user-friendly, as well as permanently, securely, and reliably, based on the needs and reading habits of the recipients.

10.2 Consent and Objection

You must generally consent to the use of your email address and other contact addresses, unless the use is permissible for other legal reasons. For the possible collection of a double-confirmed consent, we may use the “double opt-in” procedure. In this case, you will receive a message with instructions for double confirmation. We may log collected consents, including IP address and timestamp, for evidentiary and security reasons.

You can generally object to receiving notifications and communications, such as newsletters, at any time. With such an objection, you can simultaneously object to the statistical recording of usage for success and reach measurement. Necessary notifications and communications in connection with our activities and operations remain reserved.

10.3 Service Providers for Notifications and Communications

We send notifications and communications with the help of specialized service providers.

We use, in particular:

Brevo: Building and maintaining relationships with customers and users, particularly via email
and instant messaging; Provider: Sendinblue GmbH (Germany); Data protection information: “Data Protection and Data Security”, Privacy Policy, “Security and Data Protection.”

11. Social Media

We are present on social media platforms and other online platforms to communicate with interested individuals and to inform about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland.

The General Terms and Conditions (GTC) and Terms of Use, as well as privacy policies and other provisions of the individual operators of such platforms, also apply. These provisions inform, in particular, about the rights of affected individuals directly vis-à-vis the respective platform, which includes, for example, the right to information.

12. Third-Party Services

We use services from specialized third parties to carry out our activities and operations permanently, user-friendly, securely, and reliably. With such services, we can, among other things, embed functions and content into our website. In such an embedding, the services used collect the IP addresses of users, at least temporarily, for technically compelling reasons.

For necessary security-relevant, statistical, and technical purposes, third parties whose services we use may process data in connection with
our activities and operations in an aggregated, anonymized, or pseudonymized manner. This includes, for example, performance or usage data to be able to offer the respective service.

We use, in particular:

• Microsoft Services: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General information on data protection: “Privacy at Microsoft”, “Privacy and Confidentiality”, Privacy Policy, “Data and Privacy Settings”.

12.1 Digital Infrastructure

We use services from specialized third parties to utilize the necessary digital infrastructure in connection with our activities. This includes, for example, hosting and storage services from selected providers.

We use, in particular:

• Hostpoint: Hosting; Provider: Hostpoint AG (Switzerland); Data protection information: Privacy Policy.
• WordPress.com: Blog hosting and website builder; Providers: Automattic Inc. (USA) / Aut O’Mattic A8C Ireland Ltd. (Ireland) for users in Europe, among others; Data protection information: Privacy Policy, Cookie Policy.

12.2 Social Media Functions and Social Media Content

We use services and plugins from third parties to embed functions and content from social media platforms and to enable the sharing of content on social media platforms and through other channels.

We use, in particular:

• LinkedIn Consumer Solutions Platform: Embedding functions and content from LinkedIn, for example with plugins like the “Share Plugin”; Provider: Microsoft; LinkedIn-specific information: “Privacy”, Privacy Policy, Cookie Policy, Cookie Management / Objection to email and SMS communication from LinkedIn, Objection to interest-based advertising.

12.3 Digital Content

We use services from specialized third parties to integrate digital content into our website. Digital content includes, in particular, image and video material, music, and podcasts.

12.4 Payments

We use specialized service providers to process payments securely and reliably. The legal texts of the individual service providers, such as their General Terms and Conditions (GTC) or Privacy Policies, also apply to payment processing.

We use, in particular:

• Apple Pay: Payment processing; Providers: Apple Inc. (USA) / Apple Distribution International Limited (Ireland); Data protection information: Privacy Policy, “Privacy Policy”, “Apple Pay & Privacy”.
• Stripe: Payment processing; Providers: Stripe Inc. (USA) / Stripe Capital Europe Limited (Ireland) / Stripe Payments Europe Limited (SPEL, Ireland) / Stripe Payments UK Limited (United Kingdom); Data protection information: “Stripe Privacy Center”, Privacy Policy, Cookie Policy.
• TWINT: Payment processing in Switzerland; Provider: TWINT AG (Switzerland); Data protection information: Privacy Policy, “Security according to Swiss Standards”.

13. Website Extensions

We use extensions for our website to utilize additional functions. We may use selected services from suitable providers or use such extensions on our own digital infrastructure.

We use, in particular:

Cloudflare Turnstile: Bot protection (distinguishing between desired human activities and unwanted bot activities); Cloudflare Inc. (USA); Data protection information: “Privacy”, Privacy Policy.

14. Final Notes on the Privacy Policy

We have created this Privacy Policy using the data protection generator from Datenschutzpartner.

We may update this Privacy Policy at any time. We will inform about updates in an appropriate manner, particularly by publishing the current Privacy Policy on our website.